On Friday March 16, Infosecurity returned to school to witness a Cyber Discovery event, which promised the opportunity of a live cybersecurity scenario to a group of teenagers.
Held at Skinners Academy in Haringey and organized by SANS Institute, the event saw students from 13-14 up to 17-18 years old participate. Nazleen Rao, IT teacher at Skinners Academy and head of the department, said she had seen “so much enthusiasm coming from the students to use the Cyber Discovery initiative,” which was not something she had seen before, having taught cybersecurity for many years.
Also at the event was the Department for Digital, Culture, Media and Sport (DCMS), whose deputy director for cybersecurity Alex Holmes told the class that “cybersecurity has got more important as the number of attacks has increased over the recent years, adding that there “are not enough skilled professionals to protect the UK right now and that is pretty scary.”
He explained that the intention of the Cyber Discovery project was to help the students learn about the concept of defending a network.
Cyber Discovery is an extra-curricular learning program for students in years 10-13 and is designed to be accessible to those without any cybersecurity knowledge, and consists of four phases: assess for the basics, essentials with 100 hours of video tutorials and learning guides, game with real-world challenges and elite with face to face mentoring and capture the flag contests.
James Lyne, head of research and development at SANS Institute, said that it was about “being here, playing a game and having fun and using these skills” but there was a need to apply skills for the future of society. Lyne said that over 23,000 people have played the challenge, and over 12,000 showed the talent to get into the Cyber Start game and this included the students who were participating on the day.
Lyne said that having found people “with some potential,” he hoped that some would leave thinking “that’s really fun, I’d like to do that as a job day-to-day.”
Speaking to Infosecurity, Lyne explained that there has been “an uptick in general public awareness in cybersecurity as a result of the continued deluge of news” and it has raised awareness of the importance of a career and the desire to do something about it.
“I’ve had more conversations with kids recently where they have seen cybersecurity as being important, whereas a couple of years ago I’d go to Cheltenham Science Festival and do a presentation on cybersecurity and they really had no context as to why it was impactful on society: the only motivator was that it was fun.”
Asked if it was important for SANS to connect with teenagers, Lyne said that it is from the perspective of the skills shortage, but also in learning the problem solving skills and thought processes you use as a cybersecurity professionals.
“Learning the theory earlier massively slingshots the ability to master cybersecurity material,” he said. “So at SANS I teach a couple of more technical classes and it is all about when the tools don’t go far enough there is a new security problem, how do you work as a researcher – writing your own tools and doing your own vulnerability research – how do you go beyond the community, which is incredibly important to fuel the security industry.”
He also said that there is more of an aptitude with younger people, as Lyne himself had to review material as he progressed in his career.
Speaking to Infosecurity, Rao said that there had been an aptitude within female students to take part, especially when they realized that there was a career opportunity without having to take a Computer Science course at GCSE level.
“We tend to find that students, especially girls, who don’t want to go into the Computer Science field, can go into creative media which is more about their creative skills so they are building websites and digital graphics,” Rao said.
Also regarding teaching cybersecurity, Rao explained that when the students realize the opportunities in the real world, they go beyond the theory and see different ways in which security can be compromised and it “has been an eye opener for all of us” and the current threat landscape has made it easier to teach.
She said: “We’ve definitely seen a massive change in the perception of cybersecurity, just through this program and the way that they have done it is really clever because some of the things are so ‘sneaky’ and you don’t realize the ways that they are trying to find a function that they have been surprised about and just how easy it is.”
This event was incredibly reassuring to witness from the perspective of the gamification of cybersecurity, but also from the perspective of how the students were encouraged to collaborate and solve problems. While other efforts are being made to encourage people of various backgrounds to realize the career opportunities in cybersecurity, this exercise reached the school pupil level and that can only be a positive thing.