9 Quarto Setup
Quarto provides the technical foundation for implementing the Cyber Dimensions methodology through its comprehensive scientific and technical publishing capabilities. This open-source platform, built upon the Pandoc document conversion system, enables the sophisticated content integration, dynamic variable management, and multi-format output generation required for professional cybersecurity education materials.
This chapter manually walks through the technical setup in a Quarto project. For a minimal functioning example, feel free to simply clone the Cyber Dimensions demo repository.
Platform Capabilities and Educational Applications
Quartoβs architecture supports the complex requirements of educational case study development through several integrated capabilities. The platform enables seamless combination of narrative text with executable code within unified document structures, facilitating the dynamic content generation essential for maintaining consistency across multiple scenarios. Multi-format output generation allows educators to produce HTML websites, PDF documents, Word files, and presentation materials from identical source content, maximizing development efficiency while ensuring consistent messaging across different distribution channels.
Dynamic content capabilities support variable-driven text generation that automatically updates character names, organizational details, and temporal references across all materials when worldbuilding data changes. This functionality proves essential for maintaining narrative consistency while accommodating different educational contexts or iterative content refinement processes.
Educational Integration Advantages
The Quarto platform provides several specific advantages for our needs: dynamic worldbuilding capabilities that ensure automatic content updates across all materials when source data changes; consistent formatting standards that maintain professional presentation quality across diverse content types; multi-format content generation that enables creation of student handouts, instructor guides, and web resources from unified source materials; reproducible case development workflows that facilitate scenario modification while preserving narrative consistency; and interactive element integration that supports embedded assessments, simulations, and multimedia components.
Quarto Project Structure
The Cyber Dimensions methodology uses a sophisticated multi-configuration architecture that supports complex educational workflows. Hereβs the actual production structure to build both student- and teacher-facing texts from one source:
cyber-dimensions-project/
βββ _quarto.yml # Default configuration with metadata integration
βββ _quarto-book.yml # Book format with parts/chapters structure
βββ _quarto-teacher.yml # Instructor-specific content and assessments
βββ _quarto-textbook.yml # Student-facing textbook configuration
βββ index.qmd # Project homepage
βββ _worldbuilding.yml # Comprehensive fictional world database
βββ _world_data.rds # Optimized worldbuilding cache
βββ _styles/
β βββ styles.css # Immersive, specialized styling
βββ _scripts/
β βββ setup.R # Advanced pre-render with caching/error handling
β βββ solo_render.R # Individual file rendering support
βββ _extensions/ # Quarto extensions for specialized features
βββ _legacy/ # Version control for deprecated content
βββ assets/
β βββ _QA.qmd # Quality assurance integration
β βββ images/ # Case-specific visual assets
βββ cases/
βββ case1name/ # Case study directories
β βββ case1name-intro.qmd # Standardized introduction
β βββ case1name-content.qmd # Main narrative content
β βββ assessments_moc.qmd # Assessment management
βββ...Multi-Configuration Architecture
The Cyber Dimensions methodology employs multiple specialized configuration files to support different output formats and audiences. This approach enables sophisticated content management while maintaining consistency across diverse educational contexts.
Primary Configuration (_quarto.yml)
The default configuration integrates metadata files and establishes core project parameters:
project:
type: book
title: "Cyber Dimensions Case Studies"
pre-render: _scripts/setup.R
output-dir: docs
metadata-files:
- _worldbuilding.yml
book:
title: "Cyber Dimensions: Immersive Cybersecurity Education"
author: "Your Institution"
date: last-modified
chapters:
- index.qmd
- part: "Case Studies"
chapters:
- cases/case1name/case-intro.qmd
- cases/avalanche/case-content.qmd
- cases/techgiant/case-intro.qmd
- cases/techgiant/case-content.qmd
appendices:
- assets/_QA.qmd
format:
html:
theme:
- flatly
- _styles/custom.scss
css: _styles/styles.css
toc: true
toc-depth: 3
number-sections: true
code-fold: show
code-copy: hover
citations-hover: true
footnotes-hover: true
embed-resources: false
execute:
freeze: auto
echo: false
message: false
warning: false
error: falseBook Configuration (_quarto-book.yml)
Specialized book format with complex part/chapter hierarchies, with assessments separated from case content for demonstration:
project:
type: book
pre-render: _scripts/setup.R
book:
title: "Cyber Dimensions: Professional Case Studies"
parts:
- title: "Introduction"
chapters:
- index.qmd
- title: "Corporate Security Cases"
chapters:
- cases/case1name/case1name-intro.qmd
- cases/case1name/case1name-content.qmd
- cases/case2name/case2name-intro.qmd
- cases/case2name/case2name-content.qmd
- title: "Infrastructure Cases"
chapters:
- cases/case3name/case3name-intro.qmd
- cases/case3name/case3name-content.qmd
- title: "Assessment Framework"
chapters:
- cases/avalanche/assessments_moc.qmd
- cases/techgiant/assessments_moc.qmd
- cases/municipal/assessments_moc.qmd
format:
html:
theme: flatly
css: _styles/styles.css
number-sections: true
toc: true
pdf:
documentclass: book
geometry: margin=1in
fontsize: 11pt
number-sections: true
docx:
number-sections: true
highlight-style: githubProfile-Based Configurations
Quarto profiles enable sophisticated audience-specific rendering from a single source codebase. This powerful feature allows educators to maintain one set of content files while generating customized outputs for different user groups - students, instructors, administrators, or developers - each with tailored visibility, formatting, and interactive elements.
How Profiles Work: Profiles function through conditional rendering directives embedded within your content. When you specify a profile during rendering (quarto render --profile teacher), Quarto processes only the content blocks marked for that profile while excluding others. This approach eliminates the need for separate content files while ensuring each audience receives appropriately tailored materials.
This presents a range of benefits. For example, student versions can hide implementation details and answer keys while maintaining engaging interactive elements. Instructor versions reveal teaching notes, detailed explanations, and assessment rubrics. Developer versions expose technical implementation details and debugging tools.
Using profiles is easy: create separate configuration files for each profile (_quarto-teacher.yml, _quarto-student.yml) and use conditional content blocks within your case study files. This modular approach enables sophisticated content management while preserving source code simplicity.
The methodology supports profile-based rendering for different audiences:
Teacher Profile (_quarto-teacher.yml):
Student Profile (_quarto-textbook.yml): {#lst-student-profile}
Conditional Content Example
Hereβs a practical example showing how the same case study section appears differently for each profile, demonstrating various conditional content techniques. Note that the full range of visibility and hiding options is shown here simply for illustration. Itβs unlikely youβd ever need to get this complex with conditional content.
## Network Security Incident Analysis
<!-- Default content visible to all profiles -->
On March 15, 2025, DataFlow Corporation discovered suspicious network activity
affecting their customer database. This incident demonstrates key principles
of incident response and forensic analysis.
### Initial Discovery
::: {.content-visible when-profile="student"}
**Your Task**: Review the network logs below and identify potential indicators
of compromise. Consider what evidence suggests this was an external attack
versus an insider threat.
**Evidence A**: Unusual login patterns from IP 203.0.113.45
**Evidence B**: Database queries executed outside normal business hours
**Evidence C**: Administrative account elevation at 2:17 AM
*What do you conclude from this evidence?*
:::
::: {.content-visible when-profile="teacher"}
**Instructor Guidance**:
- Allow 10-15 minutes for individual analysis
- Students typically focus on Evidence A first (external IP)
- Guide discussion toward timeline correlation across all evidence
- Key learning objective: Synthesizing multiple evidence sources
**Answer Key**: Evidence suggests coordinated external attack:
- IP 203.0.113.45 traces to known botnet infrastructure
- Timeline shows lateral movement pattern (login β elevation β data access)
- Business hours timing eliminates typical insider threat patterns
**Discussion Questions**:
1. What additional evidence would strengthen this conclusion?
2. How might defenders have detected this earlier?
3. What containment actions should be prioritized?
:::
::: {.content-hidden when-profile="student"}
**Advanced Analysis** (Visible to teacher and developer profiles):
The attack follows APT28 methodology documented in MITRE ATT&CK framework:
- Initial Access: Valid Accounts (T1078)
- Privilege Escalation: Account Manipulation (T1098)
- Collection: Data from Information Repositories (T1213)
:::
::: {.content-visible when-profile="developer"}
**Technical Implementation Notes**:
- Evidence data sourced from: `r world$dataflow_incident_logs`
- IP address variable: `r world$dataflow_attacker_ip`
- Timeline calculations use: `r world$dataflow_incident_timeline`
- Difficulty level: `r world$assessment_intermediate_level`
**Quality Assurance**:
- Verify IP geolocation accuracy in current threat intelligence feeds
- Update MITRE ATT&CK references quarterly
- Test timeline logic with different academic calendar dates
:::
### Technical Analysis
<!-- Content with multiple exclusion conditions -->
::: {.content-hidden when-profile="student,developer" unless-profile="teacher"}
**Instructor-Only Section**: This technical deep-dive should only be used
with advanced undergraduate or graduate students. For introductory courses,
skip to the "Lessons Learned" section.
:::
<!-- Content visible to multiple profiles -->
::: {.content-visible when-profile="teacher,developer"}
**Technical Details**: The attacker used a sophisticated privilege escalation
technique that exploits Windows Active Directory group policy inheritance...
```bash
# Forensic commands for advanced analysis
Get-WinEvent -LogName Security | Where-Object {$_.Id -eq 4672}
net group "Domain Admins" /domain
```
:::
### Assessment Questions
::: {.content-visible when-profile="student"}
**Question 1**: Based on the evidence, what type of attack occurred?
a) SQL Injection b) Phishing Campaign c) Advanced Persistent Threat d) Insider Fraud
**Question 2**: What was the primary attack vector?
a) Email attachment b) Compromised credentials c) Network vulnerability d) Physical access
:::
::: {.content-visible when-profile="teacher"}
**Assessment Rubric**:
- Excellent (4): Identifies APT with supporting evidence from all three sources
- Good (3): Identifies external threat with supporting evidence
- Satisfactory (2): Recognizes suspicious activity but lacks specific classification
- Needs Improvement (1): Focuses on single evidence source without synthesis
**Timing**: 20-25 minutes for individual work, 15 minutes for discussion
:::
::: {.content-hidden when-profile="student"}
**Assessment Analytics**:
- Historical accuracy rate: 78% (Q1), 65% (Q2)
- Common wrong answers: Q1-b (31%), Q2-c (28%)
- Cognitive load assessment: Medium complexity
- Recommended prerequisite: Network fundamentals module
:::This example demonstrates several conditional content techniques:
when-profile: Shows content only for specified profileswhen-profile="teacher,developer": Shows content for multiple profiles
content-hidden when-profile="student": Hides from students, shows to otherscontent-hidden when-profile="student,developer" unless-profile="teacher": Complex conditional logic- Default content: No conditional wrapper means visible to all profiles (this is likely to be the majority of the content)
Configuration Strategy Guidelines
Book Format (Recommended): Use for comprehensive case study collections with structured progression and cross-case continuity. Supports sophisticated part/chapter hierarchies and integrated assessment frameworks.
Website Format: Suitable for standalone case studies or when individual case access patterns are prioritized over linear progression.
Multi-Format Output Strategy
A further bonus of using the Quarto platform is the automated and consistent application of outputs and even branding. See the _brand.yml documentation for more1
HTML (Primary Format):
- Interactive elements and multimedia integration
- Advanced styling with CSS custom properties
- Social media component rendering
- Responsive design for diverse devices
PDF (Print Distribution):
- Professional formatting for institutional requirements
- Optimized typography and page layout
- Appropriate for formal assessment distribution
DOCX (Institutional Compatibility):
- Microsoft Office integration requirements
- Collaborative editing workflows
- Template-based formatting consistency
Creating Content with Quarto
Basic Document Structure
Every Quarto document starts with YAML front matter:
Advanced Pre-Render System
The Cyber Dimensions methodology employs a sophisticated pre-render architecture that handles worldbuilding data processing, caching optimization, and error management. This system ensures consistent variable availability across all case studies while maintaining performance and reliability.
Core Pre-Render Architecture (_scripts/setup.R)
The production setup script implements advanced data management with comprehensive error handling: {#lst-setup-architecture}
# Advanced worldbuilding data processing with caching
library(here)
library(yaml)
library(dplyr)
# Error handling wrapper
safe_load_world <- function() {
tryCatch({
# Check for cached data
cache_file <- here("_world_data.rds")
yaml_file <- here("_worldbuilding.yml")
# Intelligent cache management
if (file.exists(cache_file) &&
file.mtime(cache_file) > file.mtime(yaml_file)) {
message("Loading cached worldbuilding data...")
readRDS(cache_file)
} else {
message("Processing worldbuilding YAML...")
world_raw <- read_yaml(yaml_file)
# Advanced variable processing
world_processed <- process_world_variables(world_raw)
# Cache processed data
saveRDS(world_processed, cache_file)
world_processed
}
}, error = function(e) {
stop(paste("Failed to load worldbuilding data:", e$message))
})
}
# Dynamic year calculation system
process_world_variables <- function(world_data) {
current_year <- as.numeric(format(Sys.Date(), "%Y"))
# Generate year variables (year_plus_1 through year_plus_25)
for (i in 1:25) {
world_data[[paste0("year_plus_", i)]] <- current_year + i
}
# Generate past year variables (year_minus_1 through year_minus_5)
for (i in 1:5) {
world_data[[paste0("year_minus_", i)]] <- current_year - i
}
# Process nested structures and cross-references
world_data <- resolve_cross_references(world_data)
return(world_data)
}
# Load world data globally
world <- safe_load_world()Individual File Rendering Support
The solo_render.R script enables development of individual files while maintaining access to the complete worldbuilding system: {#lst-solo-render}
# _scripts/solo_render.R
# Enables individual file development with full world data access
if (!exists("world")) {
message("Loading worldbuilding data for solo render...")
source(here::here("_scripts", "setup.R"))
}
# Verify data availability
if (length(world) == 0) {
stop("Worldbuilding data not available. Check _worldbuilding.yml")
}
message(paste("World data loaded:", length(world), "variables available"))Integration in Quarto Documents
Case study files integrate seamlessly with the pre-render system through the global world object: {#lst-integration-documents}
---
title: "The `r world$avalanche_company_name` Incident"
subtitle: "A Case Study in `r world$avalanche_incident_type`"
---
# Executive Summary
On `r world$avalanche_incident_date`, `r world$avalanche_company_name`
experienced a significant cybersecurity incident affecting
`r world$avalanche_customers_affected` customers. The incident was
discovered by `r world$avalanche_discoverer_name`,
`r world$avalanche_discoverer_title`, who immediately escalated
to `r world$avalanche_ciso_name`, Chief Information Security Officer.
## Timeline
- **`r world$avalanche_discovery_time`**: Initial discovery
- **`r world$avalanche_escalation_time`**: Management notification
- **`r world$avalanche_containment_time`**: Threat containment
- **`r world$avalanche_resolution_time`**: Full system restorationError Handling and Debugging
The system includes comprehensive error management for production reliability: {#lst-error-handling}
# Validation functions for worldbuilding data
validate_world_data <- function(world) {
required_vars <- c(
"avalanche_company_name",
"avalanche_incident_date",
"avalanche_incident_type"
)
missing_vars <- setdiff(required_vars, names(world))
if (length(missing_vars) > 0) {
stop(paste("Missing required variables:",
paste(missing_vars, collapse = ", ")))
}
message("World data validation: PASSED")
return(TRUE)
}
# Debug function for variable inspection
inspect_world_variables <- function(pattern = NULL) {
if (is.null(pattern)) {
cat("Available world variables:\n")
cat(paste(names(world), collapse = "\n"))
} else {
matching <- names(world)[grepl(pattern, names(world))]
cat(paste("Variables matching '", pattern, "':\n", sep = ""))
cat(paste(matching, collapse = "\n"))
}
}Advanced Content Features
Callout Boxes
Create attention-grabbing content blocks: {#lst-callout-boxes}
Tabbed Content
Organize complex information: {#lst-tabbed-content}
Cross-References
Link sections and figures: {#lst-cross-references}
Working with Multiple Formats
HTML Output (Primary)
HTML serves as the primary format for interactive case studies, featuring sophisticated styling architecture that supports specialized cybersecurity education components: {#lst-html-output-production}
_quarto.yml
Production CSS Architecture
The Cyber Dimensions methodology employs a comprehensive 910+ line CSS system that provides specialized components for cybersecurity education: {#lst-production-css}
Social Media Component Styling: {#lst-social-media-components}
/* Twitter-style component */
.twitter-post {
background: #f7f9fa;
border: 1px solid #e1e8ed;
border-radius: 12px;
padding: 12px 16px;
margin: 16px 0;
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto;
}
.twitter-header {
display: flex;
align-items: center;
margin-bottom: 8px;
}
.twitter-avatar {
width: 40px;
height: 40px;
border-radius: 50%;
margin-right: 12px;
}
/* Discord-style component */
.discord-message {
background: #2f3136;
color: #dcddde;
padding: 8px 16px 8px 72px;
margin: 2px 0;
position: relative;
font-family: Whitney, "Helvetica Neue", Helvetica, Arial, sans-serif;
}
.discord-avatar {
position: absolute;
left: 16px;
top: 8px;
width: 40px;
height: 40px;
border-radius: 50%;
}
/* Signal-style component */
.signal-message {
background: #2090ea;
color: white;
padding: 8px 12px;
border-radius: 18px;
margin: 4px 0;
max-width: 70%;
word-wrap: break-word;
}
.signal-message.received {
background: #f1f1f2;
color: #000;
align-self: flex-start;
}
.signal-message.sent {
background: #2090ea;
color: white;
align-self: flex-end;
margin-left: auto;
}Timeline and Interactive Elements: {#lst-timeline-components}
/* Timeline component for incident progression */
.timeline {
position: relative;
padding: 0;
list-style: none;
}
.timeline::before {
content: '';
position: absolute;
left: 30px;
top: 0;
bottom: 0;
width: 2px;
background: #007bff;
}
.timeline-item {
position: relative;
margin-bottom: 30px;
padding-left: 70px;
}
.timeline-marker {
position: absolute;
left: 22px;
width: 16px;
height: 16px;
background: #007bff;
border: 3px solid #fff;
border-radius: 50%;
box-shadow: 0 0 0 3px #007bff33;
}
.timeline-content {
background: #f8f9fa;
padding: 15px;
border-radius: 8px;
border-left: 3px solid #007bff;
}
/* Evidence collection styling */
.evidence-item {
background: #fff3cd;
border: 1px solid #ffeeba;
border-left: 4px solid #ffb400;
padding: 12px;
margin: 8px 0;
border-radius: 4px;
}
.evidence-label {
font-weight: bold;
color: #856404;
font-size: 0.9em;
text-transform: uppercase;
letter-spacing: 0.5px;
}CSS Custom Properties for Theming: {#lst-css-custom-properties}
:root {
/* Cybersecurity color palette */
--cyber-primary: #007bff;
--cyber-danger: #dc3545;
--cyber-warning: #ffc107;
--cyber-success: #28a745;
--cyber-dark: #343a40;
/* Incident severity levels */
--severity-low: #28a745;
--severity-medium: #ffc107;
--severity-high: #fd7e14;
--severity-critical: #dc3545;
/* Component backgrounds */
--social-twitter: #1da1f2;
--social-discord: #5865f2;
--social-signal: #2090ea;
--social-reddit: #ff4500;
/* Typography */
--font-mono: 'Source Code Pro', Consolas, 'Courier New', monospace;
--font-display: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
}
/* Responsive breakpoints */
@media (max-width: 768px) {
.timeline-item {
padding-left: 50px;
}
.timeline::before {
left: 20px;
}
.timeline-marker {
left: 12px;
}
.social-component {
font-size: 0.9em;
}
}Multi-Format Output for Educational Contexts
For detailed guidance on configuring PDF, Word, and other output formats, see the Quarto Formats documentation.
Case Study-Specific Format Considerations:
- PDF: Best for formal instructor materials and assessment rubrics that need consistent formatting
- Word (DOCX): Essential for institutional compatibility and collaborative editing workflows
- HTML: Primary format for interactive elements, social media components, and multimedia integration
When configuring formats, ensure your custom CSS and social media component styling render appropriately across all target formats. Test timeline components and evidence presentation elements in each output format.
Interactive Content Development
Code Execution
Quarto allows for the execution of code. If you wish (though this is advanced), allow students to run cybersecurity tools: {#lst-code-execution}
Embedded Assessments
Create interactive self-check quizzes: {#lst-embedded-assessments}
Project-Specific Setup Considerations
Cybersecurity case studies have unique technical requirements that differ from standard academic or technical documentation projects. Your Quarto setup must support realistic cybersecurity interfaces, dynamic worldbuilding data, and multi-audience content delivery.
Key Project-Specific Considerations:
- Dynamic worldbuilding data integration through YAML and R pre-processing
- Multi-format output for diverse educational contexts (HTML, PDF, DOCX)
- Profile-based rendering for different audiences (students, instructors, developers)
- Social media component styling for authentic digital communication scenarios
- Timeline and evidence presentation components for incident analysis
- Cross-case character and organizational continuity
Deployment and Distribution
For comprehensive guidance on publishing Quarto projects to various platforms (GitHub Pages, Netlify, Quarto Pub, etc.), see the Quarto Publishing documentation.
Project-Specific Considerations for Case Study Distribution:
- Multi-format outputs: Ensure your deployment supports HTML (primary), PDF (print), and DOCX (institutional) versions
- Profile-based builds: Consider automating builds for different audiences (student vs. instructor versions)
- Asset management: Large media files may require CDN or external hosting for optimal performance
- Access control: Instructor materials may need private repositories or password protection
For packaging case studies for offline distribution or LMS integration, include all source files (.qmd, _worldbuilding.yml, _scripts/, assets/) to enable customization by other educators.
For general Quarto performance optimization guidance, see the Quarto Performance documentation.
Cybersecurity Case Study Specific Optimizations:
- Worldbuilding data caching: Use
.rdscaching for complex YAML processing (see_scripts/setup.Rexamples) - Large media assets: Host realistic cybersecurity screenshots and diagrams externally if they impact load times
- Social media component styling: Minimize CSS complexity for timeline and evidence components
Accessibility in Cybersecurity Education
For comprehensive accessibility guidance, see the Quarto Accessibility documentation. Accessibility priorities include:
- Technical interface screenshots: Provide detailed alt text describing security dashboard elements, network diagrams, and system interfaces
- Social media components: Ensure Twitter, Discord, and Signal mockups are navigable via keyboard and screen readers
- Evidence timelines: Structure timeline components with proper heading hierarchy and logical tab order
Project-Specific Troubleshooting
For basic Quarto installation, configuration, and rendering help, refer to the comprehensive Quarto documentation. This chapter focuses specifically on cybersecurity case study project setup considerations.
Worldbuilding Data Not Loading:
- Verify
_worldbuilding.ymlsyntax is valid YAML - Check that
_scripts/setup.Ris properly configured in_quarto.ymlpre-render - Ensure R packages
hereandyamlare installed
Profile Rendering Problems:
- Confirm profile configuration files exist (
_quarto-teacher.yml, etc.) - Verify conditional content syntax:
::: {.content-visible when-profile="student"} - Check that profile names match between configuration and content files
Social Media Component Styling Issues:
- Verify custom CSS files are properly linked in
_quarto.yml - Check that
.twitter-post,.discord-message, etc. classes are defined - Ensure SCSS compilation is working if using custom themes
Implementation Roadmap
With your Quarto foundation established, proceed through these development phases:
- Explore advanced worldbuilding for complex scenarios that support interconnected narratives (see Section 2.5.2 in the Methodology chapter)
- Learn styling techniques for custom appearance that enhances immersive fiction (see Section 2.5.1 in the Methodology chapter)
- Study assessment design for effective evaluation using flexible assessment approaches (see Section 2.5.5 in the Methodology chapter)
- Review quality assurance for professional output standards
This systematic approach ensures your technical implementation aligns with the posthuman cybersecurity education methodology while maintaining professional educational standards.
Note that as of August 2025,
_brand.ymldoes not work with book projects.β©οΈ