Cyber security begins at school
Students learning cyber security best practices could be better equipped in the workplace


Cyber attacks can be one of the most damaging things that can happen to an organization. Whether it’s a data breach or ransomware, falling victim to an attack can be extremely costly and disruptive, so knowing how to react to an attack is as important as knowing how to prevent one.
RELATED RESOURCE
Despite this, businesses continue to struggle with keeping employees engaged with cyber security training. With adults apparently not grasping the importance of cyber security skills, there is a growing argument for introducing them while people are still at school, to ensure no one joins the workforce unprepared for the threats they may face.
In this episode, Jane and Rory speak to Matt Lorentzen, principal consultant at information security consultancy Cyberis, to explore how we can effectively instill cyber security best practices through the education sector and why simulated attacks could be an effective method through which common attack vectors can be taught.
Correction: The report cited at the start of this episode was incorrectly attributed to Freshworks, when it was in fact published by Fortinet.
Highlights
“From a student's perspective, I think people are interested in cyber security as a career. And as I said, I've worked in schools so I know that students are very interested in trying to break things. They are interested in the nuts and bolts, and it kind of appeals to that rebellious nature.”
“The benefit of being able to compromise a school environment for essentially deploying a ransomware attack is that that data is really important. And the disruption to that is quite an allure for attackers. And so we have seen, certainly in the last three years, this rise in schools becoming compromised and attackers using the data that they have access to as a blackmail tactic, essentially, to try and get schools to pay out.”
“You're kind of educating the future workforce by proxy as to the challenges and threats that they face. And as I said, those threats will not change as they emerge out of education and come into the workforce. Because, as I said before, the technologies and the platforms that you see in the workplace are pretty much identical to schools.”
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Read the full transcript here.
Footnotes
- What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
- The ITPro Podcast: How can we stop insider theft?
- Harris Federation disables students' emails following ransomware attack
- Fortinet 2022 Cybersecurity Skills Gap [PDF]
- Cyber security certification vs degree: Which is best for your career?
- (ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
- Stories from the front line: The secrets of the Red Team revealed
Subscribe

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.
-
Bigger salaries, more burnout: Is the CISO role in crisis?
In-depth CISOs are more stressed than ever before – but why is this and what can be done?
By Kate O'Flaherty Published
-
Cheap cyber crime kits can be bought on the dark web for less than $25
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
By Emma Woollacott Published
-
Four-day weeks and Nadella's AGI skepticism
ITPro Podcast As the Microsoft chief casts doubt on ultra-advanced AI systems, a famous security blogger has fallen victim to a classic attack
By Rory Bathgate Published
-
Creating space for women in tech
ITPro Podcast Tech's huge gender divide can only be tackled with more welcoming, proactive sectoral efforts
By Rory Bathgate Published
-
What is the EU's AI plan?
ITPro Podcast As the EU moves to enable AI innovation, it could end up striking the perfect balance between regulation and public support – especially as US AI laws become more complex
By Rory Bathgate Published
-
The trends we’re watching in 2025
AI for security and sovereign cloud could be top driving forces in the coming year
By Jane McCallion Published
-
The 2024 that didn't happen
These are the megatrends of the year that failed to materialise
By Jane McCallion Published
-
What DORA means for business
ITPro Podcast Stringent requirements for third party monitoring and ongoing resilience testing could help put businesses on the best track for security
By Rory Bathgate Published
-
Can the four-day week work for tech?
ITPro Podcast As the four-day week gives Icelandic workers a boost, we also look at whether AI coding is up to scratch – and if OpenAI can keep its funding momentum
By Rory Bathgate Published
-
How to sell cyber security without the FUD
ITPro Podcast A trusted network of cybersecurity marketing professionals can help professionals cut through at the board level
By Rory Bathgate Published