055 – Teaching Next Gen Cybersecurity Leaders

Show Notes 

• 7:48 — Generating cybersecurity awareness among students
• 10:07 — Understanding the gravity of data privacy
• 11:34 — Exploring the sentiment around sharing personal info online
• 16:46 — Building a cybersecurity curriculum
• 21:40 — Encouraging diversity in cybersecurity
• 26:07 — Sharing conversations cyber educators are having today
• 29:17 — Addressing the talent shortage in STEM careers

As an educator, what has been most effective for generating awareness and interest in cybersecurity for your students?

A starting point to build awareness of cybersecurity for students is by helping them look at their own data that’s being tracked via cell phones and digital activity. This helps students gain an understanding of how many different places exist that track personal information about them. Even if they do everything they can to keep their cell phone secure, they still need to trust many apps to ensure their personal data remains secure.

“An account from Facebook doesn’t cost anything, so what are they selling? They’re selling your information, especially for young kids, if you’re 16-18 years old, you have another 50-60 years of buying stuff, and that’s marketing gold, and we have to impress upon them that that information about you is precious, and you should have some sense of how pervasive it is, and how you protect yourself. That’s why I start with the digital footprint.”

Do students at that age truly understand the broader implication of their data being shared across the internet and why that may be negative?

The job of educators is to inform students of potential risks and teach them about safety mechanisms available to remain safe. Students can relate to the seriousness of data privacy in the lens of cyberbullying, which is a reality for some students. Neil compares the role of a cybersecurity teacher to that of a driver’s education course by informing students of the safety protocols available to them to help protect themselves.

“You might not ever get into a car accident, but if you don’t wear a seatbelt, you’re being foolish. Part of my job is to say, here are the seatbelts, here’s the helmets, here’s the other safety mechanisms that are available to you, so that if you’re going to operate in social media and everything else on the internet then you have some sense of, where are the off ramps? How do I protect myself? How do I guard against these things from going on?” 

Do students have a sense of privacy about sharing personal information online? How about their parents?  

In the cybersecurity course Neil teaches, he covers the importance of not sharing personal information online such as date of birth, and why password strength is important. Looking at the vulnerabilities that are out there, neither parents nor their children understand technology ‘under the hood.’ 

“You can drive a car very well, but not know anything about how the transmission or the engine works.” 

What is the curriculum for your cybersecurity course, and how do you see it evolving in the coming years?  

Many commercial curricula exist with free K-12 courses for non-technical savvy educators. This type of coursework lays a foundation for learning, but it only scratches the surface. In Neil’s courses, he runs a sandbox environment of Kali Linux so students can test command lines and do ping and traceroutes. This type of education is the most effective to give students hands-on experience. However, there’s a learning curve here for teachers because they need to have a level of security knowledge in order to run this type of coursework.  

“There is a learning curve for the teacher because not many of us who are teaching actually come from an industry background, who actually have the savvy to understand exactly what’s going on. We understand that you can’t get IT people to normally become schoolteachers. You can’t get programmers to become schoolteachers; there are many good ones who are excellent and really know their stuff. But it becomes a challenge because you have to understand that what you’re teaching is not just something you can just pick up from reading a book and then be one or two days ahead of your kids.” 

How can companies make cybersecurity more approachable to diversity in the workplace?

Neil cited two organizations he commends for introducing diversity in their associations:  

• Computer Science Teachers Association (CSTA) 
• Cyber.org  

These two organizations include teachers who can serve as role models to young people so students can not only gain more diverse peers but also see themselves in future leader roles. With many languages spoken in Neil’s classroom, he’s intentional about helping students see themselves in technology roles. He has a Wall of Fame at the back of his classroom with people such as Mark Dean, the father of the Industry Standard Architecture (ISA) board who worked at IBM, and Lyndsey Scott, a supermodel and iPad developer.

“In organizations, we’re not just trying to make the classroom more reflective in terms of the students who were in there, having a curriculum that appeals to them, and having those cultural-relevant links to it, but also making the teacher workforce more diverse — and that’s a very difficult, very, very difficult problem, because a lot of people aren’t going into teaching.” 

What kind of conversations are cybersecurity educators having today?  

Neil is the founder of the Cybersecurity Educators Group on Facebook, where 1,500 educators from many backgrounds gather to share their learnings to enrich education for students. Conversations among cybersecurity educators often center around what creating a lab in the classroom looks like, how to integrate a hands-on lab into a learning management system, what certifications schools can offer to give students a leg up upon graduation, and how cybersecurity relates to current events in a way teachers can tie it back to a lesson for students.  

“There’s a need to see that the kids can actually accomplish a goal of getting something that they can use as part of their resume to get a job out of high school.” 

What’s your perspective on the talent shortage in the market today?

The story of a talent shortage in STEM jobs has been a common theme for several years. Neil’s perspective on this is if we gave young adults a chance for on-the-job learning and mentorship before they pursue a formal degree, we’d capture untapped talent with the ability to mold incredible cybersecurity or IT professionals before they’re swayed by other paths. Only accepting students with a specific degree that passes AI resume scanners misses the human element of hiring talented technologists.  

“You’re hiring a person, and I think the human element is so critical, especially to what we do in information technology and cybersecurity. It’s a big human element; you have to be able to work with other people.”  

Neil is a cybersecurity teacher at Everett High School in Massachusetts. In 2016, Neil was one of 213 mathematics and science teachers awarded the Presidential Award for Excellence in Mathematics and Science Teaching from President Obama, and in 2022, he was awarded the Cyber Educators of the Year award by Cyber.org. He’s also the founder the Cybersecurity Educators Group on Facebook, a community of more than 1,500 influencers and educators in the space that seeks to share curriculum and tips related to cybersecurity education.