Hello World

Why is understanding cybersecurity so important?

Raspberry Pi Foundation Season 6 Episode 3

Discover how to help learners keep themselves and their data safe online, and explore how cybersecurity can get them interested in computing.

Full show notes here: rpf.io/hwp-s6e3

James Robinson:

The constant arms race almost between those in the security expert field and those that are trying to undermine security.

Claire Walden:

Kids don't know what the law is.

Nikolaus Kelsey:

It's a very broad subject you can go from you know, the really cool stuff, the red team stuff trying to infiltrate buildings. Deliberately breaking things.

Diane Dowling:

Cybersecurity affects every one of us.

James Robinson:

Welcome back to Hello World! A podcast for educators interested in computing and digital making. I'm James Robinson, computing educator and aspiring cybersecurity champion. Although I probably know less than I think.

Diane Dowling:

I'm sure that's not true. Hello everyone, I'm Diane Dowling. I'm a former computer science teacher. And at the Raspberry Pi Foundation I lead the team that develops Ada computer computer science, a free resource for learners aged 14 to 19. That includes lots of information about cybersecurity. So, I'm really excited to be here with James today and our guests. Exploring a field that affects all of us day in, and day out. And as ever we'd really value your comments and your feedback which you can share with us at helloworld.cc/podcastfeedback.

James Robinson:

This week we're discussing cybersecurity and why it's important for young people to learn about the latest threats and how to keep themselves safe online. Diane you create learning materials for Ada as you've mentioned, um, what does cybersecurity mean to you? And why do you think it's important?

Diane Dowling:

Okay, so I feel like I'm doing an exam now. So I think [the] textbook definition is that cybersecurity is a practice of protecting computer systems, and digital assets. And preventing unauthorised access and theft of our data. Especially personal data. But I do think it's really important that we don't just think about cybersecurity as something that we teach or we learn at school. The most important thing is to remember that cybersecurity affects everyone of us. And we all need to understand the threats and what we can do to keep our data safe. And to remember that the more time we spend online, which obviously a lot of us spend a lot of time online, the more risk we are at falling victim to a cyberattack. So what about you James? What does cybersecurity mean to you?

James Robinson:

Well, I think you've kind of, you've covered that I think quite well in the sense that I think it is really pervasive right? Cybersecurity is something that has an impact on every single one of us. Like constantly throughout every day of our lives pretty much. With so much more of our lives being conducted online, or requiring access to digital tools. It's really important that we, both, you know, as individuals know how to protect ourselves and to operate safely in an online space. It's important for, people going into the workforce to know how to keep themselves and the the work they're doing safe and protected and kind of look after the data that's important. And I think you know as well just as a really, I think it's a really this sort of intrinsic value as well in understanding cybersecurity. I think cybersecurity is just another facet of computing and you know computing is just something that fascinates me, so learning about how security systems work and how we can protect ourselves and the sort of. The constant arms race almost between those in the security expert field and those that are trying to undermine security, feels like a really interesting kind of space to operate. But I think Di' as much as you and I might know about cybersecurity. We're really fortunate today to be joined by two, experts in cybersecurity education. So our two fantastic guests are here to share their perspective, on this question of why cybersecurity matters. So, firstly I'm really pleased to introduce Claire Walden, who works for the Southeastern Regional Organised Crime Unit or uh, ROCU I think is how we pronounce that.

Claire Walden:

Yes, SEROCU, yeah.

James Robinson:

ROCU, yeah. And uh and Claire delivers cybercrime education. So welcome to the podcast Claire. It's great to have you with us.

Claire Walden:

Thank you very much. Great to be here. Really really looking forward to today.

James Robinson:

Great and my uh, just to kick us off. What is your view of cybercrime and cybersecurity and what do you think cybercrime education involves?

Claire Walden:

So the the reality of the situation is, is that over 50% of all crimes now are online. So they are 50% of crime, more than, is cybercrime. And we know as well that the average age of arrest for cybercrimes is around about 17. So for offline crime, the average age of arrest is we're talking late 30s. So it's a completely different demographic that we're dealing with, with committing cybercrimes in general. So it's really really important that we get the message out there to young people not only about how to protect themselves about um, you know around cyber and cybersecurity, but also how not to slip into committing computer misuse offences, whether they intend to or not. It's really about getting that message out there around you know online behaviours.

James Robinson:

And I'm going to, we'll introduce our other guests in just a moment. But I've got a little tiny follow-up question there. Is, you mentioned like the, it's kind of demographically it's a younger person maybe that are getting involved in these kind of issues. Is it about kind of like naivety or awareness that actually the young people don't necessarily realise that what they're doing is potentially a crime or is there, are there other factors at play?

Claire Walden:

I think there are many factors at play here. I think part of it is of course, the young people are growing up in a world where everything is digital. And we know full well, I mean I'm a parent, we know teenagers like to push boundaries, they just do. I think my 8 year old likes to push boundaries so teenagers I can't wait for. But, there's lots of things at play. So there's the the online gaming sphere. There's a lot of culture around some online games where kids are doing what's called DDoSing one another as part of, kind of that, that gaming sphere. And it's not realised by a load of them that that's actually illegal that's against the law to do this this booting, this stressing its known as. But also for those of them that are committing cybercrimes they kind of see it as a victimless thing. They can't see a victim necessarily on the end of it. So they're not even aware that it's a criminal act. They're not feeling that um, it's not that one-on-one kind of action that you get with a in-person crime. But also the kids don't know what the law is around computer misuse. It's not taught in the curriculum as it stands until, I think the first time they start even looking at the computer misuse act which is the main sort of a rea of crime that I deal with. Um, they don't look at that until at least GCSE level.

James Robinson:

So aged 14 [Inaudible].

Claire Walden:

Age 14-15, they're starting to touch on these things, but we know that children are online gaming and and committing other cybercrimes at younger and younger ages. So we feel like we need to get that messaging in there from sort of ages 7-11 the sort of, for in the UK, you know the top end of junior school, and keep that message being pushed through. So that kids understand what the rights and wrongs are around ethical and legal use online.

James Robinson:

I'm sure there's loads we can get into in that, but I'm going to hand over to Di' to introduce our next guest.

Diane Dowling:

I was gonna say I've got so many questions now. But it's really really important that we we um, we introduce our next guest because we then we can have a bit of an open conversation from different perspectives. So I'm really pleased to be able to introduce Nik Kelsey. And Nik is the Education Director for Cyber First North East and he's also the national lead for cybersecurity for the National Center for Computing Education. Which sounds like a really busy job. So we're really pleased that you had time to join us today Nik. And I wondered if you could just start by just telling us a little bit about Cyber First and its mission.

Nikolaus Kelsey:

Thank you for that lovely introduction Diane. Yes, it is a very busy job and there's a few other things in there too. Cyber First is a program I came around about 8 years ago, um, and it's backed by GCHQ and the NCSC. And it's designed to identify and nurture and basically divert diverse range of talented young people into the cybersecurity careers. You know we've, it's been long identified that there's this growing need. We all heard it during Covid, there's opportunity to retrain into cyber. Last year there was a a job shortage of 14,000 in the UK. And you know, so we've got that, and this program has come along to really try and address that pipeline. So it, it offers opportunities to around key stage 3 to really encourage children to take computing at GCSE. Which is you know, in England and the UK is the uh, the secondary qualification that we have in education. And then to go beyond that and it supports students to study, uh cyber or cyber related degrees at University and provides internship opportunities, links with industry, and as well as financial funding. So it's a bit of a monster and it grows and it evolves and there's a diverse pipeline. But really we're trying to address a UK wide problem, especially in the, in the tech sector.

Diane Dowling:

Yeah, and is it, is it a popular career? I mean do people people who join it. Do they, do they stick in cyber, or is that kind of something they really engage with once they get into it?

Nikolaus Kelsey:

Yeah, massively so. I mean if you, when you start talking with cyber people you realise it becomes an obsession. It's a very broad subject you can go from you know, the really cool stuff, the red team stuff trying to infiltrate buildings, deliberately breaking things, the penetration testing, to the defensive side, which is like you, your SOC and your your blue teams who are there to protect. So it's very much an open platform where in your career you might start on one thing, but because the nature of tech and threats that evolve, your career 20 years later might be completely down the garden path doing something completely different in a very exciting sphere. Working with languages that are yet to be invented. Dealing with threats that we haven't even identified. So when people get in they often just sit and they evolve. And it's a very unique community where whenever you go to the event, you see the same people there saying the same passionate lines and conversations and it, yeah, it's a very exciting one. Which is incredibly rewarding and what's really interesting for us is now we're at that 8-9 year point. We have pupils who have gone through their degree from the cyber bursary who were inspired in key stage 3 who are now working at lead companies like Microsoft and and even within GCHQ and the NCSC. Who are now out in the field saying "This is great! Come on get involved." So you're seeing that organic passion come through people. Uh, yeah, but it can be a very exciting career depending on which route you take and there's something for everyone I think in it.

James Robinson:

So it sounds like both of you are kind of having like conversations on a regular basis with young people about cybersecurity and cybercrime. How do you first engage learners in a conversation about either these, the issues if we're coming at it from that angle, or in the opportunities? Like what's that sort of first conversation look like? How do we hook the young people? Claire do you want to kick us off?

Claire Walden:

Certainly for um, from my perspective. So the work that I do within SEROCU is actually around something called the Cyber Choices program. Which is all about diverting young people who are either at risk of committing computer misuse offences or have committed already some low harm computer misuse offences. We're about diverting them away from that and pointing them towards sort of legal opportunities to test their skills, use their skills, and potentially if they've got the interest and the passion for it. To then move on into a cybersecurity career. So actually the conversations for us tend to start with something's gone a bit wrong here. You're starting to go down the wrong path. Look at this way where you can use the same skills, but in a legitimate way. And here's a training platform you can use to practice your skills. And these are the jobs that you can look at getting, but for [...] The unit that I work within for my role, it's very much about diversion, education about the computer misuse act. So teaching them where not to go wrong and where they can use their skills correctly as such.

James Robinson:

So at that point, they've possibly built some skills already.

Claire Walden:

Yeah.

James Robinson:

They haven't aware of the kinds of things that are possible through the technology.

Claire Walden:

Absolutely.

James Robinson:

But your education's more about like how to better apply them.

Claire Walden:

Yeah. Absolutely that, it's exactly that. Yeah.

James Robinson:

And is that different for you Nik?

Nikolaus Kelsey:

Slightly, yeah. The way we come about it is, it kind of stems from my internal motivation when we're steering that, that across our region. You know for us, we really believe we can provide life-changing opportunities through tech and in particular cybersecurity to students from all sorts of backgrounds. And we know that's our way. That's our, we want to take pupils who just have no view of their future and cannot see what they can be in tech and give them those points of inspiration. So to inspire we go in with a different point of view. We do big events. They're quite large and in your face, you know, where we've got lots of industry in one room, uh, we bring in, and they'll have sessions going on and there'll be kids doing all sorts from trying to physically lock pick things to doing cryptography to doing, you know working on new challenges that we've designed all around in the digital sphere, you know. And we go for that. We're about inspiration, about letting children see what they can be and looking at opportunities in our region in the Northeast. It is a region where there's growth there's a lot of growth. It's actually one of the smallest regions in terms of the cybersecurity sector in terms of industry that's here. But the jobs are coming. We've got a lot of manufacturing. And people are starting to see it now and say "Well actually, you know, I run a car manufacturing plant. If one thing goes wrong in my supply chain because of a cyberattack it all falls apart." So we're now showing children that actually if you're looking at that industry and your family have traditionally worked in that manufacturing sector. Well there's a tech opportunity in there as well through cyber and that can then extend globally whether it's defence or even you know in the national cyber force as well. So it's inspiration for us. Um, but obviously we link in quite a lot with like I say ROCU's in our region because we really believe that compute misuse act has to be taught. Especially when you've got a captive audience who are very keen about cyber, cause and effect, can be a big thing. You know, we're terrible for showing children lots of really cool things, but we have to also make sure they don't then just run off and have a night of e ntertainment on a PC causing a lot of trouble.

Diane Dowling:

So it's really interesting that, you know, because my experience in teaching has been with older children. So I've been teaching sort of 16 to 19. So I don't really, I'm not so aware of what's taught at younger ages. But it does seem to me that I think what's coming through here is that we might teach about cybersecurity and things like, we might teach things like, you know how to keep your your data safe for example, and you know tell kids not to put too much on social media or things like that. But we don't teach them much about the law and about the things that they can and can't do. And what kind of age do you think a child is going to be receptive of that and will actually understand the importance of you know being within the law with what they do with their computers?

Claire Walden:

For me I think that, that kind of engagement really needs to be starting and could be starting from a very young age. As I mentioned before I've got young children. They're 6 and 8 years old, um and section 1 of the computer misuse act is all about unauthorised access to people's devices. Okay, um or data. And that's basically about logging into someone's account or device without their permission. Now I talk to my son and my daughter all the time about picking up my phone because they know the pin number for it, putting in the pin number because they want to, I don't know take photos or listen to some music on my phone. I mean there are very much rules in our family about what they can and cannot do on my phone, but I'm talking to them now about actually asking permission to even pick up and log into my phone. Because I've said to them if you're doing that without my permission that is breaking the law. So I think you can have these conversations and start talking to them about permission because that's what 90% of the the computer misuse act is about, is permission. If you don't have permission to do it. Don't do it because it's going to be illegal. And I think that's something that someone very young can understand so you can absolutely talk to children about that from you know, your age 5 onwards as soon as they're starting to use devices. They need to know about permission, as far as I'm concerned.

Diane Dowling:

Yes fascinating but I suspect that probably many teachers and definitely many parents probably don't know themselves. So whilst you can have an informed conversation with your child. There'll be a lot of people out there who can't do that.

Claire Walden:

Absolutely. And that's one of the reasons that a lot of the engagements that we do, from SEROCU and a lot of what I do is speaking to safeguarding leads at schools, and asking them to roll that message out to staff. Because actually computer misuse has been recognised as a safeguarding issue for young people. So Keeping Children Safe in Education actually listed the Cyber Choices program within Annex B. So if any of you are interested in some bedtime reading whop it out and have a read um, but it's in there. So it's actually been recognised by the DFE. It's a safeguarding issue.

Nikolaus Kelsey:

Yeah, putting another hat on. Uh, I'm still an active senior leader in a school. And that's an all through school. Now what that means is children join us at 4 years old and leave at 18-19 years old. And in their, my heads of computing curriculum guides, uh, we built a curriculum so our youngest children at 4 years old learn computing. And that's mandatory until the age of 15. They can do an elective qualification in that at GCSE level, which is the 14-16 and beyond that. But we embedded cybersecurity in their in the same time we put online safety in there. You know, we've got all the guidance around online safety and we read it in Keeping Children Safe Education and you know, Claire you're 100% right it was great this year to see the Cyber Choices and the NCSC line in there and I thought "Brilliant, that's exactly what we need." These two are intrinsically linked. You know, we go from a different point of view rather than permissions. We look at the identification of threat, and you know, to me it needs to be taught to children in the same way looking left and right crossing the road. They are now, OFFCOM data is telling us, at 3-4 years old. And I'm a parent of a 2 and a 5 year old who both have their own iPads. They're supervised and they're very locked down, but they are active users of technology. You know, we've got to say "That's not right. If you don't feel right, that's not right. You need to tell somebody." Prevention's better than the cure and that's where we have to start as early as possible. You know, we're going into a new world. We're all sat here, you know as computer scientists and people who have worked in cybersecurity. It was lovely to hear James call me an expert at the beginning, but I'm about to become an idiot again because we're going into the world of spatial computing. We're going into the world of a much, you know, fastly evolving AI and quantum. So we have to then prepare. The idea now I can sit and I can see what's on my children's iPads. I can hear the things I listen to on Netflix. But I know in the next few years the hottest item on any Christmas list is going to be uh, a spatial headset. It's going to be, whether it's a Meta or a Vision Pro. And how do I know what my child's doing? How do I know what threats they're going to encounter. So we need to get in as early as possible as far as I'm concerned, um, you know but that's, that's our point of view and that's then what we've built in our institution of the earliest we can get. We always argue with industry. They'll say "We want to focus on key stage 3" and we're saying "Actually let's come a little bit earlier. Let's just go a little bit earlier. Let's let's do year 5, year 6." Which is 10-11 years old. And then rolling it further and further down. Because there is that need their, and that specialism is appearing. And the range of primary schools we're working with now are knocking at the doors saying "Can you come in? Can you talk to our children? Can you can you tell them?" You know about exactly as Claire was saying, you know the risks. Because you've got young children who are doing things which are breaking the computers of misuse act now. Whether it's you know they're accessing illegal streams to watch movies or sporting competitions or you know through illegal content all that. They're jumping onto each other's devices. So the earlier the better. We start as early as we can from 4 years old. It's interesting uh, and there's times when I used to teach there and I would do it through song, you know, and if you imagine me I'm a trained secondary teacher who specialises in, you know, 18 year olds, and it was like Kindergarten Cop. It was, but it worked and we've seen the the fruits of our labor. Um, but yeah for me as early as possible.

Claire Walden:

Can we hear one of the songs?

Nikolaus Kelsey:

[Laughter] There's a dance, there's a chicken dance.

Claire Walden:

[Laughter]

Nikolaus Kelsey:

I'm not going to do it, for our audience. But it revolves around the von Neumann concept about a chicken inputs, it processes, it stores and then outputs an egg. And there's various things like that. But, that was me on the fly.

James Robinson:

It's a real shame we're not recording the video here because Nik was definitely trying to do some of those actions just then. Um, I think one of the things that sort of pops into my mind as we're talking there and I was thinking about this earlier on. Was this sort of notion of contextualisation, the fact that you know, these issues we can, we can explore these issues with our learners if we bring them to where our learners are. And so Claire your example of talking with your with your children about their use of your phone, right? It's something they're doing you can relate the issues to them and then when we're talking about gaming or social media or you know, I've not heard the term spatial computing but I'm guessing we're talking virtual reality then Nik, right? Yeah? So whenever we you know, and I think it's really important that we connect the things that the kids are doing with the issues that they're going to face. And what that does mean is that we as educators have to be willing to immerse ourselves a little bit in what the kids are doing and actually understand and get to know our kids and not think like just sort of be, um, ignorant of it. We have to kind of spend that time listening to our learners and relating to the experiences that they're having.

Claire Walden:

Yeah, absolutely and um something I've been running some webinars for parents sort of in conjunction with Safer Internet Day last week and I've got a few more um coming over the coming weeks. And one of the things that we show them. There's a a really good video for parents by the National Crime agency. It's on YouTube, so have a look at it. It's a Cyber Choices video called Ollie. And it just shows how little parents understand what their technically capable, even if they're just gaming, but they're technically capable teams are up to in their bedrooms. Parents very much, and this comes from you know, the parents that the team I work with, um go out and do interventions with um, you know, they speak to the parents as well. What they tend to find is the parents honestly thought that their kid was some sort of technical genius or just loved gaming. They don't talk to them about what it is that they're doing. And they think it's wonderful because their children aren't out on the streets getting ASBO's, or causing criminal damage, or assaulting people, or you know shoplifting. They're up in their room doing all this clever coding and, and they're gaming all the time and they're brilliant. What they're not doing is talking to them about it. Finding out the games that they're doing, talking to them about the websites they're accessing, the chat forums they're on. And then using, there's a brilliant, um website called parentzone.org. Which has got guides or libraries where there's all the different apps and games that kids go on and it's got some of the risks around each one. It's really worth a look. If you're a parent who's worried, um, take a look on there and there's, not advice, but certainly some of the risks to look out for for those apps. So have a conversation with your kids for parents. It's absolutely what I'd always say. Talk to them about what they're doing, in the same way as you'd ask them if they've been out. You know, where are you going? Who are you going with you know, what are you off to do? Talk to them about that online as well because it's really important that you understand what they're doing.

James Robinson:

And speaking as the father of a 12 year old sometimes you will not get an answer but it's worth persisting. Like, they may not want to talk to you but I think if you can be curious then I think it you know, it shows interest but yeah, you've just got to persist anyway, sorry Diane do you want to move the conversation?

Diane Dowling:

Well yeah, because I think one of the things that's that struck me as really interesting is obviously on one hand we have you know, the sort of young people that Claire's dealing with, um, you know who are clearly very talented but maybe up to mischief. They don't necessarily do that intentionally. Sometimes it's unintentionally, sometimes intentionally. But no doubt there's a huge amount of talent. And then on the other hand, we've got Cyber First represented by Nik, you know, that's really pushing to careers in cybersecurity and I love this idea that we can divert young criminals let's call them, you know into something really positive. You know, so this opportunity actually of kind of harvesting talent and being able to push it into a way that actually can be just as much fun for them probably, but is also well paid and a really interesting career sounds like um, you know a great solution to what is actually a real problem. So Nik do you get many young criminals who embark on cyber [inaudible].

Nikolaus Kelsey:

I think, I think the term in computing, uh in cybersecurity sorry is like poacher turned gamekeeper. Um, and that respecting, you're right there's a lot of people who come from that that line of work. And I've worked with students who've said in their school have done something. And often they've ran into the ROCU and the ROCU have then said actually "Have you talked to this guy here?" And there's a link in there where we put them through the Cyber First bursary competition, which is a load of online capture the flags and they can really demonstrate their knowledge there and they then go on to having a funded degree and having all sorts of great opportunities there. But yes, there's a lot of young children who... There's a lot of buzzwords, you know, we we try to stay away from the, hacking image of you know, the loan teenager with his hood up in the bedroom. It's like such a toxic image that haunts us. Uh, and we're trying to say actually the whole cybersecurity sector now is, I mean it's the most diverse sector you'll ever see. If you go into some of those buildings which you can't go into, you know, uh, especially in the government levels it's all sorts of people working with these. And some of them, yes, they've come from the wrong side of things and curiosities lead them down that path. But then you had the complete opposite as well where you get people who are very protective and they see it as you know national service to, or you know, like the die hard protecting their company and their regions. So you get both sides of the camp you get the good and the ones who are intrinsically always good and never done anything wrong and kind of seek that legal career and that sort of protection career and then you're right, you're 100% you get those. And they often end up in red team positions, which is it's incredibly exciting. And in fact, we've got a little exhibition which I had to get permission from my ROCU to do uh, because it involves showing some tools, which I won't name which are used in ethical hacking, they're used to test systems and showing you know, we're sitting with groups of kids and saying look this is how I could capture all the information in a coffee shop using this small device. And you know, and those you see eyes light up and you say right, okay. And you see that natural curiosity and and it's that kind of. It all links back to me a little bit to computational thinking as well, you know, you can start to see that, you know people looking for patterns and those sort of curiosities. But yeah, we get all sorts in cyber.

Diane Dowling:

I was going to ask this was whether there was a particular, you know particular attributes apart from interest in hacking the school network that you'd look out for in a young person that might sort of indicate that they would be suitable for a career in this area. You know are there particular things that you'd be looking for?

Nikolaus Kelsey:

In all honesty, um, you know, you naturally think strong at math, strong at computing, has that mindset. And there is that sort of cryptology side that there's those people that do very well there. Um, but because it's such a diverse platform with thousands of different opportunities, the answer to that is kind of not really. I was in a situation with industry about two weeks ago and I was talking to a gentleman who leads a SOC which is a you know, a really big organisation that looks for threats across quite a lot, a major institution. And I was asking about his degree and I said, "Oh are you a computer scientist? Are you a Cyber-?" and he went "No, I did a music degree, and actually I'm a rhythm guitarist." And I went "Oh right, that's interesting." He said "I've done it since I was a kid, you know, I love driving a band forward." And where he came into this was because he was really good at spotting timing errors. So he knew when a band was going out of time and that was pattern recognition. So if you put a computational thinking hat on and we look at actually, his job now is to look for anomalies. To look for the ghosts in the the wires and see where there's something happening and go "Actually that's not right. Let's investigate that further." And that's partly because there's such opportunity available in cyber right now. There's a shortfall of jobs. It's pulling people in from everywhere, you know, I've recently [been] working with a really large organisation who are one of the biggest, one of the top four in the world, um, a gentleman was telling me he used to be a bus driver. He had no GCSE's. He had no A level's. So no formal qualifications, sorry, no degree or below um, and he struggled with ASD and it was unidentified in school and his ADHD was unidentified but he just could spot a pattern. He could spot change in behaviour and it was anything that was out the norm. So truthfully the backgrounds that people are coming from now are so exciting and diverse that it's exactly what we want because we need diversity of thought to identify the diversity of threat. And that's what's critical I think.

Claire Walden:

Yeah, and just to come off the back of that I'd say when one of the things that we talk about when we're doing presentations, um and talking about you know, the possible careers within cyber is that yes, there is absolute need for the people who are technically capable. But there's also a need for people with other skills as well. I mean you need project managers within cyber you need um, risk assessors you need, um, cyber awareness trainers. So I mean I've come into cyber sort of as a side to my job, but I'm still working within the field of cybersecurity but my background is in primary school teaching. And I've come into this role um, and now very much see my future as being within cyber and I'm you know, mid 40's and took a complete career change but loving every minute and I don't have technical skills. But I have a passion for the subject and that I think that's what's really needed. As long as you've got a real interest for it. You can carve yourself out a role within the cybersecurity industry.

James Robinson:

I was thinking and I might be making an incriminating admission here but I was thinking about my own experience growing up and I think like curiosity feels like a really important characteristic within this sort of space. Um, and I remember, you know, I grew up in a time when you know, there was no computer science in my school it was IT. Computing as an infrastructure within the school was relatively new and we were kind of given free reign at lunchtime to kind of play with the computers. And so we'd you know, we'd install games on the computers and find ways to do that when we were supposed to be on library duty. Um, we worked out that we could get it to visual basic without, um, via a spreadsheet and we could make little things and we made a little spoof password log on screen so we could capture our friends passwords.

Claire Walden:

[Laughter]

James Robinson:

And all of these things were going on. Um, and it was I think due to a lack of like constructive, sort of education opportunities for us to channel that curiosity into. But also a lack of really thoughtful supervision. Now if at all I've just incriminated myself we will cut this. Because you know, maybe at one point I might have been due a conversation with Claire, you know, maybe there was a...

Claire Walden:

We'll sign him into the Cyber Choices program, I think.

James Robinson:

But I think it is like, you know, [...] when you're curious and you want to explore what the limits of things are, but without necessarily doing it in a malicious or malignant way. You're just like "Is this possible? Can I do this? Will this break anything?" As a thought experiment almost, but a very practical thought experiment. So anyway, that's a bit of personal uh lived experience. But I think that curiosity is really kind of you know key.

Claire Walden:

Yeah and I would say actually that there are loads of training platforms out there that young people who are curious can use where they can safely test their skills as opposed to seeing what they can do with the school website. Seeing what they can do with the local bank or whatever. Um, there are definitely, you know safe environments where they can test out those skills, practice those skills, improve their skills. And again, it's all about that legitimate use of them then so yeah.

Nikolaus Kelsey:

Yeah, I think one of those platforms, um, actually to really endorse we were sort of paradigms. There's things like Try Hack Me, uh, which is great for students in the UK. And that was actually built by a graduate from the Cyber First bursary scheme. So that you know, you're seeing the fruits of the labor where these these people have gone through the whole program and come out and said "Actually I'm going to build something to help other people." So yeah 100% agree. We're now creating those safe boxes, you know, we're working with companies like FortNet who are building another sandbox of their own to give to students in the UK where they can do the exactly the same. There's, I feel like I've got to be careful in case we do with the the non BBC thing and talk about one specific product other CTF projects are available. Um, but it's really great to see that that is there. You know, James your background is very similar to mine. I'm not going to say anything incriminating like you've just done uh, but.

James Robinson:

Wise advice

Nikolaus Kelsey:

But that, that's what brought me into this, uh, a curiosity a "I wonder if I can do that. I wonder if I can do this." Um, but now we can do it in very legitimate platforms. And we've got the support of industries who are coming out to say "Get me in front of children. We want to tell them about this." So it's evolved from those times, same as yourself, you know, IT only in my secondary school. You know, I used to go and get books on programming and and try and find ways around VB. You know, that was the first language I even taught when I became a teacher. Um, so great flashback there but it's it's evolved so much now hasn't it. I think you know, I often talk to other teachers and we think about the pedagogy behind maths and what that was being thousands of years ago. Um, and we're in a subject which is very new and you know, you can argue it's got a couple hundred years because of Ada. Um, but really it's still in its infancy, you know, we're really new so all the things we're doing now is evolving and it's great to see that leap forward and and I'm sure it was only about 10 years ago James when you were in school same as myself. But um, you know, we're seeing that total twist into we've got these exciting platforms. And it only lets me think what's next for education and this sphere you know, how do we take it from you know when GCSE Computing or the technical qualification company in first launched. I saw, I went and saw lessons and people were talking about social engineering for example, and they put a definition on the board and say "Copy this into your book this is what blagging is." Now, that is such a a powerful, it's called a power skill in cybersecurity because it's a confidence based element. Um, but you can't work that way anymore. We need to lift education off the page of a textbook off the uh, the PowerPoint slide and create those opportunities and exactly as Claire says now through these platforms we're doing that and it's really great to see. Especially the stuff, there's a lot of great positives going on in Scotland too as well as around the whole of the United Kingdom and the world. Lots of different platforms pushing stuff together. Which you've got games where you can, children can use social engineering skills against you know, uh against a programmed response.

James Robinson:

That's cool. And I think, I think that's like one of the big sort of things that might have changed since like, you know, I was learning just going back to some of my experience when I was learning in a bit of a, in isolation, basically. There was no like, I was craving input and opportunities to do things and now there are so many kind of activities and projects and competitions and ways for young people to kind of connect with this whole discipline whether it's cybersecurity as a sub area or computing just broadly. There's so much rich content out there for young people to engage with, um, that I think you know, the the future is, is really exciting. Um, frankly a unit in computing education. So yeah, uh Di'.

Diane Dowling:

Yeah, well just just to pick up on that. So for the teachers out there that are listening to this podcast now. Where's the like, the number one place to go to to start to find these resources to engage our young people? So, you know, if you want to just recommend one website, where would you, where would you send them?

Claire Walden:

Uh for me, it would be the southeastcyber.police.uk/teachers page. Because we have got, from that there's a hyperlink to an educational resources page which is drop. Um sorted by um key stage for the UK. Um, but yeah there's loads of resources on there that we've linked that we think are pretty good. Either at sort of improving like coding skills or whatever but also just around online behaviours and ethical use of computing. Um, not just around the computer misuse act but we just figured that the more we can promote good online behaviours the more that will roll out into general behaviour online. Um, but we've also got a training and skills page on there as well, um that you can jump to so there's quite a few bits on there.

Diane Dowling:

Super and what about you Nik where where's the number one place you're going to send them?

Nikolaus Kelsey:

I'm going to send them to the NCSC page and say Google, search Cyber First. Read about the the competitions on there, you know that are fantastic the National Girls Competition where we have national finals and I'm not going to tell what the prizes are because it happens in about 2 weeks and I don't want to ruin, uh that on the national scale. But there's all sorts on there. There's resources. There's programs that are linked to the the nearest Cyber First region. You know, and you can reach out there. It's just full of great points to start off. Um, I've got multiple hats up. So I'm not going to talk about the other options because it is your spoiled for choice now, and it's so lovely to see. You know, like the stuff that you work on Diane. You've got the other side the NCCE resources, you've got all sorts available. But I'm going to say from my perspective, go to Cyber First uh, and look at what's going on there.

James Robinson:

Thanks both and we'll make sure that there's links to those in the show notes. I'm going to ask we're coming to sort of the end of our time but I'm going to ask one kind of, a different question. Which is I thought it was really interesting a little while ago in the c onversation we were talking about the diverse nature of this sort of field, in terms of who can come into the field. And it struck me that that feels like a benefit that is maybe, is a side benefit. Working with a real variety of individuals. So I'm just curious are there other benefits apart from like the kind of uh, challenging and enriching career and exciting opportunity. Like what are the other benefits to like working in cybersecurity?

Claire Walden:

Well, I would say it's a constantly evolving landscape so there's constantly new challenges out there. Um, which is fantastic it keeps keeps us on our toes certainly working in policing.

Nikolaus Kelsey:

No, I would entirely echo what Claire said there. You know, I talk, you know Cyber First and the NCSC is full of people that have been there for a long time. When we work with GCHQ there's people who've gone in at like 18 and they're still there now in their 50's and beyond. And they'll tell you themselves when they went in and what they were doing back then, is completely radically different to what they're doing now. And what they think they're going to be doing in 5 years they don't even know yet. You know where it, it's something which is evolving on a global stage. Uh, you know, the emergence of AI is going to be a really interesting challenge and a big win, it already is and you know through... It makes makes me laugh, and we're doing a podcast now I'm sure there's, we could use the audio recording of any of us and create a speech bot which sounds exactly like us and use...

Claire Walden:

Yep!

Nikolaus Kelsey:

use it to to phish people. You know, so that's, it's that exciting. You know, you're really at the cutting edge. Um, but beyond that there's also from a personal point of view there's that personal safety, there's that protection. You learning about threat in a wider context which is kind of what we're saying we want for all children to have as well. So it's uh, yeah, it's a, it's evolving and not many careers do that. Some careers can be monotonous. I remember a long time ago at 18 years old. Um, I went into a position in manufacturing and I sat down in a with a guy who I think saved my life. And he said I will give you a job today, but you're going to make the same component every 60 seconds. You're going to do 60 an hour for 8 hours a day for the next however many years until you retire. Is that what you want or do you want to go and do something different? And I stood up and left that office and I've never looked back. And you know, and it's very true. And and my career changes week to week. You know, what's coming out more like exciting opportunities and I think that is, that can be quite unique in certain sectors. I mean tech is, it has this sort of thing this screw and bubble. I mean, you know we're all former teachers and we're now, you know, you guys are working for an amazing producer of computer components who are now investing themselves into education and really caring about the community. I mean who would have thought that? You know, so it is, that's exactly where we want to be, I think the tech and cyber in particular has that.

James Robinson:

Well, I think I'm sure I don't know about you Diane, but I think we could probably continue talking for another hour if not more. But we should probably draw a line under things. Um, just to give our listeners a little bit of a break really, um, but yeah, so thank you so much, to our guests, Nik and Claire for sharing their time and experience and expertise. And we'll be back in a couple of weeks with another exciting computing topic, uh to explore with the help of our guests. If you have a question for us or a comment about our discussion today, then you can email via podcast@helloworld.cc or you can tweet us @HelloWorld_edu. So Di' what did we learn today?

Diane Dowling:

Well I don't know even where to start James. So I think my number one fact. My number one takeaway fact is that over 50% of crime is now done online. I think that's staggering. Um, I knew it was high. I didn't realise it was that high and then following up on that obviously is the age of the people as well the fact that you know, younger and younger people are getting involved in that. And the fact that they don't necessarily know that it's criminal acts that their committing. But I think that was quite staggering, and then the other thing I think was just this, I just thinking am I too late to embark on a career in cybersecurity. Because I think for someone who's like always kind of wanting something new and a new challenge. It sounds absolutely fascinating. Anyway, James. What about you? What did you learn?

James Robinson:

Well probably too late I've learned maybe not to admit my misdemeanours on a public broadcast.

Diane Dowling:

[Laughter] Too late!