Posted on: October 26, 2023
What is cybersecurity, and why should it be taught in schools? We sat down with co-authors of Teaching Cybersecurity A Handbook for Teaching the Cybersecurity Body of Knowledge in a Conventional Classroom, Daniel and Tamara Shoemaker (professional collaborators and long-time married couple), to discuss their latest work.
Watch the video and read on to gain insight into the ever-growing field of cybersecurity and learn how teachers can introduce cybersecurity into the classroom.
With a shared passion for cybersecurity, the Shoemakers bring a wealth of experience and expertise to the table. The pair aims to amplify the use and knowledge of cybersecurity in schools, businesses, and, most importantly, everyday life.
The Story Behind the Book
"Our book is called Teaching Cybersecurity A Handbook for Teaching the Cybersecurity Body of Knowledge in a Conventional Classroom. In other words, it is the body of knowledge for higher education broken down so that middle school and high school teachers can understand how they can implement it in their classrooms so that there's a seamless pathway from middle school and high school into higher education," says Tamara Shoemaker.
One of Tamara's missions, which she first set out to achieve while running the Center for Cybersecurity and Intelligence Studies at the University of Detroit Mercy, is to ensure K-12 educators know about cybersecurity and understand how to implement it in their curriculum.
During our interview, she stressed the importance of getting more students into the cybersecurity pipeline. "We aren't having any problems getting people who are already in the pipeline through the pipeline and getting them really great jobs. It just isn't happening fast enough," she says. "I traveled the country and realized that teachers just didn't have the resources they needed. Hence, me hitting up my writer husband to try to write this book together."
The Shoemakers describe Teaching Cybersecurity as a quirky story with plenty of humor and accessible language rather than a convoluted academic textbook. "I want to point out that the book is a conversation. And one of the things that Dan, which, I can brag on him because I've known him for a couple of years," Tamara laughs, "but one of his gifts is to be able to take something as complicated as a guideline or a standard and make it understandable to you and me. We don't have to be in the field to understand it. He took great pains to make sure that he did that in this book."
"It's the story of Tom and Lucy and The Doc, who is modeled after the guy from Back to the Future. The Superintendent tells them that if they want to keep their jobs, they're going to have to come up with a cybersecurity curriculum. So, over one summer, they do that. I should add it is illustrated by a 16-year-old. The cover has been described to me as creepy, which means the kid (Jacob Green) must be really talented because that's exactly what we're trying to portray," Daniel adds.
Daniel Shoemaker is a cybersecurity expert who has seen the computer industry evolve and the cybersecurity field emerge over the last fifty-five years. "I got in the business in '68 as a programmer. That's 1968, not 1868," he jokes. Daniel has witnessed the evolution of computing from its early days of vacuum tubes to the advanced technology of today. He transitioned to a cybersecurity focus in 2004 and began "teaching what amounts to a kind of standard version of what cybersecurity is as dictated by various national bodies and international bodies."
As a distinguished visitor of the IEEE Institute for Electrical and Electronic Engineers, Daniel travels the country giving speeches on cybersecurity. He also serves on the editorial board of Computers and Security, a leading journal in the field. Daniel's contributions to the field include authoring 14 books, many of which are published by Taylor and Francis, and countless articles, solidifying his status as a distinguished figure in cybersecurity education.
"This book is not aimed at kids. It's aimed at the people who teach the kids. I have spent time in high school classrooms, and bless those people, they're a lot better than I am because I wouldn't have lasted until Wednesday in a high school setting. But a lot of them are just told, 'Okay, now teach cybersecurity.' They don't know what it is...giving the teachers something to teach, that's really what we're trying to do here, and that's what the book provides. If you pick this up, you'll know the field as defined by the only people who ought to be defining it, which are the professional societies," says Daniel.
Teaching Cybersecurity to Students
When asked how students benefit from learning about cybersecurity in school, Tamara replied, "For starters, the career opportunities are astronomical. There's absolutely zero unemployment in cybersecurity. We have hundreds of millions of open jobs, 400 million. So that's a really, really good thing. But at the end of the day, this society is going to be left to them, and if they can't help us to secure it, they aren't going to have one. And so, a culture change must get into K-12. They're going to be giving us the innovation of tomorrow. They need to have the tools to protect themselves and us."
The Shoemakers believe in starting cybersecurity education early. Holding kindergarten through 4th-grade cybersecurity camps, though initially met with skepticism, has revealed to Tamara that young children can grasp the concept of the "dark web" and may even know more than most adults. Early education in cybersecurity sets the stage for responsible digital hygiene and security.
"When [a colleague] suggested I need to do some kindergarten to 4th grade camps, I was terrified. Just terrified. I thought there's no way. Plus, I mean, they eat paste at that age," says Tamara, "But I held one, and it was amazing. We did a great thing. Halfway through it, one of the kids came up and said, 'Hey, Mrs. Shoemaker, do you know anything about the dark web?' And I'm like, what? What do you mean? He goes, 'You can go on the dark web and buy script kiddies.' And now, I'm forever a believer we need to do this in kindergarten. Because if by 3rd and 4th grade they already know about the dark web, we're in trouble."
"These kids have these beautiful minds, and they have had this technology since they were born. And a lot of them think of it like it's a utility, like it's a toaster or something. That it can't hurt you. They don't know about the dangerous part. If we don't tell them about the bad guys and we don't teach them about good hygiene and show them how to protect themselves, when someone says, 'Hey, I know about this thing called the dark web,' of course, they're going to try it. Because nothing bad has happened. Yet. They can get into some really big trouble if they don't know how to protect themselves. So we have to be teaching them just like we teach, you know, dental hygiene or putting your seat belt on before you leave the driveway."
The younger generation has the potential to make a significant impact on society. By providing them with the tools and knowledge to protect themselves and others in the digital world, we can harness their potential for a better future. "We need them when they're little to understand that our privacy is being attacked and that our pocketbooks are being attacked. And it's because of our laziness. And we're not doing good hygiene, right? And so maybe if we build that culture up younger, we'll have a chance," states Tamara Shoemaker.
It All Comes Down to Culture
In the eyes of The Shoemakers, cybersecurity is not a computer problem. It's a culture problem. "A lot of the problem is that folks think this has something to do with computers, which it doesn't. It's a security discipline. Three chapters in Teaching Cybersecurity have absolutely nothing to do with computers but organizational security, human security, and what amounts to societal security," says Daniel. "If you talk to the hacking community, they think it's hilarious that we're spending so much time on electronic solutions when social engineering is just so much better, you know? If I send out a link to everybody, somebody's going to click on it sooner or later. Then, I own your entire system. That has nothing to do with electronics. I think the intimidating thing is that it's such a big problem. But you've got to deal with the whole thing."
When asked his opinion on the current conditions of the cybersecurity field, Daniel replied, "In 2015, we were losing about $500 billion, that's billion, a year to the bad guys out there. We doubled down and did our best effort. And by the year 2020, we were losing 2 trillion. And the estimate is that by 2024, it will be closer to 6 trillion. So, if you ask me how we are doing? Not so well. And the reason why is because we never put together a complete solution. And the hacker folks out there, my friends, are not interested in what we're doing to protect ourselves. They're interested in what we're not doing."
Back to the Basics
So, where do we start? The Shoemakers believe it begins with sorting out the basics. "There's a lot of different opinions about what it is, right? What is cybersecurity? What does it entail? Everybody has their own views on it. But it's really important that we get back to standards, guidelines, and principles that everyone knows and understands. And I'm not saying that [guidelines] are the highest level of understanding cybersecurity. That's sort of the minimum level right of understanding. But we need to all agree on what the minimum looks like, then go from there. Then, we can work on innovation and making things better," says Tamara.
Daniel's thoughts on it are similar. He voices that "everybody's got their own definition of cybersecurity." He explains that the issue in cybersecurity right now is represented in the English poem "The Elephant" by John Godfrey Saxe. "The idea is six blind men are asked to describe what they are touching, which is an elephant. One man touches the elephant's side and describes it as a wall. One man is holding the tail and says it's a snake. One says the trunk is a tree. That sort of thing. The point is their observations were all sort of right and all entirely wrong. And that's the problem in cybersecurity right now."
The importance of standards in cybersecurity cannot be overstated. It's essential to establish common guidelines and principles that provide foundational knowledge of this field. Without a shared understanding, effective cybersecurity education is going to remain incredibly challenging.
"What I'm wearing on my wrist right now has more computing power than I had in the second generation...we're not safe. We're a bunch of sheep, and the wolves just haven't gotten around to us yet," states Daniel. Though expressed with a hint of humor, his perspective is a reminder that cybersecurity is a critical concern. And with the rapid advancement of technology, we must work together and prepare a solution to looming threats.
A comprehensive approach is necessary to mitigate risks. "They've got to start thinking about offering cybersecurity, not as an add-on or extra fun thing to do. It ought to be just as important as Math and English. Because your entire survival as a society depends on it."
Teaching Cybersecurity serves as a beacon for guiding educators to impart cybersecurity knowledge in the classroom. As cyber threats continue to evolve, it's critical that cybersecurity education becomes an integral part of our curriculum, ensuring our society's survival in today's digital age.
To learn more about teaching cybersecurity to students, read the book here.