1. Forum
  2. tqwNet
  3. TQW GENTECH

  • We need a cybersecurity curriculum taught by hackers

    From TechnologyDaily@1337:1/100 to All on Friday, May 01, 2026 11:00:31
    We need a cybersecurity curriculum taught by hackers

    Date:
    Fri, 01 May 2026 09:48:15 +0000

    Description:
    The cybersecurity industry has spent years talking about a talent and skills shortage. Turns out the talent and skills exist. It's just being recruited by the other side.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Dark web forums are now hosting resumes. Not from seasoned criminals now, from teenagers and recently laid-off tech professionals looking for work.

    At the same time, the global cybersecurity workforce shortage remains dire. ISC2 estimates theres a gap of 4.8 million cybersecurity professionals worldwide. The cybersecurity industry has spent years talking about a talent and skills shortage. Turns out the talent and skills exist. It's just being recruited by the other side. Article continues below You may like Strengthening cybersecurity in education through private sector partnership The cybersecurity boom hiding a growing privacy skills shortage Why modern cyber conflict is partly a global skills challenge Daniel Spicer Social Links Navigation

    CSO of Ivanti. Early influences and the path to cybercrime The skills I
    gained as a teenager, guided by mentors and a strong ethical foundation, ultimately determined which path I would take in cybersecurity. My curiosity was nurtured by industry professionals an opportunity not everyone receives. Without that support, my trajectory could have been vastly different.

    Statistics from the NCA are telling: the average cybercriminal is now just 17 years old, and the median age for referrals to their cybercrime prevention team is 15. Children as young as nine have been caught launching DDoS
    attacks.

    It starts small: chat codes, account takeovers, or DDoS attacks on rival gamers. A kid gets banned sometimes unfairly and retaliates. Others watch and learn, with techniques spreading quickly through Discord servers and private forums.

    Each successful exploit lowers the bar for the next one. The thrill of accomplishment, combined with peer validation, turns minor boundary-crossing into routine behavior. Desensitization grows slowly, then suddenly accelerates. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    Money isnt the primary motivation for young hackers at first. The NCA discovered that reputation and status within their online communities are
    what matter most. By the time financial incentives become important, habits and allegiances are already formed. We built this pipeline problem We trust that curious, technically skilled young people will find their way into legitimate security careers. We trust that credential systems and hiring processes will capture the right people.

    That trust is, to put it bluntly, failing. Measuring and assessing risk is a significant part of my job. I constantly ask myself: what systems and processes do we actually trust, and what happens when that trust fails? The same skills that make someone valuable to a security team make them valuable to criminal enterprises. What to read next The human cost of cybersecurity
    and what we should do about it The rise of the cyber hacker - does clout matter more than cash? Report finds cybersecurity workers feel underpaid, undervalued and overstressed

    The difference often comes down to which opportunity arrives first. Right
    now, threat actors are showing up earlier and with better offers. Pay people Criminal recruiters appear to understand one thing: young people with technical skills need money. Displaced professionals need money.

    Whereas companies set job requirements emphasizing certifications and
    degrees, and design hiring processes for candidates with conventional backgrounds. As a result, they overlook an entire generation of talented individuals simply because they dont know how to reach them or even how to communicate with them.

    Paid mentorship programs and early opportunities change the equation. Experienced security professionals including ethical hackers are needed for mentoring teenagers through structured curricula.

    Start early, during the teen years, when skills are developing and career paths haven't been set. Partner with schools to embed these programs directly into education. Pay the mentees too, so legitimate work competes with illegitimate offers.

    This isn't charity. It's a recruitment strategy. Why hackers specifically Social engineering and phishing are still the primary methods threat actors use to breach organizations. Defending against attackers requires people who think like attackers. That mindset doesn't come from textbooks.

    Ethical hackers who've spent careers probing systems understand how threat actors operate. They know the techniques. They know the psychology. They know which defenses actually hold up under pressure and which ones just look good in a presentation.

    A curriculum designed by people who've done the work legally transfers practical knowledge that traditional education misses. It also signals to young people that their unconventional skills have legitimate value. What we get from this Embedding mentorship into school programs and industry partnerships does two things:

    It creates a viable alternative to criminal recruitment. When a technically skilled teenager has a clear path to paid, legitimate work, the dark web job posting loses appeal.

    It also builds defenders who learned by breaking things. We need people who understand how systems fail, not just how they're supposed to work.

    Timing, mentorship and opportunity often distinguish a security researcher from a cybercriminal. The existence of this talent pipeline is not within our control; however, we have the opportunity to determine the direction in which it progresses. Criminal enterprises aren't moving slowly Every month we delay building our talent pipelines, criminal enterprises are filling theirs. They don't require certifications or degrees. They meet talented people where they are and offer them work and mentorship.

    We can do the same thing. Pay experienced hackers to teach. Pay young people to learn. Build curricula that transfer real skills.

    Or keep posting job requirements that filter out exactly the people we need. The skills exist.

    Where they end up that is on us. We've featured the best online learning program. This article was produced as part of TechRadar Pro Perspectives ,
    our channel to feature the best and brightest minds in the technology
    industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/we-need-a-cybersecurity-curriculum-taught-by-hac kers


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)