Embracing the ‘Pedagogy of Error’ in Cybersecurity Education

Jeimy J Cano
Author: ISACA Now
Date Published: 8 August 2023
Related: Global Achievement

Editor’s note: Jeimy J. Cano M., PhD, ED.D, was recognized with the 2023 ISACA Educational Excellence Award for his inspiring educational work that empowers students to pursue careers advancing technology. Nearing 30 years of experience in cybersecurity, privacy, IT auditing and other related fields, he has been published more than 250 times in international journals and has been invited to speak at more than 100 conferences on security and control issues. Cano, along with each of his fellow Global Achievement Award honorees, was recognized at ISACA Conference North America: Digital Trust World in Boston in May. ISACA Now recently caught up with Cano to discuss his accomplishments, pedagogy and lessons learned throughout his career. To nominate an outstanding colleague for an ISACA Award, visit: http://isaca.secure-platform.com/a/page/awards/aboutawards.

ISACA Now: You have more than 27 years of experience in information security, privacy, cybersecurity and other related fields as an executive, professional and academic. What was it that inspired you to become an educator?

Education is a vocation. At home I had the example of my parents, who were educators for more than 35 years at different educational levels: elementary and high school. Their dedication and commitment to their work and their connection with their students inspired me to understand that teaching expands the vision of the world, finds new ways of knowing and, above all, maintains the essence of life, which is to learn/unlearn in order to learn again. To educate someone, as John Ruskin says, “is not to teach something to someone who did not know, but to transform him into someone who did not exist.”

ISACA Now: Why do you feel that it is important to empower students to pursue careers that advance technology? How do you seek to empower them?

Technology is a fascinating field where it is very difficult to say, “It can't be done.” It is a permanent challenge to explore, experiment and transform what is known. Particularly in security and cybersecurity, technology offers challenges to understand the dynamics of the adversary. From the essence of the inevitability of failure, it is viable to develop a more critical and systemic thinking that allows security/cybersecurity professionals, as well as IT auditors, to see beyond standards and best practices. “Thinking like the adversary, without becoming it, is the challenge my students take on,” which translates into the harmony of opposites.

ISACA Now: Throughout all your years of teaching, what is the biggest lesson your students have taught you?

The lesson I am always reminded of is that “we must abandon certainties in order to build from the challenge of uncertainty.” The deeper we delve into global instabilities and their challenges, the better perspectives and questions we can ask ourselves. It would be very sad to know that everything has been solved. Therefore, when we challenge current knowledge and explore different alternatives, we are opening up the possibility of seeing beyond what is known and, therefore, introducing something different.

ISACA Now: In what ways do you think educational institutions can better support students who are interested in cybersecurity and other IT-related fields?

In my country I have seen multiple initiatives in this regard: government scholarships, partnerships with suppliers, competitions, hackathons, among others; however, I would think that we should connect better with the expectations of the students, recognize their previous knowledge, analyze their interests and above all, create a psychologically safe environment to explore their skills and capitalize on their potential. That is, to develop a scenario that privileges diflexive pedagogy1 to develop students’ abilities to:

  • Observe a known or emerging situation
  • Question and interrogate their previous knowledge
  • Create an open and flexible learning space
  • Integrate knowledge in the learning hub of each session class
  • Connect the new/disconnect the known

ISACA Now: What role do you hope academia will play in the future of cybersecurity and IT education?

The academy must maintain and motivate curiosity, expectations, challenges and adventures that arise when uncertainty manifests itself from the inevitability of failure. In this sense, motivate the pedagogy of “error.” That is, understanding the “error” as part of the process and not as a result is what makes it possible to create cybersecurity and IT professionals open to constantly learn, to let themselves be questioned in their previous knowledge and to maintain a proactive stance in the face of adversaries’ challenges. It is to show a training path from uncertainty to surprise the adversary on his own ground and to appropriate uncertainty and the unknown as raw material to realize their practices and capabilities to defend and anticipate latent and emerging threats.

Notes
1 Cano, J. (2023). Diflexive pedagogy: An educational proposal to create learning hubs in the classroom. 2023 IEEE World Engineering Education Conference (EDUNINE), Bogota, Colombia. pp. 1-5, doi: 10.1109/EDUNINE57531.2023.10102875