Journal of Cybersecurity Education, Research and Practice

Volume 2023 Number 1 Article 3

July 2023

Case Study: The Impact Of Emerging Technologies On

Cybersecurity Education And Workforces
Austin Cusak
Robert Morris University, austin.cusak@gmail.com

Follow this and additional works at: https://digitalcommons.kennesaw.edu/jcerp

Part of the Accessibility Commons, Adult and Continuing Education Commons, Adult and Continuing
Education and Teaching Commons, Artificial Intelligence and Robotics Commons, Curriculum and
Instruction Commons, Educational Technology Commons, Elementary and Middle and Secondary
Education Administration Commons, Gender Equity in Education Commons, Higher Education
Administration Commons, Higher Education and Teaching Commons, Information Security Commons,
Junior High, Intermediate, Middle School Education and Teaching Commons, Management Information
Systems Commons, Other Educational Administration and Supervision Commons, Other Teacher
Education and Professional Development Commons, Technology and Innovation Commons, and the
University Extension Commons

Recommended Citation
Cusak, Austin (2023) "Case Study: The Impact Of Emerging Technologies On Cybersecurity Education And
Workforces," Journal of Cybersecurity Education, Research and Practice: Vol. 2023: No. 1, Article 3.
Available at: https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3

This Article is brought to you for free and open access by DigitalCommons@Kennesaw State University. It has been
accepted for inclusion in Journal of Cybersecurity Education, Research and Practice by an authorized editor of
DigitalCommons@Kennesaw State University. For more information, please contact
digitalcommons@kennesaw.edu.
Case Study: The Impact Of Emerging Technologies On Cybersecurity Education
And Workforces

Abstract
A qualitative case study focused on understanding what steps are needed to prepare the cybersecurity
workforces of 2026-2028 to work with and against emerging technologies such as Artificial Intelligence
and Machine Learning. Conducted through a workshop held in two parts at a cybersecurity education
conference, findings came both from a semi-structured interview with a panel of experts as well as small
workgroups of professionals answering seven scenario-based questions. Data was thematically analyzed,
with major findings emerging about the need to refocus cybersecurity STEM at the middle school level
with problem-based learning, the disconnects between workforce operations and cybersecurity operators,
the distrust of Non-Traditional Training Programs, and the need to build digital security generalists’
curriculum and training. Recommendations are also made for possible next steps.

Keywords
Artificial Intelligence, Cybersecurity Career Pathways, Cybersecurity Education, Cybersecurity Workforce,
Digital Divide, Emerging Technologies, Generalist, Higher-Ed, Machine Learning, Middle School, Multi-
disciplined, Non-Traditional Training Programs, Problem-Based Learning, STEM, Workforce.

This article is available in Journal of Cybersecurity Education, Research and Practice:

https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3
 Cusak: Impact Of Emerging Tech On Cybersecurity Education

Case Study: The Impact Of Emerging Technologies

On Cybersecurity Education And Workforces
Austin Cusak
Cybersecurity and Infrastructure Security Agency (CISA)
Robert Morris University
Alexandria, Virginia, USA
austin.cusak@gmail.com – https://orcid.org/0000-0003-2175-8753

Abstract – A qualitative case study focused on understanding what cybersecurity professionals to understand the full scope of how
steps are needed to prepare the cybersecurity workforces of 2026- emerging technologies such as AI and ML will be integrated into
2028 to work with and against emerging technologies such as their work roles, hunted for when used by adversaries, mitigated
Artificial Intelligence and Machine Learning. Conducted through when found in systems, and defended against. The NICE
a workshop held in two parts at a cybersecurity education Framework developed by NIST acts as a unifying source for
conference, findings came both from a semi-structured interview cybersecurity professionalization, pulling together experts from
with a panel of experts as well as small workgroups of government, academia, and industry (“the private sector”) to
professionals answering seven scenario-based questions. Data was
begin addressing issues like these [21], with one such method
thematically analyzed, with major findings emerging about the
being NIST’s National Initiative for Cybersecurity Education
need to refocus cybersecurity STEM at the middle school level
with problem-based learning, the disconnects between workforce
Conference and Expo.
operations and cybersecurity operators, the distrust of Non- A. Case Study Preparation
Traditional Training Programs, and the need to build digital
security generalists’ curriculum and training. Recommendations The 13th annual NICE Conference and Expo was held in
are also made for possible next steps. Atlanta, Georgia, from 6-8 June 2022, addressing the theme
Demystifying Cybersecurity: Integrated Approaches to
Developing Career Pathways [16]. The goal of this year’s
Keywords – Artificial intelligence, cybersecurity career pathways, annual conference was to bring together professionals from
cybersecurity education, cybersecurity workforce, digital divide, academia, industry, and government to work towards the NICE
emerging technologies, generalist, higher-ed, machine learning,
Strategic Plan’s goal of “promoting discovery of cybersecurity
middle school, multi-disciplined, non-traditional training
programs, problem-based learning, STEM, workforce. careers and multiple pathways” [16, p.2]. This researcher
became involved with the effort a year before the event in June
of 2021 after being nominated by their federal agency to
I. INTRODUCTION participate on the planning committee, which consisted of 15
Cybersecurity is going through the process of volunteers from academia, industry, and government.
professionalization [13] with many policies, processes, and Committee members were asked to give four-hour workshops
standards yet to be established [15]. One of the government to kick off the event [16].
entities working towards establishing norms and standards for In September of 2021, the researcher began working with
the profession of cybersecurity is the National Initiative for a cybersecurity workforce expert from industry to co-lead the
Cybersecurity Education (NICE) within the U.S. Government’s workshop, bringing new perspectives into creating an event that
National Institute of Standards and Technology (NIST). Yet as could be more meaningful by contributing to future iterations
advances in technology are made, so does the need to protect
of the NICE Framework while pushing the professionalization
and defend that technology – thus while emerging technologies
of cybersecurity. Original discussions for the workshop were
push innovation, often in risky ways, new technologies such as
Artificial Intelligence (AI) and Machine Learning (ML) have yet focused on gaining a deeper understanding of the obstacles to
to be integrated fully into cybersecurity [18]. Understanding and incorporating automation (specifically AI/ML) into more
creating a workforce that can protect emerging technologies will cybersecurity workforce training, as well as programs designed
likely be in high demand within the next five years and will be to train post high school learners (e.g., colleges, universities,
a critical element in the sustained protection of U.S. Critical trade schools, etc.,) referred to in this article as “higher-ed.” and
Infrastructures [15]. cybersecurity workforces. Identifying that the proper career
pathway and skillsets needed for this newer multidisciplined
The general and role-specific competencies needed for type of work role were undefined; the researcher and workshop
cybersecurity work are still being refined as the profession co-leader debated if a pathway for this type of complex role
continues to evolve [21] with automation and other emerging
would be more effectively learned through a university/college
technologies still needing integration into the current
framework. Reference [2] argues that it will take time for program or a hands-on Non-Traditional Training Program
(NTTP) focused specifically on technical skill development.

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

Published by DigitalCommons@Kennesaw State University, 2022 1
 Journal of Cybersecurity Education, Research and Practice, Vol. 2023, No. 1 [2022], Art. 3

Additionally, as the researcher prepared for the workshop by RQ2: At what level of education does foundational training
asking questions to educators and field experts, another really need to begin, and should that learning be
question arose as to whether or not higher-ed was enough time multidisciplined at the expense of being skill ready for a
for students to gain anything more than a basic technical workforce, or should it be focused on a few key functional
foundation, pondering if the real responsibility lay with areas employers need upon graduation?
employers who needed more robust internal technical training
To find answers, a three-person panel of experts was brought
programs, with or including extended apprenticeships, instead
in to share perspectives and insights, followed by attendees
of relying on students being ready for advance work upon
working in small groups to answer seven questions exploring
graduation.
different aspects of RQ1 and RQ2. The intent of the workshop
Following this was the debate on how to prepare high thus became a qualitative case study where data could be
school students for potential cybersecurity careers that collected from both a panel of experts and a room full of subject
incorporated emerging technologies of AI and ML. The time a matter professionals whose ideas and recommendations could
high school and even higher-ed student has to learn one be thematically analyzed for the betterment of the cybersecurity
discipline, let alone three, comes at a cost of technical depth profession. The significance of the workshop study was to help
that may or may not be what government and industry need in those in the federal, academic, and industry spaces begin
their 2026 workforce – and the need is apparently already here determining what a new cybersecurity/automation work role
[24]. This raised the issue of trying to understand what could look like, who would need to lead different aspects of its
employers should be requesting academia to put into their creation, and what age students should begin learning about it.
curriculums at all levels to prepare the cybersecurity workforce
Acknowledging that the topics this workshop addressed
of 2026: Is it better for them to be completing their training
were not mainstream or widely defined functional areas within
programs with a wide diversified skillset that is narrow in
most cyber ecosystems, the questions to panelists were
depth, or is it more marketable to ensure students gain deep
designed with the additional intention of creating
knowledge in a single functional subject? Both are likely
awareness/exposure of AI/ML amongst the group of
necessary for training future workforces, but the broad or
cybersecurity professionals attending. An acceptance by any
narrow skillset will likely need to be prioritized as the normal
cybersecurity leader attendees for a need to take action before
process, as discussed by [7] and [25].
a positional crisis arises was an additional intention. The
The next issue debated was if the NICE Framework will be workshop was thus structured in the hope that it could reach
able to update fast enough to be the roadmap high school and multiple goals: To collect data on RQ1 and RQ2, to shift
higher-ed curriculum developers map to, or if industry and perspectives of attendees on the need to train their organizations
government employers will need to provide more frequent and in these emerging technologies, and to help possible workforce
timely advice to academia on what is needed to prepare students leader attendees debate their counterparts from other sectors of
for their upcoming workforce needs. One question that kept the profession to begin deciding who should begin taking
emerging was if the next generation should be required to learn actions to further the process of professionalization.
both cyber and automation with equal competency, and if so,
With these goals in mind, the researcher established the
who will set the standard for that new role that the entire
following learning objectives for the attendees: 1) To openly
profession will accept and emulate? Research on similar
explore upcoming challenges and potential opportunities
subjects found that currently used pedagogies are not dynamic
cybersecurity organizations will have through more widespread
enough to prepare students to be effective upon entrance into a
implementation of artificial intelligence, machine learning, and
technology security workforce [6, 15, 20, 22], leading to the
the general incorporation of emerging technologies. 2) To
questions this workshop sought to begin answering.
attempt the identification of which competencies will be needed
B. Reason for the Workshop in our near-future work roles because of technological changes.
The problem this workshop set out to address was to 3) The allowance of debate amongst all present about the
understand some of the specific training, knowledge, and skills benefits and tradeoffs of educating generalists with a diversified
organizations will need their workers to have by 2026 in order skillset over training specialists with expertise in a focused area.
to incorporate emerging technologies with current 4) To openly discuss the need for determining which
cybersecurity skillsets. Automation, specifically Artificial competencies or skills will allow current cybersecurity
Intelligence (AI) and Machine Learning (ML) is becoming practitioners to quickly adapt to upcoming and current
more and more relevant to cybersecurity [18] but is not technological changes. 5) To identify which sectors of the
currently being incorporated in cybersecurity education profession (academia/industry/government) will need to lead
programs, workplace training, or U.S. STEM programs [24]. specific programs, manage changes, and initiate efforts to
The workshop was set up therefore to answer the following two ensure success over the next five years.
questions: These objectives were viewed as specifically relevant
RQ1: What types of training should be taught to high considering [5] found that Digital Security organizations have
school, higher-ed, and current professionals in order to be dramatically shifted from being rigid to more loose networks to
capable of doing cybersecurity with and against AI/ML? keep up with ever-changing challenges in securing information

https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3 2
 Cusak: Impact Of Emerging Tech On Cybersecurity Education

systems. In this new way of working, having one technical the room so the online panelists could see those in the room,
expertise alone isn’t enough for a professional to be truly and multiple microphones were used so panelists, hosts, and
effective in organizations requiring increasing multidisciplined audience members could all hear and speak to each other
skillsets in their subject matter knowledge. On top of technical without lag. When the four-hour workshop started, an agenda
expertise, the cyber security professional in this new type of was shared and prizes were displayed and placed next to the
environment needs to understand human behavior as well as refreshments to encourage participation in the first game, as
organizational processes to meet the ever-changing challenges well as a trivia game that kicked off the second half.
[5, p.121] since human factors often remain the weakest link in
A. Panel Discussion With Experts
securing data and information [14]. The new reality says [5]
that information has become more valuable than ever before The first half of the workshop consisted of a panel with
and is now a major target of threat actors capable of using experts from three areas: AI education, AI/ML operations in the
advanced technology. The next logical step is for these same security industry, and government cybersecurity higher-ed
threat actors to use AI and ML to improve their criminal work. The last expert also works as a university adjunct
activities which many are already adapting [4]. teaching technical cybersecurity courses. The workshop
facilitators also lent their expertise through the semi-structured
II. THE WORKSHOP STRUCTURE interviewing process, sharing and debating their lived
The workshop was capped at 50 attendees, many of whom experiences and personal research about how cybersecurity and
could be considered experts in the field of cybersecurity emerging technologies currently do/do not intersect. One focus
workforce operations, with three AI/ML/Cyber education of discussion was on which functional areas should be
expert panelists. The workshop was created and run by two considered in possible future designs of a cybersecurity
facilitators plus an Albert Einstein Fellow who provided STEM automation career pathway and what is currently in the way of
Subject Matter Expertise (SME) in the room. The four-hour creating one. To encourage comfort in challenging and debating
workshop was broken into two sections: a two-hour panel ideas between panelists as well as the attendees, an icebreaker
discussion with Q&A followed by two hours of small groups of two truths and a lie was used where each of the three panelists
working through the seven questions on posterboard quad read a cutting-edge technology story, one of which was
charts. To baseline a common lexicon of terms between a fabricated. The two people that guessed correctly were allowed
combined crowd of professionals from academia, industry, and to select prizes, visibly increasing the comfort and enjoyment
government, definitions of cybersecurity and automation were of the audience.
shared. Cybersecurity was defined as a broad term for the use To further keep audience members engaged, the AI security
of various technologies and processes that protect digital expert showed visualized findings from his own research, and
systems, programs, data, networks, and all devices within these the facilitators showed and discussed AI-generated images
systems [9]. Automation was defined by [9] as referring to the from DALL-E 2. Image examples [3] were shown of the author
technique of minimizing human input where possible, with using the text prompt “A bowl of soup that is a portal to another
Artificial Intelligence and Machine Learning being the two dimension” that fabricated four pictures of soup ranging from a
most relevant examples. Therefore, the term Cybersecurity cave painting to a vortex of spinning colors in photo-realistic
Automation would be used to reference the use of artificial clarity. Also shown [3] were images from the website Not a
intelligence and machine learning in security systems to sense, Real Person, where a completely fabricated human and
study, and stop cybersecurity threats automatically. In addition, background were generated to a level of detail similar to a high-
not knowing the background and technical acumen of resolution camera. These attention tactics were used at strategic
attendees, the term cybersecurity was explained to be linked to times to refresh the minds of both panelists and the audience,
IT and IT Security in its origins but should not be used keeping the discussions moving and adding clarity to AI/ML
synonymously with the term cyber, which was used to refer to conceptual discussion points. Findings from the panel
the broader ecosystem of activities and support elements of a discussion are in a subsequent section of this article.
Digital Security mission space [11].
B. Small Group Work In The Second Half
Working with the assumption that many or even most of
The body of participants from academia, industry, and the
the participants did not know each other, the room was
government had purchased tickets and arrived a day before the
configured so that no extra tables were available, and only
main conference, with the majority of participants consisting
seven to eight chairs were placed around each 10-person round
mostly of senior-level professionals from academia. There were
table. Chairs were also spaced for social distancing in the back
also senior leaders and workforce representatives from
and sides of the room for those desiring social distancing, and
industry, and only a few senior workforce development
they were notified at the beginning of the workshop that for the
participants from the government. The RSA 2022 conference
second half they would need to join a group at a table for
had been moved from April to the same week as the NICE
discussions. To ensure the audience could interact with each
Conference in June, which was believed to be the main driver
other and the panelist, the room was intentionally configured to
for less industry and government participation in the workshops
encourage a casual, comfortable environment. One of the
as in previous years. The conference and workshops were still
workshop facilitators called in remote, as did one of the
well attended, and participation in each workshop was capped
panelists who was in another country. A camera was set up in

Published by DigitalCommons@Kennesaw State University, 2022 3

 Journal of Cybersecurity Education, Research and Practice, Vol. 2023, No. 1 [2022], Art. 3

to ensure quality discussions, but the mix of this year's competencies and skills this generation may need as they
participants lacked cybersecurity operations professionals. become the workforce of the future, specifically circa 2026-
2028. The second grouping to consider was pre-professional
Questions with places for input via writing and/or sticky
and/or higher-ed: Those post-high school who plan to enter the
note were provided in quad chart form to each table on large
workforce through self-study, Non-Traditional Training
pieces of poster board. The groups were given instructions, and
Programs, apprenticeship, internship, college, or university.
each table was allowed time to discuss and capture their ideas
They were asked to consider what knowledge and skills these
into four sections: Ideal End-State, Key Activities,
people would need to perform required tasks competently upon
Challenges/Risks, and Next Steps. Each table chose a
arriving at a work center. These were called the new workforce
spokesperson, briefed their findings to the room, and took a
of 2023-2026. The third grouping was early-professionals:
maximum of two questions from fellow attendees due to time
those already in a work role who are trying to determine a career
constraints. Once briefed, that table’s quad chart was hung on
path. They were asked to consider the competencies, skills,
the back wall of the room, accompanied by a second clean quad
training, and experiences these early professionals may need to
chart for additional comments by other tables at the end of the
determine a fulfilling career path, as well as determine if their
workshop walk-about.
current skillset will be as relevant in 2026 as it has been in 2022.
Anticipating the strong personalities and opinions of The final grouping was called mid-career: those who have
conceptually based senior leaders from different sectors already been doing cybersecurity for 5-10 years and have
conflicting with those of more tactical-level technical experts, relevant competencies, skills, and experiences to grapple with
a trivia game was used before quad charts were given to the new types of problems presented by emerging technologies.
tables to help cut through the potential awkwardness of being
It was the intention that these added scopes would help
required to discuss and challenge strangers with unknown
each group work through their problem with more clarity,
backgrounds. Since time was limited, this was deemed an
creating data points that could be relevant and useful to
effective way to remove any possible posturing since
cybersecurity’s professionalization.
competition with rewards has been shown as an effective way
to get strangers to bond through common experience by III. QUESTIONS AND FINDINGS
building consensus quickly to achieve a common goal [1].
The two-hour panel discussion conducted in the method of
C. Panel/Workgroup Engagement Methodology a semi-structured interview received positive feedback from
For the first session, a semi-structured interview technique audience members in post-workshop and in-person polls. While
was used to probe panelists who had been provided the base all comments are worthy of further discussion, only a few topics
questions and order beforehand. All panelists were encouraged of particular relevance to the RQs were explored in this
to answer each question, with the hosts designating ahead of thematic analysis for brevity.
time which panelist each base question would be directed to A. Panel Discussion Findings
first for better flow. The semi-structured interview process was
chosen because it allowed for leeway in probing respondents' 1) Panel Theme 1: The Best Time To Build A Foundation Is
questions and gave the host/researcher greater dexterity in Middle School. Students in middle school are able to mentally
managing the flow of the interview/discussion [8]. One of the shift from pure instruction to more lab work at this stage of
goals of having a panel instead of only conducting audience educational development, making it easier to grab their interest
workgroups was to add context to topics the participants may with automation and technology security. It was previously
not be overly familiar with. To do this, the flow of the base believed that high school was the best starting point, but one of
questions was carefully designed to start with a macro the panelists has found through both their academic and
discussion of where the experts believed AI/ML/Cybersecurity professional work in multiple countries that middle school
will need to be in five years, then explore upcoming challenges students are particularly equipped for learning computer
for intertwining those emerging technologies into current and
languages and doing hands-on experiences, such as sandboxes,
future cybersecurity work roles. The panel discussion ended in
labs, gamified challenges, and very narrowly constructed
a micro discussion of specific skillsets needed to become a
competitions. Working outside the U.S. they see the start of this
multi-disciplined security technology professional, including
what competencies they observed academia needs to focus on interest begin in 4th grade, with a willingness to try, fail, and try
growing in K-12 and higher-ed to create a cybersecurity again as many times as it takes to get desired results really
automation career path. emerge in middle school (7th and 8th grade specifically). Other
countries with a more unified curriculum approach than the
Since interviewing was not used in the second part of the U.S. system are already doing this well, and in some regards,
workshop, participants in their small groups were encouraged the U.S. is behind. To be on par with peer nations, it is the
to give detailed answers specifically for the level of student or responsibility of state and federal governments to be
professional their group’s problem impacted the most. The nonpartisan in this regard, and the responsibility of industry to
levels shared with attendees to consider were four groupings,
provide programs and training for this specific demographic to
the first being pre-professional and/or K-12: Those entering or
use freely without strings attached. Middle school is the best
in high school specifically. They were asked to consider the
place to help students begin understanding how the different

https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3 4
 Cusak: Impact Of Emerging Tech On Cybersecurity Education

emerging technology disciplines interweave and the right place just by processing data and generating images, which is where
to start practicing skills to build technical confidence. many U.S. curriculums got stuck. Once everyone started using
Smart Phone level technology, the enthusiasm for expanding
2) Panel Theme 2: U.S. K-12 STEM Is Being Held Back By
the basics of STEM’s “T” from computer science into an
The Digital Divide. While some may see putting resources into
exploration of emerging technologies vanished. Too many
bridging the Digital Divide as partisan and for states to
became overly comfortable using technology they don’t
determine, the consequences of students with the right technical
understand in their daily lives, allowing those in “Big Tech” to
acumen not being given the opportunity to learn STEM
manage it for them. Hence, the excitement when a piece of new
damages the U.S.’ ability to protect its infrastructure and
tech is released from excitement to expectation. But the
economy. Prohibiting students from feeling personal justice
challenge remains that tech and Digital Security need to find
and dignity, as well as a sense of belonging to the larger society
people with the right wiring and skills to successfully grow
is more than just a moral imperative because of this. Emerging
what is here, and traditional schooling and higher-ed aren’t
technologies don’t currently fit within most STEM programs,
enough. Therefore, those outside of K-12 need to be connected
which acts to widen the gap of the Digital Divide. The Digital
with Non-Traditional Training Programs (NTTPs), tech
Divide was defined for the attendees as the ever-widening gap
schools, and tech apprenticeship programs. The survival of
in student/teacher/classroom/instructor populations, both
cybersecurity will rely on these programs, which also need to
culturally and digitally, between those with opportunities and
extend to AI/ML skill development and cross-training. This
those without [12]. This Digital Divide, therefore, does not only
discussion line led the panel to discuss how the positive aspects
refer to schools having the equipment and access to current
of cybersecurity specifically can be a great profession for those
technologies but also the opportunities to learn and be trained
with neurodiversity since a neurodivergent mind that is
in up-to-date methods and use of that technology so a student
interested in a subject often comes with a deep well of curiosity
can be adequately prepared for a tech-based job [19]. One of
and mental resiliency to keep trying new approaches with
the workshop attendees, an educator in the Chicago area, shared
lateral thinking (in the room it was referred to as “thinking
with the group their experiences of seeing school districts just
outside the box”) until they solved the problem. For example, it
miles apart where students in low-income families had very
was shared that personal experience has shown that those with
little to no opportunities to learn STEM, while those in a very
ADHD and autism seem drawn to the profession of
near more affluent school had many opportunities, including
cybersecurity through non-traditional learning pathways and
sponsored STEM camps during the summer.
often find that the benefits of their particular neurodiversity
3) Panel Theme 3: K-12 Instructors Lack The Training, help them more quickly identify problems and use different
Equipment, And Support To Introduce Students To tools to get past challenges. Specifically for ADHD, the ability
Cybersecurity, AI, And ML. The panel agreed that to hyper-focus on subjects the student finds interesting allows
cybersecurity, AI, and ML are interrelated and are based on the those with basic cybersecurity tools to mitigate constantly
same foundational concepts and skills, but they are not taught evolving issues. Similarly, those on the autism spectrum have
that way. A student could choose a path in one of the three or been observed as being able to apply hyper-logical processing
in multiple if they learn the foundation, but when teachers to deal with complex issues quickly and effectively, even in
present AI/ML concepts in STEM, they don’t cross over into high-stress environments. No references were cited for these
security. The use of AI/ML to help security is a level of observations.
knowledge they are not trained to convey and are, therefore,
B. Workgroup Questions And Findings
likely to not engage. Additionally, AI/ML has become
synonymous with tech innovation, which is often seen as At the end of the panel discussion, each of the seven
hampered by security instead of a necessary aspect of the workgroups were handed a question to answer, then time to
overall design. Curriculum must be built into STEM that allows brief their responses to the larger audience. Answers were
students to explore the differences between these types of captured on poster boards in four sections: Ideal End-State, Key
Activities, Challenges, and Next Steps. Poster boards were hung
technologies, allowing the “T” in STEM to include both
on the back wall for a final walkabout once completed, and
automation and cybersecurity. The Panelists agreed that the use
additional thoughts were captured separately for quality control
of AI and ML will both become major areas of work within
on a separate poster board, then incorporated into the findings
cybersecurity in the next six years, so resources must be once they were vetted as relevant to the problem. The seven
provided to K-12 educators soon to get in front of the coming workgroup questions are as follows:
necessity. • Consider a generic high school STEM curriculum. What
4) Panel Theme 4: More Effort Outside Of K-12 Is Needed must be added to those curriculums in terms of activities
To Help Prepare Students For Careers. Following the lead of and hands-on opportunities (labs, etc.) to give the students
other developed countries, exposure to careers in emerging tech tangible experience?
needs to happen while students are in middle school by non- • “What should we be doing to provide opportunities for our
academic entities, even though there is no profit for them in the current middle school students to start down a path of
short term. Computers alone used to be considered high-tech becoming a professional in AI or ML or Cybersecurity OR

Published by DigitalCommons@Kennesaw State University, 2022 5

 Journal of Cybersecurity Education, Research and Practice, Vol. 2023, No. 1 [2022], Art. 3

a mix of these, AND does industry, academia, and committed to the attitude of being “in this together” was held
government have different responsibilities to make this as a priority. Classroom teachers bare more responsibility. This
happen? responsibility was seen as needing to be extended up through
• A high school junior comes up to you and says they are higher-ed, so that when new professionals arrive at a work
interested in possibly pursuing a career in “something cool, center, they already have a basic understanding of securing AI
like AI or cybersecurity.” They ask for advice on how they programs. Universities were seen as the actor needing to lead in
should approach learning these emerging technologies. the creation of degree programs that meet the specific need of
They do not want to attend a four-year higher-ed institute. the industry, which can then be used to update the standards K-
Should they try to find the one thing they might like and 12 should follow.
really hyper-focus on it, or should they try to become more
b) End-state theme 2: certifications should be pushed.
of a generalist in multiple emerging technologies at the
Stackable certification was a common theme in conjunction
expense of gaining deep knowledge in just one subject?
with the need for a bachelor's degree. Despite the messages of
How should they approach gaining this experience?
the panelists, many workgroups did not have confidence that
• A high school junior comes up to you and says they are new professionals entering a cybersecurity and/or emerging
interested in possibly pursuing a career in “something cool, tech profession outside of traditional routes would be prepared
like AI or cybersecurity.” They ask for advice on how they sufficiently. The ideal was seen as students in 11 th grade
should approach learning these emerging technologies. beginning to earn certifications, then those same students being
They will be attending a university. Should they try to find required to mentor younger students on their path as part of the
the one thing they might like and really hyper-focus on it, continuing certification process. NTTPs were seen as a less
or should they try to become more of a generalist in effective option, but a distinction was made in that new and
multiple emerging technologies at the expense of gaining entry-level professions should prioritize gaining full
deep knowledge in just one subject? certifications, with a concept of “micro-certs” being a way for
• Should we be teaching college students and Non- them to show new skills in different emerging tech. For those
Traditional Training Programs to have a diversified skillset already at the young and mid-profession level, certifications in
of using/working with emerging technologies, OR should NICE categories with micro-certifications geared towards
we create programs that help them understand what they multi-discipline cross-functions are needed.
are very interested in and hyper-focus on gaining deep
knowledge in one thing. Ideally both, but which is the c) End-state theme 3: shift the focus to middle school.
priority and why? The theme of addressing the Digital Divide was given a lot of
• If we were to design a new category for the NICE attention, with multiple groups wanting a national focus from
Framework that combines Cybersecurity with AI and ML, the government requiring all students to learn emerging
what skills and knowledge would be needed as technologies instead of it being just a STEM subject. Middle
foundational for this position, and who would pilot and school curriculums were seen as needing to be the first area of
evaluate this new work role effectively to see if it’s government focus, providing a foundational level of technology
meeting the profession’s need? (Meaning should it be with more opportunities for all students to pursue more
tested first in industry, government, academia, or advanced tech subjects. Industry and higher-ed were seen as
something else) playing a large role in creating authentic learning experiences
• Will those seeing more traditional type degrees (such as for students based on real cyber work after government leads
business, history, education, etc.) need to start gaining the way. Labs were also seen as needing financial and
technical skills in AI/ML/Cyber? What are the most instruction assistance for building and maintaining the
pressing cross-over skills these non-technical programs hardware and software instead of the complications and costs
need, and who should have a role in developing these being on the school to manage alone.
future programs? 2) Key Activities.
C. Workgroup Themes By Section a) Activity theme 1: existing curriculum must be
While some unique findings surfaced from each question, modified. Participants felt AI/ML and cybersecurity needs to be
themes emerged within each section that appeared in many if mixed, and the broader discipline of “cyber” needs to be
not all of the workgroup answers. These themes were captured incorporated into all school’s information literacy courses.
within the four sections of Ideal End-State, Key Activities, Baseline curriculums need to be adopted first, followed by
Challenges, and Next Steps. customized sub-curriculum for functional areas that focus on
hands-on training. Additional prep courses in STEM are needed
1) Ideal End-State. in mixed cyber/AI/ML that include labs. Higher-ed and
a) End-state theme 1: layers of standards are needed. government both were seen as the entity responsible for
Creating standards for cybersecurity at all levels of K-12 that creating this process.
will lead to clearly defined employment paths was seen as very b) Activity theme 2: collaborate the transition into
important. Having counseling and mentoring should be part of higher-ed. High school students were seen as needing the most
this, and aggressively screening for only hiring staff truly career help, with a proposal to give them access to assessments

https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3 6
 Cusak: Impact Of Emerging Tech On Cybersecurity Education

and career coaching to gain direction, then be encouraged to c) Challenge theme 3: not enough access to resources.
enter a formal education program. ACT/SAT prep was also The Digital Divide was seen as a major challenge because it
seen as needing to include a section on emerging technologies. prevents students with the technical acumen from an
High school students in the Digital Divide should be assigned a opportunity to try. Funding is, therefore, the gateway to student
mentor and be encouraged to join university clubs, peer- success. Bootcamps, certifications, and equipment were seen as
supported meetups, externships, internships, and a costly but necessary way forward, with industry and
apprenticeships. The NICE Framework was mentioned as an government needing to do the heavy lifting by providing
important part of high school cybersecurity since all schools students significant discounts and creating more apprenticeship
should map to it, not just higher-ed. All universities/colleges programs for high school level students. Tuition reimbursement
were seen as responsible for creating these shifts and should for employees and loan forgiveness was seen as not enough to
also be requiring an emerging technology overview course for retain talent. There was also a concern that the lack of resources
all incoming science-related and undeclared majors to try and would force students to become more tech security generalists,
get more cybersecurity majors. Industry was seen as needing to only gaining a shallow knowledge of critical functional areas.
work with higher-ed to provide support.
d) Challenge theme 4: traditional education doesn’t
c) Activity theme 3: non-traditional training programs work for all. Some of the workgroups believed that ADHD and
(NTTPs) are trending. There is not as much confidence in other types of neurodiversity are often not discovered until after
NTTPs as there was for traditional education pathways amongst middle school, especially in underserved communities. While
the workgroups, but there was a recognition that “boot camps” some of those neurodivergent minds could be excellent at
specifically can be very useful in teaching students diverse skill cybersecurity and emerging technologies, they don’t get the
sets. This was seen as an effort industry should lead. chance because they may struggle with traditional styles of
schooling. Participants believed that a student who left high
d) Activity theme 4: make middle school the focus.
school without plans for higher-ed would likely lack career
Middle school education programs were seen as needing to be
options, mentors, and money to pay for certification training
more multi-faceted, incorporating technical hands-on
and equipment. Those graduating in the Digital Divide have it
opportunities that allow for abstract problem-solving through
worst. One workgroup observed that those who leave high
multiple mediums of content. Ensuring people of different
school without higher-ed plans have difficulty with social
learning styles have more chances to engage with the content is
interactions, lacking the ability to balance personal interests
seen as a responsibility of academia and government.
with the needs of prospective employers.
3) Challenges.
e) Challenge theme 5: no current nice category for
a) Challenge theme 1: the system isn’t working. AI/ML/cybersecurity. All workgroups agreed that a new NICE
National and state standards were not seen as currently doing Framework category needs to be created that captures the
what’s needed, with STEM being baked into general Tasks, Knowledge, and Skills [17] needed to do cybersecurity
curriculums that require negotiation with teachers' unions to automation. What this role needs to do, what the work would
change. Industry, higher-ed, and government need to look like, how the training should be approached, etc., is to be
depoliticalize STEM curriculum, with industry playing a larger determined. The ethical implications of emerging technology
role in articulating the upcoming market needs. Participants would also need to be clearly defined. Fear of Sci-Fi style AI
shared that the market will always change faster than academia issues crept into answers here.
can make updates, creating higher-ed curriculum that is
4) Next Steps.
outdated on arrival. Higher-ed was seen as not keeping pace
with the employment landscape needs, which was likely due to a) Next step theme 1: future programs must be
a lack of connection between industry and educational developed together. All workgroups believed the process for
institutions in curriculum development. The need for clear addressing challenges and reaching ideal states is for
pathways from high school should be established by both professors, industry leaders, and government training leaders to
academia and industry, with industry needing to take the lead collaborate in the development of a nationally based future
by conducting non-profit-seeking pathways that benefit society. program that could also be adopted by the international
community. The place this centralized coordination of ideas
b) Challenge theme 2: the training is too intense. The
could best happen is through NICE (part of NIST), which is
need to get middle school students onto a multidisciplinary path
already leading qualitative processes and working towards
is already hard enough, and getting students committed to
cybersecurity’s professionalization. Designing higher-ed
lifelong learning is already a challenge. Participants shared that
degree programs that incorporate the security of emerging
the basics of creating a solid foundation in math isn’t happening
technologies was seen as the priority in this effort, with no
yet, and there is apparently an increase in students leaving
mention of NTTPs. A single taxonomy was also recommended
higher-ed programs due to a lack of motivation and an
for adoption between cybersecurity and AI/ML, ideally
unwillingness to go into massive student loan debt. The
becoming a global standard. Ethics was seen as an essential root
participants also saw a lack of family/community support as a
of all higher-ed training, and traditional models of teaching
major obstacle to students finishing challenging programs.
cybersecurity were seen as needing to be more hands-on.

Published by DigitalCommons@Kennesaw State University, 2022 7

 Journal of Cybersecurity Education, Research and Practice, Vol. 2023, No. 1 [2022], Art. 3

b) Next step theme 2: foundational tech courses before they believed higher-ed is capable of effectively self-regulating
middle school. Gen Cyber Camp and similar fun training for with their current administrative mechanisms, allowing
high school students were presented as needing to be simplified colleges and universities to better meet the challenges and
for younger audiences. The NICE Framework [17] was also requirements raised in the workshop.
seen as a possible standard for students, at least down to middle
school, if not earlier. Creating benchmarked graduation IV. ANALYSIS OF FINDINGS
requirements for high schoolers to win apprenticeships was A major unexpected aspect of the workshop themes was the
seen as a possible avenue, with a push to change the national high-level conceptual answers given by the attendees for all
focus to students developing skills with emerging technologies. four areas. In designing the workshop, an assumption was made
One workgroup proposed having NICE collect quantitative by the researcher that most of the participants would be current
metrics measuring the progress of the middle school refocus and former cybersecurity professionals who had conducted
effort so adjustments could be made. A different workgroup actual operations, analysis, or done work in a cybersecurity
believed the best first step would be to have experts from functional area. The workshop and questions were therefore
industry brought in to work directly with middle school designed to produce more tactical level answers from those
students instead of leaving complex disciplines for self- with direct knowledge of Tactics, Techniques, and Procedures
discovery only. (TTPs) that could be adopted for K-higher-ed audiences.
Instead, the majority of participants were from academia and/or
c) Next step theme 3: school districts need to request
workforce operations, which likely did not generate themes the
help and resources. The conflicts between state and federal
same as a workgroup with a fuller mix of former technical and
standards were seen as a major battlegroup that hurt learners for
current workforce professionals working together would have.
partisan gains. Everyone believed having critical infrastructures
However, two of the panelists stayed and participated in
secured was a non-partisan issue though, so curriculum “that
different workgroups, producing more actionable next steps
works” needs to be developed and shared openly. Both
and fewer conceptual-level answers, which may have impacted
government and industry should sponsor more training for K-
the overall findings.
12 STEM educators, with industry creating work-based
learning opportunities for students to gain exposure to real- A. First Major Findings: There Is A Disconnect Between
world issues. Big Tech companies like Apple, IBM, and Google Those Conducting Cybersecurity Operations And Those
can also be asked to provide massively discounted software and Supporting Cybersecurity Workforces
refurbished hardware for students. Some workforce operations professionals don’t understand
d) Next step theme 4: non-traditional training their cybersecurity workforce if they have never done actual
programs should be expanded. Money talks. The workgroups cybersecurity work. Cybersecurity has too many entrance
believed government should fund employment coaching and pathways and seems resistant to what has worked for IT and IT
formal mentoring for all students going through an NTTP, Security workforces, which is pushed upon them by workforce
while coordinating internships and apprenticeships for both operations professionals. Traditional workforce best practices
government and industry. Industry had the additional role of do not seem to be working, and those making decisions about
creating more entry-level positions instead of asking for future workforce needs are doing so without the technical
unrealistic work experience in entry-level jobs. Multiple experts giving them the right information to make workforce
workgroups also said that agreeing on a standard technical decisions. There is also a disconnect and even disbelief that
position description language is a must. The pathway of a cybersecurity needs to be approached differently by longtime
student leaving an NTTP with a prearranged apprenticeship was workforce operations professionals. The move from OPM’s
seen as necessary since these students were disadvantaged by KSA to the NICE TKS is a compelling enough reason to update
not attending a traditional formal higher-ed program. best practices. Therefore, the NICE Conference needs to
become a place where workforce operations, technical trainers,
e) Next step theme 5: cross-disciplinary skills through and current/former cyber operations meet and work together to
NTTPs must be incentivized. Workgroups believed schools determine needs, next steps, best practices, and points for
would need to work with local industry and/or government to collaboration. Workforce operations showed up in force at the
build community Security Operations Centers (SOC) for skill conference, but very few cyber operations and training
practice and have career ambassadors to market NTTP professionals were present. Workforce operation leaders must
programs. Providing childcare for NTTP students was seen as embrace new ways of working with this currently untraditional
necessary, but not for traditional higher-ed. Earning money was workforce and prioritize new pathways that allow employees
seen as the goal of students entering an NTTP, so into their organizations, such as NTTPs. Many with the right
industry/government-building paid apprenticeship programs technical acumen are not entering the profession because the
for recent high school graduates were the way forward. pathways are too traditionally based. This is also just for
f) Next step theme 6: a desire to make academia cybersecurity, not including emerging technologies. One point
profitable. Two workgroups felt that many of the issues could of note, understanding potential competencies for a career
be most easily addressed if higher-ed was allowed to focus on pathway in cybersecurity automation was mentioned multiple
being profitable instead of non-profit. When questioned on this, times, but only one workgroup (with an AI panelist) provided
context on the subject. All other answers, solutions, and ideas

https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3 8
 Cusak: Impact Of Emerging Tech On Cybersecurity Education

were kept at a very conceptual level, leading to learning with the right technical acumen that can do security of emerging
objectives two and four being mostly passed over. The NICE technology well. The starting point for all middle schoolers,
Framework’s more refined TKS was not discussed, which was including underserved communities, is to consider making
a missed expectation of the workgroups who were attending a current materials more engaging and hands-on using PBL.
conference hosted by NIST’s NICE about the Framework.
D. Fourth Major Findings: Build Security Generalists First
Discussing the NICE Framework’s move away from OPM’s
Instead Of Functional Area Experts
limited KSA model into the TKS model was never fully
explored, even though the TKS model better reflects the Findings from the workgroups were that a majority of
cybersecurity professionals’ work roles. KSA’s were participants at the workshop felt focusing on creating broad
mentioned frequently though. There were also a lot of technical security generalists was less effective than more
incorporated ideas from the panelist in workgroup answers, but focused degree programs specifically geared towards a few
respondents seemed unsure of how to use the AI/ML different cybersecurity functional areas. The panelists believed
information, which was more hinted at than anything else. the opposite, saying that all STEM students should be taught as
technology generalists regardless of their field since all STEM
B. Second Major Findings: New Methods Must Be Adopted has multiple crossing points now and will have even more by
Across All Education Levels 2026. The need to focus on just one functional area was still
Using Problem Based Learning (PBL) tactics, cybersecurity seen as more important, with faith in certifications ability to
must be woven together with emerging technologies such as AI verify expertise in the skills. However, it is unknown what
and ML, which are already being used by Advanced Persistent tactics APTs will use against U.S. societal interests in 2026-
Threat Actors (APTs) against ALL sectors of the U.S. [4]. AI 2028, and an overreliance on certifications as skill verification
is already being used against schools, hospitals, and businesses, is not likely the way forward. When things are moving fast,
requiring organizations conducting security to invest in having more broad skill ranges is more ideal since it will be
building professionals that can respond with the same easier to dive down into any one functional area if a baseline
technologies. Younger professionals need emerging training has already been established. One panelist also shared their
opportunities, which businesses seem reluctant to do. The experience that AI/ML and emerging technology specifically is
cybersecurity industry is still relatively new and considered a more complicated functional area to learn than cybersecurity
transient, which employers may see as a sink of their time and and that AI/ML should be prioritized with students since it’s
resource. Providing expensive training just to have people walk easier to move from AI/ML into cybersecurity work than
to a different job with their new skills is a necessary risk. More learning AI/ML after having only a cybersecurity skillset.
entrance points from NTTPs and apprenticeships should
E. Fifth Major Findings: Current Workforce Operations
therefore be prioritized, with Continuing Service Agreements
Does Not Trust NTTPs
and incentives tied to demonstrated skill execution post training
to receive higher compensation. Recognizing the importance of One unexpected observation from this specific point was
finding new ways to attract and retain talent, the U.S. how current young professionals are viewed by the majority of
Department of Homeland Security (DHS) for example has senior-level participants in the workshop. Traditional higher-ed
created a Cyber Talent Management System as a means to bring is still seen as the only real option for a career. Participants of
in and keep good talent by providing higher compensation for the workshop were not fully swayed by the combined panelists'
demonstrated skills and performance. Overall, the system was insistence that traditional education isn’t enough. The
seen as not working, and those from academia shared the need workgroup results showed a mistrust of NTTPs, believing
to make academia more profitable so it could solve the many colleges and universities were the only trustworthy path to a
challenges of the workforce. When asked in the event how good career. Four workgroups showed a clear distrust of NTTP
academia, in general, would effectively self-regulate and not students’ success trajectory while holding high trust for
become even more cost-prohibitive than it currently is, the completing a traditional higher-ed program. NTTP students
answer was government subsidies without oversight. This were believed to need more financial help from their families,
response could have been from a variety of experiences, but it a high need for childcare, and support networks that could
was unfortunately not explored further in group debate due to mentally help them get through training. The researcher also
time constraints. captured participants' perceived challenge that those who did
not attend a university/college would have difficulty with social
C. Third Major Findings: Middle School Needs To Be The interactions and have a harder time becoming functional adults.
Focus Of Resources First It is possible these workgroups did not have experience with
The curriculums of good STEM programs should be ported students coming from NTTPs and were unaware of the
into middle school-level labs, with intentional sharing of best successes NTTPs have had in placing their students into
practices and open-source materials. National and state apprenticeships and entrance-level work roles. While NTTPs
education leaders must press the importance of getting more may not have the same length of time as a traditional higher-ed
emerging technology into middle school classes, with emphasis institution, they are often based in PBL and push skill
on the need to address the Digital Divide. Addressing the divide development through interacting with real-world problems,
is not only the morally correct course of action but also an making them ideal apprentices in fast-paced cybersecurity
action that will benefit the larger society by finding individuals operations centers. While apprenticeships still need to be

Published by DigitalCommons@Kennesaw State University, 2022 9

 Journal of Cybersecurity Education, Research and Practice, Vol. 2023, No. 1 [2022], Art. 3

standardized with a focus on teaching new hires their systems instead of just users. The ideal is to get students to
responsibilities, NTTP programs are one effective way to understand the basics of cryptography in security systems
address the Digital Divide and underserved communities before high school, which would likely be more effective with
specifically. some form of mentorship from outside of the school. If this
process is successful, it could be considered a standard for
V. ADDITIONAL RECOMMENDATIONS schools within the Digital Divide. To start this off, industry and
A large amount of qualitative data addressing parts of RQ1 government could allow cyber ambassadors to speak with
and RQ2 was analyzed and shared thematically above. Themes students, share cyber stories in classrooms, and build
would possibly have been different and more detailed if the connections with teachers who are starting out in this area of
workshop had been more balanced with technical perspectives, STEM. Gen Cyber Camps and Cyber Patriot are current
which would have required more operational-level programs that could be expanded downward from high school
professionals and experts from cybersecurity and AI/ML to be to middle school for this purpose, with industry taking the lead
present. Workforce operations and academia representatives to create roadmaps for apprenticeships and free training that
showed up, but their government and industry trainers and grows with the grade of the student. Middle school students
educators did not. should be encouraged to gain more than a basic knowledge of
computer languages and be given hands-on learning
One major finding from this event was the agreement that
experiences such as sandboxes, labs, gamified challenges, and
foundational training needs to start earlier than it currently is
very narrowly constructed competitions. The goal needs to be
and that such training must incorporate emerging technologies
to allow them to try, fail, then try and fail as many times as it
and Digital Security. Since this is a large concept that is easy to
takes to build their adaptability muscles. They also need to learn
say but challenging to put in motion, a goal using data from the
that it’s okay to fail... that’s how they learn.
workshop was formed for educators to consider: Begin building
foundational content that evokes curiosity, which is a crucial C. Shift To Broader Foundations That Incorporate Emerging
component for students to practice adaptability, leading to Technology
them gaining a baseline of technical confidence. Any activity While the workgroup participants felt that a shift to find
fostering this process should be a good start since the panel of classroom teachers more committed to learning and teaching
experts believed that technical confidence can be grown into STEM was needed without additional compensation
high technical acumen. Therefore, to supplement what was articulated, the classroom teacher does have a vital role and
shared in the findings and analysis section, additional therefore needs prioritized support. To prepare 7-12th graders
recommendations gathered from the panelist, the workgroups, for NTTPs and higher-ed, academia should be creating more
and pre-work group preparation are presented below for training materials based on projected industry needs. If creating
consideration of some steps that might help initiate more cross-disciplinary graduates is a goal of higher-ed, then they
development opportunities for cybersecurity and AI/ML cross- need to set their expectations and pathways starting in middle
disciplinary approaches. school. This need for mixed skills in today’s cybersecurity
A. Professionalization professionals is nothing new though since even in 2010 experts
were demanding that cybersecurity students be taught not only
The Office of the National Cyber Director (ONCD) should
technical skills but also have a baseline interdisciplinary
have more operational-level counsels supporting the growth of
understanding of formulating policies, risk management,
the NICE Framework by bringing together industry, academia,
navigating business standards, creating frameworks,
and government. Professionalization is the goal, and the
governance, and much more [10, 23].
government has a unique role, with ONCD taking lead in
creating policy, NICE in framework and competency mapping, D. Invest In The NTTP Model
and CISA in sponsoring NTTPs, competitions, cyber ranges, Industry, academia, and government should invest more
and more 7-12 grade engagement programs. Industry, into NTTPs, especially as an alternative to
especially Big Tech, could take a larger role in providing universities/colleges. Some of these NTTP programs could
equipment, free training, and apprenticeships while also cater more to neurodiversity, and the current organizations
providing annually updated work role requirements to leading efforts to create more free training and pathways should
academia. Academia can update their curriculum to prepare be championed and emulated. Some examples are ISC2
students better and create NTTP satellite training for their committing to provide free training to over a million people,
geographic communities, possibly subsidized with government CISA providing grant funding to two NTTPs working in
grants. The ONCD should also begin the licensing process for underserved communities, SANS providing GIAC certification
key cybersecurity roles, including determining which opportunities for students at HBCUs, etc. Academia should not
certifications are most applicable to work roles and feel threatened by NTTPs, since almost all of their other
standardizing those. programs will follow the traditional training model. Instead,
B. Make Training Fun For Middle Schoolers Academia should consider creating their own NTTPs just for
cybersecurity and emerging technology skill development.
Students need to be given hands-on opportunities to dabble
with tech, software development, and being administrators of

https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3 10
 Cusak: Impact Of Emerging Tech On Cybersecurity Education

E. Apprenticeships request federal standards for the subjects of automation and

Industry should create fully remote summer apprenticeships cybersecurity, which need to be treated as non-partisan issues.
for high school students that cater to underserved communities H. More Problem-Based Learning
and those in the Digital Divide. A key aspect would be for these
The key action for initiating the above recommendations is
specific apprentices to get hands-on experience they likely
to create more problem-based learning opportunities. Industry
wouldn’t receive in a traditional internship. This would also
could sponsor and provide simplified resources that 7-12th
allow the apprentice to better build career capital with a
grade teachers can use with students. Older Cyber Ranges and
potential employer and determine if that organization is a good
entry-level-cyber challenges could be a big part of this
culture fit. This would require more thoughtfulness and
downward shift, with an emphasis on making content more
preparation on the organization, which could receive free
engaging and informative. Government could allow students to
support and structure through the Department of Labor’s
conduct academic security audits, giving them experience and
Cybersecurity Apprentice Program. The return on investment
helping connect them to the needs of society. Academia could
outweighs the cost though, since getting eager
shift their STEM and higher-ed technology learning to PBL,
cybersecurity/emerging technology professionals that can be
requesting skill and work role mapping from industry to ensure
grown into organizational leaders may help Digital Security
they are teaching what’s needed now and in the near future.
departments and organizations stay competitive in the 2026-
Academia and industry could also begin working together
2028 market.
specifically on taking already created Cyber
F. Mentoring Ranges/Challenges and repacking them for different learning
Allow for mentoring of young professionals and higher-ed levels. For example, K-6 (introduction to technology) could be
students with small groups of high school/middle school more picture/game based, 7-9 (foundations in technology)
students instead of one-on-one. Give workplace incentives to introduces labs with video walkthroughs, 10-12 (securing
young professionals and credits to higher-ed students who technology) could be more game/video/lab-based with PDF
participate. For NTTP students, allow small tuition reductions walkthroughs, and higher-ed/NTTPs (becoming a professional
for mentoring commitment and/or make mentoring part of the of technology security) could use the same professional
program. Keep it as small groups and allow monitoring to challenges accompanied with detailed walkthroughs.
ensure mentorship programs from industry, government, and
VI. CONCLUSION
students in higher-ed working at high school/middle school
STEM programs. Adults and volunteers would need to be The NICE Conference brings together experts interested in
vetted for skills, receive ethics training, and be screened for sharing and learning what’s working and what needs to happen
risky social behavior. There were recommendations among the with regard to cybersecurity education, training, career
workgroups for mid to senior-level professionals to mentor pathways, apprenticeships, and reskilling. It is pushing
middle/high school kids which could be done, but that has professionalization for government, industry, and academia in
inherent social risks and would likely be less beneficial to the a way that must be expanded and adopted so cybersecurity can
students. A small group of high school seniors being mentored gain a single set of standards, norms, and development
by a young professional in their first few years of a career is pathways. One major need for this to happen is for the NICE
more relatable than senior professionals in the twilight of their Framework and Conferences to have more operations and
career. That is not to say young students wouldn’t benefit from technical cybersecurity professionals participating in these
a senior mentor, only that creating programs relying on young future workforce discussions. Technical professionals must
professionals instead of senior ones will likely produce more collaborate more with their workforce planners and developers
benefits for the profession. Training would need to be for accurate and relevant career paths to be established.
undergone before adults work in school to cover ethics, Planners of this workforce and those existing in this new type
responsibilities, behavior expectations, and avoiding of ever-expanding profession must also find more ways to be
compromising situations. transparent and collaborate across sectors while providing their
needs to academia for refinement of curriculums.
G. Incentivize Teaching STEM
Middle/high school teachers should be incentivized instead ACKNOWLEDGMENT
of expected to go above and beyond in teaching STEM. Most The author would like to thank Jason Hite for co-hosting
teachers are already overworked and underpaid, and the current the event and Svea Anderson for her planning and onsite
“free” training given to them too often has a paywall or is support. Panelist experts Anastacia Webster, Alibadi Roozbeh,
learning by PowerPoint. Professional training organizations and Athit Kao, PhD, were essential to creating the discussion
that do good PBL are expensive and require expertise, which that helped participants consider the role of emerging
school and district leaders need to fight for. Leaders in technologies in their current and future workforces. Finally, a
education are ultimately responsible for all of the students at special thanks to Florida International University for
their school and need to present upward to districts and state administering the NICE Conference and to Rodney Peterson for
representatives that the teaching of cybersecurity his leadership and vision in forwarding the professionalization
augmentation-related subjects is a non-partisan interest that of cybersecurity.
deserves special treatment and resources. States then should

Published by DigitalCommons@Kennesaw State University, 2022 11

 Journal of Cybersecurity Education, Research and Practice, Vol. 2023, No. 1 [2022], Art. 3

REFERENCES
[1] Bloom-Feshbach, A., & Poyet, M. (2018). The rise of digital team [19] Van Deursen, A., & Van Diik (2015). The digital divide shifts to
building. People & Strategy, 41(2), 52-56. differences in usage. New Media & Society 16(3), 507-526.
https://link.gale.com/apps/doc/A535943011/AONE?u=anon~e9dc0e26 https://www.doi.org/10.1177/1461444813487959
&sid=googleScholar&xid=bdf17200 [20] Wang, P., Hayes, N., Bertocci, M., Williams, K., & Sbeit, R. (2020).
[2] Bhatele, K. R., Shrivastava, H., & Kumari, N. (2019). The role of The role of partnership and collaboration with cybersecurity industry in
artificial intelligence in cyber security. Countering Cyber Attacks and cyber defense education: A panel discussion. INTG Conference Las
Preserving the Integrity and Availability of Critical Systems. 170-192. Vegas, June. https://www.researchgate.net/profile/raed-
IGI Global. https://doi.org/10.4018/978-1-5225-8241-0.ch009 sbeit/publication/342425245_the_role_of_partnership_and_collaboratio
[3] Brownlee, M. (2022, May 16). DALLE: AI made this thumbnail! n_with_cybersecurity_industry_in_cyber_defense_education_a_panel_d
[Video]. YouTube. iscussion/links/5ef3b07a4585153fb1b38d66/the-role-of-partnership-
https://www.youtube.com/watch?v=yCBEumeXY4A and-collaboration-with-cybersecurity-industry-in-cyber-defense-
[4] Brundage, M., Avin, S., Clark, J., Toner, H., Eckersley, P., Garfinkel, education-a-panel-discussion.pdf
B., ... & Amodei, D. (2018). The malicious use of artificial intelligence: [21] Wetzel, K. (2021). NICE Framework competencies: Assessing learners
Forecasting, prevention, and mitigation. arXiv preprint for cybersecurity work (Draft NISTIR 8355). National Institute of
arXiv:1802.07228. https://doi.org/10.48550/arXiv.1802.07228 Standards and Technology. https://doi.org/10.6028/NIST.IR.8355-draft
[5] Dhillon, G., Smith, K., Hedström, K. (2019). Ensuring core [22] Whitman, M. (2018). Industry priorities for cybersecurity competencies.
competencies for cybersecurity specialists. Cybersecurity Education for Journal of The Colloquium for Information Systems Security Education
Awareness and Compliance (121-133). IGI Global. (CISSE), 6(1).
https://doi.org/10.4018/978-1-5225-7847-5.ch007 https://cisse.info/journal/index.php/cisse/article/view/91/CISSE_v06_i0
[6] Dobson, S. (2018). Cybersecurity talent hard to find: Report. Canadian 1_p06.pdf
HR Reporter, 31(9), 3-18. https://www.hrreporter.com/focus- [23] White, G., Williams, D., & Harrison, K. (2010). The CyberPatriot
areas/recruitment-and-staffing/cybersecurity-talent-hard-to-find- national high school cyber defense competition. IEEE Security &
report/299496 Privacy, 8(5), 59-61. https://doi.org/10.1109/MSP.2010.166
[7] Furnell, S. (2021). The cybersecurity workforce and skills. Computers & [24] Wong, G. K., Ma, X., Dillenbourg, P., & Huan, J. (2020). Broadening
Security, 100, 102080. https://doi.org/10.1016/j.cose.2020.102080 artificial intelligence education in K-12: Where to start?. ACM
[8] Kallio, H., Pietilä, A.M., Johnson, M., & Docent, M. (2016). Systematic Inroads, 11(1), 20-29. https://doi.org/10.1145/3381884
methodological review: developing a framework for a qualitative semi- [25] Yang, S., (2019). A curriculum model for cybersecurity master’s
structured interview guide. Journal of Advanced Nursing, 72(12), 2949- program: A survey of AACSB-accredited business schools in the United
3217. https://doi.org/10.1111/jan.13031 States. Journal of Education for Business, 16(8), 520-530.
[9] Isberto, M. (2021). What is cybersecurity automation? Colocation https://doi.org/10.1080/08832323.2019.1590296
America. https://www.colocationamerica.com/blog/cybersecurity-
automation
[10] Jacob, J., Wei, W., Sha, K., Davari, S., & Yang, T. (2018). Is the Nice
Cybersecurity Workforce Framework (NCWF) Effective for a ABBRIVIATIONS AND ACRONYMS
Workforce Comprising of Interdisciplinary Majors? 16th International
Conference on Scientific Computing, page 124-130.
ADHD – Attention Deficit Hyperactivity Disorder
https://par.nsf.gov/biblio/10095246
AI – Artificial Intelligence
[11] Lippert, K. & Cloutier, R. (2021) Cyberspace: A digital ecosystem.
APTs – Advanced Persistent Threat Actors
Systems 2021, 9(3), 1-20. https://doi.org/10.3390/systems9030048
CISA – U.S. Cybersecurity and Infrastructure Security Agency
[12] Mackay, H., & Strickland, M. (2018) Exploring culturally responsive
DHS – U.S. Department of Homeland Security
teaching and student-created videos in an at-risk middle school
GIAC – Global Information Assurance Certification
classroom. Middle Grades Review 4(1), 7.
HBCUs – Historically Black Colleges and Universities
https://scholarworks.uvm.edu/mgreview/vol4/iss1/7
Higher-ed – All professional training post high school
[13] Nobles, C. (2018a). The cyber talent gap and cybersecurity
ISC2 – International Information System Security Certification Consortium
professionalizing. International Journal of Hyperconnectivity and the
KSA – Knowledge, Skills, & Abilities
Internet of Things. 2(1), 56-63.
ML – Machine Learning
http://doi.org/10.4018/IJHIoT.2018010104
NICE – U.S. National Initiative for Cybersecurity Education
[14] Nobles, C. (2018b). Botching human factors in cybersecurity in business
NIST – U.S. National Institute of Standards and Technology
organizations. HOLISTICA – Journal of Business and Public
NTTP – Non-Traditional Training Programs
Administration,9(3), 71-88. https://doi.org/10.2478/hjbpa-2018-0024
ONCD – U.S. Office of the National Cyber Director
[15] NAPA Workforce Report. (2022). A call to action: The federal
OPM – U.S. Office of Personnel Management
government’s role in building a cybersecurity workforce for the nation.
PBL – Problem Based Learning
National Academy of Public Administration. https://s3.us-west-
RQ – Research Question
2.amazonaws.com/napa-2021/studies/dhs-cybersecurity-
SANS – Escal Institute of Advanced Technologies
workforce/NAPA-Final-CISA-Cybersecurity-Workforce-Report-
SME – Subject Matter Expert
January-2022.pdf
STEM – Science, Technology, Engineering, Mathematics
[16] NICE CON. (2022). Demystifying cybersecurity: Integrated approaches
TKS – Tasks, Knowledge, & Skills
to developing career pathways. NICE Conference and Expo 2022.
TTPs – Tactics, Techniques, & Procedures
https://niceconference.org/wp-content/uploads/2022/06/NICE-2022-
Program-Book.pdf
[17] NICE. (2020). Cybersecurity NICE Framework. National Institute of
Standards and Technology. https://www.nist.gov/itl/applied-
cybersecurity/nice/nice-framework-resource-center
[18] Sadik, S., Ahmed, M., Sikos, L., Islam, A. (2020). Toward a sustainable
cybersecurity ecosystem. Computers 2020, 9(3)
https://doi.org/10.3390/computers9030074

https://digitalcommons.kennesaw.edu/jcerp/vol2023/iss1/3 12