Professional development

How to get kids prepared for a career in cybersecurity

Ravi Das
March 5, 2019 by
Ravi Das

In the job market of today and especially tomorrow, there’s one thing for sure: Cybersecurity, no matter what the area or the specialization is, will be in extremely hot demand. This is because the cyberthreat landscape is changing so rapidly. There are new attacks and variants coming out literally every day.

It takes a skilled IT professional to keep up with all of this and to offer suggestions and solutions as to how all of this can be handled. But it takes a very unique skill set and mindset in order to do these kinds of tasks.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Cybersecurity skills are learned over a lifetime

Candidates wanting to get into the cybersecurity field should have some sort of technological background, such as (at the very minimum) either an Associate’s or Bachelor of Science Degree in computer science or some other closely-related field. The reason for this is that the tools being used to combat cyberattacks are becoming much more sophisticated themselves.

The cybersecurity specialist must be able to work in a team and collaborate with the other members. The key takeaway here is that these skill sets can’t be taught by attending a bootcamp or even attending college. They must be acquired at an early age, and this process takes an entire lifetime.

This means there is now a huge effort underway in the cybersecurity industry to get children interested in learning about technology. If they are interested in tech at an early age, they are more likely to consider a career in cybersecurity after they complete high school or college.

How to get kids interested in cybersecurity — Training the educators

Despite the growing demand for skilled cybersecurity workers, there is still a very serious lack of qualified individuals. This is best illustrated by the diagram below:

(Source)

As you can see, there is a shortage of almost 350,000 skilled professionals, and this number is only expected to increase. Furthermore, the number of well-trained cybersecurity workers is low.

In a way, this is a cycle that feeds itself. Because of this severe shortage, businesses and corporations are scrambling to find skilled workers and a lot of time is spent on the recruitment of individuals who may be only partially qualified. This means more time is spent on training these new employees in latest tools and threats. And because of the efforts of ongoing training, the existing IT security staff simply can’t keep up with their increasing workloads.

This brings us to the most important issue: The importance of introducing kids to the principles and concepts of cybersecurity at all grade levels, kindergarten through twelfth grade.

The key idea here is that these children and even teenagers not only have to be interested in learning about cybersecurity but have to maintain and grow this interest in the years ahead. Maintaining and growing this interest could lead them into a profitable career which is in high demand.

How can this be accomplished?

First: In order to inspire the younger generation, educators themselves must have a strong working knowledge of the concepts and tools of cybersecurity. This can be accomplished on a cost-effective basis:

  1. Receive training: One of the best ways that teachers can learn is by making use of the free resources available through the National Initiative for Cybersecurity Careers and Studies (aka NICCS). This is actually managed by the Department of Homeland Security, and all of the needed training materials can be found here
  2. Seek mentors from the cybersecurity industry: Even after completing a comprehensive training program, teachers may still not yet feel ready to share their knowledge with their students. One of the best options is to actually reach out to a cybersecurity firm and ask if you can be mentored in this area. As most of these firms are aware of the severe shortage of qualified professionals, it’s very likely that they will be able to help you find a mentor who will want to help both you and your students
  3. Receive online training on a regular basis: There are many online trainers and educators available for all levels of interest in cybersecurity topics. Take advantage of the Internet’s resources!

It is very important that you as an educator spend the necessary time to fully understand what cybersecurity is about. After all, kids are very impressionable, and the first impression that they get from you should be a positive one in order to catch their interest.

How to teach children about cybersecurity

The question often gets asked: What’s the best age to start teaching a kid about cybersecurity? There’s no hard-and-fast rule to this, but obviously, the earlier the better. In fact, even introducing kids to this at the first-grade level is not considered to be too early. In today’s hyper-connected culture, cybersecurity knowledge isn’t just a gateway to a potential career — it’s a necessary part of keeping them safe in their everyday lives! But the key thing to remember is that they must be not only engaged but understand what you are trying to teach them.

Traditional teaching methods like the blackboard are disappearing fast. Technology must be integrated into any form of curriculum, and cybersecurity is no exception: Kids need to see firsthand what a cyberattack can do and the damages that can result from it. For grades 1–8, the concept of the SAMR Methodology can be used to stimulate these young minds.

It is obviously expected that they will not be computer programmers in this specific age bracket but teaching them the fundamentals of computing may spark their interest about cybersecurity.

Here’s how the SAMR methodology is broken down:

  1. Substitution: In this first phase, the very youngest of kids (say from grades 1–3) are introduced to what a computer actually is. Rather than simply showing pictures or video demonstrations, these students should be allowed to play with computers directly at a very basic level, and perhaps even explore some simple applications like word processing, how a spreadsheet can store numbers and how even a little slide show can be created. The idea here is to give students that critical first impression about technology and how it can be used in everyday life
  2. Augmentation: This second phase of the SAMR Methodology could be used perhaps in grades four and five. Since these kids were introduced to computers earlier, they now have an impression of what computers can do. At this stage, it’s very important to augment what they have learned and start introducing to them to the basics of cybersecurity. For example: provide demonstrations of what an infected file can do to a computer. They can first be shown what an uninfected computer looks like, and then be shown the symptoms of an infected computer (such as a slowdown in overall performance, the effects of pop-up windows, what a locked computer screen looks like, the impacts that can have on an end user and so on)
  3. Modification: This third part is probably best used in grade six. Now that these kids have an overall understanding of technology and the dangers of a cyberattack, this is the perfect opportunity to show them how to restore a damaged system. For example, they can be taught about anti-malware and anti-spyware software packages and how they can be used to defend against cyberattacks. This is also the age range in which kids should be taught about other cyberthreats and risks that can affect them personally such as credit card and financial information theft, hijacked passwords, what identity theft is all about and more
  4. Redefinition: This fourth and last part of the SAMR Methodology should probably be used in grades seven and eight. Now that the kids in this age bracket have an idea of some of the fundamentals of cybersecurity, it’s time to teach them about being proactive. Students now should be given group projects in which they are encouraged to learn more about cybersecurity as a team effort. For example: They could be given assignments in which they could collectively listen to a podcast or a video about a specific cyberthreat and write a report what they have learned and what they can do to defend themselves against that threat. The idea here is to not only foster a proactive security mindset but to encourage teamwork as well

Finally, once kids have entered grades 9–12 (the high school years), they can be introduced to more advanced cybersecurity concepts. At this point, direct classroom instruction is not as important. Instead, hands-on experimentation and application become much more critical. Some examples of engaging learning at this level include:

  • Joining cybersecurity training camps: Most of these are typically offered during the summer, and there are many types offered across the United States. A simple Google search can show you the best and most affordable camps in your area. At these camps, the kids are taught all sorts of topics that relate to cybersecurity and given opportunities to apply what they have learned
  • Create competition teams: This is one of the best ways to challenge the minds of high school kids. Teens can assemble teams for competitions such as hacking and penetration testing, some of which offer valuable prizes. An important point to remember here is that all of this this should be kept to a level that is fun to them: if a team loses, some of the kids may not want anything more to do with cybersecurity. It’s important to prepare them for that possibility and encourage them to keep trying!
  • Go on tours: The educator can organize various field trips to various cybersecurity companies so that students can what a professional does firsthand. Your students might even have the chance to participate in a real-world security exercise
  • Internships: Even kids in high school get can get an internship with a cybersecurity company or government agency in order to learn more about what it is like to work in this industry. An example of this is the The Cybersecurity Internship Program (sponsored by the Department of Homeland Security)
  • Participation in online courses: Self-learning is one of the best ways for a teen to explore a field. Encourage them to take free courses and try new exercises to keep their skills sharp. A great resource that can be used here is the Hacker Highschool

Conclusions

We’ve looked at some of the ways in which kids, especially those in K-8, can be motivated to possibly pursue a career in cybersecurity. Being a successful Cybersecurity professional requires a unique blend of skills, which may be acquired over a long period of time. It’s very important that kids start learning about cybersecurity at an early age — for their own safety, whatever career they take up!

While kids should be educated about cybersecurity, the same goes for the educators that are training them. After all, kids are very impressionable; educators have to put their best foot forward when teaching their very young students about cybersecurity. Educators do not need to go through an exhaustive and expensive training program, though, as there are plenty of free online resources.

Kindergarten to eighth grade can be thought of as the years where kids learn the fundamentals of cybersecurity, with the high school years as the time for the advanced concepts. The best way to motivate kids in the upper grades is through active group participation, such as summer training camps and various sorts of competitions. Finally, all of this experience can be capped by completing an internship by grade 12, if not earlier.

Finally, a note: There is no perfect standard for teaching and motivating kids with regards to cybersecurity. Everybody learns at their own pace. Educators should take as many different approaches as possible to see and determine what works best for their students in order to ignite that spark of interest in cybersecurity.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Sources

Ravi Das
Ravi Das

Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

You can visit the company’s website at www.biometricnews.net (or http://biometricnews.blog/); and contact Ravi at ravi.das@biometricnews.net.