Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:00 AM

SANS Launches New CyberStart Program for All High School Students

Free program lets students solve real-world security problems - and learn about cybersecurity.

K-12 computer science teacher Scott Dooley a few years ago was facing a conundrum: he saw massive job growth in cybersecurity and a pipeline of great entry-level jobs, but he couldn't find the right resources or content to connect his students with the opportunities to truly learn cybersecurity and gain an interest in the field.

"I wanted something they could actually use," says Dooley, who teaches inner-city and low-income students at Indianapolis-based Christel House Academy South. But most of what was out there was "really dry," he says.

"I found I was teaching about cybersecurity rather than teaching cybersecurity," Dooley says. "I needed inquiry-based things where the kids could get in and play around with stuff." Indeed, he went so far as to ask the school's IT department to open up their network for his students to probe (they said no).

Related Content:

New 'Nanodegree' Program Provides Hands-On Cybersecurity Training

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: Why Defense, Not Offense, Will Determine Global Cyber Powers

Fortunately, Dooley eventually heard about Girls Go CyberStart, a program from the SANS Institute aiming to introduce more high school girls to cybersecurity as a career field. "I started looking at the content and thought, 'this is exactly what I need!'" he recalls. "It's inquiry-based, I don't have to mess around with the IT department to get security permissions, the barrier to entry is super low, it's a gamified thing… It was perfect for what I was doing."

Now SANS has opened up the CyberStart program to all US high school students - not only girls - aiming to have some 56,000 students participate. SANS' CyberStart competition for 2020 officially opened today for enrollment, and it's free. The competition begins on November 15, 2020, and students can play through the end of February 2021.

More than 30,000 young women from 2,500 US schools participated in the Girls Go CyberStart competition between 2018 and 2020, according to Alan Paller, director of research at SANS Institute and president of SANS Technology Institute. 

This year's CyberStart competition includes $2 million in college scholarships for finalists to compete for in a challenge round in March or April 2021, courtesy of sponsorship by the National Cyber Scholarship Foundation.

Another change this year is that SANS is now also working with school counselors in order to connect more students with CyberStart and ensure underprivileged students learn about it and have the opportunity to participate. "This program doesn't require a technology teacher," Paller says. "The kids learn everything they need to know in the game. So it opens it up to rural kids, inner city kids… but only if somebody says, 'hey give it a try.'"

Students who participate in CyberStart will essentially get to act as protection agents "solving real problems that come up when an attack happens," he explains. Players can expect to learn skills including Linux and Windows programming, forensics, and cryptography, all within the context of a realistic, continuous story setting. Videos and hints within the game are available to help students if they get stuck. Overall, the competition measures students' curiosity, tenacity, and ability to learn new things quickly.

While there's no way to get knocked out of the competition, some students lose interest after a while, says Paller. "There's a subset of students who don't like this way of learning. They like to sit in a class and have a lecturer tell them things and then they like to be tested on mastery of what they read in a book or were told, he explains. 

Finding the On Ramp

The ultimate goal of CyberStart is to equip students with cybersecurity know-how as a way of closing the skills shortage in the workforce, but the connection between a program like this and an actual career hasn't been seamless. 

"The key to the transition for these students - the ones who do well in the game - is that they continue to get hands-on experience," Paller says. "It turns out that is rare in American colleges. So we have, for the last 10 years, turned off these kinds of kids. They love doing hands-on stuff and then get pushed into a lecture hall."

But, he says, that seems to be changing with the introduction and growth of cyber clubs on college campuses: more colleges are starting to see cybersecurity as almost a "sport" and have a growing interest in attracting cyber talent. "They get into teams, do weekly meetings, teach each other... That looks like the pathway for a lot of these kids."

Mind the Gender Gap 

The reason the 2020 version of CyberStart expanded beyond girls only is bittersweet: Despite the participation of 30,000 young women over three years, there's been greater interest in the program from boys. So SANS thought it only made sense to open up the program to everyone rather than "lose half the talent," Paller says.

Both Paller and Dooley attribute higher interest among male students to societal and systemic factors, rather than an actual lack of interest amongst young women.

"I found that when I segregate the girls, they value that less. Some of that is twisted socioeconomic crap and cultural stuff. But they were saying, 'If the boys aren't doing it, why is it important for me to?'" Dooley explains. He also admits he started quietly adding boys to the program last year since there was so much interest - that it increased participation amongst female students as well.

One former Girls Go CyberStart participant, Haya Arfat, credits her own involvement in the program to having female high school teachers for computer science who were intentional about getting young women interested in the field.

"Representation is just a really big thing," Arfat says. "I was really lucky. My high school has a lot going on for computer science. All the teachers who taught were women, they all had experience, and they were passionate about getting more girls involved." 

Arfat says that before she participated in Girls Go CyberStart, she didn't really know what cybersecurity was beyond "having a strong password." But the competition taught her that cybersecurity is fun and engaging, she said. 

She also learned she's really good at it: Arfat's school team ranked among the top 10 in the country, and Arfat herself received a scholarship for being among the top three individuals to score the most points.

Now a student at Texas A&M University, Arfat is active in the school's cybersecurity apprenticeship program as a developer for the organization's capture-the-flag competition. She plans to major in computer science and minor in cybersecurity and hopes to get involved with Women in Cyber Security (WiCyS) as a student mentor - none of which was on her radar before Girls Go CyberStart.

For Christel House Academy's Dooley, being able to introduce his students to CyberStart is a chance to create an on-ramp for career opportunities, especially for his lower-income and minority students. "This can change a generation for some of these families," he says.



Nicole Ferraro is a freelance writer, editor and storyteller based in New York City. She has worked across b2b and consumer tech media for over a decade, formerly as editor-in-chief of Internet Evolution and UBM's Future Cities; and as editorial director at The Webby Awards. ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-13
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying th...
PUBLISHED: 2021-05-13
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.
PUBLISHED: 2021-05-13
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
PUBLISHED: 2021-05-13
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
PUBLISHED: 2021-05-13
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.