How to Make Cybersecurity Education More Effective

If you live long enough in the world of cybersecurity education, it can often feel like the sole point of training and courses is to earn certifications. While this may be an exaggeration, there is no doubt that much of the industry is structured around studying for certifications, taking practice exams to earn those certifications, and maintaining the skills and knowledge gained through those certifications. But is this approach really the best way to prepare learners for a career in cybersecurity?

None of this is to suggest that certifications aren’t important — they are a valuable way to prove and show off knowledge about a wide variety of topics — but placing so much emphasis on them may limit the potential reach and impact of cybersecurity education as a whole. So says Maurice Gibson, Vice President of Product and Operations at CyberForward. With nearly 20 years in education, a span that includes the development of the cybersecurity program at Wiley Edge, Gibson has seen firsthand what makes the most impact.

Here’s his advice for how to make cybersecurity education, as a whole, more effective.

Make it more practical

“There is a practicality that we lose,” said Gibson, “when we view education as a goal rather than a route.” And yet, when one looks at large portions of the cybersecurity education landscape, so much of it is focused on elements that don’t have real-world analogues, whether that’s courses designed solely around certification tests or labs that make up idealized scenarios. All this misses the point. 

“I guarantee you lock your phone,” said Gibson. “And you don’t leave it at the airport when you go to the bathroom. We do things that are security related all the time, but we still look at cybersecurity as this thing over there.” Instead, we should do a better job presenting and teaching cybersecurity as something practical that we already use in our day-to-day lives.

We can begin by ensuring each course, lab, and practice exam contains real-world elements. For example, rather than simply finding code that contains an error, students should understand why that bad code exists in the first place. What mistakes or inefficiencies put it there, and how can that be prevented? Likewise, when it comes to educating nonprofessionals, don’t just warn them against clicking suspicious links. Create realistic scenarios where they can see how easy it is to fall victim to cyber threats. By making the connection to the real world that much clearer, the lesson will become much more robust.

Balance education and entertainment

While a practical education is important, so is the ability to reach people in ways they’ll be most receptive. For Gibson, that means organizations shouldn’t be afraid to abandon traditional methods of teaching. “You have to, in a soundbite/meme society, reach people right now, right?” he said. “I can't put you in a desk, give you a 500-page book, and tell you to read chapter seven anymore.”

Although some organizations have already made a full-throated embrace of alternative methods, such as gamification and TikTok-style videos, these styles of “edutainment” often don’t deliver the robust learning experience that many students need. Instead, Gibson makes the point that the best strategy may be to try to strike a careful balance between education and entertainment. “You have to balance the need for information with how people receive information.”

The best way to do this? It goes back to Gibson’s earlier point about making the teaching more practical. By taking the time to personalize lessons and address the actual needs of employees, you will be able to make whatever you’re teaching much more appealing. “You have an accounting department. You have a sales department. You have a marketing department,” said Gibson. “You want to tailor it to each of these audiences.” Once you make these lessons that much more relevant, they’ll be much more likely to pay attention and engage.

Businesses need to get more involved

Finally, improving cybersecurity education across the board shouldn’t just fall on the educators — businesses also have a responsibility. They can begin by reevaluating the skills they actually want people to learn. “Businesses do a terrible job at identifying what people need and segmenting their job descriptions,” said Gibson. “Part of that is because organizations don't understand everything that those roles do.”

In order to fix this, businesses need to more closely evaluate what each role really requires and leave room for entry-level roles. Using frameworks like NICE, they can easily build out work that is repeatable and standardized. Doing so will help create a pipeline for people to gain the on-the-job skills and experience they need to move up in the industry.

But businesses shouldn’t stop there. They should also be actively creating opportunities for even non-applicants. “These businesses can't just say you don't have an experience or enough experience without providing avenues for experience,” emphasized Gibson. “They have to take more risk.” They can do this by helping create and support graduate programs, opening up internships, and otherwise taking on more of a mentorship role. 

Alternatively, Gibson highlighted how his own organization runs a program called TalentSplit that connects senior workers with less experienced workers, helping deliver high-quality work while insulating the employer from the long trial-and-error aspect of most apprenticeships. This type of creative involvement can help create a sustainable path for people to begin their careers.

Make your cybersecurity education count

Cybersecurity is constantly evolving, so the way we teach it must evolve alongside it too. One of the best ways to ensure we are doing this is to continually try to establish cybersecurity lessons in the real world. By making our courses and trainings relevant to the lived experiences of our students and employees, we’ll make it much more likely for them to apply these practices in their daily lives. And that will help create a more secure world.

Building out practical, real-world cybersecurity knowledge is a cornerstone of the Cybrary approach. Our course work and labs are designed with realistic scenarios in mind in order to prepare our users for successful careers. Check out our full catalog to see what we can offer you.