In this talk, we will present an overview of three projects stemming from our NSF-funded effort on engaged pedagogy for advanced cybersecurity education (NSF-DGE #1947295), namely: (i) DISSAV: Dynamic Interactive Stack Smashing Attack Visualization, a program visualization tool for teaching stack smashing attacks. DISSAV is a web-based application built with ReactJS; DISSAV provides a simulated attack scenario that guides the user through a three-part stack smashing attack. Our tool allows the user to create a program, construct a payload for it, and execute the program to simulate an attack scenario. (ii) a suite of four guided-learning activities that help students with foundational concepts for learning stack smashing attacks and defenses, for e.g., command-line parameters in C, buffer overflows in C, process memory layout, stack canaries and address space layout randomization. The activities are written in the Process Oriented Guided Inquiry Learning (POGIL) style - students explore learning models that depict relevant information, then proceed to invent key concepts emerging from those models, and finally apply the concepts they invent to solve a given problem; and (iii) Criminal Investigations, a gamified, scalable web-based framework for teaching and assessing Internet-of-Things (IoT) security skills. Criminal Investigations is packaged as a series of stackable IoT security activities; the current version is a web application that uses React for the front-end development and Python for the back-end, and is deployed on a university server. Criminal Investigations promotes student engagement and learning by incorporating gamification concepts such as storytelling, experience points, just-in-time learning content delivery and checkpoints into activity design. All three projects have been deployed at undergraduate courses at UNC Charlotte, and we will briefly discuss our deployment and data analysis efforts.