Teach Early, Teach Often: Cybersecurity Education for Children

Teach Early, Teach Often: Cybersecurity Education for Children

This month marks the 15 year anniversary of Cybersecurity Awareness Month in the United States, and it is an important time to remember the systems we protect as well as the social systems that affect them. According to National Cyber Security Awareness Month (NCSAM), their theme this year is that “Cybersecurity is our shared responsibility and we all must work together to improve our Nation’s cybersecurity.” This message really resonates with the team here at SEORG, and me in particular. We spend our days and our careers helping clients, friends, and family improve their security posture. We look to provide our clients with tangible data to guide them in the security education of their staff. The human endpoints are often the hardest to secure, as each human learns in different ways, some need more instruction than others, and they have varying degrees of prior information security and systems knowledge. This last point is critical; to date, the world over, there is little, regular exposure to STEM and cybersecurity in educational systems.

Adults in the information security industry could have entered their roles more prepared had educational systems provided curriculum that mirrored real world needs through an increased focus on STEM curriculum and the accompanying cyber security education users of technology should, ideally, receive. So, while we are teaching our adult learners to improve their security stance, let us not forget about the needs and positive, lasting effects of exposing children to technology, engineering, and cybersecurity skills early and often. Exposing young minds to quality STEM and cybersecurity education will strengthen all of our companies and human endpoints but failing to provide this instruction to today’s youth will result in a workforce that struggles to keep up with the information security needs of the future.

Connecting Education and Information Security

Children today will be the information security professionals who will secure our retirement, secure our increasingly connected healthcare systems, and inherit our digital world. We must begin preparing them from elementary school ages for the ever-quickening pace of technology, and the security needs that come with it. Unfortunately, this is not the status quo in many schools across the globe and that may not change within education systems themselves for many years. While some schools and nations provide better technology programs to children than others, the vast majority of students the world over are not receiving early education on cybersecurity and STEM related skills. This will leave our young learners and future leaders at a disadvantage in the future work force.

Unfortunately, many young students are victims of the ever broadening “opportunity gap,” or the fact that being born into certain zip codes and societal constructs negatively affects the educational opportunity and lifelong opportunity of children. While this phrase is often used in terms of America’s school systems, the concept of the opportunity gap affects students and children globally. Many students are not receiving early or regular exposure to quality science, technology, engineering, and mathematics (STEM) curriculum that provides the foundation for cybersecurity education and an understanding of informational systems.

Networks, organizations, and security departments are all systems. These systems recruit their human endpoints, their people, directly from educational systems; educational systems which desperately underserves many students thus widening the current opportunity gap. The information security industry will struggle to secure its people as long they come out of systems that are under-preparing them for the modern world and modern opportunities. And yet, despite a lack of exposure, children are some of the best and most determined little hackers I have ever met.

Immediately after college, I taught 4th and 6th grade math and science in a rural school district in eastern Arkansas as a corps member with Teach for America. The concept of the program is to take individuals with proven track records of success, either in their academic or professional careers, and train them to teach in low-performing school districts quickly. Corps members make a two-year commitment, and then return to their previous careers, stay in education, or pivot to a new endeavor. The school I taught in had received a grant from Apple for all students to have access to a computer, which then required a staff member to become the IT administrator of the school so hundreds of students with computers had oversight. When the admin would release a new security protocol on the network, it would take mere days for at least one of my very young students to find a way around it and access their favorite YouTube channels and online games. The IT admin would constantly lose their blue teaming endeavors to creative, red teaming children with zero experience. Every. Single. Time.

What Can You Do?

Kids are hungry to learn. They are ready for challenging STEM and cybersecurity curriculum. They are ready for puzzles, cryptography, and exposure to critical thinking exercises and cybersecurity education for children, but so many of them are denied the opportunity to learn these things based on circumstances they have no control over, circumstances they were born into.

Our industry needs critical thinkers. Our industry needs diversity. Our industry needs a future with qualified professionals. Fortunately, there are a wealth of curious, diverse minds out there waiting for interesting learning opportunities. For the 15th anniversary of Cybersecurity Month, I challenge you to impart your skills to young, hungry minds. An added benefit is many employers will allow their employees to take volunteer days, and, even if this does not apply to you, volunteering looks great on your resume and is very emotionally rewarding. To get involved, here are some ideas:

  • Volunteer to speak at a local school and/or plan interactive games to teach children about protecting their online identities, cryptography, and other cybersecurity and critical thinking skills.
  • Get involved with, or plan, outreach events like the SECTF4Kids and the SECTF4Teens that introduce children and teens to social engineering, puzzles, problem solving, and critical thinking.
  • Make time to work with any number of fantastic STEM programs such as Girls who Code and Kids interested in Technology, Engineering, and Science (KITES).
  • Educate children in your nuclear and extended family early and often about cybersecurity, their online safety, as well as how the internet is connected, and information is stored. PBS offers a great learning lab aimed at teaching children and teens about securing networks and what types of information attackers are interested in.
  • Provide students and children a safe reporting environment, where if they encounter something alarming online, they have a safe place to tell a knowledgeable adult.
  • If you have children, have them work with you when updating or changing your home network. Talk them through the steps and expose them to the concepts.

It’s never too young to start teaching children the skills we wish all of our end users had. It’s never too young to start teaching children about their online safety. And it’s never too young to begin raising the industry leaders of the future.

Go forth and share your knowledge with the little people.

Written By: Cat Murdock