Extinguishing Opportunities for Bright Minds in Cyber Education:

An Obsession with Conformity and Automation Is Stifling Aspiring Cybersecurity Professionals

In the book Grasp: The Science of Transforming How We Learn, Sanjay Sarma and Luke Yoquinto explain how a large part of the population has their paths shunted through winnowing. Winnowing is the lack of access to resources, who teaches, and who we teach. Testing also plays a significant role in winnowing. Think of a factory where there’s mass production of a product. Any product that does not fit the standard throws away the products that do not fit the mold. Sometimes, whole batches (of student products) are thrown away.

One of the significant problems with education is that we have an idea of what a student should be from the time they enter school. If there is any deviation from the norm, that student is illuminated or separated from the standard. From the beginning, many parents walk their children into a school that has limited resources. This limited resource is not only in kindergarten; that is where it starts. For those students, their entire educational experience will need more opportunities to reach for the resources that could make them successful. It is all about access. If your family lacks money, everything is a problem: transportation, health, crime, age, cost, and education. Stephen Jay Gould, an American paleontologist and evolutionary biologist, once stated in 1979,

“I am, somehow, less interested in the weight and convolutions of Einstein’s brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops.”

Lack of opportunity is a thought that I have always carried with me. I experienced and watched so many of my friends and family members be cut off from opportunities and thus be blocked on their pathway to education and, consequently, housing, healthcare, and financial stability. One way to improve this situation is to make learning more user-friendly and identify and eliminate unnecessary filters.

Algorithms and Automation — Another way to eliminate people

Where money can be made, money will definitely be made. We are living through a venture capital bonanza. For-profit companies use algorithms in their assessments. The short part of this story is that all students who fall outside of what is considered the best attributes for a person entering a cybersecurity career will be promptly eliminated from the competition. Sometimes, these assessments are in the form of competitive capture-the-flag competitions. Students will make a lot of money for high-tech companies, which give a small part of their earnings to the students in the form of grants and scholarships. However, the winners of such competitions are the usual suspects, in other words, those students who already have a lot of experience in cybersecurity. According to the algorithms, The people new to cybersecurity will be eliminated. Think about calculus, which, if used correctly, becomes a tool that people can use in many beneficial situations. The algorithms used in some of these systems only perpetuate the elimination of people who are already underrepresented in cybersecurity. I must point out that these algorithms are not made maliciously by people to purposely eliminate the people who should benefit the most. The problem is less about teaching cultural sensitivity to those making the algorithms. The algorithm problem could be easily solved by ensuring a diverse programming pool of people from every corner of our society. This way, we can organically make algorithms without diving into social and political upheaval on things like education that should not be politized. However, a diverse population of programmers will do well to stave off the ill effects of our blind march and automate every process that is not already automated.

Solutions

There are many innovative ways to teach cybersecurity. Self-paced courses, teacher-guided cyber boot camps, TEAL, and cyber ranges are a few of the methods we will need to use. Shortly, all information will be available for free. In a way, it is already available. There is not one lesson you can find in a calculus or engineering textbook that is not available for free if you only take the time to see and learn. The difference between access to the information and understanding the information in a meaningful way is how the data is retained. The role of the educator and the method of delivery is essential. Somewhere along the way, hands-on discovery-style tactics are critical to cybersecurity education, just as it is to STEM education in general.

Online learning is not the best method for delivering instruction, but it would be an understatement to say that it is better than no instruction at all. That may sound like something other than desirable, but online learning can be a valuable path to learning cybersecurity if appropriately implemented. However, with online learning and certification, many people will be able to learn a skill that will be sustainable in the future. We have to deliver knowledge and teach in a way that will nurture creativity. The other essential needed is apprenticeship opportunities. A student’s cyber education is not completed until the student receives practical experience in their field. The apprenticeship allows the student’s knowledge to be directly applied to the real world. Studies have shown that online classroom students can outperform traditional in-person classrooms if the online version has live instruction to go along with the curriculum.

TEAL classrooms allow for discovery-style pedagogy. This will help develop creativity and innovation, which are just the things that make good cybersecurity professionals. The hands-on component embedded in TEAL will enable students to learn with the help of peers and instructors and allow for collaboration. TEAL promotes the retention of new information by doing instead of lecturing to or following a textbook. It is like the difference between learning how to use an application and building an application.

A foundation has to be made before TEAL is implemented. This foundation will look much like a traditional classroom. Students need to learn the technical aspects of cybersecurity; they also have to know its history and how it came to be. Learning about the technology without putting it in context would be a huge mistake. Learning the technical concepts of cybersecurity is one thing but understanding how it affects society is another thing altogether. Cybersecurity cannot be taught institutionally or separated from current events. An organic connection is needed. All STEM students should have a solid biology, humanities, physics, and math foundation.

Project-based

The lessons should all be project-based. Working through a project is a more realistic way to learn. Just as in the real world, risk can be taken, mistakes can be made, and there is no chance it will affect their grades. Students do not get to move on to the next level until they prove mastery at their present level. After mastering all of the course levels, they will pass that course. When I was a network analyst for Time Warner Telecom, our new employees came in with little or no experience with our proprietary applications. We gave those new employees time to learn the system. Sometimes, it was only a matter of days or weeks, but mastering the system took months. But along the way, from beginner to master, most employees made plenty of mistakes and had to be guided at specific points in their journey toward mastery. However, acknowledging that mastering the applications took time gave the employees the time to learn the system and allowed them to make mistakes with no discernable consequences. There was rarely a time when those new employees did not reach the master level. They learned from their own mistakes; their co-workers taught them.

What is to become of teachers? Nothing can take the place of an in-person teacher to help guide and mentor a student. However, teachers in the environment I envision will be more of a guide during the student’s educational journey. In a TEAL environment, much of the teaching will be done by the student’s peers. Sanjoy Mahajan, an MIT educator, put it perfectly when he said a teacher “is a guide on the side, not a sage on a stage.” Teachers have a huge role in the future of cybersecurity learning. Emphasis will be more on course configuration as the teaching mode itself. There is a skill to be learned to know how to put the various multimedia curricula together in a way that makes it both flexible and predictable at the same time.

In a TEAL environment, having a well-experienced and educated teacher is the key to success. This person does not always have to be a professional teacher but can also be someone from the industry. The cybersecurity industry has to partner if we are going to increase the number of cybersecurity professionals in the United States.

Online learning, as well as boot camps, are good ways to combine knowledge and hands-on experience. The third part is apprenticeship. Without apprenticeships, education and certification are not completed. The practical application of learned knowledge is the best way to round out cybersecurity training and education. There is no shortage of ways to gain a better cyber posture in the world. It is essential to know that the current educational environment will have to change drastically, and it is also critical to ensure a secure future for our country.

What can we do to switch the student culture from cyber illiteracy into a cyber-dominant culture? We can take a cue from world religions, which indoctrinates children as early as the cradle. Their moral compass and intellectual capacity are still being developed. Technological advances have knocked aside superstitions such as witchcraft, magic, and sorcery for thousands of years. However, religion is still standing tall. It is not like technology has not tried to push religion to the side. Technological advances have always been in direct conflict with religion. And the Gods of religion have been moving further and further away. The Gods keep moving to new neighborhoods where we cannot see them. Deities changed addresses from living within nature to living on the mountaintops to living in the sky. Now, those deities are living beyond the furthest stars, waiting for technology to find them again and move on to perhaps another reality. We need to indoctrinate our children early.

Religion may be a bad example. Some readers may even be offended by it! However, I hope it holds your attention long enough to realize that this type of indoctrination is needed to defend this country against the ever-increasing Russian and Chinese aggression that is currently toying with methods for destroying the peripherals of our critical infrastructure. First, we have to start this training in pre-school. And we need to constantly indoctrinate them in cybersecurity all the way through the 12th grade. We can disagree on how we will reach our goals of having a cyber-literate society, but we cannot afford to wait a minute longer while our enemies are consistently poking, prodding, and tinkering with our infrastructure.