EDWARD RHYNE: And I just wanted to give a couple
talking points on why we did competitions.
And DHS S&T has been funding competitions for
about seven years, and we had three major goals.
One was to increase the workforce pipeline, one
was to actually introduce new technologies into the
next generation workforce, and the other was to help
drive a community around cybersecurity.
We feel we have been actually fairly successful
with that.
When we started funding CCDC, there were about ten
schools.
Now, as you saw on the graphic, there was over
250, almost 260 schools that were involved with 25
or so thousand students that have been actively
engaged in cyber security competitions.
As far as the technology introduction, we've
actually had incident response tools introduced
to these students.
We've had moving target defense tools introduced
to the students.
We've also had mapping and visualization tools, as
well as some teaching aids, where we actually
have the students create their own curricula for
the next generation after them.
The final thing I want to talk about is community
building and one of our programs, U.S.
Cyber Challenge, has put together a portal called
Cybercompex.org, which is Cyber Competitions
Exchange, and that was really driven to bring
together like-minded individuals, corporations,
organizations, and also employers to drive the
awareness in cybersecurity, but also
help secure the pipeline and actually make it
easier for people to find cyber security jobs.
Getting back to today, I think there has been a
common theme in what Rob Joyce was talking about
and also what Doug has been talking about, and
that is cyber -- actually hits all of us.
And we as a country need to make sure that we are
prepared.
You know, I think Rob's discussion about his own
little DDoS attack on his air conditioning kind of
-- hopefully doesn't hit all of us, but the
possibly is there for all of us for sure.
So, we put together this panel on innovation and
education for cybersecurity to really
understand and highlight other efforts that are
going on outside of what we are doing, to really
try to drive at increasing not only the incredibly
skillful cohorts of cybersecurity experts that
we have, but also looking at driving it into
building up cybersecurity across the society.
With that, we've got a panel here.
I will start with Alice.
Alice Hockenbury on the left is from Girl Scouts
of America.
Then we've got Russ Shilling, actually at
Digital Promise.
Started off in, I think Department of Education,
also with DARPA.
Then we've got Rick Geritz from Life Journeys, who
actually runs the NSA Day of Cyber.
So, I will give you guys three to five minutes or
so to introduce yourselves and kind of highlight your
own efforts that you are doing, and then we will
get into some questions and then open up the floor
for questions from the audience.
ALICE HOCKENBURY: Great, thank you.
I am delighted to be here today, and I appreciate
being included in this panel.
I'm Alice Hockenbury, I'm the Vice President of
Public Policy and Advocacy for Girls Scouts of the
USA, and we have an office here in Washington D.C.
Girl Scouts is the largest organization for girls in
the world.
Today, there are 2.6 million Girl Scouts,
that's 1.8 million girls, and about 800 adult
volunteers.
There are -- I think folks will be surprised to hear
this, currently more than 59 million Girl Scout
alumni.
For over 100 years, Girl Scouts has been the
preeminent leadership development organization
dedicated solely to girls that provides unique
opportunities for them to build valuable skills to
carry through the rest of their lives.
At Girl Scouts, we are committed to increasing
girl's involvement in science, technology,
engineering and math, and ensuring that every girl
has opportunities to explore and build
potential career paths in STEM and other related
fields.
From the beginning, Girl Scouts has understood the
importance of engaging girls in STEM.
From 1913, Girl Scouts introduced the electrician
and the flyer badge, those were our very first STEM
badges.
So, by nurturing and encouraging girls' early
interest in STEM, and providing unique
experiences in an all-girl, girl-led safe
space that encourages supports and makes STEM
fun for them, we keep them engaged and help them
perform better in school, and ultimately encourage
girls to pursue STEM as a future career.
Over the past ten years, I think many of you all
know, growth in STEM jobs has (been) about three
times as fast a growth in non-STEM jobs, and many
girls aren't aware of STEM career options, or don't
see themselves in those jobs.
According to cybersecurity ventures, the worldwide
deficit of qualified cybersecurity
professionals will reach 3.5 million by 2021.
And women remain vastly underrepresented in the
cybersecurity industry, holding just 11% of jobs
globally.
Many of you in the room today, will be excited to
hear that Palo Alto Networks and Girl Scouts
of the USA recently announced they are joining
forces to deliver the first ever national
cybersecurity badges for girls in grades K through
12.
So, Girl Scouts of the USA and Palo Alto Networks
expects to roll out the first in a series of 18
cybersecurity badges to Girl Scouts throughout the
United States starting in September of 2018.
The new badges will deepen the existing commitment
that Girl Scouts has made to STEM by using the
organization's unique fun with purpose K-12
curriculum that inspires girls and embraces and
celebrates scientific discovery and their lives
at all ages.
As you all know, girls need to know how to be
safe online, how to protect their personal and
financial information, and how to avoid hoaxes and
other scams.
It's clear from the daily news that the world,
companies, governments, hospitals, and nuclear
power plants has a need for strong cybersecurity,
and there is a great need for cybersecurity
professionals.
The tasks girls will be doing to earn their
cybersecurity badges are just now being developed,
but the badges will be progressive, so that girls
continue to build upon the skills as they move up
through the Girl Scout grade levels, which as
mentioned, is K through 12.
Programming will include games and hands-on
activities for younger girls and field trips and
meetings with mentors for older girls.
Focus for younger girls will include data privacy,
cyber bullying, protecting themselves online, and
they will learn where information goes and how a
computer works.
As our girls move into middle and high school,
they may be interested in diving deeper into
cybersecurity, and learning about topics that
will help them move into a cybersecurity career.
So, the older Girl Scouts will learn how to code,
become "white hat" hackers, become involved
with creating and working around firewalls, learning
how viruses work and studying social
engineering.
Finding out how psychological manipulation
of people work in phishing attempts.
All of that will be a part of our 18-badge series.
Before the next roll out in 2018, Girl Scout
councils from across the United States will recruit
Girl Scout troops to do these proposed activities
and give their feedback.
At Girl Scouts, we strive to create STEM experiences
that reach as many girls from many different
backgrounds and income levels as possible.
We never want a girl's circumstances or gender,
to block her from exploring her abilities
and interest in STEM.
At Girl Scouts, we want all girls to see how STEM
fields, like engineering, computer science, and
especially cybersecurity, can make a positive
difference in the world.
Thank you.
EDWARD RHYNE: Thank you, Alice.
Russ?
RUSS SHILLING: As was mentioned, I'm currently a
Senior Innovation Fellow at Digital Promise, and in
that role, I'm being funded by the
Chan/Zuckerberg Initiative to work with the Gates
Foundation and other philanthropies to try to
develop a DARPA for developing education
technologies.
Within that framework, really giving a lot of
thought to what the roles of security, privacy and
data ownership really mean, and how we actually
solve that in education.
But I think really more importantly today is kind
of a discussion about what Digital Promise is, and
what they can kind of bring to the table.
Even though we are currently not doing cyber
work, they have a model that you really need to
look at.
One of them is the League of Innovative Schools,
where they've brought together three million
students across 86 school districts, and these
districts have pledged to be open to innovative
practices, try new things, and they have shown in
their actions that they are innovating in their
schools.
And the League is a way of bringing all of these
groups together to actually improve the
outcomes for the students across the nation.
In addition to that, Digital Promise is also
working with Verizon for a League of Schools that
help schools actually create their technology
plans and bring technologies into the
classroom, and bring that into part of the education
activities.
So, I definitely see cyber as a role we should be
pursuing there as well.
The other thing that is critical here, and I will
talk a little bit more about it as I continue the
introduction, but it's micro credentials for
teachers.
And that's another big issue.
And that's, how do we train teachers, who may
not even have CS backgrounds, to actually
be able to teach students in the classroom what
cyber is all about, let alone computer science.
And this was brought on to me in my prior job, which
was as the Executive Director for STEM
Education at the U.S.
Department of Education, where I was there for two
and a half years at the previous administration.
And through that one, we worked with the Girl
Scouts and many other organizations in school
and out of school, to try to bolster the White House
initiative on computer science for all.
So, how much could we actually expand computer
science and bring it into the classrooms and
introduce it to students who normally wouldn't see
it.
I'm from Appalachia, so I came from a place where
still it's very difficult to get computer science or
any other types of STEM education.
So, the challenges we have in the education world,
especially for cyber, is how do we train the
teachers, how do we actually get these
programs into these rural schools?
We need cyber in the rural areas as much as in the
cities.
But to really give the kids the opportunity to
learn these skills.
Not just for cyber, but across STEM.
Prior to that, as was mentioned, I was a DARPA
program manager and an active duty Navy Captain,
so I have had a very strange career.
I was working with Sesame Street at the time, even
stranger.
In the Information Innovations Office at
DARPA, so I worked with Mudge Zatko and Elmo,
which was very strange.
But in that role, I was managing STEM education
programs and some things on PTSD, but part of what
we were playing with, in addition to the DARPA hard
types of problems we were solving in education, was
the concept that I think you wanted me to touch on
today, which was really how to make it
interesting, how to make it fun.
So, we were really focusing hard on games.
How do you make games fun?
How do you make sure they are educational?
How do you make games that actually learn from the
students so that they actually improve over
time?
And so that was a big part of our program.
And in the process, we were bringing in
professional gaming companies.
I was working with comic producers, so we were
talking to really good examples out there that
you should be looking at from like, the APS on the
Spectra comics, which have female super heroes in
physics, at the same time, they are introducing
concepts from Tesla and Newton and a lot of other
concepts.
But these things are ways of bringing kids into the
process, by telling the story and giving them the
examples, and showing them that women, minorities and
other groups can actually be successful in these
careers and help them identify themselves as
being practitioners potentially.
So, really -- and I'm sure we will get into this a
little bit more in a bit, but it's the story
telling.
So, how do we get more kids to think about this,
and give them the opportunities to succeed
in these fields?
Right now -- and I will lead in with this: The
Office of Civil Rights Database shows that 33% of
our kids don't have basic access to things like
physics and chemistry regularly.
And 50% don't have access to calculus.
So, this is what we are facing in trying to get
computer science and cybersecurity into our
classrooms.
That is where the innovation needs to come
in and that's where we need an all-hands on deck
approach.
RICK GERITZ: My name is Rick Geritz, I'm the
founder and CEO of a company in Maryland called
Life Journey, and about four years ago I was
teaching an innovation class in an inner-city
Baltimore high school, you know, asked the question
that all of us get asked when we are in high
school, which is: What do you want to be when you
grow up?
So, I had 20 students cross their arms and said:
I don't know.
Nine of them said: doctor, lawyer or Ray Lewis, who
is a football player.
And one student came forward and said, it's
really hard to answer what I want to be when I grew
up, when I can't connect what I'm learning in the
classroom to what I want to be.
At that moment, I went out and I wrote a patent of a
technology called Life Journey, where we go to
the most iconic brands of the world.
So, our customers include Tesla, Lockheed, Cisco,
and we take the actual real-life person and we
reverse engineer the journey that they took to
become them.
Their soft skills, their hard skills, and then we
fundamentally create a Gameboy cartridge out of
that person's skills journey and we let
students anywhere around the country of any means
log into the internet and test drive what their life
would be like if they followed the journey of
America's STEM science technologies and cyber
leaders.
And they go on a multi-month or multi-year
journey to understand every skill that they need
to do, and they experience that online.
So, think of it as the Facebook of mentorship.
It enables a signal mentor at a company, like the
designer of the Tesla Model S, or an NSA
cryptanalyst, to mentor one student in a hundred,
or a million at scale, enabling every student to
select a mentor and follow their journey and their
pathway.
A couple of years ago, we were working with our
keynote speaker, Rob, when he was at the NSA, and we
did a calculation that it was going to take 14 years
for our education system to bring cyber into the
classroom, into the curriculum.
Leaders like Doug and many other leaders, know the
challenge of this -- of how do we bring
cybersecurity?
Right now, cybersecurity is not in our curriculum,
it's still an after-school thing.
Thank goodness for cyber challenges and other
efforts like this.
We calculated that it's going to take 14 years, so
we created a program called the NSA Day of
Cyber.
NSA took six of their leaders, reverse
engineered three women, three men, different ages
-- a cryptanalyst, forensic analyst, and then
launched a program and a pilot, to get -- the goal
was to see if we could get 30,000 students to
register for this thing, and go through a six-hour
experience that's done over multiple stages, you
know, to earn this experience.
And our whole job is to inspire 40 million middle
school, high school and college students to pursue
a career in cybersecurity and fill up the high
schools and fill up the universities and really
take advantage of what is probably the most powerful
space race this country has seen since the 1960s.
There were 50,000 sign-ups in the first day, it
passed six million last month and is basically a
free tool to do that.
So, our role in this panel, in the ecosystem
is, how do we get past B to B and B to C and get to
H to H.
Human to human at scale and enable -- I think you
have all seen the stats, there are over a million
open and unfilled jobs in cybersecurity worldwide.
And the United States is one of the Five Eyes.
I have a colleague here from Australia, we just
launched with our Five Eye partner there, with Optus
in Australia.
We just launched in Singapore last week.
You will see launches in the UK and basically this
-- there is no zip codes in cyber and cyber
education and being able to pursue this and create
a pipeline of students that are inspired.
One of the big successes with the NSA Day of Cyber
was 46% of all of them are girls.
And we have this very powerful analyst engine
that says, you know, do girls pick girl mentors?
Or do they pick forensics or data science, or is it
more computer science based?
So, Kim, who was at the Computer Science Teachers
Association conference in Baltimore, we had to
switch, but yesterday was over a thousand computer
science teachers that have now figured out that
computer science and cybersecurity are the
Reece's Peanut Butter Cup of the modern-day era.
So, that is the Life Journey story.
EDWARD RHYNE: That's awesome, thanks Rick.
We have several canned questions and then in a
half hour we will get into the audience questions.
So, one of the questions that -- some themes that
each of you have talked about this, is that
technology really reaches all of us sometime
throughout our days, effectively.
You all mentioned some specific efforts that are
working on to reach students that are
interested in cybersecurity or in
general.
What kind of efforts can we as educators and
mentors do to help students that aren't
necessarily interested in computer science or
cybersecurity, prepare for the future?
As you know, apps are downloaded daily.
You don't know necessarily know what they are doing,
as Doug was saying.
How do we increase that awareness and inspire them
to actually care?
RICK GERITZ: Well, I will jump on that really quick
and hand it over to the colleagues.
One of the things you have to do that is -- take what
students are doing every day, right?
So, we have a set of digital field trips.
One of them is called Clearable.
You can connect your social media account,
click a button, it will extract everything you and
your friends have done online, and simulate and
see if you would pass a top-secret security
clearance.
So, it uses their data to teach them about them, but
more importantly, it's teaching them data
science, it's teaching them a soft skill.
It's all done in there, but it gives you the idea
of what you are doing.
Then there is a set of experiences where, you
know, you take a picture off the internet, you see
if you can turn it into hex code, see if you can
find out where the bad guy stored the phishing
attack.
But once you just connect what they are already
doing every day to cyber -- because cyber is no
longer a vertical market, it touches every part of
us.
It's about trust.
And I think one of the problems that cyber has as
it relates, is it has a marketing problem, because
everyone thinks it's about attacks.
But actually, every day, because of the work that
organizations do, we built this really trusted
internet, and just take what they are doing,
convert it into cyber so they understand that that
biometric sensor, you know, that is on your
iPhone, is cyber, right?
And how does that happen, and how do we trust each
other?
How do we work?
Once you get into that, and understand how we
broaden that capability, how does when you summon
your Tesla, how do you trust that the car coming
to you is yours and you own it, and what you are
doing?
All those sorts of things that are coming in our
daily lives are all cyber, you just have to turn them
and make sure that they understand the computer
science behind it, the coding behind it and the
crypto behind it.
RUSS SHILLING: Yeah, I think the other thing is,
you need to play the long game, and that's by
starting very early; as early as kindergarten,
when kids start getting on computers and start
teaching them some basics and fundamentals of
basically what Alice was discussing about good
citizenship and cyber bullying, and the things
they can understand.
The other thing we've pushed and that I'm really
big on at that age, is computational thinking.
So, not necessarily teaching them programming,
but teaching them the logical process behind
that, which they then can apply to math and reading
and a lot of other skills.
But that starts to lay the foundation that then by
the time they get into elementary school, they
might start seeing themselves in computer
science, and then that can lead into the cyber areas
as well.
ALICE HOCKENBURY: Two things I would say: One
would be, engage them in things that are fun.
Activities that are hands-on learning, that's
key.
Then just something to think about: If you have a
classroom or you have a computer lab, really make
sure the posters and the flyers are gender neutral.
One of the things that we always say at Girl Scouts
is, to see it is to be it.
What that is, is to feel comfortable with the role
models, that you can become that.
One of the things that I think was interesting was,
when asked how many folks in the room are under 30.
One of the ways to engage these young folks, is to
have folks that are in their 20s to be able to be
teaching them, role models to them.
If you do bring in to any sort of educational
activities, bring in younger folks that are
specifically in those careers that they can
aspire to become.
EDWARD RHYNE: Great, thank you.
You mentioned hands-on training, and Russ, you
mentioned that as well.
And Rick, obviously a Day in Cyber is clearly a
hands-on, or a window in to a hands-on environment.
So, cybersecurity, in my belief, is a
practitioner's profession.
How should we actually balance -- you each
mentioned classroom experiences, so the formal
education.
How do we balance the formal education with the
informal?
The challenges, the merit badges, the life journeys?
Even the maker movement.
How do we balance those?
RICK GERITZ: We just ran a really interesting white
paper, getting ready to publish.
It's called "Understanding Cyber IQ in the Nation".
We took 200 seventh, eighth, all the way
through university with computer science degree
area, and then some people working in industry, and
gave them 200 challenges that have hints to them,
that help you sort of solve.
We let everyone go at it, some with formal
educations, some with informal educations.
We basically -- it produces an accuracy of
zero to 100.
Can you get through it?
So, if you take that picture from the internet
and you know how to turn it into a hex code, using
just a free tool, then see if you can find out the
answer to it, you can hint along -- so, instead of
ten points, nine points, you basically lose points
if you get hints.
The number one student was a 15-year-old.
Beat everyone else.
He just had an absolute knack; you can call it
aptitude, or knack, or there is probably a bunch
of different terms.
But there is a grittiness and there is a tenacity,
and there is a side of cyber that just --
everything that you do on the internet and YouTube
is an asset.
I think that the biggest thing is, it's really how
do we take what is a natural instinct for
people to want to do, and let them get into it, test
it, and experience it and build confidence, right?
And as they start to build confidence and you can
start to layer in a lot of formal educations and
processes that let them accelerate, but I think
it's a great question, because there is such a
powerful mix of the formal and the informal and it's
what people have to do and what they want to do.
When you can combine them together, then you have a
very strong talented person.
EDWARD RHYNE: And the timeline of changing the
curriculum to begin with.
RICK GERITZ: Yeah, I mean, without getting into that,
I mean, you take that 15-year-older, who has
already passed a 21-year-older with a full
degree.
Sometimes it's just, how do you let them go faster,
right?
I think what has just been shocking to us with the
NSA Day of Cyber is they want to go faster.
I mean, they want to -- they are in high school --
there is a high school in Baltimore that has all 115
of their students already in paid, committed
internships, you know, past some school.
So, they want to go faster, I think, it's up
to us to how we get it to happen.
RUSS SHILLING: Well, I think the informal space
challenges is another good way of going, so really
have -- you know, we have things like cyber patriot,
obviously, and the great things that the Girl
Scouts are setting up, but we still don't have that
kind of rock star kind of organization in my view,
like First Robotics for cyber.
We really need something like that.
There can be more informal models for this as well.
One of the things -- Zoran Popovic out of the
University of Washington did, was he did an algebra
challenge across the entire state of
Washington.
They were playing a game, and all of the classrooms
are actually competing against each other.
So, this was kind of between in-school and out
of school, because the kids were playing at home
and in school.
That was the kind of challenge where it got
kids excited about something and thinking
about it.
So, I mean, if you can play with some of those
concepts a little bit more, I think that is one
way of strengthening the informal side.
But really, to have the biggest impact across
kids, we've got to get it into the curriculum as
part of the basic CS world.
So, as soon as they are being introduced to CS, it
needs to be hand-in-hand, K through 12.
ALICE HOCKENBURY: One the things that we found
is that hands-on learning that's exploratory, that's
fun, that is out of school, really is a way
which kids can feel good about learning without the
pressure of grades.
I know, thinking back to when I was growing up,
that was a huge thing.
After school programs provided an opportunity to
make new friends, but also learn new things.
The other thing we talk about when we say, you
know, informal education, it's the perfect
opportunity to go on field trips.
Then back to the point about introducing these
kids to STEM professionals from a variety of fields.
So, that's just the benefits of the informal
education.
And as all of you were saying, it compliments
very nicely what is already going on in
school.
So, if some youth find out about cybersecurity and
they are interested and they dabble with that,
then they could go back into their classroom and
really be more interested in math.
So, it has benefits both ways.
RUSS SHILLING: One thing I would like to stress in
this, and again, it's some place that I think as a
society, we are kind of failing at.
Vast stretches of our country don't have the
out-of-school opportunities for the
kids.
Where I grew up, just two hours from here, you know,
our kids are on the bus going home after dark at
this point, because there is one high school in the
entire county, so they are on the bus forever.
They are not doing out-of-school activities,
and those activities aren't available to them,
by and large.
So, I mean, we need to really think out of the
box on this to try to figure out how to get
those opportunities to these types of kids.
RICK GERITZ: Just one other learning that we've
had from this past year with the NSA Day of Cyber
is, a student is in school and the key of this whole
thing is that -- is not to intimidate the teachers,
right?
Because a math teacher is actually teaching cyber,
they just don't know it.
And comp-sci, language, psychology, economics --
cyber is about risk.
So, a lot of this is, you have to make sure that two
elements occur: One, that teachers are empowered to
have tools to connect cyber to what they are
already doing.
Because they are already doing it, they just need
to be empowered.
The second element is the parents.
I will simulate with you -- you are dad, I'm son,
how was your day today?
Hey, I did this, you know, this program.
I think I'm going to be a forensic analyst.
A lot of the parents are not up to speed on the
journey that their sons and daughters are going to
take, and it's really important in that dining
room discussion at dinner, in college, and what they
do, that they are supportive of that
journey, because this is the new space race, right?
And we sit here, and this organization sits here in
the hub of it.
So, that's two key points: The parents and the
teachers.
EDWARD RHYNE: Great, thank you.
Russ, you mentioned that not all students have the
opportunities, you know, based on geographic areas,
or whatever circumstance.
So, this kind of leads to a question of -- you know,
the private sector is investing pretty heavily
in STEM and cybersecurity, but they have their own
motivations.
What role do you really see the federal government
should have in cybersecurity education?
Feel free to go far afield as far as specific areas
of offense, defense, et cetera.
RUSS SHILLING: Well, even though the Department of
Education is not allowed to do curriculum, as I was
told repeatedly while I worked there, but DHS and
others can help set that in NSA.
So again, I think you'd actually find support as
partners from the private sector, for a lot of this,
with government, but somebody needs to set the
march for it.
So, somebody needs to really give us a pathway
to follow to get it there.
I think mostly if it's going to happen, it's
going to be partnerships between the government and
the private sector.
But again, the private sector needs to be told
what is needed, I think, in this case.
So, I think really giving that feedback to them,
coming up with the recommendations for what
needs to be taught, how it needs to be taught and
what opportunities the kids need to have, would
be well heard from the federal government.
EDWARD RHYNE: Ok, so, specifically in a formal
education space.
Any thoughts on informal?
RUSS SHILLING: I think the same thing, so again, I
think there are so many things on the plates of
most of these philanthropies and the
Googles and the Microsofts, that I think
if you can come up with a compelling plan for them,
you might get some traction to help that.
But I think it's up to the federal government to
actually help them do that.
So, the convenings we did out of the White House
before, and at OSTP and other things like that,
really helped catalyze things around computer
science for all kids, starting in pre-K, and we
are still seeing that moving forward now.
So, that kind of convening power, and bringing these
groups together is very, very powerful.
ALICE HOCKENBURY: I was going to say, in the
public/private kind of partnership, you know,
from great initiatives like Computer Science for
All, we were able to partner with folks like
Microsoft, and going into meet with members of
Congress, with girls, and explaining the importance
for having computer science curriculum in high
schools, and state and local level.
That is important.
The other thing is, non-profit organizations
like ours have been fortunate in the past, and
I hope to see this continue, to get
government funding.
For example, we have a wonderful relationship
with NASA.
The Science Mission Directorate gave us a
grant, and a program we developed, it's called
Reaching for the Stars -- NASA Science for Girl
Scouts.
It's a new five-year space science education program
that will bring together Girl Scouts in grades K
through 5, with scientists, engineers,
NASA, specific employees to engage and encourage
girls to explore science and space science.
Without that sort of funding, that sort of
thing is impossible for organizations like ours.
RUSS SHILLING: The other thing you guys can do too,
again, a program we have used heavily in the
government, I used it in DOD, Ed Metz does it at
the Department of Education, but it's the
SBIR program.
That's really a big lever that the government can do
to build games or comics, or other outreach types of
materials to the classrooms and educators.
RICK GERITZ: The only thing I was going to say,
there is a very strong organization run out of
NIST called NICE, the National Initiative for
Cybersecurity Education.
There is a framework and it's a -- to get back to
your question about federal involved with
this, and my opinion is, absolutely.
I think you have some DHS, NSA, you have some really
strong agencies that understand the skill sets
of what we need to do, and I think we need that
because I mean, the fact that we've had this
discussion in the past and the Department of Ed
can't, you know, sort of put in curriculum, but we
need cybersecurity curriculum inside of our
classrooms now.
We just launched our program in Singapore and
the way they elevate their teachers as -- I mean, all
the way up to the top of the food chain and it's
important that cybersecurity is
understood as the new alphabet, right?
I mean, it is computer science, it is data
science, it's language.
But there is a brand-new alphabet there that we
need to globally scale, and it should be
absolutely inserted in every part of our
education system.
EDWARD RHYNE: You talk about new curricula and
Russ, you talked about fundamentals and basic
foundations being in logic and basic math.
Can you comment about, as we intertwine
cybersecurity with everything else, how much
new curriculum actually is necessary in the younger
years?
We talk about pushing cybersecurity younger and
younger, so can you comment on new curriculum
versus trying to weave it into things we are already
teaching, and it's pulling that thread, so you can
see how things progress into a cybersecurity
career field.
RUSS SHILLING: Well, I have to unpack this a
little bit.
Just because we have the materials, doesn't mean
it's being taught.
So, I would say that even though we do have things
like anti-bullying campaigns and cyber
bullying campaigns, and a lot of other things, my
feeling is that most kids aren't getting it.
Even when it is available.
Again, it really is -- it's kind of like the
Digital Promise League of Innovative Schools.
You've really got to get into those administrators
really first, and they've got to be supportive, to
allow the teachers to be innovative in the
classroom and try new things.
I mean, it really does start with the
administrations.
EDWARD RHYNE: The school administrations?
RUSS SHILLING: Yeah, the school administrators have
to be on board with it.
So again, that's where you need to get these pieces
put in place to get it in the classroom.
Again, we are living in a country where the teachers
are mostly worried about their students passing
achievement tests and things like that.
So, cyber is not a part of that.
And cyber bullying is not really a part of that.
Again, it's giving them permission and kind of
changing the dynamics to make that relevant.
RICK GERITZ: The other comment, there is a big
difference, I think we have to draw a line
between cyber awareness, right?
Being safe online, bullying, and cyber
education.
Getting skills and being -- yeah, I think we have
all heard these statements, these parents
that say, my kid is really good with technology,
because their iPhone skills, right?
Or, be safe online.
There is a huge need for having awareness, what
phishing attacks are, being safe, cyber
bullying.
But learning skills, the brand-new alphabet of this
modern digital economy that includes computer
science and cyber and all the things that go with
the social behaviors around how this whole
thing works, is around education and skill and
getting that organized, and in an industry like
cyber that is changing literally every single
month.
Social media pattern matching.
Does anybody know how to go get a degree in social
risk management?
Pattern matching as a data sciences, as a computer
science.
It's changing so rapidly, which is -- you know, I
think I applaud DHS for putting this together,
because if we didn't do this, we couldn't keep up
with what's going on, and then how do you pack that
and implement it and get it to teachers and then
that whole latency?
It's never going to happen.
What you have to do is take these really smart
math teachers, computer science teachers, and so
on, and get them equipped to understand how to bring
that into their classrooms, so we can
create it as a dynamic teaching environment.
EDWARD RHYNE: Or is this another opportunity to
drive forward on informal education where you can
actually update things quicker and get concepts
out more effectively.
RICK GERITZ: I agree, I think you are right.
ALICE HOCKENBURY: Just a couple of things.
One of the things, you know, we have been working
with girls for over 100 years, and one of the
things that has really come out recently is, to
get girls engaged in STEM, they generally figure that
out by second or third grade, so that is really
young.
So, you want to get them started as soon as
kindergarten, just as you said.
Then the other thing is, we have this wonderful
incentive, and that is earning a badge.
So, making kids have attained goals in regards
to their learning is a good thing in some ways.
Last, I will say is that what we've found,
especially with this generation, is that kids
want to make a difference in the world.
They want to do good.
If they see cybersecurity as making that positive
difference, then they will be more interested in
engaging and knowing that this is a career path, and
even just a topic that they want to learn more
about.
RUSS SCHILLING: And so much of the challenge
structure that I mentioned earlier is about
identifying what the problems in your community
are, and how you solve them.
So, if you can actually ground cyber education
into their day-to-day life and make them identify
with that, then that is a huge part of getting it
done too.
RICK GERITZ: If I can add one point to yours, Alice.
In our big usage base on the NSA Day of Cyber, when
you do the analysis on girls, there is a thing
they do where they rank -- once they pick and
identify forensics or data science, they then rank:
"Would I rather work for an organization that helps
me make the most money, travel or cause?"
93% is about a cause.
They want cyber to be about a cause.
Once they get the cause, then their usage and so on
-- I just wanted to accent your point --
ALICE HOCKENBURY: That's fascinating.
Yeah, that's true.
RICK GERITZ: -- which supports that.
And, great job for -- what the Girl Scouts are doing,
because it's going to be a really, really important
element to a whole cyber generation.
So, congratulations.
ALICE HOCKENBURY: Thanks.
EDWARD RHYNE: We have time for one more question
before we open up to the audience.
We've been talking a lot about education and making
sure the teachers are prepared.
Rick, you talked about parents as well.
I know there has been some discussion about cyber
hygiene and some other terms that are somewhat
medically related.
With cybersecurity being in my belief, a
practitioner's profession similar to doctors, you
know, I'm not going to be a heart surgeon.
What I certainly know, that when my daughter
falls on the ground and scrapes her knee, I can
put antiseptic on it and a Band-Aid.
Where do you believe we are in that spectrum of
things with cybersecurity?
Do we need to have general knowledge as a society to
put antiseptic on a Band-Aid, versus the small
cohorts of really skilled open-heart surgeons, let's
say.
ALICE HOCKENBURY: We a in a unique position,
because it's volunteers, so it's generally parents
and other care givers that are our troop leaders.
A lot of times when we develop curriculum, we are
not just doing it for the youth.
We are also doing it for the adults that are
teaching; are training these girls.
And we do that a lot around financial literacy.
I mean, it's a great way to really teach parents
while you are teaching -- or, adults, teaching the
kids.
EDWARD RHYNE: Sure, that's great.
RUSS SCHILLING: If you haven't reached out to
100Kin10, the group that's tasked with trying to
develop 100,000 skilled STEM educators over the
next ten years, they are a good resource in this
area, and I would really highly recommend
partnering with them.
RICK GERITZ: One of DHS's really successful programs
is an organization called SINET, a global
organization, and this white paper I referred to
earlier is this thing called a Cyber IQ Test.
So, our opinion on this is that we grew up with IQ
tests and Meyers Briggs and there is all different
types of (indiscernible) code.
Ultimately, at the end of the day -- it can be a
mom, it can be a 15-year-old, it can be
whatever, and every American should go in and
try it and see how far they get and learn just
the entire new alphabet of the world.
There are easy ones, and hard ones, and see how far
you can get.
It's a really, really powerful thing, because
that question -- to answer your real question of
where we are, is -- we are going to have our experts,
right?
We are going to have our rangers over here, but for
innovation to happen, you need to know how a packet
goes across the internet.
You need to know how mobile devices work.
If you can just understand the basic IQ of this new
digital age, and understand the words, the
vernacular, it's going to help you as a mom, or a
dad or a mid-career person, a student.
We focus on all the students, but by the way,
we still have all of us, and people that are
tooling and changing and innovating.
Once you get that knowledge set, which is
really encompassed in cyber, it really creates a
new foundation and a new alphabet to build a
generation.
EDWARD RHYNE: We have about 14 minutes or so.
We will open up the floor for questions for our
panelists.
AUDf
System Engineering at DHS.
I would like to ask Ms. Hockenbury in
particular, sort of a couple of related
questions.
First of all, in developing your
curriculum, do you find that girls seem to
gravitate to certain skills within computer
science?
Are they exhibiting particular longing toward
certain areas perhaps more so than others?
Second of all, while I think that the badge
program is very promising and I wish you a lot of
success in it, I'm wondering whether or not
-- in relationship both to the Girl Scouts itself and
to outside the Girl Scouts -- typically scouting, at
least my experience of it with Boy Scouts, was you
have to be badged in a wide variety of areas.
An 18-badge curriculum is something that a girl
could go through over her entire career with the
scouts to perhaps -- would she be considered truly a
part of the Girl Scouts if she just concentrated on
the cyber area.
So, I think that relates back to the questions
posed by a couple of the other speakers as to what
-- can you combine it with other badge areas of the
Girl Scouts?
Secondly, why necessarily restrict it as a Girl
Scout curriculum and not open up this part of it to
those who don't necessarily want to be
fully involved with the Girl Scouts?
ALICE HOCKENBURY: Great.
Well, what I can tell you, in your original question,
which was about, what do you know?
What experience?
We are in the process this fall, in fact, just in
July all of our troop leaders and our counsels
across the country, are receiving our new STEM
curriculum, which is engineering and computer
science.
The badges around cybersecurity is one small
part of that.
I wish I had the data right now to share with
you about what those outcomes were, just
because we are rolling them out this fall, I
don't have that.
Your next question, in regards to the overall
pillars of Girl Scouting, I mean, it doesn't just
focus on STEM, but if a girl wants to come in and
only do robotics, that's great.
But we offer financial literacy,
entrepreneurship, healthy living, bullying,
relational aggression.
We offer amazing outdoor experience.
In fact, we are coming out with a whole new series of
outdoor badges this fall.
And we offer STEM programming.
I will tell you one thing, is that we are finding
out, more and more girls and especially the older
girls, love the STEM programming.
I think because it relates more to the way that girls
are today.
They are working on their mobile devices.
It's something that is more natural to them.
How do we get this outside of just Girl Scouts?
Well, we are trying to expand this into more
girls, more communities.
So, even if you take a weekend long program where
you come in -- I'm going to use an example because
I know it, to -- in Wilmington, Delaware, they
have Dupont in their backyard and there will be
a weekend where the women Dupont engineers come in
and they have a day with the girls where they talk
about their careers and they mentor them.
You are a Girl Scout then.
So, you don't necessarily have to be a part of this
huge, long, program.
You can do a weekend event.
You can do a camp event at a STEM lodge.
There are a lot of opportunities to engage in
easy ways.
EDWARD RHYNE: In the back?
AUDIENCE MEMBER: Hi, my name is Manu Sporny, I'm
with a company called Digital Bazaar, and I work
with the World Wide Web Consortium on
international standards around verifiable claims
and digital credentialing.
One of the questions that I have for the panel,
going back to the statement made about their
being a million open cybersecurity jobs.
Part of the problem is training those people,
getting them credential.
The part of the problem is finding them in the first
place, right?
There is -- I think Russ made a point about micro
credentials potentially being able to be used to
teach teachers, credential people, and then those
micro credentials being used to discover skill
sets that people have.
Maybe gap in their skill set.
So, we work with Pearson and Educational Testing
Service, we have talked with the Department of
Education, and there is gap that we've seen.
So, the technical standards are being
created, they are being pushed out, there are
companies such as ours that do digital
credentialing and issuing these credentials to
students and teachers.
And their organizations like ETS and Pearson, and
most of the folks up there that are saying, there is
a demand for this stuff.
But we haven't seen many projects go past the pilot
stage.
While there are a number of people saying, "This is
the future, we are interested in this", and
there are organizations doing pilots, there
doesn't seem to be a very strong pull from the
market to get to the next step, which is, use these
digital credentials to actually hire people.
So, my question to the panel is: Do you know of
initiatives that have been successful, that have
transitioned into the market, or organizations
that have gone beyond the pilot stage with a number
of these technologies that you are saying are the
future?
RICK GERITZ: I will jump up first.
I can speak, in our company, the approach.
I think the micro credentialing, the digital
credentialing, is getting ready to hit.
Right?
I think it's coming.
I know in our world, we take an approach where we
reverse engineer the actual beating heart
person, and fundamentally create a curriculum out of
their skill sets in a big data model.
Then we have the student, whether it's high school,
university, middle school, go through and check off
in all of those different things.
We use various different tools.
For instance, crypto is not taught in the
classroom, so NSA has this thing called a Crypto
Challenge and the mentor comes in and says, "Hey,
see if you can get to level three and solve
this, right?"
And then they credential that.
You know, we do one with Cisco or Deloitte or -- in
Australia.
All of these initiatives are driven out of the HR
departments.
This money ball for cyber talent, right?
So, there is a huge CSR capability, when you have
200,000 students that want to be your person, and
that is their role model.
There is a big CSR thing, there is a big marketing
brand, but most important, like the NSA Day of Cyber,
is they are trying to fill up an entire major league
baseball style pipeline of students that are
eventually going to work for them.
And instead of just waiting for the open rec,
build an entire funnel of these.
Cyber is so powerful, because it's changing so
quickly, these micro credentials can pop up
new, and the faster you can get them and put a
skill around them and put them in there, it saves
companies six months of how long it takes to
actually bring a student.
I think it's coming.
It hasn't peaked in the hype cycle.
We are still here on credentialing, but it's
coming and it's going to be the wave.
I will be happy to talk to you about what we do,
offline, if you want.
RUSS SCHILLER: Yeah, and the other challenge is
stripping all the politics away from education.
We have thousands of school districts, each one
has a different market.
So, part of the problem is on the other side of that,
is getting into the school system in the first place,
and that's the biggest challenge.
And it's not just for cyber, it's for any
education technology product you want to try to
put out there.
So, it's going to take a lot of leg work, and
again, what I like about the Digital Promise model
from our organization, is that again, we've kind of
rounded up a large group of school districts that
are willing to try new things and experiment.
And so, there were some really good places to
start.
And I think once we can get a foothold in some of
those groups, then the other schools start
looking across and saying, "Well, we want to do that
too."
Then you can build out from there, but it's going
to take a lot of will and a lot of hard work.
AUDIENCE MEMBER: Hi, I'm.
Just like everybody else on the planet, we have our
challenges hiring top flight cybersecurity
talent, but along the way of trying to find the
right people to hire, we stumble across an
interesting contradiction in what we expect of the
people we are trying to hire here.
It seems that cybersecurity is unique
among the STEM fields in that there is a generous
amount of "outside-the-box thinking" that needs to be
sort of part of the regular thinking, even
though we tend to train people for "inside the box
thinking", we really need them to do "outside the
box thinking".
I have discussed this a lot with my faculty
friends, and we have come to the conclusion that
even college is too late.
Much to the points we have been raising, we have to
start at the school level -- elementary, middle,
high school.
But here is the conundrum there, so ine of the
things that we discovered that is when you hire
people, they are very smart.
They come from elite schools, they come with
cybersecurity degrees, but they actually disappoint
us.
The reason is that they are good at doing the
things that they are told to do, but what we really
need them to do, is to anticipate the things that
they were not designed for.
This is a kind of basic mindset, I think, that is
not there.
It has to be cultivated in the very beginning of
schooling years.
I have a daughter in middle school, and I can
tell you that as inventive and creative as she is,
she will not break things.
And it seems that to train really good cybersecurity
people, we have to encourage them to break
things.
But we don't do that.
We kind of tell them to do this, this, this, this,
pass these exams, take these tests, whatnot.
But that does not help cybersecurity.
It helps part of cybersecurity, I will
grant you that.
But the real meat of it is, how do you get people
to think about how other people perceive the thing
that you have designed?
And how would they try to use it in ways that you
have not thought of?
So, how do we encourage our youngsters to break
things?
RICK GERITZ: Congratulations, you are
my new Chief Marketing Officer.
But I think your point is exactly right, because in
many ways, when you structure education, you
are going to do this and this and this and this.
You have probably seen a number of the Ted Talks
around how this structure sort of reduces the "out
of the box thinking", right?
And you've heard me say this before, I think what
is really important, is to give problem sets that
have no solutions and so in our -- in this thing we
did at SINET, in the Cyber IQ, we watch what key
words they search.
We watch how they problem solve.
You know, who they go to.
In school, it's called cheating, in work it's
called collaboration, right?
How do they collaborate, how do they solve?
So, you are right.
You are right.
You should be on the panel next year.
RUSS SCHILLER: And I think it goes beyond that too.
Again, it's the way we're teaching the kids in the
early grades now as well.
So, I mean, music art and all the other topics, are
taking a hit.
It's that broad perspective that helps
kids think outside of their perspectives.
And when all you teach them is computer science,
then they become very hyper focused on that.
So, you've got to give them a broad perspective
of things.
ALICE HOCKENBURY: I immediately go into
thinking: That's why we have the outdoors, because
what we do with outdoor challenges are amazing.
I mean, girls are rock climbing.
I mean, you are doing things that are "outside
of the box" and not so focused.
So, a well-rounded education, I think, is
important too.
You just don't want to box somebody in at an early
age into a small area, which I think is kind of
what was being said earlier.
So, thank you.
EDWARD RHYNE: Great, thanks.
We are out of time, I'm sure we could talk for
many hours more, but let's thank our panelists.
[applause]
No comments:
Post a Comment