K-12 Cybersecurity Education Guide

Cybersecurity is an exciting career field for K-12 students to consider entering after graduation. Because there is a lack of skilled and trained workers to fill the many available cybersecurity jobs, cybersecurity education and training is being started in the K-12 educational years, encouraging students to think about joining the field. Additionally, cybersecurity skills and knowledge can be important to any job in today’s technologically-advanced society, not just jobs in computer science or information security.

A survey conducted by the Center for Strategic and International Studies (CSIS) found that 82 percent of employers say that their employees lack cybersecurity skills, and 71 percent of employers think that this talent gap causes damage to their organizations. As of January 2019, the National Initiative for Cybersecurity Education (NICE) noted that there were 314,000 fewer cybersecurity professionals than available jobs in the United States. The number of unfilled cybersecurity jobs in the United States has grown by over 50 percent since 2015. If left unchecked, the number of unfilled cybersecurity jobs worldwide could reach 1.8 million by 2022.

Early education in cybersecurity is hoped to spark, and increase, students’ interest in information security as a career option. Many kids don’t even realize that cybersecurity exists as an occupation until they have been exposed to cybersecurity education. More educational programs designed for and targeted to students in K-12 are being implemented worldwide in order to turn the tide and combat the shortage of cybersecurity talent.

Cybersecurity Jobs

Cybersecurity, or information security, is a broad term used to describe a myriad of positions that are responsible for safeguarding and protecting digital assets and sensitive data. As students begin to explore the field of cybersecurity, they will quickly learn that there are a wide variety of jobs within the cybersecurity field for which students can prepare. Here are some examples of just a few of them.

Security Engineer

An IT (Information Technology) Security Engineer is one of the newest job titles within the information security field. It focuses on quality control within information technology, and includes the design, construction and defense of scalable, secure and hardy systems. It also entails working within operational data centers and networks, educating organizations on cyber threats, and helping create strategies to protect networks and organizations.

Security Analyst

An Information Security Analyst, or Cybersecurity Analyst, is one of the most basic and common jobs within cybersecurity. Information Security Analysts are responsible for information protection, data loss protection, data classification, threat protection, security information and event management, user and entity behavior analytics, anti-virus and intrusion detection systems, intrusion prevention systems, and penetration testing.

Malware Analyst

As malware becomes more rampant among our data systems, the need for Malware Analysts has increased. We hear about new ransomware attacks worldwide almost every day. It is the responsibility of Malware Analysts to determine how malware works and how to prevent attacks. They use reverse engineering to trace the purpose of a malware program and prevent them from occurring again. Malware Analysts help organizations to better defend against further attacks.

Incident Responder

Incident Responders do just what the job title says – they respond to cyber incidents that occur, as well as work to prevent them from occurring in the first place. Learning about how an incident occurred – its mechanics – and the goals of that incident are vital to figuring out an effective response. They also monitor systems, perform assessment testing, and analyze systems to identify and correct potential security breaches.

Information Assurance Analyst

Information Assurance Analysts are in high demand in the cybersecurity arena. They must fully understand the technology of cybersecurity as well as communicate threats and risks well with others in an organization. Information Assurance Analysts conduct vulnerability management activities that assess potential threats, coordinate and lead technology staff in identifying and remedying vulnerabilities in systems, and work with IT staff to make sure that procedures and processes are in place to detect and prevent system intrusions.

Data Security Strategist

Sometimes referred to as Cyber Security Strategist, Data Security Strategists use their extensive knowledge and professional experience to support the definition, communication and maintenance of a company’s information security strategy. They provide information security architecture viewpoints for assigned strategies across all enterprise-level initiatives. Data Security Strategists also work with teams across the company to make sure that strategies align with all business and technical needs.

Skills Necessary for Success in a Cybersecurity Career

In order to attain cybersecurity jobs such as the ones described above, you must have a thorough understanding of certain technological skills. The foundational skills that are necessary for success in a cybersecurity career include, but are not limited to:

Understanding of Computer Hardware and Software

Understanding the basics of computer hardware and software is crucial to success in a cybersecurity career. You must understand how computer systems work in order to be able to protect them. A computer’s hardware components, as well as the basic types of software they use, should lay the foundation of your knowledge.

Understanding of Computer Operating Systems

The basic computer operating systems, like Windows, Linux, and Mac, are important to understand as you will be working with various operating systems throughout your career in cybersecurity.

Working Understanding of Computer Programming Languages

Not all cybersecurity professionals need to understand all programming languages. Depending upon your role, however, a working knowledge of certain languages can be helpful. These include Java, C++, PHP, Python, Perl, and shell.

Understanding of Networking

The process of connecting one or more computer systems together, or networking, is vital to understand in cybersecurity. Comprehending the ways that systems communicate and transmit data will help you to protect those systems and data.

Understanding of Coding

At least a basic understanding of coding is often necessary in order to write tools that will automate security tasks and other functions. This becomes more important to cybersecurity jobs like ethical hackers and malware analysts.

Implementation Skills

Implementation skills involve not just understanding a system or network’s architecture, but using that understanding to identify what security controls are in place and how they are used. This is also vital to grasping the weaknesses and vulnerabilities in databases and application deployment.

Soft Skills

Soft skills are non-technical skills that you must possess in order to succeed in the cybersecurity discipline. They include, but are not limited to:

  • Excellent interpersonal communication skills
  • Excellent written and oral communication skills – you can clearly articulate complex ideas to others
  • Ability to work well individually and as part of a team
  • Active listening skills

Solid Work Habits

Additionally, the following work habits are vital to doing well in cybersecurity:

  • Enthusiasm
  • Eager to examine technical questions in-depth, from all sides
  • Adaptability and flexibility
  • Strong analytical skills
  • Awareness of and keeping updated with current standards, practices, procedures and methods


Certifications that you might want to pursue, and that many employers in the cybersecurity realm seek, are:

  • Certified Ethical Hacker (CEH)
  • Certified Information Security Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Offensive Security Certified Professional (OSCP)
  • GIAC Certified Incident Handler (GCIH)


Having a cybersecurity certificate, diploma or degree can help to prepare you for a competitive and ever-changing job market. Particularly for those who wish to advance in the field, certificates, associate degrees and bachelor’s degrees in cybersecurity are valuable. Graduate degrees can be extremely helpful for anyone who wishes to hold a supervisory or managerial position within information security.

Educational Resources for Cybersecurity

More K-12 school systems across the U.S. are providing training for their teachers and implementing cybersecurity courses for students to begin in elementary school. Still, according to research by EdWeek Research Center, less than half of the K-12 students in this country are currently receiving some type of cybersecurity education. If your school system is not offering K-12 cyber education, there are still online resources and training that you can pursue, such as:

In the report, “The State of Cybersecurity Education in K-12 Schools,” Cyber.org found that cyber education in K-12 schools is in great demand. Seventy-five percent of educators said that students had a medium to high desire to learn more about cybersecurity careers. Some of the topics that students have expressed the most interest about learning include:

  • Robotics
  • Coding
  • Programming
  • Cyberbullying
  • Artificial intelligence
  • Hacking and data security
  • Basic digital literacy
  • Collection, storage, usage and protection of data

Encouragement from Parents and Teachers for Students Interested in Cybersecurity

What can K-12 educators, as well as parents, do to encourage students to become more aware of, and perhaps pursue a career in, cybersecurity? Some of the suggestions in the Cyber.org report include making sure that students have access to cybersecurity education, raising educators’ basic levels of knowledge regarding cybersecurity education, increasing the number of K-12 schools offering cybersecurity education, enhancing educational offerings, and informing students about the various cybersecurity career options.

Additionally, from a young age, parents should teach their children the basics of internet safety. Whether or not they decide to pursue a career in cybersecurity, all children must know how to protect themselves on the internet. For students who express an interest in STEM and/or cybersecurity, parents should look into projects and subscription boxes, like Groovy Lab in a Box and Amazon’s STEM Club.

School-age children who show an interest in cybersecurity can be directed towards local cybersecurity summer camps and conferences to stimulate that interest further. The SANS Cyber Camp for Teens and events (virtual and in-person) sponsored by the Center for Cyber Safety and Education are all good ways to expose children to cybersecurity and see if it is something that they wish to continue to pursue.


Cybersecurity jobs are in demand, and are expected to remain in demand over at least the next decade (and likely for many years after that). Getting children involved in cybersecurity education during their K-12 years will not only hone their interest, it will also help them to excel in cybersecurity and be better prepared for further training after graduation. It is just one facet of STEM education that is so very important in this advanced technological age.