4  Tutorial

This tutorial walks you through creating compelling cybersecurity case studies using the Cyber Dimensions methodology—a research-based approach that helps your students engage with the complex, collaborative realities of cybersecurity work. Rather than simply presenting technical concepts, this method helps you create realistic scenarios where your students experience how cybersecurity teams actually coordinate across technology, people, and organizations.

This methodology was developed and refined through Design-Based Research at the University of Arizona, including implementation in the published “Cyber Dimensions” textbook (Straight, 2024) and systematic analysis of the NICE Workforce Framework (Straight, 2025). Classroom implementation revealed that your students engaging with these interconnected scenarios will develop enhanced capabilities for understanding cybersecurity as collaborative, distributed work rather than individual technical problem-solving.

Student Learning Evidence

Implementation of this methodology across multiple cybersecurity education contexts revealed consistent patterns in student learning that align with industry workforce needs. Analysis of the NICE Workforce Framework using systematic coding techniques identified 47 task statements that explicitly require coordination with rather than control over technological systems, supporting this pedagogical emphasis on collaborative practice you’ll be implementing. This, however, is the exception to the rule.

Through this tutorial, you’ll learn to create case studies that develop essential cybersecurity capabilities. Your students engaging with these scenarios will develop systems thinking—the ability to recognize how cybersecurity incidents involve complex interactions between technology, people, and organizational processes rather than isolated technical problems. They’ll also strengthen collaborative problem-solving skills through working effectively with diverse stakeholders including technical teams, management, legal departments, and communications staff during security incidents.

The methodology particularly emphasizes technology integration, helping your students develop practical skills for coordinating human analysis with automated tools and systems rather than treating technology as separate from human work. Your students will also enhance their communication across contexts, learning to translate technical findings for different audiences and coordinate response efforts across organizational boundaries. Finally, the approach develops ethical reasoning capabilities, helping your students understand how cybersecurity decisions affect multiple stakeholders and require consideration of competing values and constraints.

Classroom observation during “Cyber Dimensions” textbook implementation showed that your students engaging with interconnected scenarios will consistently demonstrate enhanced comfort with complexity and ambiguity—essential capabilities for cybersecurity professionals working in constantly evolving threat environments.

Core Principles

This methodology recognizes that cybersecurity work is inherently collaborative and distributed across people, technology, and organizational systems. Rather than teaching cybersecurity as individual technical skills, you can use effective case studies to help your students experience the coordination challenges that characterize real cybersecurity practice.

The approach builds on research establishing that cybersecurity effectiveness emerges through networks connecting human expertise, technological capabilities, and organizational processes. This understanding shapes every aspect of case study design:

The methodology operates on several interconnected principles that distinguish it from traditional case study approaches. Realistic complexity ensures scenarios preserve the ambiguity and multiple stakeholder perspectives that characterize actual cybersecurity incidents, rather than simplifying problems into neat academic exercises. This complexity supports collaborative problem-solving where students work with others and coordinate with technological tools rather than solving problems in isolation.

Each case study you create should maintain a systems perspective, demonstrating how cybersecurity decisions ripple across technical, organizational, and social domains. Your approach should deliberately incorporate multiple stakeholder views, including perspectives from technical analysts, management, legal teams, communications staff, and affected communities. Finally, technology integration helps your students learn to work WITH automated tools and systems as partners rather than treating technology as separate from human analysis.

This framework extends postphenomenological analysis in cybersecurity education by integrating insights about human-technology relations with practical case study development. The synthesis addresses the gap between theoretical sophistication and pedagogical utility identified in cybersecurity education literature.

Phase 1: Getting Started

When you develop effective case studies, you need systematic organization that keeps track of interconnected story elements, characters, and technical details. The “Cyber Dimensions” textbook development revealed that consistent project organization is essential for maintaining realistic story continuity across multiple scenarios.

The “Cyber Dimensions” textbook uses a centralized worldbuilding system that manages all fictional data through a structured YAML file and automated processing. This approach ensures consistency across multiple interconnected case studies you create while making updates efficient and reliable.

Centralized Worldbuilding

Rather than managing character and organizational information in separate folders, you can use this methodology’s single master data file that feeds all your case studies:

Core Architecture:

• _worldbuilding.yml - Master data file containing 933+ variables for characters, organizations, technologies, and relationships
• _scripts/setup.R - Pre-render script that converts YAML data into a cached R data object
  
• _world_data.rds - Binary cache file for fast loading during document rendering
• _scripts/solo_render.R - Script sourced by individual case studies to access the world object

This system ensures that when a character appears in multiple cases you create, their details remain consistent. For example, Katherine Pillar appears as CEO of TechGiant in one case while her sister Eleanor Pillar appears as CEO of Quantum Frontier in another case—the family relationship is maintained automatically through your centralized data.

Using World Data

Each case study file you create includes a setup chunk that loads the centralized world data, then references variables throughout the narrative using inline R code. This approach makes updating character names, company details, or relationships efficient across all your cases.

Example Implementation:

```r
# At the top of each case study QMD file
source(here::here("_scripts", "solo_render.R"))
```

Using Variables in Content:

Founded in 2005, `r world$company_name` 
has rapidly become a leader in the social media and technology industry. 
The company's mission is to create innovative digital solutions that 
enhance human connection and self-expression in the online world.

**Key facts about** `r world$company_name`:

- Founded: 2005
- Headquarters: Palo Alto, California  
- CEO: `r world$ceo_name_salutation` `r world$ceo_name_first` `r world$ceo_name_last`
- Annual Revenue: $78 billion (2023)

This systematic approach means that changing a character’s name or role in your _worldbuilding.yml file automatically updates it across all case studies that reference that character. The approach emerged from classroom observation showing that your students will engage more deeply with scenarios when they recognize familiar characters and organizations from previous cases, creating a sense of inhabiting a coherent professional world.

Quarto Configuration

Your project requires specific Quarto configuration to enable the centralized worldbuilding system. The pre-render script ensures world data is processed before your individual case studies are rendered.

Essential _quarto.yml Settings:

project:
  type: default
  pre-render: _scripts/setup.R  # Processes _worldbuilding.yml before rendering
  render:
    - "**/*.qmd"
    - "!**/*.md"  # Exclude markdown files to avoid duplicates

format:
  html:
    theme: bootstrap
    css: assets/styles.css
    toc: true
    toc-depth: 2
    number-sections: false
    code-fold: false  # Show R code chunks for educational purposes if desired
    
execute:
  freeze: auto  # Cache R code execution for performance
  echo: false   # Hide R code in output by default
  message: false
  warning: false

Key Configuration Elements:

• pre-render: _scripts/setup.R - Essential for processing the YAML world data before any QMD files are rendered
• R execution settings - Configured to hide technical details while showing educational content
• Styling - Consistent visual presentation across all case studies

Phase 2: Worldbuilding Data

Setting Up _worldbuilding.yml {#sec-worldbuilding-yml-setup}

Your centralized worldbuilding system starts with a structured YAML file containing all the fictional data for your case studies. This file defines characters, organizations, technologies, and their relationships across multiple scenarios. (The following describes a simple single-case project.)

Creating _worldbuilding.yml:

# _worldbuilding.yml - Master data file for case studies
world:
  # Global Settings
  this_year: 2025  # Base year for timeline calculations
  textbook_title: "Your Case Study Collection Title"
  
  # Cross-Case Organizations (appear in multiple scenarios)
  technewstoday_name: "TechNewsToday" 
  technewstoday_handle: "\@TechNewsToday"
  
  # Cybersecurity Incident Case Study
  cyberincident_company_name: "SecureCorpInc"
  cyberincident_company_shortname: "SCI"
  cyberincident_ciso_fullname: "Dr. Maria Rodriguez"
  cyberincident_ciso_lastname: "Rodriguez"
  cyberincident_security_analyst_fullname: "Alex Chen"
  cyberincident_security_analyst_lastname: "Chen"
  cyberincident_threat_name: "Operation Shadow Walker"
  
  # External Organizations
  consultant_firm_name: "CyberGuard Solutions"
  consultant_lead_name_first: "Sarah" # CROSS-CASE: Could appear in other scenarios
  consultant_lead_name_last: "Kim"
  consultant_lead_name_salutation: "Ms."
  
  # News Organizations (appear across cases for realistic media coverage)
  news_outlet1_name: "CyberToday"
  news_outlet1_reporter_fullname: "Jennifer Walsh"
  news_outlet1_reporter_lastname: "Walsh"

Key YAML Structure Principles:

• Consistent mutli-case naming patterns - Use prefixes like casename_ to group related variables
• Full and last names - Separate variables allow flexible referencing in different contexts
• Cross-case annotations - Comments like # CROSS-CASE: track character relationships across scenarios
• Hierarchical organization - Group related characters and organizations together

Phase 3: Processing Scripts

Your worldbuilding system requires two R scripts to process and load the YAML data into your case studies. While the following may seem overly technical, it is set-it-and-forget-it. Using the project format described in this toolkit, you won’t need to make any edits.

When you render individual files for testing, you’ll need a pre-render script so they can access the world$ parameter values. Create _scripts/setup.R to process your _worldbuilding.yml data:

# _scripts/setup.R - Pre-render script to process worldbuilding data

library(yaml)
library(here)

message("Processing worldbuilding data...")

yaml_file <- here::here("_worldbuilding.yml")
rds_file <- here::here("_world_data.rds")

# Check if processing is needed (performance optimization)
process_yaml <- TRUE
if (file.exists(rds_file) && file.exists(yaml_file)) {
  if (file.mtime(yaml_file) <= file.mtime(rds_file)) {
    message("World data is up-to-date. Skipping processing.")
    process_yaml <- FALSE
  }
}

if (process_yaml) {
  # Load YAML data
  if (file.exists(yaml_file)) {
    world_data <- yaml::read_yaml(yaml_file)
    world <- world_data$world
    
    # Save processed data for fast loading
    saveRDS(world, rds_file)
    message("World data processed and cached successfully!")
  } else {
    stop("_worldbuilding.yml not found. Cannot process world data.")
  }
}

Data Loader Script

Create _scripts/solo_render.R for your individual QMD files to load the world data. This is a simple quality of life improvement, negating the need to render the entire project to check individual file changes.

# _scripts/solo_render.R - Loads world data for individual QMD files

rds_file <- here::here("_world_data.rds")

if (file.exists(rds_file)) {
  world <- readRDS(rds_file)
  # message("World data loaded successfully for QMD rendering")
} else {
  stop("_world_data.rds not found. Run pre-render script first.")
}

Now your case study QMD files can access all the centralized world data through the world object, ensuring consistency across multiple scenarios while making updates manageable through your single YAML file.

Loading World Data

Each case study file you create needs to load the centralized world data to access shared variables. This approach ensures all your cases use consistent character names, organizations, and details while keeping the code simple and maintainable. Every case study QMD file you create should start with this setup:

```r
# Load centralized world data system
source(here::here("_scripts", "solo_render.R"))

# The 'world' object now contains all variables from _worldbuilding.yml
# You can access any variable using world$variable_name syntax
# For example:
# - world$junior_analyst_name_first (role-based naming)
# - world$company_name  
# - world$incident_date
# - world$ceo_name_salutation
```

This approach provides several key benefits for your cybersecurity case study development:

• Consistency: All your cases use the same character and organization data
• Maintainability: Updates to character details only need to happen in one place
• Cross-case continuity: Characters can appear across multiple scenarios you create with consistent backgrounds
• Performance: RDS caching makes loading fast even with large worldbuilding files

Phase 4: Case Study Content

Once you establish your centralized worldbuilding system, you can create case study content that dynamically references shared data. This approach ensures consistency across all your cases while allowing for rich, interconnected narratives that feel authentic and professionally realistic.

For example, you can create cases/organizational-breach/breach-scenario.qmd:

On `r world$incident_date`, 
`r world$company_name` experienced a significant data breach that 
affected approximately `r world$records_compromised` 
customer accounts. This case study examines the incident from multiple 
professional perspectives, highlighting the complex interplay of technical 
systems, organizational processes, and human decision-making in cybersecurity.

::: {.learner-experience title="Learning Outcomes"}
Through engagement with this case study, participants develop **practical
cybersecurity capabilities** including:

- Understanding how cybersecurity involves coordination across technical systems, 
  organizational processes, and human decision-making
- Recognizing why effective incident response requires multi-perspective analysis 
  and coordinated response
- Developing ethical frameworks for cybersecurity decision-making that consider 
  multiple stakeholders
- Building resilience through comprehensive preparation that includes technical, 
  organizational, and human factors
:::

## Organizational Context

### Company Background

Background: `r world$company_name` operates as a distributed 
software development company with employees 
across Austin, Portland, and remote locations. The organization specializes in 
collaborative cloud infrastructure for small businesses, led by CEO 
`r world$ceo_name_salutation` `r world$ceo_name_first` `r world$ceo_name_last` and supported by Infrastructure Manager 
`r world$security_director_name_salutation` `r world$security_director_name_first` `r world$security_director_name_last`.

### Key Personnel

The incident response involved several critical team members:

- **`r world$ceo_name_salutation` `r world$ceo_name_first` `r world$ceo_name_last`** 
  (CEO): Strategic decision-making and 
  external communications
- **`r world$security_director_name_salutation` `r world$security_director_name_first` `r world$security_director_name_last`** 
  (Security Director): Technical infrastructure assessment and 
  remediation coordination
- **`r world$junior_analyst_name_salutation` `r world$junior_analyst_name_first` `r world$junior_analyst_name_last`** 
  (Junior Analyst): Junior team member learning incident 
  response procedures

## Technical Infrastructure

The company's **CollaborativeCloud Infrastructure** provides integrated services including:

- **File Synchronization Systems**: Automated data coordination across organizational boundaries
- **Authentication Networks**: Multi-factor access control systems
- **Distributed Storage**: Geographically distributed data persistence with redundancy

## The Security Incident

### Attack Analysis

The breach occurred through a sophisticated phishing campaign that exploited the interconnected nature of the company's communication and authentication systems. The attack succeeded through:

**Email System Compromise**: The attackers leveraged `r world$junior_analyst_name_first` `r world$junior_analyst_name_last`'s trust in routine organizational communications, successfully bypassing initial security awareness training

**Credential Harvesting**: The phishing attack captured authentication credentials that provided access to internal file synchronization systems

**Lateral Movement**: Once inside the network, attackers moved systematically through interconnected systems, exploiting trust relationships between services

### Event Timeline

The incident unfolded over several days, demonstrating how cybersecurity breaches often involve complex sequences of technical and organizational responses:

**Day 1 (** `r world$incident_date` **)**: Initial phishing email received by `r world$junior_analyst_name_first` `r world$junior_analyst_name_last` during routine morning email check

**Day 1-2**: Attackers establish persistence within internal systems and begin reconnaissance of network architecture

**Day 3**: Lateral movement begins as attackers exploit service account privileges to access customer data repositories

**Day 4**: Breach detection through automated monitoring systems alerts `r world$security_director_name_first` `r world$security_director_name_last` to unusual data access patterns

## Impact Assessment

### Organization Impact

The breach created significant impacts across multiple organizational levels:

- **Customer Data Exposure**: Approximately `r world$records_compromised` customer records containing personal and business information were accessed
- **Operational Disruption**: 72-hour service suspension while systems were secured and rebuilt
- **Trust and Reputation**: Customer confidence declined, requiring extensive communication and relationship rebuilding
- **Financial Impact**: `r world$direct_costs` in direct response costs plus ongoing reputation and relationship effects

### Regulatory Impact

The incident triggered multiple compliance and legal obligations:

- **Notification Requirements**: State and federal breach notification laws required customer and regulatory notifications within specific timeframes
- **Audit Requirements**: Industry regulators initiated formal security assessment procedures
- **Legal Obligations**: Multiple jurisdictions created overlapping compliance obligations requiring coordination

## Discussion Framework

### Technical Questions

1. **How do different human-technology interactions** create vulnerabilities and protective capabilities within cybersecurity systems?
2. **What role do automated monitoring systems play** in detecting and responding to cybersecurity incidents, and how should organizations balance automation with human oversight?
3. **How can multi-factor authentication systems** strengthen organizational security while maintaining usability for legitimate users?

### Ethics & Organization

1. **How should responsibility be distributed** across individuals, technical systems, and organizational policies during cybersecurity incidents?
2. **What ethical obligations emerge** when cybersecurity incidents affect customers and business partners beyond the immediate organization?
3. **How should incident response transparency balance** public communication needs with operational security requirements?

### Professional Development

1. **How can junior cybersecurity professionals like** `r world$junior_analyst_name_first` `r world$junior_analyst_name_last` **develop expertise** through structured incident response experiences?
2. **What career pathways exist** for cybersecurity professionals interested in incident response and infrastructure management?
3. **How do industry certifications and continued education** support professional growth in cybersecurity fields?

### Response & Recovery

1. **How can incident response be understood** as organizational reconstruction rather than simply technical remediation?
2. **What communication strategies** should address the needs of different stakeholder groups in recovery processes?
3. **How can trust be rebuilt** across customer, employee, and partner relationships that have been affected by the incident?

## Learning Outcomes

This case study demonstrates:

- **Systems Thinking**: Cybersecurity emerges through coordination across technical, organizational, and human factors, not individual control over isolated systems
- **Multi-perspective Analysis**: Understanding how security incidents affect multiple stakeholder groups and organizational systems
- **Professional Response Capabilities**: Developing skills for coordinating complex organizational and technical responses
- **Ethical Professional Practice**: Recognizing responsibility across individual, organizational, and systemic levels

## Recovery & Improvement

Consider how TechnoCollaborative Systems should approach **organizational strengthening** through:

1. **Enhanced Security Training**: Improved coordination between human awareness and automated security systems
2. **Long-term Organizational Resilience**: Strategic development of adaptive capabilities across organizational departments
3. **Continuous Learning Programs**: Ongoing education programs that strengthen cybersecurity knowledge and skills
4. **Incident Response Preparation**: Pre-established response teams that can rapidly coordinate during security events

Phase 5: Case Study Assessment

Assessment Design

When you design effective case study assessments, you should measure your students’ ability to analyze complex cybersecurity scenarios from multiple perspectives rather than testing isolated technical knowledge. Your well-designed evaluations should encourage students to engage with realistic professional challenges that integrate technical systems, organizational processes, and human decision-making.

You can create cases/organizational-breach/breach-assessment.qmd:

# Assessment: TechnoCollaborative Systems Data Breach Analysis

This assessment evaluates your ability to analyze complex cybersecurity incidents from multiple professional perspectives. Rather than testing isolated technical knowledge, this evaluation measures your capacity to understand and work with the interconnected technical, organizational, and human factors that characterize real-world cybersecurity challenges.

::: {.assessment-strategy title="Assessment Philosophy"}
This evaluation measures your capacity to engage effectively with **professional cybersecurity practice** by:

- Understanding how cybersecurity involves multiple stakeholders, systems, and organizational factors
- Recognizing how effective incident response requires coordination across technical systems, organizational processes, and human decision-making
- Developing capabilities for analyzing complex cybersecurity scenarios from multiple professional perspectives
- Demonstrating ethical frameworks that consider responsibilities to various stakeholder groups
- Creating practical approaches that address organizational complexity while maintaining security effectiveness
:::

## Part I: Technical Analysis (40 points)

### Component 1: Human-Tech Integration (15 points)

Analyze the `r world$company_name` data breach through professional cybersecurity frameworks that examine how human and technical factors interact in security incidents:

a) **Identify specific human-technology interactions** that enabled the security breach, explaining how user behavior and system design created vulnerability pathways

b) **Examine monitoring and detection systems** used by cybersecurity professionals to identify threats, and analyze how these systems failed to prevent the incident

c) **Analyze automated security systems** and their role in the organization's security posture, discussing how enhanced system configuration might have provided better protection

d) **Evaluate infrastructure elements** that created environmental conditions for the attack, identifying areas that require enhanced security attention

### Component 2: Timeline & Impact (15 points)

Create detailed **incident analysis documentation** that traces how the data breach propagated through organizational systems:

a) **Map primary stakeholders** (individuals, systems, departments) involved in the incident, indicating their roles and responsibilities in the security incident

b) **Identify critical system dependencies** through which the attack had to travel, explaining why these network positions became critical vulnerability points

c) **Trace attack progression** showing how the incident developed over time through different organizational systems, demonstrating technical and procedural failures

d) **Analyze broader impacts** that extended beyond immediate technical systems to include regulatory requirements, customer relationships, and industry reputation

### Component 3: Responsibility (10 points)

Develop a **professional responsibility analysis** that examines ethical obligations across different stakeholder groups:

a) **Apply response-ability frameworks** that examine how ethical obligations emerge through relationships among humans, technologies, and organizational systems

b) **Analyze stakeholder impacts** that demonstrate how cybersecurity practices require attention to various affected groups and communities

c) **Evaluate accountability mechanisms** that extend responsibility beyond individual practitioners to include organizational and systemic factors

## Part II: Response & Ethics (35 points)

### Component 4: Stakeholder Impact (15 points)

Examine how the data breach affected diverse **stakeholder groups**:

a) **Customer Impact**: Analyze how approximately `r world$records_compromised` customers experienced disruption, considering both immediate data exposure risks and ongoing relationship effects

b) **Employee Impact**: Evaluate how staff within `r world$company_name` experienced professional, ethical, and technical challenges during the incident response

c) **Regulatory Impact**: Assess how the incident activated governmental and industry oversight responsibilities and compliance requirements

d) **Industry Impact**: Examine broader effects on cybersecurity professional community and industry trust relationships

### Component 5: Decision Scenarios (20 points)

`r world$ceo_name_salutation` `r world$ceo_name_first` `r world$ceo_name_last` faces complex **leadership decisions** that require professional ethical analysis:

**Decision Scenario A**: Cross-organizational collaboration with potential information sharing risks requires balancing security improvement against proprietary information protection

**Decision Scenario B**: Customer transparency demands must be balanced against vulnerability disclosure that could affect the broader industry

**Decision Scenario C**: Communication strategies must address organizational, media, and regulatory stakeholder needs simultaneously

For each scenario:
a) **Identify decision complexity** including all stakeholders and systems that could be affected by decision outcomes
b) **Apply professional ethical frameworks** that recognize shared responsibility and professional obligations
c) **Develop coordination strategies** that balance competing priorities while maintaining professional standards

## Part III: Security Programs (25 points)

### Component 6: Program Development (15 points)

Design a **comprehensive security improvement program** that addresses multiple organizational levels:

a) **Immediate Stabilization** (0-30 days): Identify actions that strengthen security controls while maintaining operational business function

b) **System Integration Enhancement** (1-6 months): Develop programs that improve coordination among diverse organizational elements including staff training, technological systems, and organizational processes

c) **Long-term Organizational Resilience** (6-24 months): Create strategic approaches that enhance adaptive capabilities across organizational departments while addressing complex interdependencies

For each phase, demonstrate understanding of:
- How comprehensive security programs integrate technical, organizational, and human factors
- Why coordination among different organizational elements enhances rather than complicates security programs
- How measurement approaches must account for organizational rather than purely technical security outcomes

### Component 7: Learning Programs (10 points)

Create **ongoing education programs** that strengthen organizational cybersecurity capabilities:

a) **Professional Development Training**: Design learning programs that help staff develop capabilities for working effectively within complex organizational and technical environments

b) **Technology Integration Education**: Develop educational approaches that enhance staff understanding of and effective use of cybersecurity technologies and systems

c) **Organizational Resilience Development**: Create training programs that build cybersecurity capabilities across organizational departments rather than concentrating them in individual specialists

d) **Assessment Integration**: Design evaluation approaches that measure practical cybersecurity competency development and organizational preparedness

## Submission Requirements

Your completed incident analysis should demonstrate:

- **Professional Analysis Depth**: 2,500-3,500 words that show deep engagement with complex cybersecurity challenges rather than surface-level technical summary
- **Framework Integration**: Appropriate use of cybersecurity professional frameworks with proper industry and academic citations
- **Professional Communication**: Formatting and presentation that demonstrates capability for engaging with cybersecurity professional environments
- **Systems Thinking**: Evidence of understanding how cybersecurity involves coordination across technical, organizational, and human factors
- **Practical Application**: Recommendations that recognize organizational complexity while maintaining operational feasibility

Submit according to your instructor's guidance.

Phase 6: Visual Design

Visual design supports educational effectiveness by creating professional interfaces that help your students engage with cybersecurity concepts in contexts that mirror industry standards. Rather than treating styling as decorative, your thoughtful design choices enhance readability, reinforce professional standards, and support learning objectives.

An example of assets/styles.css:

/* Visual design that supports educational effectiveness */
/* and mirrors industry-standard presentation */

/* Professional callout styling for enhanced readability */
.callout-learning-objective {
  border-left: 5px solid #6f42c1; /* Posthuman theoretical purple */
  background: linear-gradient(135deg, #f8f4ff 0%, 
                                   #ede7ff 100%);
  padding: 1.25rem;
  margin: 1.5rem 0;
  box-shadow: 0 2px 8px rgba(111, 66, 193, 0.1);
  border-radius: 0.5rem;
}

.callout-security-alert {
  border-left: 5px solid #e83e8c; /* Assemblage analysis pink */
  background: linear-gradient(135deg, #fff5f8 0%, 
                                   #ffe8f1 100%);
  padding: 1.25rem;
  margin: 1.5rem 0;
  box-shadow: 0 2px 8px rgba(232, 62, 140, 0.1);
  border-radius: 0.5rem;
}

.callout-theoretical-foundation {
  border-left: 5px solid #17a2b8; /* Theoretical foundation teal */
  background: linear-gradient(135deg, #f0fcff 0%, 
                                   #e0f8ff 100%);
  padding: 1.25rem;
  margin: 1.5rem 0;
  box-shadow: 0 2px 8px rgba(23, 162, 184, 0.1);
  border-radius: 0.5rem;
}

/* Professional typography for cybersecurity education */
h1, h2, h3 {
  color: #2d3436;
  font-weight: 600;
  line-height: 1.3;
  font-family: 'Inter', -apple-system, BlinkMacSystemFont, 
                sans-serif;
}

h1 {
  border-bottom: 3px solid #6f42c1;
  padding-bottom: 0.5rem;
  margin-bottom: 2rem;
}

h2 {
  border-bottom: 2px solid #e83e8c;
  padding-bottom: 0.3rem;
  margin-top: 2.5rem;
  margin-bottom: 1.5rem;
}

/* Code blocks that emphasize computational agency */
pre {
  background: linear-gradient(135deg, #2d3436 0%, #636e72 100%);
  color: #ddd;
  border: none;
  border-radius: 0.5rem;
  padding: 1.5rem;
  overflow-x: auto;
  box-shadow: 0 4px 12px rgba(45, 52, 54, 0.3);
  font-family: 'JetBrains Mono', 'Fira Code', 
                monospace;
}

/* Professional emphasis styling */
strong {
  color: #0056b3;
  font-weight: 700;
}

em {
  color: #6c757d;
  font-style: italic;
}

/* Professional table styling */
table {
  width: 100%;
  border-collapse: separate;
  border-spacing: 0;
  margin: 2rem 0;
  border-radius: 0.5rem;
  overflow: hidden;
  box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
}

th, td {
  padding: 1rem;
  text-align: left;
  border-bottom: 1px solid #e9ecef;
}

th {
  background: linear-gradient(135deg, #0056b3 0%, #004494 100%);
  color: white;
  font-weight: 600;
  text-transform: uppercase;
  letter-spacing: 0.5px;
}

tbody tr:hover {
  background-color: #f8fbff;
  transition: background-color 0.2s ease;
}

/* Responsive design for accessibility */
@media (max-width: 768px) {
  .container {
    padding: 0 1rem;
  }
  
  h1 {
    font-size: 1.75rem;
  }
  
  h2 {
    font-size: 1.4rem;
  }
  
  table {
    font-size: 0.875rem;
  }
  
  .callout-learning-objective,
  .callout-security-alert,
  .callout-best-practice {
    padding: 1rem;
    margin: 1rem 0;
  }
}

/* Special styling for educational comments */
.educational-comment {
  background: linear-gradient(135deg, #fff3cd 0%, #ffeaa7 100%);
  border-left: 4px solid #ff9800;
  padding: 1rem;
  margin: 1rem 0;
  border-radius: 0.375rem;
  font-style: italic;
  color: #856404;
}

Phase 7: Quality Assurance

Rendering & Testing

When you render your documents, this creates functional educational materials from your source files and centralized data. This process transforms your QMD files and YAML data into polished, professional case studies ready for your classroom use.

# Render individual case study files
quarto render cases/organizational-breach/breach-scenario.qmd
quarto render cases/organizational-breach/breach-assessment.qmd

# Render entire project for comprehensive testing
quarto render

Verification Checklist

You should verify your case study quality through comprehensive quality indicators that ensure educational effectiveness:

• Data integration: All your centralized world variables properly load and display across documents
• Content consistency: Character names, organizations, and details remain consistent throughout your cases
• Professional accuracy: Your technical content accurately reflects current cybersecurity industry practices
• Educational alignment: Your assessment questions support stated learning objectives and competency development
• Technical functionality: All cross-references, links, and formatting render correctly across output formats

Phase 8: Iterative Improvement

Your refinement should follow Design-Based Research principles that generate systematic evidence about educational effectiveness while improving practical implementation:

• Educational Researchers: You can collaborate with researchers to evaluate pedagogical effectiveness in developing cybersecurity professional competencies
• Cybersecurity Instructors: You should assess classroom implementation success and student engagement with your case study materials
• Student Participants: You can collect evidence about learning outcomes and engagement with realistic cybersecurity scenarios
• Industry Professional Networks: You should verify authenticity of your scenario representations and professional relevance

Quality Evaluation

• Pedagogical Effectiveness: Ensure your case study complexity supports learning objectives without overwhelming student engagement
• Professional Authenticity: Verify that your characters and scenarios demonstrate realistic cybersecurity professional characteristics
• Industry Accuracy: Confirm that your case study interactions reflect actual cybersecurity professional practice patterns
• Educational Functionality: Validate that your case studies successfully enable cybersecurity competency development

Development Progression

You have successfully created your first cybersecurity case study using centralized worldbuilding—a coherent educational system that combines theoretical rigor with practical classroom utility. This approach demonstrates how your systematic development enhances rather than complicates cybersecurity education.

1. Systematic Worldbuilding Development: Develop more complex character and organizational networks that support multiple interconnected case studies
2. Narrative Design for Professional Authenticity: Create storytelling approaches that develop realistic professional scenarios with genuine educational value
3. Comprehensive Assessment Framework Implementation: Design evaluation systems that measure professional cybersecurity competency development
4. Professional Case Study Examples: Explore the demo repository to study how established case studies demonstrate effective educational design principles in practice

This tutorial demonstrates how your systematic educational development can simultaneously advance practical classroom effectiveness and educational innovation. Your centralized approach creates a sustainable foundation for developing multiple interconnected cybersecurity case studies while maintaining professional authenticity and educational rigor.

Implementation-guidanceComplete Implementation Example

To see this methodology in practice, explore the Cyber Dimensions Demo Repository, which showcases a complete implementation of the centralized worldbuilding system with four fully-developed case studies. The demo illustrates how the _worldbuilding.yml system maintains character and organizational consistency across multiple scenarios while supporting rich narrative development and professional assessment design.

Technical Support

World data not loading:

• Verify your _scripts/setup.R executed successfully with appropriate processing messages
• Confirm your _world_data.rds exists and contains expected world variables
• Validate YAML syntax in your _worldbuilding.yml maintains proper structure and indentation

Case study rendering failures:

• Check for missing R packages that support your world data processing (yaml, here)
• Ensure your file paths use here::here() function for cross-platform compatibility
• Verify your Quarto configuration enables R code execution and variable substitution

Variable reference issues:

• Confirm your solo_render.R is sourced correctly at the beginning of your QMD files
• Verify your variable names match exactly between YAML file and R expressions (case-sensitive)
• Ensure your R inline code uses proper syntax: `r world$variable_name`

Support Resources

• Methodology Documentation: Consult the cybersecurity education methodology guide for comprehensive pedagogical frameworks and design principles
• Development Templates: Reference systematic worldbuilding templates that demonstrate effective case study development
• Professional Examples: Analyze established case study implementations that demonstrate educational effectiveness in practice
• Educational Community: Engage with cybersecurity education professional networks for ongoing pedagogical and technical development

Implementation-guidanceTutorial Complete

You have successfully created your first cybersecurity case study using centralized worldbuilding! The TechnoCollaborative Systems data breach demonstrates effective integration of:

• Systematic data management through centralized YAML-based worldbuilding
• Professional authenticity across realistic characters and organizational scenarios
• Multi-perspective analysis of cybersecurity incidents from various stakeholder viewpoints
• Educational effectiveness that combines theoretical rigor with practical application
• Evidence-based methodology that generates systematic approaches to case study development

This achievement represents significant contribution to cybersecurity education methodology while maintaining practical utility for classroom implementation. You are now prepared to develop increasingly complex and interconnected cybersecurity case study systems.

Straight, R. (2024). Beyond Human-Centric Models in Cybersecurity Education: A Pilot Posthuman Analysis of the NICE Workforce Framework for Cybersecurity. Journal of Cybersecurity Education, Research and Practice, 2024(1). https://doi.org/10.62915/2472-2707.1210

Straight, R. (2025). Cyber Dimensions: Immersive Case Studies Across Digital Domains (1st ed.). Kendall Hunt.