We created this page to provide a better understanding of the cybersecurity and privacy skills challenge as we see it, where the blame and remedies might lie, and how we believe our approach might be our best chance yet of addressing the failings.
If you’d like more information or insight, please contact Neal O’Farrell, founder of Schooled In Security, at firstname.lastname@example.org. Or call him at (925) 914 0248 (EST).
We believe that while our high schools represent the best long-term option for solving the critical cybersecurity skills shortage, high schools have resisted embracing cybersecurity as a career for a number of different reasons, and that our approach may represent the best opportunity for improving that relationship and inspiring a bigger pipeline of new security talent.
The Cybersecurity Skills Shortage Crisis
- The critical national and global shortage of cybersecurity professionals and skills has been described as a crisis.
- Numerous studies have suggested a national shortage of 300,000 security professionals, and globally closer to 3.5 million in the next few years.
- According to the the “Hacking the Skills Shortage” report from McAfee and the Center for Strategic and International Studies, 71% of organizations say that the shortage in cybersecurity skills does direct and measurable damage; one in three say a shortage of skills makes their organizations more desirable hacking targets; one in four say insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data through cyber attack.
High Schools - An Opportunity and A Challenge
- There’s little doubt that high schools represent our best chance of addressing the shortage and nurturing a new generation of security professionals.
- According to a 2017 report from the Institute for Critical Infrastructure Technology, “the digital generation provides a unique opportunity to address the cyber-talent shortage. K-12 students are the most prevalent and the most invaluable resource the U.S. can utilize in the development of a skilled and formidable cyber-workforce.”
- However, high schools are notoriously difficult to introduce cybersecurity to. The most common complaint is that the most common approach - of extra classes like security or coding classes and camps - only adds to the workload of students who are already overwhelmed with classes and projects.
- Many educators don’t view cybersecurity as a real career, but more of a short-term problem that will eventually be solved by technology.
- Most educators don’t understand and can't easily describe what a cybersecurity job actually is (because there are more than 150 different types and roles) or how to explain those job opportunities and roles to students and parents.
The Security Industry is a poor role model
- The security industry has done a poor job of marketing itself to high schools and engaging and persuading school leaders, and has made little visible headway in presenting itself as anything other than a geeky, nerdy, coding-focused, male profession.
- The security sector has done a bad job of explaining to students that there’s a cybersecurity career for almost everyone and not just coders - teachers and trainers, PR and marketing, law enforcement and the military, legal and privacy, big business and non-profits, work from home or travel the world.
- While it's increasingly clear that women might be even more suited to cybersecurity careers than men, we're doing a very poor job of inspiring girls in high school to want to follow this path.
The Schooled In Security Approach
- Invite all students in a school to participate, and take a lead, in a national survey of consumer and business opinions and fears around cybersecurity and privacy. What teens don’t like surveys?
- A non-technical and even fun challenge for most students, that will only take about ten minutes of their time, and even give them the opportunity to form teams, analyze the collected data, and win prizes and recognition for their reports.
- By having students, their peers, and their family members think and talk about these issues could be the first time these students have ever been introduced to these subjects in a meaningful way.
- If the discussions and teamwork around the survey spark an interest in looking further at a security career, Schooled In Security will provide the breadcrumbs for students and their parents to explore further.
- The biggest ongoing survey of adult and teen opinions on cybercrime, privacy, identity theft and data breaches that could offer invaluable insights into what consumers really think, want, and worry about.
- A powerful way to engage and educate entire communities in discussions about security and privacy issues.
- A unique way to get teens thinking, talking, and learning about these issues at exactly the right age.
- A great way to teach students non-security skills, like teamwork, leadership, research and statistics, and report writing and presentation.
About the survey
- 50 questions, all online, and an average of 9 minutes to complete. Try it for yourself.
- Completely anonymous, no personal information gathered.
- A valuable free gift at the end - a 250-page consumer guide to cybersecurity and identity protection, authored by a leading expert, and available as a PDF to make it easy to use and share.
- The cumulative results will be shared and updated with the public and media, at least every 12 weeks.
About Schooled In Security
- Founded in 2018 by Neal O'Farrell, award-winning 35-year security and privacy veteran and passionate about inspiring the next generation of security and privacy champions.
- One of the first security experts to come into conflict with the NSA over his work on encryption and privacy.
- An initiative of the Identity Theft Council, a 501(C)3 non-profit founded in 2009 and winner of SC Magazine's 2011 Editor's Choice Award.
- Based in Cincinnati Ohio.
"Teens are usually drawn to inspiring role models. The security industry is a lousy role model, and dominated by vendors more interested in hot technologies than warm bodies."
"Most security-in-school initiatives are doomed to fail because they focus on all the C's - courses, classes, camps, coding, curriculum. If that's your solution, then you probably don't understand the problem."
"The challenge is not more training programs or cyber camps. The real challenge is getting past the guards - the school principals and teachers who are either tired of being pitched the same solutions, or who are not convinced the security industry is the best place for their students."
More quotes and comments available from security leaders at GE, PwC, Procter and Gamble, the Ohio University, and others.