In Cybersecurity, Change Describes Education and Threats Alike
Can’t sit still
We might think we’ve learned lessons about cybersecurity from breaches and scandals like Facebook-Cambridge Analytica, Equifax, and Russian election tampering.
But the threats keep morphing.
Senators’ private email accounts saw a flurry of hacking exploits this fall.
Healthcare is the fastest-growing area of targets for data pirates.
Director of National Intelligence Dan Coats has warned that China probably poses greater long-term cybersecurity challenges than any other country.
As Cybersecurity Awareness Month kicks off in October, the rapidly changing targets and tactics of people and countries behind cyber attacks underscore the urgency of bolstering the ramparts of our cybersecurity defense force. We as individuals can do much to protect our online selves with strong passwords, sensitivity to phishing scams, and judicious URL clicking.
Urgent workforce needs
But to beef up larger-scale protections online requires more people with more training in more places than we currently have available. CyberSeek, a national data hub for cybersecurity workforce development efforts, shows over 300,000 currently open positions in the field. Compared to the 770,000 or so people working in cybersecurity, this number makes for a ratio of workers to openings – 2.5 – far below the national average of 6.5, even in these times of historically low unemployment. And the workforce needs are set to grow only greater, with projections of global shortages hitting 1.8 million over just the next two years.
Education a linchpin
In this environment, cybersecurity education becomes not only a workforce imperative but a vital strategic asset for national defense. This logic increasingly animates discussions of how cybersecurity education relates not only to STEM education but K-12 education across all subjects.
Cybersecurity has grown quickly to prominence within high school career and technical education programs. The typical approach is to offer a sequence of courses in networking and operating systems that align with industry certification programs, such as through affiliation with the Cisco Networking Academy or the CompTIA certifications.
Need to get creative
These approaches work well with students who already bring interest and aptitude to cybersecurity learning opportunities. As we’ve seen with almost every other engineering and technology field, though, this pool of students is too small and homogeneous to support development of the solutions we need to the challenges we face in our technology lives. We need to enlarge and diversify the pool to bring to bear the great creative potential of the U.S. workforce on these problems in cybersecurity and everywhere else in our tech-saturated world.
All work, all play
One approach to growing the supply of cybersecurity-interested students is gamification. Gamifying cybersecurity is already a popular option for training people in the workforce, but it might be even more effective for use in K-12 education.
Circadence is a pioneering company in gamifying cybersecurity content for professional development. One benefit of gamification is that learning comes from demonstrating practical skills and performing technical tasks repeatedly and reliably. At the end of the game, participants’ performance provides concrete evidence of what they have learned to do.
Circadence’s Project Ares program offers this kind of performance-based learning for middle and high school levels through deep immersion, real-world scenarios, and scaled learning content. Utilizing a closed, virtual threat environment called a “cyber range,” Project Ares presents students with AI-generated mission challenges, graduated tasks for them to learn and execute, and progressive rewards for success keyed to real-world skills.
Brad Wolfenden, Director of Cyber Academic Partnerships at Circadence, stresses another virtue of a gamified learning environment like Project Ares. It offers students a “safe space for trial and error,” where persistence and repeated effort in the face of failure are rewarded instead of being penalized, as in more traditional, testing-oriented academic programs. Students’ performance at the end of the mission is what counts, however they end up getting there.
First past the post
Competitions can also provide performance-based learning opportunities for students. And the results of competitions serve up objective feedback for students on where they have excelled and where they can improve. CyberPatriot features a prominent cybersecurity competition, run by the Air Force Association and supported by Northrup Grumman Corporation. In the competition, students are tasked with protecting the virtualized network of a fictitious small company. The contest rolls up to an expenses-paid final in Baltimore where teams from across the country compete for a national title and scholarship money.
Both these scenarios line up with a larger trend among tech companies to assess and hire candidates based on demonstrated skills at least as much as credentials. Connected to the idea of “new-collar jobs,” skills-based hiring has taken root at IBM and scores of other tech companies.
Only connect
For all the appeal of skills-based hiring, though, some in the field make a broader brief for what cybersecurity education should entail. Davina Pruitt-Mentle, Lead for Academic Engagement at the National Initiative for Cybersecurity Education (NICE), sees cybersecurity education as a topic to be integrated across almost any K-12 classroom topic.
In her view, understanding Russian or Chinese attacks in cyberspace requires consideration of geopolitical matters, cryptography is fundamentally mathematical in nature, and psychology underlies why people perpetrate and fall for phishing scams. Decoding complex utterances to find underlying meanings and identifying themes and patterns in complex, detail-rich data environments are cognitive skills prized in both English class and cyber threat identification.
Educators in almost any K-12 subject, she argues, can integrate cybersecurity questions into their subject matter. With these broad parameters of the field established in their minds, students would be better able to imagine themselves in a position in cybersecurity that suits their abilities, even if not highly technical.
Where to go for help
Educators looking to introduce cybersecurity to their students have various resources at hand.
NICE has put forth a comprehensive framework for cybersecurity work detailing seven broad categories for the field; we’ll revisit this framework in more detail in a post later this fall.
NICE supports the National Cybersecurity Career Awareness Week (NCCAW) campaign in November, which seeks to leverage local, regional, and national efforts to inspire, educate, and engage children through adults about cybersecurity career options.
Our own publication, the Start Engineering Cybersecurity Career Guide, showcases a full range of work opportunities in the field as well as detailed information about academic pathways available, including certificates, two-year, and four-year degree programs.
Of further interest to educators will be our upcoming Cybersecurity Career Guide Workbook, approximately 60 pages of exercises and lessons to help students get grounded in cybersecurity basics and identify an appropriate pathway into an areas of the field that could be right for their own work lives.
And, finally
Given the workforce needs and complexity of the field, all these approaches to cybersecurity education will help fill out the ranks of professionals in the field.
What experiences have you had with trying to make cybersecurity accessible or relevant to students? Do you know of any education programs that have succeeded at this task? Please let us know! And as always, please share with any interested friends or colleagues.
Eric Iversen is VP for Learning and Communications at Start Engineering. He has written and spoken widely on engineering education in the K-12 arena. You can write to him about this topic, especially when he gets stuff wrong, at eiversen@start-engineering.com.
You can also follow along on Twitter @StartEnginNow.
Brand new for 2018! Our new Cybersecurity Career Guide shows middle and high schoolers what cybersecurity is all about and how they can find the career in the field that’s right for them. A great pair with the recently updated version of our Start Engineering Career Guide.
We’ve also got appealing, fun engineering posters for K-2 and 3-5.
Our books cover the entire PreK-12 range. Get the one that’s right for you at our online shop.
Photos: Cybersecurity, courtesy of Dreamstime; Cyberseek, courtesty of Cyberseek.org; Project Ares, courtesy of Circadence; Competition, courtesy of University of Missouri-St. Louis