In spring semester of 2026, we ran our new flagship course, “Digital Security: What Everyone Should Know“, for the first time. Funded under the “Transdisciplinary Innovation 2024/25” call for proposals, the course was (and will be) open to all UZH students. In this blog post, we’re going to look at the three parts of the course and—in an interview with course designer Leyla Ciragan—at the idea behind the course. First, let’s dive into the “making of” with some background information.

The Goal

Since decades, cybersecurity is framed primarily as a technical challenge. The dominant question is: How do we build stronger systems and better firewalls? The assumption behind this approach is simple: if the technology is sophisticated enough, security would follow naturally. Yet experience repeatedly demonstrated a different reality. In most organizations, the greatest vulnerability is rarely a software flaw alone, but the human factor.

A historian who understands the vulnerabilities of digital archives can better preserve cultural memory and protect sensitive records, a sociologist or a legal expert who recognizes how online manipulation operates can contribute to more effective public policy and prevention strategies. But equally important: anyone who understands disinformation or hacker tactics can design more effective strategies against online manipulation or data theft in her or his personal life.

So, by deliberately breaking down disciplinary silos, the course addresses cybersecurity as a shared societal responsibility rather than a purely technical domain.

The Course Part I : Human Factors

In the first part, Oliver Schmid, UZH’s CISO, and psychologist Melanie Knieps, gave a glimpse into the “hacker mindset” and the ways to abuse one’s vulnerabilities. They highlighted how manipulation works and how attackers exploit cognitive biases and trust to cause human error. Another objective of the human factor’s section was to emphasize the importance of cybersecurity in relation to social dynamics and explain why protecting sensitive data is important in everyday life and work. And so, as one student commented on the course, it was “an interactive, fun class where we learned by doing.” The students appreciated the decision to start with human factors rather than technology. As one student put it, “Starting with this topic helped us to recognise its personal relevance and allowed us to understand it immediately.”

Part II : Risks, Trade-offs, and How to Decide

Part III: No code, all adventure!

The third part, was all about the tech side, starting off with basics on how the Internet works “behind the browser”. Building on this newly acquired knowledge, OSINT specialist Leyla Ciragan demonstrated to the participants, how different attack methods work on the different internet layers, and why encryption helps – as a start. Watching and inspecting data packets in real-time made the abstract concepts tangible.

Professor of Informatics Burkhard Stiller provided a basic overview of the same topics but from a computer science perspective, and later in the course, special guest Antonio De la Torre from OSINT Switzerland shared his experience of being targeted by a scammer in an identity theft case. It was fascinating to hear how he managed to “scam the scammer”, uncover the important and hidden information behind IP addresses, a photo, and finally notify the victim of the theft.

Armed with all this information, the participants were ready for the final challenge with author and serious games designer Jill Wick. And wow, how much fun can “serious” be!

Interview

In the following interview, Leyla Ciragan, the project’s coordinator and conceptualist, discusses the participants’ feedback and her experience with the “adventure” that is “Digital Security: What Everyone Should Know”.

CYREN^ZH: Dear Leyla, since the project launched almost exactly a year ago, and since you wrote your blog post in July 2025, many Trello cards have been created and ticked off. Are you relieved that the pilot course is now complete? Also: Is it even finished?

Leyla: Yes, I’m totally relieved! But no, it’s not finished yet. I’m currently evaluating the feedback from the students who we asked to give us their honest opinions. All this feedback will be incorporated into the next round in spring 2027.

I was totally surprised by the sheer amount of positive feedback. I already knew we were onto something, but I was still surprised by how well the pilot went right from the outset. I was particularly touched by the many personal emails I received from students saying it was the best course they had ever taken and that, as technical novices, they were finally able to get a foothold.

This confirmed to me that I designed it correctly and that the instructors conveyed their topics very well. In any case, we’re on the right track. There will certainly be a formal restructuring of the course because we will be producing many self-study units, which will give us more time for practical applications during class sessions. But the structure and level of the course and its interactivity are suitable, and we will continue in that direction

CYREN^ZH: Forgive my bluntness, but the project seems like a huge undertaking for such a small team. How did the idea for the course actually come about?

Leyla: Yes, it is too big a project for such a small team. But people need help to bridge the gap created by today’s technology. More and more people don’t know where to start when it comes to privacy, passwords and so on.

That’s why this course is designed to show people that many everyday cybersecurity risks are relatively easy to manage once you understand how things work. Sometimes it’s just psychological, and technical risks can often be minimized in everyday life with just a few simple steps.

CYREN^ZH: If only we knew what those three steps are!

Leyla (laughs): Yes! Many people simply take digital tools like the internet for granted—you open a browser and enjoy the endless possibilities. Very few people know what’s happening behind the scenes. Many course participants, for example, were impressed to see how easy it is to intercept real-time data traffic and the information that can be seen in the data packets. This is exactly where the course can step in and demonstrate a few simple steps.

CYREN^ZH: So, less fearmongering and finger-wagging, and more empowerment?

Leyla: Exactly! Fear doesn’t help at all here. We already face enough pressure in our daily lives — it would make us want to hide away and adopt an avoidant mindset. But if we understand what’s happening around us and are then given a reasonably simple solution, the path becomes clear. Once the first steps are taken, the next ones follow naturally, and so on. I’m also counting on the students to spread the word about this in their own circles and thus multiply the impact.

CYREN^ZH: “Digital Security: What Everyone Should Know“”has an interdisciplinary structure. How would you define interdisciplinary, and what is required for interdisciplinarity to work?

Leyla: Hmm… Literally, it just means “between” and “discipline”. In other words, it’s about the exchange between different disciplines. As is so often the case, it’s not just a matter of addition — that is, each discipline simply contributing its perspective on the subject — but rather a multiplication of results when it succeeds. Something entirely new emerges, so to speak, 1 + 1 = 3.

When it comes to interdisciplinary work, we usually have a major communication problem to solve. The technical language of our own discipline seems clear, universal and “naturally” established, but many people don’t realize that every discipline essentially speaks a different language. Consequently, we end up talking past each other. The “narrow-minded experts” argue and despair at the other person’s lack of understanding. We clearly need to take a step back here.

CYREN^ZH: For example?

Leyla: Let’s take the example of identity. What a term! In psychology, it means something completely different to what it means at the passport office or in multi-factor authentication. We must accept that we use the same term in very different contexts, and that we may also have to explain these contexts each time.

People need to be able to engage with different definitions of the same words. They must accept that different methods do not compete with one another but rather multiply possibilities and ways of thinking. Only then can we engage in a dialogue between disciplines and create something new: new spaces for thought and new possibilities.

CYREN^ZH: I imagine this “dialogue between disciplines” must take place among all project participants, and project leaders and instructors must also work to integrate this interdisciplinary understanding. Is there time for such dialogue in everyday university life?

Leyla: Yes, that’s true — building that understanding takes a lot of hard work. As a specialist, you can sometimes lose sight of just how quickly your ability to understand others fades because you’re too focused on your own area of expertise. It can be grueling work and often requires you to take on a facilitating role within the project, for example when someone becomes “lost” in their own discipline. Facilitation is also needed to establish cross-references and connections, and to highlight these to students and faculty. I’ve had this kind of role many times over the past year.

Interdisciplinary collaboration, whether in research or teaching, requires a great deal of coordination. That’s why I’m incredibly grateful for the UZH Teaching Fund (ULF), which is providing us with funding for two years. Otherwise, developing the concept and interdisciplinary content would not have been possible.