What does cybersecurity education look like for today’s young students? And why is it critical?
Now more than ever, our digital culture has shaped both what is taught at schools and how it is taught. While educators are challenged to keep up with the speed of this change, the rise of digitization has also created immense opportunities for educators and students alike.
Cybersecurity—a term that was not a household phrase 10 years ago—is now a topic that has permeated nearly every industry. As a result, educators must teach young students to not only stay safe online, but to also understand the roles needed to help strengthen the fight against cybercrime.
While educators and guidance counselors are still learning more about the industry and may struggle to recommend a career path in this rapidly evolving industry, cybersecurity leaders are tasked with recruiting and retaining the best security professionals from a very limited talent pool.
Building a wider pipeline
You may be surprised that one of the biggest challenges facing companies is simply finding enough people to fill the increasing number of jobs needed in this field. The security skills gap is well documented, with the most recent studies predicting that the cybersecurity talent gap will reach 1.8 million open and unfilled positions globally by 2022.
Next page: A “new collar” approach to cybersecurity
In other words, companies can’t hire enough people for good-paying cybersecurity jobs. While cybercriminals get better at their craft, the organizations defending against them have empty seats on the other end of the wire. Even though governments, industry leaders, and educational institutions are doing what they can to address the problem, the entire supply chain of talent is stressed.
In the wake of massive global cybersecurity attacks like WannaCry and Petya, the need to build a broader pipeline of cybersecurity professionals has never been more evident. Unfortunately, cybersecurity education at the high school and undergraduate level has remained largely unchanged for the past decade.
Academic institutions want to meet industry needs, but they are struggling to evolve their curriculum to keep pace with the shifts in industry and technology. In fact, more than half of high school seniors attend schools that don’t even offer computer science. Couple this with the fact that educational institutions themselves are experiencing a skills and resource shortage, and the opportunity to evolve curriculum becomes even more taxing for those already overworked in the system.
The variety of roles in today’s cybersecurity landscape is vast, as are the skills needed to fill them. For instance, IBM has identified an increasing need for “new collar” security professionals who have particular skillsets, aptitudes, and experiences needed for security, but not necessarily in the form of a traditional four-year degree.
As teachers, guidance counselors, and college counselors know, there are a variety of alternative training and education models for rising high school seniors who are not interested in or simply cannot afford a four-year school to consider. Many security-education options fit under this umbrella, including associate degree programs, public-private partnership education models, apprenticeships, and certification models—and, yet, the majority of these options are not reaching their full potential due to a disconnect between education, training, and hiring models.
This pipeline issue in cybersecurity is a huge challenge, but also an opportunity for educators to lead the way.
Supporting a “new collar” approach through education
More than half of security hiring managers say that practical, hands-on experience is the most important qualification of cybersecurity landscape. Yet the majority of students are not given the opportunity to learn these security skills in a traditional classroom setting. In fact, two out of three high schoolers say the idea of a career in cybersecurity has never been mentioned to them by a teacher, guidance counselor, or career counselor.
Educators can take multiple approaches when it comes to introducing the idea of cybersecurity as a career path, including:
1. Redefine how and when cybersecurity is introduced: Guidance counselors, college counselors and teachers should keep the cybersecurity track top of mind when discussing post-graduate plans. The breadth of jobs open in cybersecurity is enticing for rising seniors interested in a technology space. The earlier cybersecurity is introduced into education—even as early as elementary school—the better.
Similarly, educators should rethink the roles within cybersecurity. Cybersecurity talent is needed across the board—not just for those interested in coding or technical skills. Today, there are many different security-related roles, ranging from writing and communications to design, sales, consulting, and more. Above all other aptitudes, the cybersecurity professional of today needs to possess an innate desire to continuously learn new things as the security industry shows no signs of slowing down.
2. Implement new courses: Investing in courses that focus on building the skills and awareness needed for the next generation of cybersecurity workforce is becoming increasingly necessary. Many leading security companies have already begun making strides toward this. For instance, IBM has collaborated with Hacker Highschool —an open cybersecurity training program for teens and adults. Students completing Hacker Highschool lessons will learn some of the skills necessary for an entry-level security operation center analyst, a position that is in particularly high demand.
3. Highlight extracurricular activities: There are a multitude of after school and summer programs that include skills-based technology education, vocational training, and coding camps. Educational professionals should look to arm themselves with information on these programs or even consider how to implement them within their own schools.
4. Suggest alternative education models: There are many professional certification programs and innovative public/private education models like P-TECH (Pathways in Technology Early College High School) that are an alternative option for high schoolers interested in technology jobs. Continued investment in a P-TECH education model connects high school, college, and the business world to prepare students for technology jobs of the future, including cybersecurity. Through P-TECH, public high school students can earn both a high school diploma and an industry-recognized two-year postsecondary degree at no cost to them or their families, while working with industry partners on skills mapping, mentorship, workplace experiences, and internships.
The P-TECH model has expanded to more than 60 U.S. schools and 300 industry partners, including several new schools that are pioneering a cybersecurity-focused program. Hundreds of students are currently enrolled in these cybersecurity-focused P-TECH schools, and those who finish will earn an Associate of Applied Science in Cybersecurity upon completion.
From backpacks to briefcases: creating a culture of cyber awareness
By leading the charge on cybersecurity education, educators can create a culture of cyber awareness that can also help shape the job market. In addition to redefining how and when cybersecurity is introduced to students, companies also need to reevaluate their approach to recruiting and hiring talent.
A “new collar” approach should be considered—one that focuses on skills—not just degrees earned to allow companies to tap into underutilized sources of talent when filling positions, as well as create new opportunities for those entering the job market.
Technology continues to evolve the way we educate the future leaders and innovators of tomorrow. By exploring new career paths and skillsets, such as cybersecurity, educators can put students on the right track early on in their growth.