In an effort to raise cybersecurity awareness and help both school districts and teachers develop security-based curricula, the National Institute for Cybersecurity Education (NICE), part of the National Institute of Standards and Technology (NIST), hosted two consecutive conferences this fall.

These back-to-back conferences brought experts from industry and academia together to share creative strategies to help educators teach youngsters how to change their “naughty” online behaviors into good cyber hygiene.

The NICE Conference in Miami was held in November, followed by December’s NICE K12 Cybersecurity Education Conference in San Antonio, which introduced some innovative technologies as well as multiple trainings to help schools make students more aware of how to protect themselves online and the many career paths available to them in cybersecurity.

Let the Youth Lead Cybersecurity Education

I had the pleasure of speaking at the NICE K12 Cybersecurity Education conference on how to create a cyber-aware classroom, but my presentation was just one of many and paled in comparison to that of the keynote speaker, Kyla Guru, a 16-year-old high school junior from Illinois who is the founder and CEO of Bits ‘N Bytes Cybersecurity Education (BNBCE), a youth-built nonprofit that provides suggestions for day events and classroom discussions.

Also among Guru’s list of notable cybersecurity education resources are CommonSenseMedia, CodeHS Cybersecurity, Facebook Security Centre and (ISC)2.

In her work over the past few years, Guru has seen that students are increasingly encouraged to take at least one computer science course starting in middle school, and are subsequently guided to pursue the subject with a progression of courses in high school.

Implement Student-Created Curricula

What’s unique about the BNBCE curriculum is that it’s created by youth. The nonprofit offers lessons on encryption, privacy policies, digital citizenship, data breaches, passwords and social engineering, all of which are organized by age group.

“BNBCE also produces animated videos tailored for each school’s core values and principles, as well as conducts outreach events and runs biweekly research-based blog posts on relevant cybersecurity concepts for the classroom. We would love to support schools as they integrate cyber in their classroom discussions,” Guru said.

How to Break Google’s Influence on a Generation

Recognizing that her generation is digitally driven and has been raised to consider “Googling” as sufficient research, Guru said it is critical that the time young people spend using technology as their new medium for discovery and exploration be spent securely and safely so they can learn without limitation.

“K–12 students are by far the greatest consumers of digital information there are. In fact, a recent survey showed that 82 percent of Generation Z shares that Instagram, Snapchat, Buzzfeed and other social media sites are their primary news sources,” Guru said.

Engage Students in Cyber Awareness

In the Cyber Day 4 Girls workshop, hosted by IBM in advance of the NICE K12 Cybersecurity Education conference, young women in grades six through nine had a chance to learn how to protect their online identities and internet-connected devices while working alongside some impressive female role models who are already studying and working in cybersecurity.

Attendees also heard about the defensive hacking curriculum created by IBM and Hacker High School (HHS), and how to infuse ethical hacking skills across the curriculum, which was presented by HHS director Kim Truett.

Learn more about Hacker High School

Industry Professionals: Step Up

Clearly, educators and students alike are doing their part to move the cybersecurity needle forward, but industry leaders also play a critical role in helping to raise cybersecurity awareness and education among today’s youth.

In his presentation to audience members at the Miami conference, Eduardo Cabrera, chief cybersecurity officer at Trend Micro, talked about the need for more partnerships between enterprises and the K–12 sector.

“We have to rethink what we are doing around cybersecurity education, not only from an awareness and hygiene perspective, but also from the perspective of establishing a permanent pipeline of talent from K–12 that feeds into higher education,” Cabrera said.

What would that actually look like, though? According to Cabrera, one model that could work is what has been happening with DevOps. “There is a concept or movement around DevOps that is speeding up the cycle, taking plays out of the playbook of agile development and looking at the partnerships required between operators, developers and testers. These microservices are creating smaller, quicker sprints. We need to move toward a DevOps model of workforce development.”

Rather than operating in silos, all connected parties can work together. “The operators are the industry, developers are educators and the testers are certifying bodies,” Cabrera said.

Teaching cybersecurity is not solely about STEM and technical skills, either, Cabrera said. “Soft skills are becoming equally as important as technical skills. We have a rock-star employee when they can be technical but equally as skilled at communicating and storytelling.”

Cybersecurity isn’t just about defending one’s digital footprint, after all, but is just one piece of a network of protection for the whole person. To teach the best, most complete self-defense is to teach the whole student — not just the computer-savvy parts.

More from CISO

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

How the Talent Shortage Impacts Cybersecurity Leadership

4 min read - The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service provider (MSSP) provides expertise that isn’t available in-house. But it isn’t enough, especially for the medium-sized businesses that would most benefit from an internal security team. However, the talent shortage doesn’t just impact present-day security concerns. The lack of a…

4 min read