A professional group for high school and middle school computer science teachers is looking to educate its own members about cybersecurity so they can better prepare tomorrow's workforce.
Following a recent one-day cybersecurity program for students, sponsored by the NSA, "One of the pieces of feedback we got from the teachers is they thought they could do better at it if they actually understood cybersecurity a little better," explained Mark Nelson, executive director of the Computer Science Teachers Association.
CSTA, which is owned by the Association for Computing Machinery, focuses mostly on high school and middle school CS teachers in the United States. However, almost 90 percent of the teachers do not have computer science degrees, Nelson said. Many come into the field from other other subjects such as math or science. Their understanding of cybersecurity may be better than the average person's, but not as rigorous as someone with a CS degree.
Cybersecurity certs for computer science teachers
To help, CSTA this month announced an 8-hour certificate course in cybersecurity education. The curriculum, co-developed by training specialist CompTIA, introduces topics such as authentication, best practices, compliance, encryption, governance, penetration testing, risk management, and security architecture. Teachers must also complete online cybersecurity career simulations and lead students in real-life mentoring before the certificate is issued.
CSTA is planning further cybersecurity education for its members by partnering with a company called LifeJourney, which makes videos to teach students about real-world work in their desired fields. Another goal is to teach gender, geographic, and industry diversity: "Computer science is more than just white guys programming applications in Silicon Valley," Nelson added.
Nelson said it's unclear if modern students are well-prepared for learning cybersecurity skills due to mainstream awareness of the issue, or if they're under-prepared due to a generation of online sharing with less focus on data privacy. "I haven't seen strong data either way," he said.
Other organizations push cybersecurity education
There are similar efforts to educate the educators through the Department of Homeland Security's National Initiative for Cybersecurity Careers and Studies and the National Institute of Standards and Technology's National Initiative for Cybersecurity Education, but the CSTA effort is novel for being created directly by K-12 teachers themselves.
There also may be cybersecurity shortcomings in higher education. CloudPassage, a security firm in San Francisco, asserted last month that cybersecurity courses are only required for graduation in three of the nation's top 50 computer science departments.
The challenge also presents itself to information technology recruiters. Candace Arillo, who works in the San Jose office of international recruiting company Modis, said young candidates tend to be good at security in network architecture or web applications, but they lack relevant experience in contextual issues such as compliance. Fortunately, many companies are willing to train, she said.
"My own opinion is that the schools have to really take an active part in educating kids about cybersecurity," Arillo said.
Separately, the SANS Institute this week announced a program for teaching cybersecurity skills to U.S. military veterans. "SANS pledged to train a minimum of 200 transitioning veterans over the next four years through its VetSuccess program. The company and its corporate partners will cover the approximate $4 million in training fees and expenses," officials in Bethesda, Md. stated.
Evan became a technology reporter during the dot-com boom of the late 1990s. He published a book, "Abacus to smartphone: The evolution of mobile and portable computers" in 2015 and is executive director of Vintage Computer Federation, a 501(c)3 non-profit organization. His vices include running and Springsteen.