Dr Ramalingam Dharmalingam, Majan University College (MUC), explores how AI, gamification and micro-credentials are transforming cybersecurity education and workforce readiness

Cybersecurity is becoming a focal point in digital transformation initiatives like Oman Vision 2040, which have national development priorities at their heart. But it is not just about the number of cybersecurity professionals that are produced. The cybersecurity skills gap between graduates leaving the university with and industry demands continues to widen.  

In this project, we experiment with a new form of cybersecurity education: integration of microlearning, gamification, Artificial Intelligence (AI), and industry micro-credentials into one single module/unit of an undergraduate programme at Majan University College (MUC), Oman.  

The results are positive and insightful. 

In many undergraduate programmes, teaching cybersecurity skills is still very theoretical, modular, or restricted to just a few optional courses or programmes. This issue was resolved with what we describe as the Microlearning–Gamification–Credential–AI (MGC-AI) model used for a compulsory undergraduate Cyber Security Essentials module at MUC. The model does not depend on a big lecture, but it has four elements which are closely interwoven.  

1.  Microlearning 

The microlearning content is made accessible via the openly accessible cybersecurity learning pathways made available by Microsoft. Nine carefully designed learning activities are designated as learning path and assigned to the learners which includes lessons on identity management, malware, vulnerability management, phishing awareness, and network security. Learning units are carefully created to be finished in less than an hour, allowing students to participate in small, cognitively intense sessions of learning. This learning approach enables to focus on discussion, problem-solving, demonstration, and application exercises as core elements during the class. 

2.   Gamification 

The module design includes gamification elements. Motivationally scaffolded in a way that builds on progress: Digital milestone badges, peer visible progress, leader board components and structured progression pathways. Importantly, gamification is not used as reward mechanisms superficially. Rather, it is aligned to the curriculum outcomes and has been created to enhance learner independence, determination, and confidence, and to promote a healthy spirit of competition. 

3. Industry micro-credentials 

The module integrates formally with Microsoft digital badges as evidence of learning. Students can obtain micro-credentials through the carefully planned Microsoft Learn pathways. Such credentials are collected to include in the co-curricular activities’ transcript awarded in addition to the regular academic transcript upon graduation. This formal incorporation was very meaningful. A maximum of seven micro-credentials can be gained by the learner during the period of study of this particular module. 

4.  AI-assisted cybersecurity practice 

The model is further enhanced by integrating generative AI tools purposely into cybersecurity learning activities, a feature that is unique. One of the core tasks is to perform a network vulnerability analysis with Tenable Nessus Essentials on either: a public Internet site licensed for educational scanning, or an intentionally vulnerable virtual machine of Metasploitable 2 Linux. 

Students will be expected to: 

  • Know about vulnerabilities classified as Critical, High, and Medium.  
  • Examine and eliminate the risk of each vulnerability by using two to three popular Large Language Model (LLM) AI tools to get remediation guidance. 
  • Analyse and contrast the recommendations made by the AI systems. 
  • Critically assess the quality, feasibility, and appropriateness of the proposed fixes for security; and implement the mitigation strategy which is most appropriate. 

The use of AI is deliberately designed to be a tool for student decision making and not an academic shortcut, with the learner being aware that the AI needs to be critically evaluated and verified. Students quickly learn that various AI systems can offer different remedies with varying accuracy, technicality, and usability. The exercise thus builds cybersecurity competence and AI-literacy at the same time and therefore combines two skill domains that are increasingly becoming more and more linked in the business world. 

Each teaching session was limited to two hours and used at most times between five and seven slides—a deliberately small teaching format which aimed to reduce the cognitive burden and shift the role of the teacher from content transmitter to a learning facilitator. 

Outcomes and Early Findings 

Assessment performance among two cohorts with 60 students during Feb-June 2026 semester showed good levels of attainment and enhanced engagement with pass rates went up from 82% in Cohort 1 to 88% in Cohort 2 in the first assessment. The percentage of certificates that were completed increased from 61% to 78% in the same period, which is significantly above what is seen in self-directed online learning environments. 

Implications for Practice 

Based on these considerations, educators designing cybersecurity learning experiences in resource-constrained environments can apply several principles from the MGC-AI model.  

  • Do not create a lesson, but curates it:  Industry learning platforms like Microsoft Learn can be used effectively to supplement or even be used instead of comprehensive custom-made teaching materials!  
  • Embed credentials formally: When micro-credentials are required as part of assessment, their learning value is enhanced. 
  • Do not just use It, use it critically! Do not merely ban Generative AI tools in Cybersecurity education. Rather, students should be expected to critically question, confirm, contrast, and apply AI-generated advice in a professional and ethical manner. 
  • Reduce cognitive overload:  The use of constrained lecture design (fewer slides, more discussion, retrieval practice, more hands-on engagement) is a consistent improvement to participation and retention. 

Most significantly, the MGC-AI model is fairly low-cost and platform-agnostic. Hence it can be reproduced in institutions that do not have a cyber security lab or have a large number of specialists. 

Looking Ahead 

The purpose is not to provide a generic answer to the cybersecurity education problems. It is more to share, in a practical and replicable way, the evidence of how these different elements can all work together to improve engagement, practicality and workforce preparedness in today’s higher education. With universities around the globe facing the demands of new and rapidly changing digital skills, it is not only a debate on whether to include AI in cybersecurity education, but how to do so responsibly, critically, and in meaningful ways within real-world learning environments.

 A comprehensive research article detailing the pedagogical framework, implementation methodology and empirical findings is currently in preparation by the author.

Dr D. Ramalingam has been an Assistant Professor in the Faculty of Information Technology since 2010. During his career he has achieved various professional certifications such as CCNA; CCNP; COMPTIA A+; COMPTIA Network+; Microsoft Certified Professional; EC-Council CHFI; and EC-Council Cyber Security instructor. He is the College’s Research Focal Point with Oman’s Research Council. His primary research interest is in information security, and he has presented his work at various reputable international conferences. In 2019 he completed a postdoctoral research project in association with the University of Bradford, UK. His teaching currently covers areas such as Cloud Computing, Internet of Things, Virtualization, SCADA systems, and Advanced Digital Forensics. He is also a Senior Fellow of the UK Higher Education Academy

Offices

York

Advance HE IC 2.12 Innovation Centre, Innovation Way, York Science Park, York YO10 5DG.

London

Advance HE First floor, Napier House, 24 High Holborn, London, WC1V 6AZ.

About us

Quick links

© 2026 Advance HE. All rights reserved.

Company limited by guarantee registered in England and Wales no. 04931031 | Company limited by guarantee registered in Ireland no. 703150 | Registered charity, England and Wales 1101607 | Registered charity, Scotland SC043946 | VAT Registered number GB 152 1219 50. Registered UK Address: Advance HE, Innovation Way, York Science Park, Heslington, York, YO10 5BR, United Kingdom | Registered Ireland Address: Advance HE, First Floor, Penrose 1, Penrose Dock, Cork, T23 KW81, Ireland.