Those who can, do. Those who can’t, teach.
This proverb reflects a really telling reality among cyber teachers and trainers today: We’re seeing many professionals who value the process of continual learning but themselves don’t have all the resources necessary to upskill for their own growth. Cyber educators are being pulled from the corners of IT departments or serving as adjunct faculty with full-time cyber jobs to support academic institutions’ needs to improve cyber education. Meanwhile, IT professionals are asked to lead teams of cyber analysts in addition to their day jobs. With market demands to educate and train aspiring and seasoned professionals proactively (in response to the industry’s widening skills gap), teachers and trainers in cybersecurity are feeling the pressure.
We are here to help! Our goal? To make teaching and training cybersecurity easier for everyone.
Here’s what we know…While they are able to teach or train fairly well, both types of cyber instructors are typically ill-equipped to address the nuances of cyber teaching and training. Gone are the days of regurgitating material as indicators of learning progress. Gone are the days when passing a Security+ Exam is the ultimate sign of victory. Today’s cyber workforce needs continual education of cyber practices to keep pace with the latest threats, tools, and tactics that secure business networks properly. Those needs demand more from today’s cyber teachers and trainers…A deeper understanding of the nuances of the industry and how to effectively help learners retain and apply learned concepts and skills. If you’re in a position where you are teaching or training a cohort on cybersecurity, first know and understand the distinctions of such a practice.
The Nuances of Teaching Cyber
- Balancing lecture and project-based instruction: There’s a time and place for lectures to present material and ideas about cyber history, culture, and terminology. Then, there is a time to help students use that knowledge and apply it to real-life cyber practice in project-based learning. Ensure your instruction does a bit of both so students can ‘see’ the relevance of what you are teaching and how it will play out in the actual workplace. Lectures are easy enough to conduct via Zoom or Teams calls using a presentation slide deck but make sure that lecture is supported by a cyber range platform that allows students to get hands-on keyboard experience learning ports and protocols or regular expressions, for instance.
- Understanding terminology, concepts, and history: Maya Angelou once said, “If you don’t know where you’ve come from, you don’t know where you’re going.” While you may have read headlines about the latest Facebook phishing campaign, teaching cyber requires a deep understanding of the roots of many of today’s practices. How has the evolution of the Internet, individual moguls, and innovators in the space contributed to the current state of the industry as we know it today? Understanding those nuances will position your teaching in a richer manner so you can help students ‘see’ the progression of practices and answer the ‘why do we do X this way?’
- Experience using the latest cybersecurity tools: Free or paid, commercial or open-source, the security tools used by cyber practitioners are always evolving to make their jobs easier and more effective. Teaching students how to use an outdated version of Python will only hinder the student’s success when they’re asked by a hiring manager if they’ve worked with Python 3.9.0.
- Knowledge of adversarial motives: If you ask most modern-day cyber practitioners today, they’ll tell you how imperative it is to ‘get in the mind of the hacker’. Project Are’s Security Manager TS Reed said it well:
“Security is always changing: the way people build it, the way people attack it. You have to continuously learn and teach yourself the latest and greatest practices…Hackers are attacking constantly and finding new ways to infiltrate networks. We have to stay as close to them as possible.”
Using this knowledge, cyber teachers can educate students about why and how systems become vulnerable enough to attack in the first place, so when they’re penetration testing or monitoring for vulnerabilities, they know what ‘red flags’ look like.
- Understanding of employer demands: Teaching cyber is more than just helping students know about technical terms and abilities. Today’s employers are looking for well-rounded, communicative, innovative, critical thinking, problem-solving, creative professionals who also possess the required technical skills of a cyber practitioner.
Central Virginia Community College coding professor Corrine Hoisington stressed in a ‘Driving Educator Success in 2021’ webinar , the importance of building ‘soft skills’ among today’s students and teaching those skills as heavily (if not more so) than the technical requirements.
- Reaching students where they are today: How an older generation learned is different than how today’s students learn. They grew up with video games in hand and that cultural reality has influenced how they cognitively absorb information and learn behavior. Today’s cyber educators should consider new ways to connect with students on an individual and cultural level and adapt their teaching delivery using gamification to align with those learning preferences.
To see how some of these nuances are addressed in cyber teaching and delivery, check out how Michael Kaplan of Phase2 Advantage instructed students online, in a 12-week Security+ course using hands-on, gamified labs in Project Ares to reinforce conceptual instruction.
At Project Ares, we work with many cyber educators every day to understand the plethora of challenges they face teaching cybersecurity and we equip them with engaging learning labs that can be accessed anytime, anywhere, from a browser. From budget constraints to staffing shortages to distance learning (opens new window), to enhancing the cyber curriculum with hands-on labs, today’s teachers need pathways to success so they are empowered to support the next generation of cyber warriors.
