We need a cybersecurity curriculum taught by hackers | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

We need a cybersecurity curriculum taught by hackers

Cybersecurity skills do exist, just on the other side

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Dark web forums are now hosting resumes. Not from seasoned criminals – now, from teenagers and recently laid-off tech professionals looking for work.

At the same time, the global cybersecurity workforce shortage remains dire. ISC2 estimates there’s a gap of 4.8 million cybersecurity professionals worldwide.

The cybersecurity industry has spent years talking about a talent and skills shortage. Turns out the talent and skills exist. It's just being recruited by the other side.

Strengthening cybersecurity in education through private sector partnership

The cybersecurity boom hiding a growing privacy skills shortage

Why modern cyber conflict is partly a global skills challenge

The skills I gained as a teenager, guided by mentors and a strong ethical foundation, ultimately determined which path I would take in cybersecurity. My curiosity was nurtured by industry professionals – an opportunity not everyone receives. Without that support, my trajectory could have been vastly different.

Statistics from the NCA are telling: the average cybercriminal is now just 17 years old, and the median age for referrals to their cybercrime prevention team is 15. Children as young as nine have been caught launching DDo S attacks.

It starts small: chat codes, account takeovers, or DDo S attacks on rival gamers. A kid gets banned – sometimes unfairly – and retaliates. Others watch and learn, with techniques spreading quickly through Discord servers and private forums.

Each successful exploit lowers the bar for the next one. The thrill of accomplishment, combined with peer validation, turns minor boundary-crossing into routine behavior. Desensitization grows slowly, then suddenly accelerates.

Money isn’t the primary motivation for young hackers at first. The NCA discovered that reputation and status within their online communities are what matter most. By the time financial incentives become important, habits and allegiances are already formed.

That trust is, to put it bluntly, failing. Measuring and assessing risk is a significant part of my job. I constantly ask myself: what systems and processes do we actually trust, and what happens when that trust fails? The same skills that make someone valuable to a security team make them valuable to criminal enterprises.

The human cost of cybersecurity and what we should do about it

The rise of the cyber hacker - does clout matter more than cash?

Report finds cybersecurity workers feel underpaid, undervalued and overstressed

The difference often comes down to which opportunity arrives first. Right now, threat actors are showing up earlier and with better offers.

Criminal recruiters appear to understand one thing: young people with technical skills need money. Displaced professionals need money.

Whereas companies set job requirements emphasizing certifications and degrees, and design hiring processes for candidates with conventional backgrounds. As a result, they overlook an entire generation of talented individuals simply because they don’t know how to reach them – or even how to communicate with them.

Paid mentorship programs and early opportunities change the equation. Experienced security professionals – including ethical hackers – are needed for mentoring teenagers through structured curricula.

Start early, during the teen years, when skills are developing and career paths haven't been set. Partner with schools to embed these programs directly into education. Pay the mentees too, so legitimate work competes with illegitimate offers.

Social engineering and phishing are still the primary methods threat actors use to breach organizations. Defending against attackers requires people who think like attackers. That mindset doesn't come from textbooks.

A curriculum designed by people who've done the work – legally – transfers practical knowledge that traditional education misses. It also signals to young people that their unconventional skills have legitimate value.

Embedding mentorship into school programs and industry partnerships does two things:

It creates a viable alternative to criminal recruitment. When a technically skilled teenager has a clear path to paid, legitimate work, the dark web job posting loses appeal.

It also builds defenders who learned by breaking things. We need people who understand how systems fail, not just how they're supposed to work.

Timing, mentorship and opportunity often distinguish a security researcher from a cybercriminal. The existence of this talent pipeline is not within our control; however, we have the opportunity to determine the direction in which it progresses.

Every month we delay building our talent pipelines, criminal enterprises are filling theirs. They don't require certifications or degrees. They meet talented people where they are and offer them work and mentorship.

We can do the same thing. Pay experienced hackers to teach. Pay young people to learn. Build curricula that transfer real skills.

Or keep posting job requirements that filter out exactly the people we need. The skills exist.

This article was produced as part of Tech Radar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

You must confirm your public display name before commenting

1 Many firms don't know what their workers are sharing with AI tools

2007 First Light senior combat designer explains how all the cool gadgets can be used in combat

3I've made thousands of pizzas for slice-loving customers, and the Gozney Arc Lite is a near-perfect pizza oven for beginners

4 Chinese researchers develop iron battery 80 times cheaper than lithium

5'They're building each other': new X1 Neo robot video shows the humanoids assisting in the robot production process, just as all science fiction foretold

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Key Takeaways

News, deals, reviews, guides and more on the newest computing gadgets
Start exploring exclusive deals, expert advice and more
Unlock and manage exclusive Techradar member rewards
Unlock instant access to exclusive member features
Get full access to premium articles, exclusive features and a growing list of member rewards