Make Cyber Security Training Mandatory

The online world can be a dangerous place for the unprepared. And it’s just going to get worse. It’s time to teach cyber security as integral part of the high school and college curriculum and to all corporate employees.

I grew up in New York City and for a few years heaven on earth for me was going to Boy Scout camp in the summer near the Delaware River. The camp had all the summer adventures a city kid could imagine, hiking, fishing, canoeing, etc. But for me the best part was the rifle range. For a 12-year old kid from the city shooting target practice and skeet with a .22 rifle meant being entrusted by adults with something you knew was dangerous—because they were beating gun safety into our brains every step of the way.

From the minute we walked onto the shooting range to even before we got to touch a gun, we learned basic rules of handling weapons I still haven’t forgotten. You screwed up and you got yelled at and if you did it again you got escorted out of the rifle range.

While target practice and skeet shooting were fun, safety was serious.

Over the years I would learn how to shoot an M-16 in basic training in the military, go through a basic combat course to go to Southeast Asia (when we acted like this was a lark, our instructor stopped our drill and said, “For your sake I hope the guys shooting at you were screwing around in their combat course.” It got our attention). When I bought my ranch, herds of wild boar still roamed the fields. While we were putting in the miles of fencing to keep them out, I bought much heavier weapons to deal with a charging 400-pound boar and hired an instructor to teach me how to safely use them. Each time gun safety was an integral part of training with new weapons. For me, guns and gun safety became one and the same.

Hacking and Cyber Security

For consumers, online surfing, shopping, banking and entertaining ourselves have become an integral part of our lives. And with that has come identify theft, hacking, phishing, online scams, bullying, and predators online. As well as a loss of privacy.

But for businesses, the threats are even more real. Go ask RSA, Northrop, Lockheed, Google, Amazon and almost every other company with an online presence. Intellectual property stolen, customer data hacked, funds illegally transferred, goods stolen, can damage a company and put them out of business.

I think we’re missing something.

In the last 20 years three billion people have gained access to the Web. Yet for most of them safety online remains a problem for other people. It pretty clear that for a company going online today is equivalent to playing with a loaded gun. The analogy of comparing the net with guns might seem stretched, but I think it’s an apt one. Guns have been around for hundreds of years, to provide food as well as wage war, but it wasn’t until the 20th century that gun safety rules were codified and taught.

I think we need the equivalent of gun safety training for online access.

We now know the basic tools online hackers use. We know enough to harden sites to stop the simple hacks and to educate employees about basic social engineering and phishing attempts. It’s time to teach cyber security as integral part of the high school and/or college curriculum—not as an elective.Companies need to make cyber security education an integral part of their on-boarding process.

The Air Force Academy basic Cyber Security course is a good place to start (Stanford and other schools have a similar syllabi). The class consists of basic networking and administration, network mapping, remote exploits, denial of service, Web vulnerabilities, social engineering, password vulnerabilities, wireless network exploitation, persistence, digital media analysis, and cyber mission operations.

Lessons Learned

  • The web is not a benign environment
  • Companies, high schools and colleges ought to make a basic cyber security course a requirement of getting online access.

Author: Steve Blank

A prolific educator, thought leader and writer on Customer Development for Startups, Steve Blank is a retired serial entrepreneur who teaches, refines, writes and blogs on “Customer Development,” a rigorous methodology he developed to bring the “scientific method” to the typically chaotic, seemingly disorganized startup process. Now teaching entrepreneurship at three major universities, Blank co-founded his first of eight startups after several years repairing fighter plane electronics in Thailand during the Vietnam War, followed by several years of defense electronics work for U.S. intelligence agencies in “undisclosed locations.” Four Steps to the Epiphany, Blank’s fast-selling book, details the Customer Development process and is increasingly a “must read” among entrepreneurs, investors, and established companies alike, when the focus is optimizing a startup’s chances for scalability and success. After 21 years driving 8 high technology startups, today Steve teaches entrepreneurship to both undergraduate and graduate students at U.C. Berkeley’s Haas School of Business, Stanford University’s School of Engineering and the Columbia/Berkeley Joint Executive MBA program. His “Customer Development” teaching and writing coalesce and codify his experiences and observations of entrepreneurs in action, including his own and those he advises. “Once removed from the day-to-day intensity of founding a startup, I was able to observe a pattern that distinguishes successful startups from failures,” Blank says. In 2009, he earned the Stanford University Undergraduate Teaching Award in Management Science and Engineering. The San Jose Mercury News listed him as one of the 10 Influencers in Silicon Valley. In 2010, he was earned the Earl F. Cheit Outstanding Teaching Award at U.C. Berkeley Haas School of Business. Despite these accolades, Steve says he might well have been voted “least likely to succeed” in his New York City high school class. Steve Blank arrived in Silicon Valley in 1978, as boom times began. His early startups include two semiconductor companies, Zilog and MIPS Computers; Convergent Technologies; a consulting stint for Pixar; a supercomputer firm, Ardent; peripheral supplier, SuperMac; a military intelligence systems supplier, ESL; Rocket Science Games. Steve co-founded startup number eight, E.piphany, in his living room in 1996. In sum: two significant implosions, one massive “dot-com bubble” home run, several “base hits,” and immense learning leading to The Four Steps. An avid reader in history, technology, and entrepreneurship who seldom cracks a novel, Steve has followed his curiosity about why entrepreneurship blossomed in Silicon Valley while stillborn elsewhere. It has made him an unofficial expert and frequent speaker on “The Secret History of Silicon Valley.” Steve’s interest in combining conservation with best business practices had Governor Arnold Schwarzenegger appoint him a Commissioner of the California Coastal Commission, the public body which regulates land use and public access on the California coast. He also serves on the Expert Advisory Panel for the California Ocean Protection Council. Steve serves on the board of Audubon California, was its past chair, and spent several years on the Audubon National Board. A board member of Peninsula Open Space Land Trust (POST), Blank recently became a trustee of U.C. Santa Cruz and a Director of the California League of Conservation Voters (CLCV). Steve’s proudest startups are daughters Katie and Sara, co-developed with wife Alison Elliott. The Blanks live in Silicon Valley.