What I learned at Cyber Boot Camp (Instructor Edition)

One reason cybercrime is on the rise is a lack of “capable guardians”, people with the appropriate skills and personal ethics to defend networks against attack. Recently I participated in a program that aims to change that situation: Cyber Boot Camp, a place where young people can develop the skills, mindset, and moral code required defend networks against criminal abuse.

I have already written about some of the lessons learned by students who attended the camp, but like any good educational experience, the instructors also learned things, and I wanted to share the most worrying thing I learned: there’s a big hole in computer education in America today. While Cyber Boot Camp takes place in California, I suspect that this problem exists in a lot of other states as well (I would be very happy to hear from anyone who can show me I’m wrong on this).

A gaping hole in computer education

Sadly, the main thing that I learned at Cyber Boot Camp might just be that the State of California is doing a dismal job when it comes to educating kids about computers! Consider this:

“Sixty-five percent of public high schools in the state offer no computer science courses. Just 13 percent offer the AP [Advanced Placement] computer science course. And 10 of the state’s largest 20 districts do not offer computer science at all.

(source: Education Week)

Those shocking, and frankly disgraceful findings come from a report that highlighted huge disparities in computer education in the state that is home to the world’s richest computer company (Apple) and largest Internet companies (Facebook and Google). For example: in schools with highest percentage of low-income students, only 4% offer Advanced Placement Computer Science.

So what about the students in boot camp? Where did they learn about computers? Not in regular classes! Consider the response when I asked them to raise their hands if they had every taken a class in school that explained the function of the computer BIOS: no hands went up. That’s eight different schools, within and beyond San Diego County; but zero education in the basics of computer operation, key to understanding some of the most pernicious attacks on computer systems.

Cyber Boot CampWhen I finally got my head around this staggering fact, our boot camp students rose even further in my estimation. But how did they learn enough to get to boot camp?

Many students participated in Computer Club after school and then got involved in computer security competitions like Cyber Patriot and the Mayors’ Cup. They learned through a combination of initiative and effort on their part, supported by a cadre of volunteering teachers, coaches, parents, and mentors.

This situation is a huge credit to the students and all those involved, but also a huge black mark against the state that arguably did more than any other to make everyone in the country a computer user. And while some states in America may do better, I have a feeling California is far from being the worst.

My colleague, Lysa Myers, wrote about the lack of computer science education in American schools last year, and we will revisit the topic again soon, informed by our own recent experience working with some of the country’s brightest kids, young people who have taken it upon themselves to expand the horizons of their knowledge. Come to think of it, that might be an even bigger lesson for me: there is hope for the future, and these students embody that hope!

A note about capable guardians

While the term ‘capable guardian’ may sound strange, it holds a special place in the field of Criminology, the study of crime. Back in the 1970s, crime rates in America were soaring despite rising levels of affluence and education, a situation that appeared to contradict those theories of crime that pointed to poverty and lack of education as root causes.

In 1979, two sociologists came up with a theory as to why this might be: Routine Activity Theory. Since then RAT has informed a lot of criminology research. In part, the theory states that: “Most criminal acts require convergence in space and time of likely offenders, suitable targets and the absence of capable guardians against crime” (Cohen and Felson, 1979).

In other words, when those three things come together there is an opportunity for crime to occur, and it probably will occur. Felson and Cohen described how changes to the basic routines of life in society, such as more people spending time away from home during the day, either for work or leisure, created more opportunities for crime. Their research into these trends led to a striking statement: “opportunity for predatory crime appears to be enmeshed in the opportunity structure for legitimate activities”.

This was striking because the phrase “opportunity structure for legitimate activities” sounds a lot like a description of the Internet today. Sadly, crime today is enmeshed in the Internet, but we have at least one theoretical basis for thinking that more can be done to deter it, in three ways: reduce the likelihood that people will offend; make targets less suitable; and provide more capable guardians. Hopefully, educational initiatives like Cyber Boot Camp will help with all three!

References:

Cohen, L. E. and Felson, M. (1979) ‘Social change and crime rate trends’ American Sociological Review 1979, Vol. 44 (August): 588-608.
 

Author Stephen Cobb, ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.