The workforce shortage in Security Operation Centers (SOCs) increases the need for effective training methods for aspiring cybersecurity analysts. Cyber ranges provide realistic environments for such training, yet many designs prioritize technical infrastructure while overlooking how trainees actually learn. Building on established instructional design principles, this study investigates how to improve learning in cyber range exercises. In collaboration with a commercial SOC, we enhanced an existing exercise for training Tier 1 analysts by integrating T1GER, a cyber range Learning Management System (LMS) that provides structured feedback, scaffolding, and competitive elements. We evaluated the approach in a randomized controlled trial with N=144 participants from cybersecurity courses at two European universities, who were randomly assigned to either the original LMS (control group) or the T1GER LMS (treatment group). Results showed that using T1GER led to significantly better learning experiences and shorter training times, while maintaining equivalent knowledge outcomes.
ACM CHI Conference on Human Factors in Computing Systems