18 Mar The Ones And Zeros Of A High School Cybersecurity Curriculum
Cybersecurity Education in Action at Northport High School
– Steven T. Kroll
Northport, N.Y. – Mar. 18, 2019
In a newly renovated computer lab at Northport High School, students take part in the Academy of Information Technology, a program that provides four years of classes in IT, computer science, and cybersecurity.
“Why not take a cybersecurity course or a programming course,” remarks Bill Claps, Technology Education Department teacher.
The Academy of Information Technology is the kind of curriculum that I called for in an earlier article. It creates a pipeline for students to enter computer science programs in college and possibly go into the cyber field, which will have an estimated shortfall of 3.5 million jobs by 2021.
The PA Introduction to Cybersecurity course is “actually a Project Advance course run through Syracuse University. Kids get three credits from Syracuse University, and it’s the same course they would take as freshmen [in college], like a 100-level course in cybersecurity,” Claps said. The topics for the course include: network concepts, introduction to security concepts, identifying security threats, cryptography, hardening systems and networks, among many others.
In the class, students use four different virtual machines, or VMware — the ability to separate multiple operating systems on one computer. It’s easy to think of it as machines within a machine that reproduces security threats that professionals would face in their workdays.
“It’s a perfect piece of Swiss cheese” for students to plug up security flaws within an operating and network system, said Claps.
When asked about the class, one senior, who will study computer science in college, said, “It’s interesting. [We] just work in our VM, destroy them, and rebuild them.” Another student, a sophomore, who is ambitiously taking two AoIT classes this year, programming and cybersecurity, said, “you learn new things about the VM, how people do the hacking, how it actually works.”
This kind of hands-on training in a class setting gets the kids ready for a paid internship between their junior and senior years, which is required for the AoIT program. They can take the internship experience and use it for postsecondary education, and eventually careers in cybersecurity. In the past, the students have interned for Applied Visions, Cursive Security, Cisco, and the Nassau County Police Department.
“I think that internship is a really nice carrot for the students, not just because it looks good on a resume,” said Claps. “They get to feel like they’re working, and they can see what it’s like working in IT. They’re out in the field, they’re doing stuff, and it’s a good experience for them.”
Another example of cybersecurity education in action at Northport High School is the CyberPatriot after-school program, sponsored by the Air Force Association, for which students work in teams of six to compete in the National Youth Cyber Defense Competition.
“In the rounds of competition, teams are given a set of virtual images that represent operating systems and are tasked with finding cybersecurity vulnerabilities within the images and hardening the system while maintaining critical services in a six-hour period,” according to the Air Force Association’s website. There are 6,387 registered teams for the 2018 – 2019 academic year, according to the website.
“They [students] are trying to defend networks and use all the skills they’ve learned related to cybersecurity,” said Danielle Milazzo, the Academy of Information Technology coordinator at Northport High School.
For the final project, Claps requires the students to write “a security audit report for a client or at home, go over why it’s a problem, and suggestions the client can take to make it more secure.” This used to be done for a small business, but as today’s homes can have more connected devices than some small businesses, Claps thinks opening it up benefits the students’ families.
Despite the laudable efforts by the students in the cybersecurity course, there may be a disparity between what some companies say and what they do.
“When I hear back from kids who are graduating from schools like Rensselaer, RIT, MIT, these big schools, and then all of a sudden they have to intern for a year or two making almost zero money — that tells me that the industry that’s clamoring for more cybersecurity professionals is not serious,” said Claps. “The policy has to meet the ground level.”
One way to do that is for industries to think more broadly about hiring cybersecurity employees. Instead of looking for the perfect candidate with elite college degrees, employers should recruit from high school programs like the Academy of Information Technology at Northport High School. It gives the students the skills needed to enter the cybersecurity workforce at the most basic level. Companies could invest in career development for their employees once they’re hired — providing on-the-job training and paying for more credentials.
“These kids come in and they don’t know anything about computer networking,” said Claps. “They can’t even visualize what a virtual machine is.” But at the end of the course, they’re prepared to take the CompTIA Security+ certification exam.
David Storch, district chairperson of Science, Technology, and Engineering Education, also speaks about the necessity for kids to learn programming and technology skills at a young age.
Education research shows that students should have elementary experience with computer science and programming by second grade, said Storch. “We have to get them early.”
Indeed, there is a push at the state level to work on this. The New York State Next Generation Standards has put together a plan for science and engineering, which, Storch said, is “the first time that’s happened.” He looks forward to a time, possibly closer than we think, when there will be a set of computer science standards for all students.
But until that happens, the Academy of Information Technology at Northport High School is working to fill the gap in the cybersecurity industry.
Another suggestion from Claps: “The entire [IT] industry needs a cyber background. It should be in every field.”
– Steven T. Kroll is a public relations specialist and staff writer at Cybercrime Magazine.