October is one of my favorite months here in the D.C. area, not only because we get to enjoy views of the Blue Ridge Mountains covered in Fall foliage, but because it is National Cyber Security Awareness Month (NCSAM) and a time that my organization can really shine a spotlight on local kids who are getting revved up about cybersecurity and the educational programs that are inspiring them.
Why is that so exciting? I believe that children are not just our collective future, but that every time we help children boot up a computer or help them download homework online, we are looking into the faces of those who will fulfill our vision of a safe and secure cyber world.
I often get asked if professional and training bodies such as (ISC)2 should focus our efforts to identify potential recruitment targets on those in high school (or younger) given the substantial and immediate need to fill the widening cybersecurity workforce gap.
In my opinion, we can’t start educating kids soon enough – a message that seems to be resonating beyond the walls of my organization into the halls of Congress, the academic community and corporate America. For example, during last week’s National Town Hall on Minority Underrepresentation in Cybersecurity, House of Representatives Inspector General Theresa Grafenstine emphasized the need to make the cybersecurity field more appealing to children. “We need to make this like a marketing campaign,” said Grafenstine. Rather than furthering the notion that to be interested in cybersecurity, kids must have a “pocket protector” and sit in the back of the class, we need to “slap Cinderella with a laptop” she suggested.
As I support (ISC)2’s awareness activities that target middle and high school students throughout the year, it is apparent that the notion of starting kids early in cyber is resonating louder than ever among educators as well. In mid-September, the (ISC)2 Foundation had the privilege of joining The MITRE Corporation to recognize some of the nation’s up-and-coming Science, Technology, Engineering and Math (STEM) students and winners of a recent national Capture the Flag Competition.
Each member of the four-person winning teams received an (ISC)2 Foundation-sponsored $1,000 college scholarship, a voucher to take the (ISC)2 Systems Security Certified Practitioner (SSCP®) exam and priority consideration for MITRE’s Cybersecurity Intern Program. Out of 73 teams with more than 300 students from high school and college, both the winning and runner-up teams included high school students. This reinforces the sentiment that, if properly nurtured, cyber talent can develop early and mature in a short period of time.
Principal Dr. Evan Glazer and the STEM educators at Thomas Jefferson (TJ) High School for Science and Technology in Alexandria, Va., take a holistic approach to nurturing cyber talent by teaching foundational topics that information security professionals deem are important to learn such as operating systems, architecture, cryptography, etc. “We teach that it is the interconnectivity between these foundational topics that makes cyber challenges real,” says Glazer. “Students who enjoy cyber topics appreciate the multidisciplinary or problem-solving aspect.” Glazer also underscores the benefits that students receive by participating in “extra-curricular” cyber activities such as Capture the Flag competitions and encourages organizations/companies to support these activities.
“There are a lot of benefits to having our students participate in cyber competitions. The competitions encourage systemic thinking, situation problem-solving, social responsibility, a commitment to service and support of protecting other people,” said Glazer. Most of all, kids love the challenge. “A mission, computers and puzzles—what could be better?” he added.
With a strong STEM foundation, Glazer believes students will be equipped to pursue cybersecurity specialty areas in college. Other high schools in the area take a slightly different approach by offering a dedicated cyber curriculum that is more aligned to a professional certification path. Either way, students are realizing that this field is an opportunity for them. It will then be up to those of us in the professional community to help identify a clear career path for graduates trying to enter and progress in the field. To that end, (ISC)2 offers the Associate of (ISC)² program, which helps to bring graduates into careers at the entry-level and to set them up on a pathway to success.
As the month of October comes to an end, let this be a reminder to look for STEM potential in the children around you and to get your organization involved in supporting new or existing cyber competitions in K-12 classrooms. If you need ideas, the DHS Cyber Security Division website is one good resource. It’s never too early in a child’s life to introduce cybersecurity principles and to feed their interest in computers. What might have once been used simply as a means of keeping your child occupied or entertained might actually end up being his/her first step along a very fulfilling and rewarding career path.
Dan Waddell, CISSP, CAP, PMP, (ISC)2 managing director, North America Region and director of U.S. Government Affairs, was lead author of this peer-reviewed post.