There’s a Major Blindspot in Cybersecurity Education

We’re teaching students how to problem solve before we teach them how to problem see

Photo: Thaddeus Pryor

In July 2014, iPhone 4s in hand, I stood before a classroom of 15 high school sophomores and declared that touching glass on a screen to communicate with someone thousands of miles away was nothing short of magic. I got nothing but blank stares from my not yet captive audience. Needless to say, this was not quite the introduction I was hoping for.

Earlier in the day I had been mulling over how I would make these next eight weeks with the students matter. My job as a lecturer at this Georgetown University program was to use the allotted time — one hour each week over the summer — to get students excited about technology and position them for success at the start of the next school year. But I also had a more aspirational goal: I was hoping to address a gap I experienced in my own educational journey between learning how to see problems and how to solve them.

At first, my message about the remarkable sorcery of technology just wasn’t resonating. In a seemingly desperate move, I did what any tough, unpredictable teacher would do and announced, “let’s take a pop quiz!”

Sneers, eye rolls, exaggerated exhales, and every annoying noise you’d expect from high-schoolers sitting inside on a Saturday morning commenced.

Little did they know, this wouldn’t be a standard pop quiz. With paper and pen in hand, the students anticipated my questions. As I prepared to call out the first and only question for the quiz, I cleared my throat to ensure I had everyone’s undivided attention.

What problems do a mobile phone solve for you?

I told the students that their grades would be determined by how many problems they could identify, and watched as they scribbled away, often smirking at the paper as they thought about pain points that once existed in their lives. Responses included finding directions, secretly sharing messages, and having access to help in emergencies, no matter where they were. My last-ditch effort had worked — the students were seeing the magic.

I had initially intended to share my excitement for the mechanics and design of the iPhone — a piece of technology that I knew the students used and understood. But what I had missed in my initial approach is that the students, millennials who had grown up surrounded by tech but who were not yet technologists themselves, didn’t yet share the same appreciation I had for it’s sleek design, responsiveness, and general awesomeness. At least they didn’t yet have that passion. What the students did know was how much they rely on their phones to guide their everyday life.

As the students responded to my quiz, I recalled my own trek into cybersecurity. Throughout my time as a stressed student-athlete trying to outrun the next homework assignment while chasing the scholarship that was one bad race from being ripped away, what kept me going (and continues to keep me going) has always been my genuine love of helping people. I chose cybersecurity because it offered a unique way to solve pressing issues that were central to my community, generation, and society at-large. My cybersecurity education expanded me, and gave me language to call out the issues I saw. All the missteps, late nights, and frustrations that come with deciphering your own logic were glaring, as were vivid images of “a-ha” moments and passionate debates about the merits of open source technology.

As the weeks went by, my students forgot they were being tested because they instead started to test the world around them. They didn’t rush to theorize solutions, nor were they focused on building skills or aligning with a suitable business partner. They were focused on being present — and starting to be critical of what they saw before their eyes.

Problem identification was an innate skill we were just beginning to tap into; honing it would be an excellent entry-point into all that tech could allow them to address.

Too often, students don’t engage in problem-seeing before problem-solving. But it’s the seeing that’s essential to all that comes after it — the development of new products, businesses, and the shaping of beliefs. It’s this idea that’s central to my nonprofit, STEMLY, which advocates for high quality STEM education. I’ve seen firsthand how when students can see the problems in their own lives as relevant to what they are learning in science, technology, engineering and math classes, their imagination is unleashed.

STEMLY’s work is shaped by the belief that students well-versed in problem identification can change their communities. Though the concept is simple, the complexity lies in the real-world execution: After all, being patient, sensing, and thinking slow, all requirements for problem-seeing, are in direct competition with the pace of life and the speed that products go to market. This means that technologists may not fully understand a problem before we try to solve it — and also that a product’s cybersecurity implications become an afterthought, if they are considered at all.

In the classroom, students were more invested when they had a say in the problems they got to solve; not just in the excitement of posing a correct solution to some arbitrary problem. They were more than just recipients of the curriculum; they were coauthors of it.

Author:

Devon Rollins is a fellow in New America’s Cybersecurity Initiative. Rollins is very passionate about the intersection of technological innovation and public policy, particularly around online piracy and digital investigations.