After spending 15 years protecting Navy networks and witnessing the massive cybersecurity skills gap firsthand, I knew we had to start earlier. Much earlier. Not in college, not in high school—we need to be reaching kids in elementary school.
But here's the challenge: most cybersecurity curriculum is either dumbed-down "don't talk to strangers online" content, or it's overly technical material designed for adults. Neither approach actually works for 5th graders.
So we partnered with NEAAAT, a STEM charter school, to build something different. Here's what we learned in the process—and what we're building as a result.
The Problem with Most Cyber Ed for Kids
Walk into most schools teaching "cybersecurity" to elementary students and you'll see one of two approaches:
- Fear-based safety talks: "The internet is dangerous. Don't click anything. Never share personal information." This creates anxiety without empowerment.
- Watered-down technical content: Surface-level explanations that don't give students real understanding or applicable skills.
Both miss the mark. Kids are already online. They're using apps, playing games, watching videos, and messaging friends. We can't just tell them "be careful"—we need to give them the knowledge and tools to navigate digital spaces safely and confidently.
What We Built Instead: Competency-Based, Hands-On Learning
Our curriculum is grounded in three core principles:
Our Design Principles
- Competency-based mastery: Students demonstrate "I can" statements, not just recall facts on a test
- Hands-on, kinesthetic learning: Act out packet routing, physically sort phishing emails, build network diagrams
- Family engagement: Every lesson connects to home, teaching parents alongside students
Real Example: Teaching How the Internet Works
Instead of showing slides about packets and routers, we run a Packet Relay. Students become the routers. Index cards become data packets. They physically pass "packets" from client to server, experiencing delays, dropped packets, and out-of-order delivery.
"When we added a 'network delay' where one router had to wait 5 seconds, the kids instantly understood why videos buffer. That's learning you can't get from a textbook."
After the activity, students can explain—in their own words—how data travels across the internet. That's mastery.
Why Competency-Based Assessment Matters
Traditional testing asks: "What is a strong password?" and kids check a multiple-choice box. Our approach says: "I can create a 4-word passphrase that takes 100+ years to crack."
Students then actually create one using our diceware activity, test it on HowSecureIsMyPassword.net, and screenshot the results as evidence. That artifact goes in their portfolio. At the end of the quarter, they present their portfolio to demonstrate growth.
This approach:
- Shows transfer of learning (can they apply the skill in real life?)
- Builds student ownership and metacognition
- Creates tangible evidence for parents, teachers, and future employers
- Aligns with Carnegie's competency-based model (our pilot partner's framework)
The Missing Piece: Family Engagement
Here's what we realized early: if we teach kids about strong passwords but their parents use "password123," nothing changes at home. Digital safety can't be siloed to the classroom.
So every unit includes a Family Challenge:
- Week 3 (Passwords): "With your parent/guardian, enable 2FA on one account you both use."
- Week 7 (Smart Sharing): "Complete the Family Wi-Fi Safety Checklist together."
- Week 15 (Home Networks): "Find your router, locate the password sticker, and check when it was last updated."
Parents sign off that they completed the activity. We're not just educating kids—we're educating entire families.
What's Next: Scaling Beyond Our Pilot
We're currently piloting Quarters 1 and 2 with 200+ 5th graders at NEAAAT. The feedback has been incredible—both from students ("This is the coolest class!") and educators ("Finally, cyber content that actually works for this age group").
Our goal for 2025:
- Complete the full K-12 curriculum (Quarters 3-4, then expand to other grade levels)
- License the curriculum to 10+ schools nationwide
- Build a Train-the-Trainer program so educators can deliver this content confidently
- Create an open-access resource library for under-resourced schools
Why This Matters for Equity
The cybersecurity talent gap is real—there are hundreds of thousands of unfilled cyber jobs. But the pipeline is broken. Most kids from underserved communities never even know these careers exist, let alone have access to the education that prepares them for it.
By starting in elementary school, in under-resourced charter schools and public schools, we're creating pathways where none existed before.
A 5th grader who learns about red team vs. blue team, who gets excited about ethical hacking, who sees cybersecurity as accessible and interesting—that student now has a completely different future trajectory.
That's the equity gap we're closing. One classroom at a time.