Let’s face it – today’s Generation-Z kids think differently than their Millennial predecessors, who think differently from me, a Baby-Boomer. Gen-Z kids (Americans born after 1995 and currently under the age of 19) grew up with a do-it-yourself education, crowdsourcing, and aspire to be self-employed. They live on social media, constantly documenting their lives with the expectation that their social presence will impact or change the world. Gen-Z kids are also the original digital natives who conduct research, observe lessons, take tests and collaborate with classmates while on-line. What I find most unique about Gen-Z kids is that they routinely multi-task across five screens without fanfare, and over half list gaming as their main source of entertainment. This generation isn’t tech-savvy, they are tech-innate.
The good news is that the innate traits of Gen-Z kids make them a perfect fit for cybersecurity. To be an outstanding cybersecurity professional, you need to think outside of the box, be intellectually curious, self-sufficient and collaborative. The bad news is that the average age of hackers is reported to be 17 years old and many are captured by the dark side before they even understand that there is an alternative. Young digital natives are lured by the accolades and reputation they can build by showing their skills to an audience who imposes zero rules or limitations. Sadly, by the time employers are ready to recruit them, some of the most promising minds have been lost to criminal enterprises or prison.
To capture hackers before they go dark, we need to rethink our cyber education and training. Universities, high schools and, most importantly, middle schools, need to embrace the fact that the Internet is here to stay and therefore, so is cyber. It is imperative that we focus on enabling the aptitude and energy of elementary and middle school kids by providing them with the instructors necessary to teach them about ethics, discuss career paths and reinforce that they can be “the cool kid” in cyber. Imagine the bragging rights of being on the Varsity Cyber Team, commensurate with being on the Varsity Soccer Team. Imagine a cyber arena that is equally open to male and female students to explore and build confidence in a safe and engaging manner. This is not that far reaching of a vision.
Almost ten years ago, I hired a most amazing hacker – he was 16 years old. He accomplished a task that 300 of his adult colleagues in the intelligence community could not and I am convinced it was because he didn’t know he couldn’t. He went on to learn that you can do just as many amazing things for the “good guys” as you can for the “bad” and he continued to work on projects of National importance. He changed the world in ways that I am extremely proud of and grateful for. With this experience as my catalyst, I embarked on an odyssey of training military and commercial teams in cyber defense. I learned the valuable lesson that cyber is a team sport – most akin to basketball – as players must quickly transition between offense and defense in a dynamic field. Communicating between players, passing the ball and looking for new openings to score is very similar in both basketball and cyber. I also learned that you don’t simply have defensive players and offensive players, but rather, you must have players who understand all the plays in the book, and are able to improvise when one goes awry.
Cyber is a very interesting but difficult domain. It requires both technical and operational breadth and depth of skill at a very fundamental level because tools, tactics and adversaries evolve quickly. This field is perfect for Gen-Z kids but getting them involved requires an evolution of education and parenting because skills that can enable malicious activities must be taught at a very early age. I contend that if we don’t embrace cyber for the young Gen-Z and those that follow them, we will never be able to fill the estimated gap in the cybersecurity workforce – shown today by cyberseek.org as being approximately 350,000 openings in the U.S., while a 2015 report from Cisco estimated over 1 million openings.
How do we close the gap? Gamification, defined rules, engaging team play, scoring, competitive awards and feedback are widely accepted as effective methods for attracting younger (and many times older) generations. These concepts provide the competitive elements of a cyber arena to a full spectrum of Gen-Z, Millennial and Baby-Boomer enthusiasts (yes, even for me). When content includes mini-games that teach how hackers get into your network, as well as fundamental games on hexadecimal/binary conversion these individuals are able to learn important skills in digital forensics.
I encourage members of the U.S. cyber community to take cues from other countries, such as Israel, where elementary school children are taught computer science and robotics as early as kindergarten! By expanding on concepts like the Cyber Patriot program, where now 4,400 schools (including 600 middle schools) compete in regions around the U.S, we can begin to capture youth that excel at cyber. Programs like these need support from parents and educators, as well as industry frontrunners and government entities. There are many bright spots out there forming around the cyber world and I remain optimistic that we can figure out a way to harness Gen-Z for the greater good of cyber.