In order to create a more robust cybersecurity workforce, security experts explained on Wednesday that cybersecurity education needs to start at the K-12 level.
At day two of the Billington Cybersecurity Summit in Washington, D.C., panelists from both the public and private sector agreed that implementing cyber basics at the K-12 level will help students to develop the right skill sets and get excited about cyber at a young age.
“This field is growing. I can’t keep up with current demand, much less trying to keep up with future demand … I really believe this is a national challenge,” said Mark Gorak, the principal director for resources and analysis within the office of the Chief Information Officer (CIO) in the Department of Defense (DoD). “I think DoD can participate in that we can establish the requirements, the training curriculums, but how do we motivate K-8 specifically?”
Seeyew Mo, the assistant national cyber director for workforce, training, and education at the White House’s Office of the National Cyber Director (ONCD), agreed that it’s a real problem if cybersecurity training is not being implemented at the K-12 level.
For example, Mo – who runs the team in charge of the ONCD’s National Cyber Workforce and Education Strategy (NCWES) – shared that his child started school in Maryland this week. He said the first thing he noticed when he was walking around the classroom was that the password for the students’ tablets was on the whiteboard.
“When we think about K-12 education, we need to think about how we’re molding and modeling our young kids,” Mo said. “Because right now, what my kid is learning at school is: the password is on the whiteboard, and it is ‘12345,’ right?”
Much like Smokey Bear teaches kids basic wildfire prevention tips, Mo said cybersecurity needs its own equivalent to model good cyber behavior. “There is a gap there,” he said.
“From our standpoint when we’re writing a strategy, it’s really hard for us to mention anything about education because it’s a state thing, and we want to stay clear from that,” Mo explained. “But, what we want to do is we want to encourage some of these best practices, which is like hey, discover early, learn some of the skills, training in high school, and then make cyber more fun in general – not necessarily less technical, but more accessible to folks in the community.”
James Stanger, chief technology evangelist at CompTIA, agreed, adding that the “the real key is you need an avatar, you need to make the industry attractive.”
“There are things that we need to do to get rid of those barriers and there are a lot of ways that we can create true incentives and point out that this is a rich and vibrant and growing and morphing industry that is worthy of your daughter, the lawyer, or son, the doctor,” Stanger said.
Christopher Paris, senior advisor for cyber workforce management in the Office of the CIO at the Department of Veterans Affairs (VA), pointed to the Cyber Career Pathways Tool as one way to show students what a career in cybersecurity could look like.
Paris said the tool can reach students where they are and help them to “get motivated.”
The tool was developed and is maintained in partnership with the Interagency Federal Cyber Career Pathways Working Group, led by the Cybersecurity and Infrastructure Security Agency (CISA), the DoD, and the VA.
“We’ve heard time and time again from academia, and especially K-12 educators, is that it’s a very helpful tool that allows educators to show in a very interactive way, hey, this is the type of role or types of roles that you can find. Here’s the requirements. Here’s on ramps and off ramps and videos of what it looks like to perform this role in the real world,” Paris said.
“I think motivation and showing that path of moving from education into the workforce is crucial to get kids excited and on a trajectory that is actually a path that they can follow that has clear milestones of training, learning, education, and experience,” he concluded.