May 25, 2022

2020 National Cyber Signing Day

Watch these high school students and how they are building their own unique pathway into cybersecurity and why you can join the cyber hero squad too!

Identity of a hacker

EXERCISE #1: Open source intelligence (OSINT) gathering exercise of known and caught hackers.

  • Each student (or small group) researches the profile of 1 hacker using a variety of resources (Krebsonsecurity, The Cyberwire, Darknet Diaries,...) and answers a set of questions.
  • We share each other's findings and draw conclusions on common traits, background, motivation, family profile, attack vectors used, employment status, effect on target, aftermath when caught. One important lesson is that most young hackers are caught and end up in jail.
  • Discuss OSINT and how the students may be a target of a hacker. They are their parents' "back-door" after all. What's their public digital persona say about them?
  • What did they learn (and was unexpected)?
  • How can OSINT as a skill be used in cybersecurity, i.e. to solve cybercrime? Criminal profilers, FBI, human trafficking, etc.
  • Discuss the importance of pursuing the right purpose (positive impact) and using the right motivators (belonging to a community and helping others) when learning cybersecurity skills.

    Impact of a hack

    EXERCISE #2: Research of hacks and the effects on society. Learn the importance of ethics and integrity.

    • Impact on the victim: Healthcare, energy, supply chain (food, water, medicine, etc), democracy, personal identity, finance/banking, pharma/biotech, 911 ... (immediate impact vs long-term effects such as customer loyalty, fines, loss of competitive edge)
    • Impact on the hacker: A criminal record has consequences. (fines, jail, no job, no credit,... it's a dead end)
    • The importance of trust
    • The three principles of cybersecurity: CIA or Confidentiality, Integrity and Availability of data

    Social engineering

    EXERCISE #3: The weakest link is human.

    • Review videos/blogs on phishing, pretexting, social media compromises (Kevin Mitnik, Catch me if you can)
    • Best practices to protect yourself from a scam.

    Cybersecurity roles and responsibilities

    EXERCISE #4: Discuss the positive impact of a cybersecurity professional & the importance of having unique perspectives.

    • Run indeed.com searches for various security profiles in the Raleigh/Durham area (or your local area),
    • What skills are required, and which skills/certifications are in high demand or in growing demand (think blockchain, defi, AI, global threat intelligence etc.)
    • Emotional intelligence and the importance of soft skills.

    Threat Landscape

    EXERCISE #5: Research & teach each other about some common threat vectors: .

    • Rubber ducky, smurf attack, RAT, trojan horse, smishing, whaling etc.
    • Concepts of penetration testing, vulnerability assessments, red team, blue team, purple team testing.

    Cybersecurity framework fundamentals

    EXERCISE #6: Fundamentals of a cybersecurity framework - how does it compare to securing a house?.

    • Identify, Protect, Detect, Respond, Recover (NIST framework)
    • CIS top 18

    Roadmap to Network+ and/or Security+ certification

    EXERCISE #7: Prepare for the CompTIA Network+ and/or Security+ certification (and your first job in cybersecurity):

    • Start or join a study group & have regular meetings to keep each other on track and accountable.
    • Learn with the intent to teach the other group members.
    • Use various educational tools to prepare for the exam: study guide (book) and practice tests, flash cards, YouTube videos, podcasts, Kahoot etc.

    Risk management

    EXERCISE #8: Risk management principles.

    • The role of a CISO, Chief Information Security Officer.
    • Security risk is business risk. What future entrepreneurs and aspiring business leaders should know.

    Security Operations

    EXERCISE #9: Security Operations, i.e. day-to-day security activities.

    • What’s incident detection and response?
    • Principles of threat hunting, threat intelligence, SIEM technology, MDR vs XDR vs EDR...

    Non-technical cybersecurity opportunities

    EXERCISE #10: The other jobs in cybersecurity where cybersecurity knowledge matters, but you don't have to be "technical".

    • Behind every security engineer, consultant or analyst is an organization that markets, sells, project manages their work.

    Cybersecurity degrees

    EXERCISE #11: Research local or virtual cybersecurity degrees.

    • Review what learning opportunities exist in NC-based colleges and universities.
    • Review bootcamps, associate/bachelor/master degrees...
    • Review pros and cons of online vs in person options.
    • ROI analysis of a cyber education (time, cost vs starting salary, demand, etc.)
    • What scholarships can you take advantage of?

    Introduction to Cybersecurity Careers

    Pathways into cybersecurity

    EXERCISE #12: What is your next best step? Second step?

    • Review immediate learning opportunities & hands-on experiences (internships, scholarships, job shadowing, mentorship, capture the flag events, high school competitions, programs for minorities, associations)
    • Poll the students to understand areas of interest and develop a plan for any categories of interest (depending on age group and area of focus)

    Teacher Resources

    • K12 Resources for Cybersecurity Education at Home Developed by like-minded individuals interested in sharing resources for students, parents, and educators to promote cybersecurity content. Resources curated by the NICE K12 Community of Interest.
    • K12 Cybersecurity Education Community of Interest This Community of Interest is a forum for K12 teachers, school administrators, local and state education agencies, non-profit organizations, federal agencies, institutions of higher education, and others who are interested in sharing and learning how to grow and sustain diverse students pursuing cybersecurity careers through learning experiences, exposure to career opportunities, and teacher professional development.
    • Cybersecurity Career Awareness Week October 17-22, 2022 Join us in promoting awareness & exploration of cybersecurity careers by hosting an event, participating in an event near you, or engaging students with cybersecurity content!
    • Free CIAS Card Games The UTSA Center for Infrastructure Assurance & Security (CIAS) is committed to creating a culture of cybersecurity through a comprehensive K-12 Cybersecurity Program. The CIAS conducts research into effective ways to introduce students to cybersecurity principles through educational gaming. The program targets four demographics: elementary school, middle school, high school, and colleges/universities. The card game is free to educators if you email [email protected] or can be purchased online.
    • The Last Mile Education Fund In addition to the scholarships promoted on our website, consider this educational funding approach meant to empower more students ensuring greater equality and inclusion in STEM education.
    • NCWIT Resources for Educators NCWIT is a non-profit community that convenes, equips, and unites change leader organizations to increase the meaningful participation of all women — at the intersections of race, ethnicity, class, age, sexual orientation, and disability status — in the influential field of computing, particularly in terms of innovation and development. Additional Resources.
    • CYBER.ORG Cyber Safety Videos CYBER.ORG and the Cybersecurity and Infrastructure Security Agency (CISA) partnered to produce this Cyber Safety Videos. They highlight some common potential threats you're likely to face online and what you can do to make sure you stay safe!
    • NCyTE Center Cybersecurity Curriculum Free cybersecurity curriculum, lessons, and modules designed to help students learn the concepts and skills that employers are seeking. Teachers and cybersecurity experts designed many to align with various portions of curricular frameworks. These teaching resources are intended to be facilitated by an instructor over time.
    • NICCS Education and Training Catalog The NICCS Education and Training Catalog is a central location where cybersecurity professionals across the nation can find over 6,000 cybersecurity-related courses. Anyone can use the interactive map and filters to search for courses offered in their local area so they can add to their skill set, increase their level of expertise, earn a certification, or even transition into a new career. All of the courses are aligned to the specialty areas of The Workforce Framework for Cybersecurity (NICE Framework).
    • GenCyber The GenCyber program provides summer cybersecurity camp experiences for students and teachers at the K-12 level. The GenCyber program is financially supported by the National Science Foundation and other federal partners on an annual basis.
    • High School Cybersecurity Workshop They offer a full curriculum package including student and teacher editions of the lecture notes as well as virtual machine images for running all of their labs. These resources are available for free under a Creative Commons license. The High School Cybersecurity workshop only provides these to educators or to other individuals interested in running a program similar to the one we offer.
    • Microsoft High School Program Microsoft offers a variety of resources to help students learn how to code, get internships and prepare for a career in tech.

    US Cyber Patriot

    CyberPatriot is the National Youth Cyber Education Program created by the Air Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation's future. ​At the core of the program is the National Youth Cyber Defense Competition, the nation's largest cyber defense competition that puts high school and middle school students in charge of securing virtual networks. Other programs include AFA CyberCamps, an elementary school cyber education initiative, a children’s literature series.

    Cyber Patriot YouTube Channel

    Girls Go CyberStart Initiative

    Girls Go CyberStart Initiative is a fun and interactive series of digital challenges designed to introduce young women to the field of cybersecurity; it encourages high school girls to explore career opportunities in the cybersecurity field as well as join the global cybersecurity community.

    Twitch - Cyber_Insecurity!

    Cyber Insecurity is a stream dedicated to all things cybersecurity. Its meant for hackers, blue teamers, threat hunters - or anyone. It's designed to be a way to bring the conversation up another level and include all disciplines and skill levels.

    Want to be a Guest?

    Would you like to share your cybersecurity journey with our audience?  Submit your story by clicking on the button below.

    Submit your story

    Become a Sponsor

    Would you like to gain visibility by having your logo on our website or an ad in our podcast?

    Become a Sponsor