Journal of Technology and Science Education

This study considers the expanding gap in cybersecurity skills and the need for practical learning environments for the training of professionals. It investigates the influence of Docker container–based infrastructure pentesting laboratories on cybersecurity learning, comparing them with virtual machine–based laboratories. The methodology that was used was a quasi-experimental design with two groups of students; one applying containers, and the other with virtual machines. The laboratories were designed with vulnerable services, such as FTP, SSH, databases and HTTP, including tools such as Metasploitable, DVWA and Kali Linux. The flexibility of the laboratory (configuration and deployment time) was measured, in addition to the learning of cybersecurity in its procedural and attitudinal knowledge dimensions. The results show that Docker containers are more convenient for configuring and preparing laboratories as compared to virtual machines, due to their lightweight nature and lower computational resource requirements.  However, no statistically significant differences were found in the procedural or attitudinal learning between the two groups. The lack of a significant impact on learning is attributed to the technical familiarity of the students with the handling of containers and the complexity of the activities. However, the containers represent an attractive alternative, due to their efficiency in the use of computational resources.