Enable breadcrumbs token at /includes/pageheader.html.twig

NSA Schoolhouse Grows Next Generation of Cyber Leaders

The agency’s cybersecurity education programs aim to increase the cyber knowledge of future personnel.

The U.S. National Security Agency/Central Security Service’s National Cryptologic School is expanding its reach of cyber education programs. The school’s Center for Education, Innovation and Outreach has many cyber-related programs supporting elementary, middle school, high school, college and graduate students. Although it has made great headway in its established programs, the National Security Agency is still working to provide cyber education to underserved regions in the United States.

“We have certain parts of the country that are very, very good in K-12 cybersecurity education,” states Ashley Greeley, K-12 cyber education mission lead; Center for Education, Innovation and Outreach; National Cryptologic School; National Security Agency (NSA)/Central Security Service. “They typically are geographical areas in which the military or the federal government has a strong presence. But we still have a lot of work to do in our midwestern states, in our more rural areas and in our urban environments. Those are the target goals right now. We want to make sure that no matter what the situation is, students have access to this.”

The NSA’s largest cybersecurity education program, the National Centers of Academic Excellence in Cybersecurity (NCAE-C), involves 335 universities, colleges and community colleges. The NSA awards NCAE-C designations to schools that commit to producing cybersecurity professionals that will reduce vulnerabilities in U.S. national infrastructure, according to the agency. The agency partners at the federal level with the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency as well as with the FBI to conduct the program.

“The goal of the program at the collegiate level is to improve the cybersecurity posture of our nation by cultivating this next generation,” Greeley explains. “The schools meet a set list of criteria set by the program office. They receive designation that their curriculum is appropriate in rigor, breadth and scope in either education or research.”

The schools receive a specification that they are either a Center of Academic Excellence in Cyber Defense, Cyber Research or Cyber Operations. Such distinctions—schools can pursue more than one—enable the institutions to compete for grants—such as from the Department of Defense Cybersecurity Scholarship Program (DoD CySP). The schools can also apply to be part of the National Science Foundation’s (NSF) Scholarship for Service program.

As part of her efforts, Greeley works with the NCAE-C designated institutions that receive grants to increase cybersecurity education at the K-12 level. “For example, in FY20, the University of Alabama, Huntsville, and Illinois’ Moraine Valley Community College were both awarded a grant to begin a project called RING, Regions Investing in the Next Generation,” she clarifies. “These two institutions and their academic partners developed an online cybersecurity course for high school students in Alabama and Tennessee. The students represent home-school networks, rural areas and under-resourced schools. Along with the course content and the curriculum, they’ve developed interactive labs and virtual experiences for the students because we know that a lot of times cyber is more engaging when you get to do cybersecurity. Ultimately the goal of RING is to make students aware of both cybersecurity content and cybersecurity careers.”

Given the initial success of RING, the NSA has increased its program grants to develop resources for middle school students. “We have institutions that are working with their state Department of Education to try and recognize cybersecurity as courses that students can receive content for and that teachers can receive credentialing on so they can teach cybersecurity,” she notes. “We also have institutions that are working with middle and high school teachers to get them accredited to teach cybersecurity within their local areas. There is a lot going on, and we’re really excited.”

For schools that are not yet approved to be in the NCAE-C, the DoD CySP offers scholarships and internships for collegiate-level students. “A Defense Department agency or organization selects students for full-time employment and the students are sponsored through their collegiate career,” Greeley states. “And they’re also given the opportunity to intern with the agency.

In turn, the student agrees to work for the DoD for a minimum of one year for every year that they get the scholarship.”

The other part of the cyber scholarship effort empowers current Defense Department employees. It supports both civilian and military personnel in pursuing master’s or doctoral degrees in cyber-related fields, and it also involves a service commitment, she adds.

The NSA has also expanded the scope of its so-called NCX cyber exercise program. It now includes the U.S. senior military colleges—The Citadel, Norwich University, Texas A&M, University of North Georgia, Virginia Military Institute and Virginia Tech—as well as the traditional service academies. The program features education, activities and subject matter expert engagement throughout the academic year at these schools. It finishes with a three-day hackathon competition in April that involves demonstrating both defensive and offensive cyber skills.  

“Last year, they expanded NCX to the senior military colleges as well,” Greeley notes. “It was the first year they had done that. The senior military colleges and service academies compete in a series of challenges, with the winner receiving a trophy and bragging rights. In 2021, the winner was the U.S. Naval Academy. It’s a really neat engagement.”

Akhirah Padilla, an NSA public affairs officer, adds, “It is really which one has the best cyber program. We created that program specifically for the military so that we can help them to be the next generation of military leaders in cyber. And over the course of the last couple of years, we’ve had more and more schools that keep approaching us and asking us for opportunities to participate.”

In addition, Greeley oversees two programs, the GenCyber program and the STARTALK grant effort.

The GenCyber program provides annual grants to K-12 institutions to provide year-long educational information in cybersecurity, culminating in a week-long cyber camp for students as well as for teachers. The NSF is a funding partner in the program, along with collaboration support from some federal agencies. “Every year, we issue a call for proposals, and academic institutions compete to host a GenCyber program,” she states. In 2021, 44 states and Puerto Rico hosted cyber camps. The program is working to establish GenCyber education programs in Alaska, Delaware, Iowa, Maine, North Dakota and Oregon.

Meanwhile, the similar STARTALK grant program focuses on foreign language attainment for students and teachers at the elementary, middle school, high school and college levels. The Office of the Director of National Intelligence provides collaborative support to STARTALK, she says.

“STARTALK’s mission is to increase the number of U.S. citizens learning, speaking and teaching critical need foreign languages,” Greeley shares. “The program offers students and teachers creative and engaging summer experiences that strive to exemplify best practices in language education and in language teacher development.”

After teaching U.S. history and U.S. government to high schoolers for 15 years in Indiana, Greeley knew she did not want to become a school administrator, a common career path for classroom instructors. She had heard of the NSA’s cyber education efforts and saw the importance of bringing cyber education into her school—which later developed into a commitment at the national level.

“During the summer months in my last few years teaching, I was able to work for the NSA’s GenCyber program as a contractor,” she explains. “I learned about the program, but more importantly, I learned about cybersecurity and cybersecurity education. I took a lot of what I learned in the summer and started to infuse it into my own courses. I developed a passion for infusing cybersecurity into multiple disciplines. And working as a civilian in my current role allows me to fill both of my passions, which is serving the country while also utilizing my skills that I developed in the classroom to help further cyber educational programs at the national level.”

Her goal, and the NSA’s broad goal—to spread cybersecurity education as widely as possible across the United States—is not without challenges. Continued federal funding is a major issue.
“I generally use the analogy that education is a marathon, not a sprint,” Greeley clarifies. “Yes, there are immediate demanding needs in cybersecurity education, but we also have long-term needs, and K-12 is one of those long-term needs. It will be a little bit before we see the fruits of our labor reach the career field, but we need that continual funding to let some of these projects reach a true stage of maturation where they have an impact.”

Another challenge is that, traditionally, education is a state issue, and each state’s needs can differ greatly. “What might work in one state may not work in another,” she continues. “Which is why working with these grant programs, one of my favorite aspects is that we allow for that creativity and that uniqueness for the institutions that are hosting these programs. A GenCyber camp in north Georgia is going to look a lot different than a GenCyber camp being hosted in Puerto Rico.”

Naturally, the pandemic complicated the NSA’s cyber education efforts, with classrooms having to move to virtual platforms, but the break in normal operations allowed Greeley and the agency to take a comprehensive look at the impacts of GenCyber program.

“One of the positives of COVID-19 was that we were able to have our contractor support do a five-year program study of GenCyber,” she explains. “We learned that GenCyber is an ignition force in areas where cybersecurity education resources don’t exist. We also know that GenCyber can be a catalyst to really spawn community support of cybersecurity education. Because GenCyber programs are hosted by academic institutions, it really allows them to develop relationships in their local area with high schools or middle schools or industries that are interested in this work. That has been a real highlight of the GenCyber program. Also, because these programs are hosted by academia, many of them choose to host the program on their college campus. Students who may never have seen a college campus before are able to go to these programs and envision themselves being there. They meet students like them, who look like them and who have the same interests, and it serves as a motivating force for them.”

Through its programs, the NSA will continue to lay the groundwork for generations of cyber-educated students, Greeley promises.

“Our goal is to create true college and career readiness pathways,” she says. “And we are really working to try to increase the opportunity for all students. And we will continue to decrease the areas in the nation that don’t have cybersecurity education.”

Enjoying The Cyber Edge?