The Core Shift

At their heart, these activities aim to transform how students think about AI. Instead of viewing AI as either an adversary to guard against or a passive tool to be wielded, students come to see AI as a collaborative partner they work alongside.

This conceptual shift matters because modern cybersecurity genuinely requires humans and AI to work together. In today’s Security Operations Centers, AI systems process tens of thousands of security events every second, far more than any human team could monitor manually. Human analysts don’t replace this automated processing; instead, they coordinate with it, bringing contextual judgment and creative problem-solving to complement AI’s speed and pattern recognition.

Grade-Band Differentiation

Each of the three activities includes four developmentally-appropriate versions designed to meet students where they are. The core concepts remain consistent across grade bands, but the scenarios, vocabulary, and complexity scale appropriately.

Low-Resource Implementation

One key design principle guided our development: the framing matters more than the technology. We wanted these activities to work in any classroom, regardless of technology access. As a result, they function effectively with any level of AI availability:

• Full access: Students partner directly with ChatGPT, Claude, etc.
• Limited access: Rotation stations, shared accounts
• No AI access: Pre-generated response cards, teacher as AI voice

Interestingly, the low-resource options often create better learning opportunities. When students cannot simply ask AI for answers, they must engage more deeply with the material and think critically about what AI might contribute to the problem at hand.

NICE Framework Alignment

Every activity maps directly to real cybersecurity careers as defined by the NICE Workforce Framework, helping students see that what they are learning connects to genuine professional pathways.

This alignment ensures students recognize the direct connection between what happens in the classroom and the careers they might pursue. The activities do not merely simulate cybersecurity work; they introduce the authentic cognitive demands that professionals face daily.

The Posthuman Foundation

These activities emerge from my broader research program on posthuman pedagogy in cybersecurity education. Traditional educational approaches tend to treat humans as bounded, autonomous individuals who use external technologies as tools. A posthuman perspective, by contrast, recognizes that learning increasingly occurs across distributed networks that include both human and technological agents. We do not simply use AI; we think and learn with AI in ways that blur the traditional boundaries between human cognition and machine processing.

This theoretical grounding matters practically, not just philosophically. Rather than teaching students to master AI as a tool, these activities help them develop the collaborative sensibilities needed to work effectively within human-AI assemblages. The goal is not merely to prepare students for a future where AI is ubiquitous but to equip them for a present where human-AI collaboration is rapidly becoming the norm.

Materials and Resources

All materials from this presentation are freely available and ready for classroom use:

ryanstraight.github.io/nicek12-2025-materials

• 12 complete lesson plans (3 activities × 4 grade bands)
• Assessment rubrics (human-AI collaboration, decision-making quality, NICE Framework application)
• Technical setup guides (platform-specific and low-resource options)
• Ready-to-print evidence packets, worksheets, and AI response cards
• Annotated bibliography with research foundations and further reading
• Career connections linking activities to NICE Framework work roles
• Audience-specific guides for CTE programs, afterschool/outreach, and STEAM integration

Related Research

This presentation builds on several related research projects that explore posthuman approaches to technology education:

• Posthuman approaches to cybersecurity education
• Beyond human-centric models in technology education
• Decentering human agency in educational technology

A Framework for All Domains

This research emerged from my cybersecurity education work, specifically from watching students navigate increasingly complex relationships with AI tools in their security coursework. The framework isn’t about cybersecurity, though. It’s about instructional design.

Whether you’re teaching nursing students to work with clinical decision support systems, helping business students interrogate algorithmic hiring tools, or preparing engineering students for AI-assisted design work, you’re facing the same fundamental challenge: how do we design learning experiences when agency distributes across human and artificial actors in ways that fundamentally reshape what it means to learn, to know, to perform?

The Distributed Agency Problem

Traditional instructional design makes a comfortable assumption. We design for individual learners. Bounded humans acquiring discrete competencies, demonstrating individual mastery, progressing through carefully scaffolded experiences toward predetermined outcomes that we can measure, validate, certify.

This worked fine when educational technology meant overhead projectors and maybe a learning management system—tools that extended human capability without fundamentally scrambling the whole agency equation. AI changes everything.

When students collaborate with large language models to analyze security vulnerabilities, when they work alongside automated penetration testing tools that probe systems faster than human cognition can track, when threat intelligence platforms aggregate and synthesize data from thousands of sources simultaneously, agency doesn’t just expand—it redistributes, reconfigures, becomes something genuinely distributed across human cognition, artificial intelligence, technical infrastructures, organizational policies, and sociotechnical contexts that shape what’s even possible to think or do. Performance emerges. From the network, not from individuals.

Most instructional designers might respond to this by trying to stuff the genie back in the bottle. Academic integrity policies ban AI use. Learning objectives specify “without AI assistance” as the baseline competency. Assessment rubrics deduct points for using ChatGPT.

We’re designing learning experiences that deliberately exclude the actual agency configurations our students will navigate professionally, and then we wonder why there’s a disconnect between education and practice.

Four Posthuman Instructional Design Principles

The framework I’m presenting draws from posthuman theory, particularly Adams and Thompson’s (2016) methodology for investigating how humans and technologies shape each other through their entanglements. This offers instructional designers a different way forward, one that acknowledges distributed agency as legitimate rather than problematic.

Theoretical Grounding: Curriculum-as-Lived

These principles connect to Ted Aoki’s (2004) distinction between curriculum-as-planned and curriculum-as-lived: that inevitable, productive gap between what we design and what students actually experience. Traditional instructional design tries to minimize this gap. Posthuman instructional design leverages it. The learning that matters emerges from students’ lived experience navigating human-AI assemblages, not from executing predetermined objectives. We design the conditions for meaningful emergence, not the outcomes themselves.

So how do you actually implement this? The framework translates through four AI literacies that make posthuman principles concrete and actionable:

• Cognitive literacy: Understanding what AI can and can’t do within assemblages, not as isolated tools
• Civic literacy: Developing critical consciousness about AI’s role in reproducing or challenging social structures
• Creative literacy: Learning to configure novel human-AI collaborations that produce emergent solutions
• Critical literacy: Interrogating the power dynamics embedded in AI-mediated practices

These aren’t cybersecurity competencies, but rather transferable capacities for navigating AI-enhanced learning in any domain. They give instructional designers concrete targets that honor distributed agency while remaining implementable in actual courses with actual students who need actual grades.

Implementation Observations

The paper includes preliminary observations from my cybersecurity courses where I’ve been experimenting with these principles. Students’ reflections reveal something interesting: they move from seeing AI as a tool to experiencing it as a collaborator, from instrumental use toward genuine partnership, and from trying to extract value to cultivating relationships. They develop critical consciousness. They question algorithmic authority. They recognize their response-ability.

These remain observations, not validated findings, and the paper positions this as design scholarship proposing a framework for future empirical work, not presenting completed research. But the patterns suggest something worth pursuing systematically.

Research Directions

This framework opens several research trajectories that extend well beyond cybersecurity:

1. Comparative studies examining how posthuman principles manifest across different disciplines—what does distributed agency look like in nursing versus engineering versus humanities education?
2. Longitudinal research tracking how students’ capacity for response-ability and relationality develops over time
3. Assessment validity studies investigating whether posthuman approaches actually measure what matters for professional practice
4. Design process research exploring how instructional designers themselves navigate the shift from individual to assemblage thinking

Every discipline integrating AI faces these questions. The research opportunities are everywhere.

Why This Matters for Instructional Designers

AI integration isn’t just another educational technology to be incorporated into existing frameworks. Tt fundamentally challenges instructional design at its theoretical foundations, forcing us to reconsider basic assumptions about agency, learning, performance, and assessment.

If we respond by banning AI or treating it primarily as an integrity problem, we’re essentially preparing students for a world that no longer exists. If we embrace it uncritically, we risk turning education into training for algorithmic compliance.

Posthuman instructional design offers something different: a theoretically grounded approach that acknowledges distributed agency as legitimate while maintaining critical consciousness about what that means for education, for society, for the kinds of futures we’re creating through our instructional choices.

The cybersecurity context demonstrates the framework works even in high-stakes domains where errors have real consequences, where security breaches can destroy organizations, where the adversarial nature of the work means you can’t just hope everything works out. If it works there, it can work anywhere.

References and Further Reading

The Problem We’re Trying to Solve

Learning management systems can tell you if students finished the module, watched the video, took the quiz. But it has absolutely no idea whether they can actually work with AI.

And that’s increasingly what professional work looks like: humans and AI systems collaborating in ways that create capabilities neither could achieve independently, not humans using AI as a passive tool, waiting for commands. This is especially true in cybersecurity, where analysts work alongside automated detection systems, threat intelligence platforms, and AI-powered forensics tools in complex assemblages that define contemporary practice.

My graduate thesis advisee, Aaron Escamilla, and I have been working on something that addresses this gap: a way to make educational technologies actually recognize and measure human-AI collaboration through semantic web technologies that preserve theoretical sophistication while enabling computational analysis.

What We Measure vs What Matters

Think about how a cybersecurity analyst actually works today: they’re not sitting alone reading threat reports and making solo decisions, rather they’re working through and with automated systems in ways where the distinction between “what the human detected” and “what the system detected” becomes meaningless because the detection emerges from the assemblage itself.

The National Initiative for Cybersecurity Education (NICE) Framework describes what cybersecurity professionals need to know and be able to do. In our pilot study analyzing education-focused roles (OG-004: Cybersecurity Curriculum Development and OG-005: Cybersecurity Instruction), we found something striking: 89.4% of the competency statements contained evidence of human-AI collaboration patterns.

That’s great news, right? Distributed decision-making, technological mediation of perception, adaptive learning across human and technological systems, these aren’t fringe concepts from critical theory any longer. We see them embedded in the national workforce standards, right there in the competencies we’re supposed to be teaching. Yet, where are the educational technology tools that can track, assess, or teach these collaborative competencies?

Building a New Representation System

Instead of trying to force these collaborative competencies into existing educational technology categories (which inevitably fails because the categories assume human-centric models) we built a new representation system using JSON-LD (JavaScript Object Notation for Linked Data).

I’ve described it in the past as nutrition labels for human-AI collaboration patterns. Just like nutrition labels use standardized categories (calories, protein, fat) to make you feel guilty different foods comparable, our system uses standardized categories (symbiosis, augmentation, distributed agency, and others) drawn from posthumanist theory to make different professional competencies comparable and computationally queryable.

Here’s what it looks like in practice:

{
  "@context": {
    "posthuman": "https://posthuman.education/ontology#",
    "nice": "https://nice.nist.gov/framework/terms#"
  },
  "posthumanAnalysis": {
    "codeFrequency": {
      "posthuman:SE-C": 22,     // System Complexity
      "posthuman:HTE-S": 17,    // Human-Tech Symbiosis
      "posthuman:NHA-S": 10     // System Agency
    }
  }
}

Those codes represent specific patterns of human-AI collaboration that we identified through systematic qualitative analysis of the NICE Framework, grounded in posthumanist theoretical perspectives that recognize both humans and technologies as active participants in professional practice: machine-readable, queryable, and actionable.

What This Actually Enables

Once you have these patterns in machine-readable format, we have some interesting opportunities.

A strategic portfolio management role needs fundamentally different human-AI collaboration skills than a tactical cyberspace operations role, and now we can identify, measure, and teach these differences systematically across the entire framework through computational queries rather than manual reading and hoping we caught everything important. Run a query like “show me competencies with high complexity recognition but low technological adaptation codes” and you’ve just found a curriculum gap where competencies acknowledge complex systems but don’t address how those systems learn and evolve—an evidence-based curriculum enhancement opportunity that you’d probably never have found through manual analysis.

Suddenly, we can design assessments that evaluate whether students can effectively coordinate with AI systems, recognize technological mediation, adapt their strategies based on AI capabilities—the collaborative competencies that actually define contemporary professional practice, not the checkbox exercises we’ve been settling for because that’s all our technology could handle.

We’ve intentionally designed this approach so isn’t limited to cybersecurity, either. Anywhere human-AI collaboration is becoming fundamental to professional practice–we immediately thought of healthcare diagnostics, climate modeling, and engineering design–this same methodology applies. The framework is domain-agnostic.

The Three-Stage Translation Process

The methodology that makes this work involves three carefully designed stages that preserve theoretical sophistication while enabling computational processing:

What the Data Reveals

Making It Computationally Queryable

Once competencies are represented in JSON-LD with preserved posthumanist relationships, you can run queries that were previously impossible. Here’s a SPARQL query from our framework:

PREFIX posthuman: <https://posthuman.education/ontology#>
PREFIX nice: <https://nice.nist.gov/framework/terms#>

SELECT ?competency ?description
WHERE {
  ?competency a nice:Competency ;
              posthuman:hasCode posthuman:HTE-M ;
              nice:description ?description .
  FILTER NOT EXISTS {
    ?competency posthuman:hasCode posthuman:HTE-C .
  }
}

This query asks: “Show me competencies with high technological mediation (HTE-M) but without co-constitution (HTE-C).” These are competencies where technology shapes perception and decision-making, but human and technological contributions remain theoretically separable. A curriculum design opportunity, for example, where you might want to enhance these competencies with co-constitution elements, or keep them distinct for pedagogical reasons.

The power comes from systematic analysis at scale. Queries like “Show me competencies requiring distributed agency with high complexity recognition but low adaptation codes” identify gaps where curriculum acknowledges complex systems but doesn’t address system evolution. “Find competencies with symbiotic human-AI collaboration across strategic roles” enables curriculum coherence checks. “Identify competencies where AI agency appears without corresponding human oversight codes” reveals safety and ethics curriculum opportunities.

These queries execute in milliseconds across the entire framework. The alternative of manually reading and hoping you catch everything doesn’t scale, and introduces systematic bias based on what patterns researchers happen to notice.

Beyond Cybersecurity

While we’ve validated this through cybersecurity education and this is our main concern, there is no reason that the methodology would not generalize to any field where human-AI collaboration characterizes professional practice. Healthcare professionals working with diagnostic AI systems, radiologists collaborating with image analysis algorithms, climate scientists creating insights through human interpretation and computational simulation that neither could generate independently, engineers using CAD and simulation tools that actively shape design thinking—anywhere professional practice involves genuine human-AI collaboration rather than humans using passive tools, this methodological approach applies. Expanding to further domains is a logical next step.

Current Scope and Future Development

Next Steps

This is part of my broader research program I informally call PHASE (Posthuman Approaches to Security Education) that explores how posthumanist theory can transform cybersecurity education to better prepare students for contemporary professional practice where human-AI collaboration defines competence.

If you’re interested in this work, have questions about implementation, or want to explore collaboration opportunities, please do get in contact!

• Email: ryanstraight@arizona.edu
• ORCID: 0000-0002-6251-5662

The Approach

Here’s what I’ve learned from my time working with cybersecurity professionals and trying to translate that into educational experiences: college students learn best when they’re confronted with ethical dilemmas that feel real, even when they’re fictional. The methodology I’ve developed centers on five principles that I’ve found actually work in practice (after plenty of trial and error):

Immersive fiction means creating scenarios that feel authentic without being actual organizational data. Students can explore moral and legal complexities freely without worrying about breaching real confidentiality agreements or accidentally causing actual harm. The fiction gives us ethical safety while maintaining that sense of “these are the kinds of decisions I’ll actually have to make.”

Interconnected narratives acknowledge something we all know but rarely teach: cyber ethics, law, and policy don’t exist in isolation. A company’s decision about data collection affects not just their customers, but their employees, competitors, regulators, and society at large. Students need to see these ethical ripple effects, not just the immediate decision at hand.

Multiple perspectives force students to consider how different stakeholders experience the same ethical dilemma. The privacy officer sees potential regulatory violations. The marketing team sees lost competitive advantage. The legal team sees liability risks. The CEO sees shareholder concerns. The customers see trust and autonomy issues. Students who understand all these moral viewpoints are better prepared for the reality of making ethical decisions in organizational contexts.

Realistic complexity is probably the most challenging principle to implement well. Traditional educational approaches favor clean, simplified scenarios where the “right” ethical choice is clear. But in cyber ethics, competing values often conflict—privacy versus security, individual autonomy versus collective benefit, transparency versus competitive advantage. The challenge is scaffolding this moral complexity so it enhances ethical reasoning rather than overwhelming students.

Flexible assessment reflects the fact that different institutions have different constraints and goals. Rather than prescribing specific assessment methods, the toolkit provides frameworks that instructors can adapt to their specific contexts and learning objectives. A few developed assessments are provided.

The Technical Side

I built the toolkit using Quarto (which I’ve become increasingly fond of for academic publishing and which this site is built upon) because it enables multi-format output—HTML, PDF, DOCX, and ePub. This flexibility matters because different institutions have different preferences, and students have different accessibility needs. Speaking of accessibility, the resource meets WCAG 2.1 AA standards, which is something I care deeply about given the cybersecurity field’s ongoing diversity challenges.

The cross-referencing systems help students understand connections between different case study elements, which supports the methodology’s emphasis on systems thinking. And here’s something I’m particularly proud of: the toolkit is released under a Creative Commons Attribution 4.0 International License. High-quality cybersecurity education shouldn’t be locked behind paywalls that prevent smaller institutions from accessing it.

The Textbook Connection

The methodology gets demonstrated through a companion textbook I’m publishing with Kendall Hunt: “Cyber Dimensions: Immersive Case Studies Across Digital Domains” (ISBN: 979-8-3851-8653-2). This textbook provides ready-to-use case studies that show the toolkit’s approach in action, which is helpful for instructors who want to see examples before developing their own materials.

The first edition specifically targets post-secondary cyber ethics, law, and policy education, though I’ve found the methodology’s principles work well across disciplines that grapple with ethical complexity. I’ve seen it work particularly well in cybersecurity programs, information systems, business ethics, philosophy, and policy studies—anywhere students need to wrestle with competing moral claims and understand how ethical decisions intersect with legal requirements and organizational realities.

One thing I’ve learned from years of educational technology projects: if you don’t provide comprehensive implementation support, even the best methodology will gather digital dust. So the toolkit includes detailed guidelines, case study development processes, and assessment framework suggestions. But I’ve tried to avoid being prescriptive—these are flexible resources that instructors can adapt to their specific contexts.

The GitHub repository serves dual purposes: distribution platform and collaboration space. Faculty can share adaptations, contribute new cases, and refine the methodology based on their classroom experiences. This collaborative approach reflects something I believe strongly: effective educational innovation requires ongoing development informed by real-world implementation, not just theoretical frameworks.

What Comes Next

Beyond the initial publication, I see Cyber Dimensions as establishing a foundation for expanded case study libraries, enhanced digital features, and (hopefully) empirical research on educational effectiveness. The open architecture and community focus create opportunities for collaborative content development while maintaining quality and pedagogical consistency.

If you’re at a higher education institution looking to enhance your cyber ethics, law, or policy curriculum, you can access preliminary materials through the GitHub repository and start experimenting with the methodology. As we approach the August 2025 publication date, I’m excited about the opportunity to advance how we prepare college students for the ethical complexity and moral decision-making they’ll encounter as cybersecurity professionals.

Project Links

• GitHub Repository: github.com/ryanstraight/cyber-dimensions-oer
• Companion Textbook: Available through Kendall Hunt (ISBN: 979-8-3851-8653-2)
• License Information: Creative Commons Attribution 4.0 International

Research Impact

This study provides valuable insights into how different stakeholders view Web3 technologies in education, highlighting both areas of consensus and divergence between educators and non-educators. These findings can inform the development and implementation of Web3-based educational initiatives.

Access the Full Paper

The complete article is available through TOJET or can be accessed via the DOI: 10.17605/OSF.IO/6XEMG

Theoretical Framework

The study employs posthuman theory to: - Deconstruct traditional anthropocentric assumptions in cybersecurity education - Examine the agency of technological systems in learning processes - Explore the distributed nature of cybersecurity knowledge and practice - Reconceptualize the relationship between human learners and security tools

Key Arguments

The research advances several important arguments about cybersecurity education:

1. Traditional human-centric approaches may limit our understanding of cybersecurity learning
2. Non-human actors play crucial roles in the educational process
3. Effective cybersecurity education requires recognition of distributed agency
4. Pedagogical models should reflect the interconnected nature of cyber-physical systems

Implications for Practice

The theoretical framework developed in this paper suggests several practical implications:

• Curriculum design should acknowledge the agency of technological systems
• Pedagogical approaches should embrace human-technology partnerships
• Assessment methods should consider distributed knowledge and skills
• Educational tools should be viewed as co-agents in the learning process

Access the Full Paper

The complete paper is available by contacting me or through IEEE Xplore or can be accessed via DOI: 10.1109/CARS61786.2024.10778862

Theoretical Framework

The study employs multiple theoretical lenses:

• Posthuman theory in educational contexts
• Critical framework analysis
• Workforce development theory
• Socio-technical systems perspectives

Key Arguments

The research advances several critical arguments about the NICE Framework:

1. Current human-centric orientation may limit framework effectiveness
2. Posthuman perspectives offer valuable insights for framework evolution
3. Workforce development must account for human-technology entanglement
4. Framework updates should reflect posthuman realities of cybersecurity work

Implications for Practice

The analysis suggests several practical implications:

• Need for framework evolution to reflect posthuman realities
• Integration of distributed agency concepts
• Recognition of human-technology partnerships
• Updates to competency models and skill definitions

Research Impact

This work provides foundational insights for:

• Future framework development
• Cybersecurity workforce preparation
• Educational program design
• Understanding of posthuman dimensions in security work

Access the Full Article

The complete paper is available in the Journal of Cybersecurity Education, Research and Practice or via DOI: 10.62915/2472-2707.1210

Theoretical Framework

The research integrates multiple theoretical perspectives:

• Posthumanist theory in educational contexts
• AI-human collaborative frameworks
• Cybersecurity ethics pedagogical models
• Critical approaches to curriculum development

Key Arguments

The paper advances several critical arguments:

1. Traditional human-centric approaches to curriculum development may be insufficient in an AI-integrated educational landscape
2. Posthumanist perspectives offer valuable insights for understanding AI-human educational partnerships
3. Cyber ethics curricula must evolve to address the complexity of human-AI interaction
4. Educational design should reflect the distributed nature of agency in cyber-physical systems

Pedagogical Implications

The research offers significant implications for:

• Curriculum design in cybersecurity ethics
• Integration of AI tools in educational development
• Understanding of human-AI collaborative processes
• Assessment strategies in cyber ethics education

Research Impact

This work provides foundational insights for:

• Future curriculum development approaches
• Integration of AI in educational design
• Understanding of posthuman perspectives in education
• Evolution of cybersecurity ethics education

Access the Full Paper

The complete article is available through ISCAP: https://iscap.us/proceedings/2024/pdf/6144.pdf

Methodology

The study employs: - Postphenomenological analysis - Actor Network Theory - Autoethnographic approaches - Adams and Thompson’s posthuman inquiry framework

Key Findings

The research reveals how cybersecurity tools like John the Ripper can be understood not just as passive instruments but as active participants in the educational process, with implications for:

• Tool-mediated learning experiences
• Human-technology relationships in education
• The future of AI in cybersecurity education
• Pedagogical approaches in technical fields

Access the Full Paper

The complete paper is available through the EDULEARN24 Proceedings or can be accessed via DOI: 10.21125/edulearn.2024.2365

Methodological Framework

The paper presents a detailed methodological approach that includes:

• Theoretical foundations of postphenomenology in educational contexts
• Adaptation of phenomenological reduction for cybersecurity analysis
• Framework for identifying and analyzing human-technology-security relations
• Guidelines for conducting postphenomenological research in cybersecurity education

Applications

The methodology can be applied to several key areas:

1. Analysis of student-tool relationships in security labs
2. Understanding embodied learning in cybersecurity practice
3. Examining the role of technological mediation in security awareness
4. Investigating the phenomenology of threat detection and response

Implications for Research and Practice

The methodological framework offers significant implications for:

• Research design in cybersecurity education studies
• Pedagogical approaches to security training
• Understanding student experiences with security tools
• Development of more effective educational interventions

Access the Full Paper

The complete article is available in the Cybersecurity Pedagogy and Practice Journal or can be accessed via DOI: 10.62273/TWSH7587

Resources

• Demo book.