Training Tomorrow's Cyber Gurus
Several programs entice youths to learn about cybersecurity.
The overwhelming consensus among cyber professionals is that the labor pool significantly lacks qualified experts, let alone the ability to meet demand in the coming years. Hoping to entice new generations to enter the field, government agencies and nonprofit groups are placing added focus and dollars on training youths in computer science and cybersecurity.
Sandia National Laboratories, for example, runs various programs that offer training in computer science and cybersecurity through educational collaborations between the government, universities and high schools. Take its Center for Cyber Defenders, an internship program that brings together graduate, undergraduate and high school students nationwide for several months on campus during the summer. The interns work on research projects that test them in real-world tactical cyber missions. “[At] a lot of places, when they have internships, the projects might be dumbed down a little bit,” says Levi Lloyd, technical manager at Sandia and cybersecurity researcher and engineer. “These are actually real cybersecurity problems that we’re working on—national security-type problems.”
The internship program, which allows some students to work for Sandia year-round, is part of a larger effort by the laboratory that emerged from its creation of a cybersecurity research center in 2012. The Cybersecurity Technologies Research Laboratory, or CTRL, is built on a sprawling California campus that fosters an “open but secure” environment and offers an alternative setting to attract top talent, Lloyd says. CTRL boasts an open floor plan with couches and tables rather than traditional office desks to encourage collaboration and spur free thinking about security solutions. The center also offers seminars and colloquiums with great technology minds from large companies, other national labs and universities, as well as venture capitalists. “It’s a good place where we can do more open collaboration with folks,” he notes. The lab’s goals include enhancing research and development for cybersecurity foundations, grasping present-day and future threats and testing cybersecurity solutions in real-world situations.
This summer, one project at CTRL’s Center for Cyber Defenders challenged the interns with a video teleconferencing penetration exercise in which the students hunted for vulnerabilities in Sandia’s system. “They were able to take the results of this penetration test and actually work closely with the teleconferencing team here at Sandia to help improve our security posture,” offers Craig Shannon, an instructor at Sandia’s Cyber Technologies Academy (CTA). “They were pretending to be the attacker here. If somebody was on Sandia’s network or if somebody had access to these video teleconferencing devices, what could they do? If there were vulnerabilities, what could they take advantage of?”
For 2015, the program received applications from 117 graduate students, 289 undergraduates and 75 high school students, which led to 50 interviews. In the end, Sandia brought in 16 interns from the University of California, Berkeley; Carnegie Mellon University; Pennsylvania State University; the University of Texas at Dallas; Auburn University; the University of Southern California; Kansas State University; the California Institute of Technology; California State Polytechnic University, Pomona; and Brigham Young University.
Shannon says he likes to recruit candidates from Scholarship for Service (SFS), a unique program designed to increase and strengthen the cadre of federal information assurance professionals. The SFS provides scholarships, funded through grants awarded by the National Science Foundation, and students receive stipends for undergraduate, master’s degree and doctoral programs.
Knowing that training the nation’s next cyberwarriors must start sooner than it does now, Sandia also proffers its CTA to high schools in a program that educates students and teachers alike. “The goal of the Cyber Technologies Academy is to push that cyber pipeline early into their education, starting at the high school level. Having the CTRL has enabled us to do that,” Shannon remarks. “We have hosted hundreds of high school students—and we don’t teach just the students. We also host teachers at Sandia, teaching them the course that we teach the students and [giving] them all of the material they need to then take that back to their school and teach the same in class.”
Former California-based high school computer science teacher Carol Kinnard attended a one-week intensive boot camp program for teachers last year to gain perspective on the students’ curriculum. “I also sent a few of my students over there, and they came back with very positive reviews. It was charming how enthusiastic they were coming from there. It was very rewarding for them,” she reports.
Kinnard traded teaching to become the associate director of instruction with the Indianapolis-based Project Lead the Way (PLTW), a nonprofit that creates science, technology, engineering and mathematics (STEM) curricula for elementary, middle and high school students as well as professional development training for teachers. She is writing a computer science curriculum for all grade levels and, notably, a high school cybersecurity course. In addition to technical skill sets, the course will focus on cyber ethics to address concerns that students might end up misusing their new expertise. “You teach a locksmith how to unlock doors, and they can use that for good or for bad,” she offers. “A large element of our course will be on ethical hacking—what we call white hat hacking—and using [skills] for good.”
PLTW still is in a research phase for the cyber coursework, which will be targeted toward upper-level high school students. When developed, the pilot program will be launched for 20 to 50 teachers, then it will be scaled for a national rollout scheduled for fall 2017.
In addition to the cybersecurity-specific curriculum, PLTW offers cyber-related lessons for all grade levels, Kinnard notes. Elementary students focus on cyber hygiene, for example, from creating sound passwords to securing data online and being safe when surfing the Web. “At the middle school level, right now, we’re trying to get computer science embedded—general computer science,” she says. “It’s very difficult to change the education system in this country, and it’s very difficult to change middle school. Most middle schools feel that the curriculum is already jampacked, so to get anything extra in is a difficult thing to do.”
But experts concede that waiting until high school or college to cultivate talent is too late. One main reason, Kinnard offers, is because students know at a young age what skills they are good at: “By the sixth grade, many students self-identify positively or negatively with math, science, engineering—all of these concepts. So to get them [interested in cybersecurity] in fourth and fifth grade is a huge push for Project Lead the Way.”
Developing a curriculum for such a dynamic issue as cybersecurity poses as much of a challenge as writing syllabi for computer science in general, Kinnard adds. “Every six months, the industry changes. What’s great about Project Lead the Way is that it is all digital. We don’t produce paper. And we have a just-in-time production line where we will deliver the curriculum unit by unit [because] teachers teach it unit by unit,” she says. “It is a month-by-month curriculum. We probably have not been faced with something quite as fast-paced as cybersecurity, but our model is definitely in place [for] that kind of fast response.”
The issue of such volatile cyberthreats that seem to morph to overcome each new security response also challenges the Sandia instructors, they say. “But if you try to develop your courses around the changing threat landscape, then it’s not going to work,” Shannon says. “Things just change too fast. At the CTA, we’re trying to teach them cybersecurity fundamentals. Once they get more involved with these advanced threats, they’ll have a foundation in cybersecurity that is going to enable them to quickly adapt to the landscape.”
“Although we focus on the fundamentals and the curriculum itself doesn’t change too much session to session, we tie it to current events—what’s happening and how it applies to what they’re learning,” Lloyd adds.
The new generation appears to be driven to find jobs that help society overall. Fewer jobs might be as enticing as protecting one’s nation, Lloyd offers. “Giving students exposure to the national security aspects of cybersecurity is really important,” he says. That is how Sandia can scoop up talent.
“We are competing with the Googles, Apples and Facebooks,” Lloyd comments. “What we have to offer that’s unique is national security and a chance to improve that. We have some really exciting work in that area, and I think giving people exposure to that, especially at an early age, is important to help recruit them.”