Make Cyber Security Training Mandatory

5/14/13Follow @sgblank

The online world can be a dangerous place for the unprepared. And it’s just going to get worse. It’s time to teach cyber security as integral part of the high school and college curriculum and to all corporate employees.

I grew up in New York City and for a few years heaven on earth for me was going to Boy Scout camp in the summer near the Delaware River. The camp had all the summer adventures a city kid could imagine, hiking, fishing, canoeing, etc. But for me the best part was the rifle range. For a 12-year old kid from the city shooting target practice and skeet with a .22 rifle meant being entrusted by adults with something you knew was dangerous—because they were beating gun safety into our brains every step of the way.

From the minute we walked onto the shooting range to even before we got to touch a gun, we learned basic rules of handling weapons I still haven’t forgotten. You screwed up and you got yelled at and if you did it again you got escorted out of the rifle range.

While target practice and skeet shooting were fun, safety was serious.

Over the years I would learn how to shoot an M-16 in basic training in the military, go through a basic combat course to go to Southeast Asia (when we acted like this was a lark, our instructor stopped our drill and said, “For your sake I hope the guys shooting at you were screwing around in their combat course.” It got our attention). When I bought my ranch, herds of wild boar still roamed the fields. While we were putting in the miles of fencing to keep them out, I bought much heavier weapons to deal with a charging 400-pound boar and hired an instructor to teach me how to safely use them. Each time gun safety was an integral part of training with new weapons. For me, guns and gun safety became one and the same.

Hacking and Cyber Security

For consumers, online surfing, shopping, banking and entertaining ourselves have become an integral part of our lives. And with that has come identify theft, hacking, phishing, online scams, bullying, and predators online. As well as a loss of privacy.

But for businesses, the threats are even more real. Go ask RSA, Northrop, Lockheed, Google, Amazon and almost every other company with an online presence. Intellectual property stolen, customer data hacked, funds illegally transferred, goods stolen, can damage a company and put them out of business.

I think we’re missing something.

In the last 20 years three billion people have gained access to the Web. Yet for most of them safety online remains a problem for other people. It pretty clear that for a company going online today is equivalent to playing with a loaded gun. The analogy of comparing the net with guns might seem stretched, but I think it’s an apt one. Guns have been around for hundreds of years, to provide food as well as wage war, but it wasn’t until the 20th century that gun safety rules were codified and taught.

I think we need the equivalent of gun safety training for online access.

We now know the basic tools online hackers use. We know enough to harden sites to stop the simple hacks and to educate employees about basic social engineering and phishing attempts. It’s time to teach cyber security as integral part of the high school and/or college curriculum—not as an elective.Companies need to make cyber security education an integral part of their on-boarding process.

The Air Force Academy basic Cyber Security course is a good place to start (Stanford and other schools have a similar syllabi). The class consists of basic networking and administration, network mapping, remote exploits, denial of service, Web vulnerabilities, social engineering, password vulnerabilities, wireless network exploitation, persistence, digital media analysis, and cyber mission operations.

Lessons Learned

  • The web is not a benign environment
  • Companies, high schools and colleges ought to make a basic cyber security course a requirement of getting online access.

Steve Blank is the co-author of The Startup Owner's Manual and author of the Four Steps to the Epiphany, which details his Customer Development process for minimizing risk and optimizing chances for startup success. A retired serial entrepreneur, Steve teaches at Stanford University Engineering School and at U.C. Berkeley's Haas Business School. He blogs at www.steveblank.com. Follow @sgblank

By posting a comment, you agree to our terms and conditions.

  • http://www.allegiscapital.com Bob Ackerman

    Great piece Steve. In the digital world in which we live – cyber security is everyone’s business and responsibility. There is no “magic bullet” to the problem which morphs on a daily basis. This threat will be with us for the foreseeable future and its presents a text book case of forewarned is forearmed.

  • Tom Pounds

    Terrific idea, Steve. Richard Clarke’s “Cyberwar” certainly got my attention, and highlights our exposure large and small. I’m guessing a big Black Swan event is likely to come from this quarter, particularly if we continue to neglect the issue under current course and speed. Higher awareness is at least a line of defense.

    Anyone have links to good on-line cyber-security courses to share? Are Coursera, Udacity, OpenCourseWare, etc. on this? The Stanford link is a nice start, but only that.