By Sam Bourgeois, Make IT Secure

Sponsored by

I started teaching in 2005 with a Macintosh II (late 80s model) and two Zenith wood frame thirty-two-inch TVs. By the end of the school year I had found a Dell tower to run Powerpoint and videos on became the “cool new teacher” that used multimedia in American History class. I knew without any doubt that we were doing a tremendous disservice to my students by not doing more to expose and prepare them for the world after HS. I knew how much technology had revolutionized business and industry. As it turns out, I have gone to school for engineering and my father was a safety engineer for a well-known global organization, specializing in manufacturing, chemical research development, and pharmaceuticals. We had talked on numerous occasions about fast technology, and how the risks of cyber were changing in his daily life. I was really interested in computers as a boy and fascinated by the idea of a hacker. I knew that I wanted to be the kind of person who could figure things out and computers that others couldn’t, find workaround to problems that stumped everyone else, or bypass controls to show the weaknesses of a system.

We all acknowledge that technology is evolving rapidly, and that the importance of STEM education, particularly cybersecurity, cannot be overstated. For years, educators have been desperately trying to instill in K-12 students the knowledge and skills they need to navigate the future safely. My concern is that as the proliferation of AI technology accelerates, it will become increasingly clear that we cannot simply teach our way out of this problem with conventional methods. Targeting the skills gap alone will be futile.

The Changing Face of Cybersecurity

Cybersecurity threats are becoming more sophisticated and pervasive with each passing day. As a leader of a SOC (security operations center), protecting of customer devices, critical client systems, and empowering security operations across numerous industries, I feel burned out often. The attacks that truly break my heart are the ones that used to be offlimits. It wasn’t long ago that school and healthcare industries were largely untargeted by cyber attackers. That’s no longer the case. In the MOVEit incident alone, education represented more than half of all reported breaches. Ransomware continues to climb, and our latest data sets indicate a seventy percent surge in attacks year over year and there is no doubt 2024 will continue the trend.

The stakes have never been higher. As a result, there has been a real push to integrate cybersecurity education into the K-12 curriculum. We’ve tried to train staff better too.

There are some great resources out there, to be sure! While this is a step in the right direction, it may not be enough on it’s own.

AI and the Rapidly Shifting Landscape

Artificial Intelligence (AI) has brought about seismic changes in various sectors, particularly cybersecurity. AI-driven attacks are not only more potent but also more adaptive, posing unprecedented challenges to our defenses. The exponential evolution of AI means that the threats we teach students about today will be obsolete by the time they graduate. This dynamic nature of this technology creates a fundamental problem: the curriculum cannot keep pace with the changes.

The Need for Cyberethics, Critical Thinking, & Community

Given these challenges, what we need is a paradigm shift in how we approach cybersecurity education. Instead of solely focusing on the technical aspects, we must emphasize cyberethics and critical thinking. Here’s why:

Cyberethics

Teaching students about the ethical considerations surrounding technology use is crucial. As future leaders and innovators, they must understand the moral implications of their actions in the digital world. Cyberethics education can help them navigate complex issues such as privacy, data protection, and the ethical use of AI. By instilling a strong ethical foundation, we can prepare students to make responsible decisions that go beyond technical knowhow and beyond the classroom.

Critical Thinking

I have been a champion of growth mindset and critical thinking for most of my career as an educator, IT professional, and security subject matter expert. The ability to think critically is invaluable in all walks of life; I would argue more so in security. To defend we must anticipate the behavior of bad actors, probe systems in ways the creator didn’t intend, and be thorough in our approach to protective controls. Students need to be equipped with these thinking skills to analyze and evaluate information, question assumptions, and make informed decisions. Critical thinking fosters resilience and adaptability, enabling students to stay ahead of emerging threats and technologies. It encourages them to think creatively and develop innovative solutions to complex problems. The growth mindset compounds these outcomes and helps them to be curious and want to learn more.

Community

As a classroom teacher, I often found the most effective way to bring challenging, complex, or sometimes downright boring concepts (apologies for the unintended insult, I taught MS sciences and HS social studies) home for my kids was to make it relevant and local. This is to say I made it about them. I adapted the lesson to involve their community, their family, their place, or their culture. I imagine the same to be true for cybersecurity, privacy, and cyberethics.

We need them.

I might be an expert now (arguable, I know), but I know very little about LLMs and the algorithms that make the magic happen. I am not a coder or programmer. I am not a seasoned hacker. We need them. We need your students to protect us all. We should be honest with them: we aren’t doing a great job of protecting them today according to the statistics. I try to instill a sense of duty in my students (and my sons) to protect each other, protect our neighbors, and protect others online. Defending those who may not be able to defend themselves. This is our only hope.

Preparing for the Future

As I imagine the future, it is clear to me that cybersecurity education must evolve. While technical skills are essential, they are not sufficient on their own. Make IT Secure can help by integrating cyberethics and critical thinking into your curriculum, we can help prepare teachers and students for the challenges that lie ahead. We need responsible digital citizens who look out for one another, take ownership of their personal security and privacy posture. We want to make the world safer… make it secure. Thank you for doing what you do… thank you for the often thankless and painful job of teaching kids raised with screens in their hands and constantly connected. I can speak for my industry colleagues when I say, “we want to help.” Let me know what you need and maybe I can make some connections. Make IT Secure is a nonprofit subsidiary of Educating for Leadership and our mission is bring industry professionals together with K-12 to meet the unique challenges of working with young people and tight budgets. We write grants, offer strategic guidance, and provide cutting edge services in creative ways to keep costs low for schools. Let us know if we can help.