The U.S. used to be terrible at soccer. The primary reason is that we already had many established sports that we were good at – baseball, football and basketball. Children started playing these sports from a young age, so that by the time they were of recruiting age for the professional leagues, these kids had a decade or more of experience. Soccer took a while to catch on, but now we see teams of five-year-olds out on the soccer field as often as we see Little League games.
Today, America’s pro soccer teams can hold their own on the world stage and have won Olympic medals. This is possible because adults organized opportunities for children to start learning the game early on. We need to start doing the same for cybersecurity.
As a mentor with CyberPatriot, the National Youth Cyber Education Program created to help direct students toward careers in STEM, I helped teach high school students the fundamentals of cyber defense. This program taught high schoolers how to defend against cybercriminals, then challenged them to use those new skills in a competition at the end of the program.
That’s a good idea, but I think we need to begin educating children about cybersecurity even earlier – as young as five or six. This is a long-term play that will help in several ways. First, it will make students aware of the need for good cyber hygiene simply as a matter of course. They will know from childhood how important cybersecurity is and how they can protect their own online identities and accounts. Second, early exposure will introduce young students to the possibility of cybersecurity as a career path and spur interest. This will eventually funnel some of those students into cybersecurity jobs, which will help to fill the talent gap.
That’s a critical issue right now, because technology is advancing and changing at such a rapid pace that education and industry can’t keep up. A report by Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million openings last year. We are all in the process of playing catch-up, and the security of our networks hangs in the balance.
That’s why I’m convinced that cybersecurity awareness and education should begin in elementary school and continue all the way through college. And since this type of training has not yet become standard elementary school curriculum, there is also a tremendous need for it right now at the college level. There are people fresh out of college who decide they want to go into cybersecurity, yet they lack knowledge of the fundamentals of the underlying technology that they will be trying to secure. And those who are still in school may start taking a full load of cybersecurity classes to prepare for a career in the field, yet they don’t understand how active directory works or how the Windows or Linux operating system works, for instance.
So, to help solve the cybersecurity skills gap, we need short-term strategies as well. For this reason, Fortinet has built curriculum in partnership with global universities to provide current and relevant information to college students interested in pursuing a career in cybersecurity. Other organizations offer a variety of boot camp-style trainings to provide an overview of basic networking and administration concepts. This intensive learning environment may cause information overload for some, so those learners may want to opt for self-paced study accompanied by access to mentors. The SANS Institute is a leader in security training, offering classes in security essentials and other topics.
A Call to Action
In light of today’s huge skills gap, security professionals have an obligation to mentor the next generation. Employees of cybersecurity vendors can help shrink the gap by volunteering their time in the classrooms, from elementary school through college. The knowledge and experience of front-line professionals is invaluable, whether to explain to first-graders what malware is or to steer college students toward the right classes to give them a strong foundation for a cybersecurity career. The problem is bigger than any one vendor or educational institution, but by working together and using both short-term and long-term strategies, we can ensure the security of our networks and the future of our digital economy for years to come.