Posted: Tue, 10/15/2019 - 09:50
Pumpkin spice, tolerable outdoor temperatures, back-to-school nights, and weekly emails from CyberPatriots requesting I register teams: for the past four years these have been my telltale signs of fall in South Texas.
I started as a CyberPatriots coach, knowing almost nothing about cybersecurity. I had two main reasons for adding CyberPatriots to my already busy life: to increase the number of participating girls, and it offers students an entry point to promising career opportunities. We had zero girls on the team, even though our school was almost 50/50 in gender representation. I had the “If we build it, they will come” mentality. I assumed if there was a female coach, girls would sign up. As you can imagine, this was an incredibly naive assumption.
The first year, I did short presentations in core classes as my primary recruitment method. This increased the total participants of students, but still, no girls signed up. Realizing my class presentations were not engaging, I then started the year with a cybersecurity unit rich with hands-on activities. With these longer activities, I was able to break down some of the stereotypes students (and adults) have about cybersecurity: that it is boring and meant only for the math whizzes. Detail-oriented, research-savvy, and/or logic-loving students find a home in CyberPatriots. Further, I was able to broaden students vision of cybersecurity careers—demonstrating how the medical and human resource fields also need cybersecurity skills.
As a teacher at a unique technology magnet school, I had the luxury of making sure every seventh-grader experienced engaging lessons about cybersecurity. For those of you in more traditional middle schools, I recommend finding ways to encourage the core teachers to host you or use a cybersecurity lesson. For example, code cracking is readily incorporated into history (Mary, Queen of Scots, Lewis and Clark, Navajo Code Breakers, Alan Turing, Bletchley Park) and math. An Introduction to Cybersecurity by the Civil Air Patrol can help you find more connections to core classes as well as exciting tidbits that can entice students.
On the main campus (non-magnet students), I had to become a cybersecurity salesperson. Emails, flyers, announcements at the meetings—I was always selling the benefits of cybersecurity as a career and engaging students early on. I specifically asked teachers to send me the names of any student who they would recommend, who needed extra encouragement, or who may have a penchant for logic or research. It was essential to remind the teachers that candidate students did not necessarily need to be strong in math, as adults hold some of the same preconceived notions about what a cybersecurity student looks or acts like. Armed with students’ names, I marched into their classes and gave them a personal pitch about why they should join our team. I hosted “Get to Know Cybersecurity” meetings that featured low-commitment, fun activities. Students' top two-favorite activities were the PBS Cybersecurity Lab and the Cyber Threat Defender game (both card and PC game), developed by the University of Texas-San Antonio. Both of these were great additions to our normal digital citizenship unit. Computation Thinking bins with a cybersecurity focus (unplugged) were also a hit with students as they could choose their own activity.
Over the years, I’ve managed to increase girls’ participation significantly, and participation overall. The middle school has gone from one to five teams and it reflects diversity of our city population. And we finally have enough girls to create an all-girls team! However, as the club has grown, I see the importance of broadening the exposure of cybersecurity beyond the intense competitions of CyberPatriots, which requires a significant weekend time commitment from students (six hours per competition). Several students could not join because the competitions conflict with family schedules or other planned activities. Ideally, your district will allow your teams to compete during the school day to avoid these issues.
This year I am forming a cybersecurity club in addition to CyberPatriots and plan on having students compete in a capture-the-flag (CTF) style competitions. Security Intelligence describes a CTF as “...a special kind of cybersecurity competition designed to challenge participants to solve computer security problems and/or capture and defend computer systems.” picoCTF is a Carnegie Mellon University-hosted competition aimed at the middle- and high-school level and held over a week. There is also a non-competitive, year-round version that can easily be adapted in the classroom. These competitions have fewer firewall issues at my campus, allowing students to compete in the classroom. NICE lists more than 30 contests by the type of cybersecurity it mimics, like Securely Provision, Protect and Defend. This tracking comes in handy if you need to align a competition to standards to use in class.
- Microsoft Virtual Academy. There are many YouTube resources on networking from Microsoft experts.
- Cyber Races is the most complete resource to help you with all your competition and cybersecurity questions and professional development. It gets bonus points for being nicely organized as well!
- Bleeping Computer is a great resource to help you start building your cyber forensic toolkit. After introducing these resources, I would host a “Shoot/Shout Out," where I would rapid-fire ask pairs of students to find an answer to a question or a forensic question, and the first to shout it out won a piece of candy.
- Cyber Guild is specifically for CyberPatriot’s competition.
- National Initiative for Cybersecurity Career and Studies has lesson plans, flyers, and posters. The flyers and posters are great resources for back-to-school nights and parent engagement.
- National Integrated Cyber Education Research Center (NICERC) offers free, hands-on lesson plans for computational thinking and cybersecurity.
What are your tricks for increasing the rate of engagement of cybersecurity in your classroom or club? Share your experiences in the comments section!