Heather Monthie, PhD is an accomplished cybersecurity professional, leader, author, podcaster and mentor. Monthie has served as the Assistant Dean and Associate Professor in the College of Science, Engineering and Technology at Grand Canyon University in Phoenix, AZ. She has over 20 years of experience in IT, and in IT and computer science education at the K-12, undergraduate and graduate levels. In her role at Grand Canyon, Dr. Monthie guided GCU’s technology programs, including Information Technology, Cybersecurity, Health IT, Computer Science and Computer Programming. Under Monthie’s watch, the University’s IT-Cybersecurity Bachelor’s Degree Program received the covetous National Center of Academic Excellence in Cyber Defense Education designation from the NSA and the Department of Homeland Security.
Although STEM education has taken the forefront in the last 15 years, we still need to do a better job of regarding technologists not just as tech geeks but as people who can help change the world and solve significant world problems, says Dr. Monthie, author of “Beginner’s Guide to Developing a High School Cybersecurity Program.”
“Some people will say that their eight-year-old knows more about technology than they do. But the reality is, they’re really good consumers of technology. So I think that the shift needs to be from raising a generation of people who are very smart, talented and capable, but reason them in the way of becoming creators of technology versus consumers of technology.”
In this episode of Cybersecurity Unplugged, Monthie discusses:
- Building the cybersecurity program at Grand Canyon University and receiving the Center of Academic Excellence in Cyber Defense Education (CAE-CD) designation;
- Designing cybersecurity education for K-12;
- Heather’s prognosis for the future of STEM education.
CLICK HERE for a full transcript of the conversation.
Steve King 00:13
Good day everyone. I’m Steve King, the managing director at cyber theory and today’s episode is going to explore the current state of affairs in cybersecurity education. Joining me today is Dr. Heather monthy. An accomplished cybersecurity professional leader, author, podcaster and mentor. Heather’s been in cybersecurity computer science it and aviation along with STEM education for 25 years. She has served as the vice president Dean and Professor of it and cybersecurity at Grand Canyon University here in Arizona, and has served in leadership positions in STEM and CTE education in K through 12. As well as higher ed. Heather currently serves on the board of directors for the Arizona cyber initiative, a nonprofit dedicated to high school cybersecurity education. And she has served on Arizona Governor douces Arizona cyber team as a higher education representative and the co chair of the collegiate working group of the national initiative for cybersecurity education, aka nice. In addition, she’s worked with code.org to help train Arizona high school teachers in computer science. Heather’s bachelor’s degrees in computer science and has a master’s in computer science emphasis and a PhD in information technology. She also holds a certified cyber security systems architect certification. So without further ado, welcome, Heather. I’m glad you could join me today. Thank you for having me. Sure. Let’s start with Grand Canyon University, you you had a significant impact on the university’s success with the NSA and the depart of DHS, and you guys got awarded that prestigious national center of academic excellence in cyber defense education, that ca dash CD designation. How did you pull that off?
Heather Monthie 02:15
Yes, that was a large undertaking. That didn’t happen. It happened only with the help of a lot of really smart and talented people. You know, I was brought into GCU, about six years ago, to start up the Technology Division of their programs, they were interested in getting started in STEM, I had been working in STEM education for many years, and I gone into schools that had existing programs, and I was helping to reform them, you know, help them be much more efficient, have better outcomes, that kind of thing. The opportunity at GCU was really for me to take everything that I learned from coming into schools and helping you turn around their programs, and build something up, you know, from scratch the right way the first time. And so I knew that, you know, coming in to that role I had, I had two people on the team, I knew coming into that role that there was there were certain people and certain skill sets that I needed to build out in order to make that department successful. And one being you know, people who are very good and adept at understanding cybersecurity, but also understanding what accreditors and you know, what the NSA is looking for, and that kind of thing. And so you developing that program, you know, from from the from the ground up was required us to really fully understand exactly what NSA and DHS are looking for with that cae designation and then building the program to meet those needs. And then making sure that we’re staying on top of timelines and paperwork and deadlines and all that kind of fun stuff that goes with goes with applying for that. So, you know, I had a really, really strong team there that, you know, just was very dedicated to making sure that we got this designation, and they were very passionate about it. And with a lot of hard work and teamwork, we were able to make it happen.
Steve King 04:01
Now, but how long did the whole process take?
Heather Monthie 04:05
Well, you can apply for that designation once you have a graduate. So with a four year degree, you’re you’re you you develop a program, and you realistically you don’t have your first graduates until three to four years into the program, because oftentimes you’ll get you’ll get students who transfer into the program from other schools. So it’s not it doesn’t necessarily need to be four years. But then once you have that first graduate, then you can apply for that designation. And it’s about a year, year and a half on process after that.
Steve King 04:35
And do they review their curriculum and the syllabus and for all the coursework are correct? Yes.
Heather Monthie 04:41
So what they do is they they have a set of standards instead of their knowledge, skills, abilities, things that that need to be covered in your curriculum, and they give you a certain number of things that they say okay, these, these topics need to be covered in your curriculum, these are mandatory and then these are optional. So what you have to do is you have to take your curriculum and align it to that and say, Okay, if we’re teaching, you know, malware analysis, here’s where we’re teaching it. Here’s where we’re, we’re assessing it. Here’s the homework assignment, you know, that kind of thing. So we really have to align it for them. And then they come in, and then they review it and take a look at it, make sure that it meets their standards.
Steve King 05:20
Well, congratulations. That was hard earned for sure. Thank you. Yes, it was a lot of work. Yeah, how bad you know, what I’m doing over here with cyber Ed and one of our passions is trying to push cybersecurity or education down further than high school into the kind of K through 12. area. And you wrote a book, I think, titled, Beginner’s Guide to developing a high school security program, I think, yes. And that was what designed to help homeschool families and and high school teachers support support their children to learn more about cybersecurity.
Heather Monthie 05:58
Right. Yeah, so I wrote it because a lot of people were reaching out to me, I have a pretty strong background in K 12. I’m, I’m licensed in computer science to teach at the K 12 level. So I have a pretty strong background in K 12. And that’s where I started my education career I taught, I taught kindergarten through fifth grade computers, I taught five year olds how to use a mouse, and how to press Ctrl delete, to log on to the computer all the way up to, you know, teaching intermediate and middle school kids how to how to make websites and that kind of thing. And so over the years, I’ve had so many people come to me and asking questions, you know, we you know, cybersecurity is a hot topic right now, it’s much needed, there’s, you know, 3 million plus jobs open worldwide. So a lot of schools are starting to recognize that they need to build cybersecurity into their, into their courses or into their their offerings. But then, on the other side of that, too, is that they’re they’re also realizing that we need to teach 5678 year olds how to be safe online, and how to, you know, use technology safely, much like, you know, you know, when I was growing up in the 80s, you, the police department would calm and they would teach it talk to us about you know, being safe in the parking lot at the playground, and look both ways before you cross the street. Well, now, it’s a whole different world. So a lot of schools are recognizing that they need to teach kids how to be what they’re calling good digital citizens or having good cyber hygiene. But then also, how do we help start preparing them for careers in cybersecurity, so I had so many people reaching out to me looking for help. And so what I decided to do is just take what I know, and I put it down into a book, and I offer that up, you know, for people who are interested in learning more about how to develop a cybersecurity program at the K 12 level, I designed it in a way that it could easily be used by homeschool families who are looking to supplement their stem curriculum that they’re using in their homeschool curriculum. And also just, you know, parents who are like, you know, my kid has shown an interest in this, and I have no idea what to do or what kind of resources are out there. And so that’s that what I did is just put all that information together in a book to just to kind of say, Okay, here, read through this. If you need help reach out, let me know. And we’ll go from there.
Steve King 08:07
Yeah, that’s great. And I think that that description that you just made fits high school teachers, as well. And I that has occurred does to be one of the major sort of stumbling blocks about educating high school kids and and how to live safely in a digital world. Have you gotten pushback from teachers? Or have they been receptive,
Heather Monthie 08:30
teachers have been very receptive, they’re very interested. And I think the ones that are really interested in this are the ones that are getting the book, the ones that are reaching out to me, you I’m not forcing this down anybody’s throat at all, this is just if you’re, if you’re interested in doing this, here’s my experience and some of the research that’s out there that if you if you’re open and willing to listen or, you know, read and learn, here it is, I think that what happens is sometimes you anybody that’s worked in K 12 knows that teachers are very much overloaded, especially right now. And they’re trying to figure out, you know, how to how to keep learning happening during during the pandemic. And so when you know, their administrators or their principal, or Superintendent or somebody says, Well, we should be teaching cybersecurity, sometimes they look at it as, like, Okay, this is just one more thing that you’re adding onto my plate. And one more thing that I have to do, it’s been really positive for me, because, you know, the people that are finding the book, and the people that are reaching out to me, are the people that are, you know, yes, I’m ready to do this. You know, I know, it’s important that I’m ready to do this. So it’s been it’s been a wonderful, wonderful experience. Pete speaking with some of these with some of the teachers and the principals and superintendents and even parents
Steve King 09:37
know it’s good to hear in the context of fascinating Careers Out There you you’re also an FAA certified flight instructor and a commercial pilot with a instrument rating. And I understand that you also pilot unmanned aircraft as well. What What got you interested in flying and drones? Yes, yeah,
Heather Monthie 09:56
I know. It’s sometimes it seems like it’s a little disjointed, but when I was in kindergarten, I took a field trip through my school, we went to the local airport and I saw an airplane, just a little tiny two seater plane, land and take off, which I now know is called a touching go. And I was just hooked on I was like, I’m gonna do that someday I want to do this, this is so cool. I’m sort of a unicorn in the sense that most people that are involved in aviation, they have a family member who was involved with their dad, their Grandpa, their mom, their, you know, their grandmother, somebody like that. Whereas in my family, you know, I didn’t really have that. And so I took that went to that did that field trip hooked on aviation, you know, ever since I was a little kid, and I have fully intended on becoming an airline pilot. That was my plan. And so I started working on all the different readings. So the way flying works, it’s a little it’s a little backwards, where, you know, in many other careers, people will go out and they’ll have a very long and good career in something and then they’ll, they’ll say, Okay, I’m done doing that I want to go and teach. But with flying, what you do is you start out, you get your commercial pilot’s license, and then you go teach to build up hours before you go work for an airline. And so I got my flight instructor license, right around the same time I graduated college, when I got my computer science degree in the computer science degree was supposed to be the backup plan, in case something happened to my health or something like that. And I could no longer be an airline pilot. Well, this was right around the time I graduated college, I got my flight instructor certificate right after 911 happened. So what had happened with the airline industry is it tanked completely. And it didn’t come back for many years after that. So it was really, you know, I was in my early 20s. And I’m looking at this thing, okay, I need to figure out what my career is going to be. And I just need to pivot a little bit here. So I use the backup, backup computer science degree. And I’ve had a I’ve had a really good career as a result. And it’s taken me in a completely different direction than what I thought that I was going to take when I was a kid. But I love it. And it’s a wonderful hobby of mine. And I’m actually met my husband through aviation. So it’s been a it’s been a big part of my life since I was in kindergarten.
Steve King 11:56
That’s a great story. How did you get interested in computer science?
Heather Monthie 12:00
that’s actually kind of another funny story. My mother used to make me take summer school classes in the summer, not because I needed remediation or anything, but it was because she didn’t want me sitting around doing nothing all summer long. So she would register me for summer school classes. And the summer between seventh and eighth grade, I wanted to take a pottery class, and the pottery class was full. It was either that or I was the only person that registered for it. So they didn’t run it. So they they said, What is your favorite subject in school? And I said, well, math is my favorite subject. And she said the woman that was registering me, she said, Well, there’s this thing called computer programming that, you know, people who are good at math, they seem to be good at this. So maybe you might be interested in doing this, you’re going to learn how to make a video game on a computer. And this is back in the days of Oregon Trail. And you know, so I played that I’m like, Okay, well, I can do that. Now, that might be fun. And so I took a class in basic programming, it was that programming language, it was called basic, learned how to make a video game on the computer, didn’t think twice of it at all, like even just in high school. I just used a computer to write papers and that kind of thing. Never thought twice about it until I got into got into college and had another class when I was like, Okay, this is this is kind of fun. Like I kind of like this
Steve King 13:11
very similar background in that regard. And, you know, in back in my day, IBM used to used to give you a math test. If you pass the math test, you could become an assembly language programmer The next day, which is kind of what happened to me too. So okay, that’s interesting. What are you doing now with cybersecurity education? Are you still with Grand Canyon, and kind of bring me up to speed on what you’re currently up to?
Heather Monthie 13:38
Yeah, so I’m no longer with Grand Canyon University. I left there. Earlier this year, I’m taking a little different direction in my career, I’m working on a couple different things on the side. I’m working on part of the Arizona cyber initiative, which is a nonprofit that is developing boot camps for kids who want to learn cybersecurity and even teachers. And so I’m doing some consulting with some high schools, and potentially even some middle schools that are trying to develop cybersecurity programs in their schools and just doing some giving some support there as well. I am working in the aerospace industry in cybersecurity. So it’s really cool for me to be able to take my love of aviation and my love of cybersecurity and bring the two together. And so that’s my, that’s my full time gig. But then I’m providing some support to other schools outside of that. I’m also very passionate about cybersecurity education. So I’m working with some other groups as well to help develop, you know, develop programs develop courses, that, you know, cybersecurity is constantly changing. It’s constantly evolving. There’s so many new technologies that are coming out. And so we’ve got to be able to figure out the different cybersecurity implications with some of these newer technologies, and then we have to be able to train people on them. So I’m doing some work there as well to try to keep the profession going and educated and understanding you know, the implications of some of these newer technologies coming up.
Steve King 14:59
Yeah. That’s great. We’re launching cyber Ed and about a target launch date is June 30. So, you know, it’d be, it would probably be a good idea for you and I and our team to sit down and see how we can help each other in that regard. Yeah, absolutely. We haven’t talked anything at all about the sort of global situation. You know, we had colonial pipeline attack last Friday, and I’m sure you’re aware of all of that. What’s your take on kind of where we are from preparedness readiness point of view for attacks, like the one we saw on colonial on critical infrastructure?
Heather Monthie 15:39
That’s a very loaded question. I think that the people who are concerned, understand the reasons why to be concerned, and I think that the people who aren’t concerned might not just understand why they need to be concerned. I think anybody that’s worked in cybersecurity, for any length of time have seen this, you know, that, you know, by bio warfare attack on critical infrastructure, these are, these are the real issues that we need to be worried about. I think that sometimes with cyber security, it seems sort of, it’s very elusive to somebody, like they don’t understand it, they can’t see it, they can’t necessarily see it until it personally affects them. So they just don’t quite understand, you know, how big of a deal this really is. And so knowing that there are, you know, there are groups of people that are, they’re interested in attacking critical infrastructure and creating chaos and creating fear, you know, that’s the goal. So when we see things like what happened with colonial, that’s a real, real, real wake up call for a lot of people that, hey, this happened. And now we don’t have access to fuel, gas prices are going up. And it all is a result of an attack on, you know, on the pipeline, I’m hoping that this is a wake up call to many people to help drive the importance of cybersecurity with regards to critical infrastructure, even if you look at something like like that pandemic, like we don’t necessarily know exactly 100%, and I’m not a I’m not a I don’t study viruses and that kind of thing. But, you know, the technology is there to create these things. And it can it can affect it can affect the globe. And again, just create, create chaos, create panic. So I think that I’m really hoping that this is a wake up call for a lot of people that this is no longer just your Facebook account getting hacked. This is this is real life. And and this can this can affect it’s gonna affect people in some big ways. Yeah, I’m
Steve King 17:30
sure the folks waiting in the guest lines, and the Carolinas, probably have a different view of the world today than they did a week ago. Final question, Heather, I’m conscious of of the clock here, the US has fallen pretty far behind our adversaries. And in cyber security and artificial intelligence, machine learning and quantum research. The Chinese and the Russians both have issued global warnings, that whoever controls these technologies will rule the world. And they’ve invested significantly more in r&d, and, of course, steal all of our IP, in addition to that, what’s your prognosis for the next few years on a global scale?
Heather Monthie 18:10
You know, I’m gonna go, I’m gonna go back to education and training, because that’s where I think that this all starts, I think that STEM education has really taken a forefront in, in the education world in the last probably 15 years or so. And there’s a lot of effort to try to get kids interested in in STEM careers, and become creators of technology versus consumers of technology. You know, I think that you often hear you often hear that some people will say that their eight year old knows more about technology than they do. But the reality is, is they’re really good consumers of technology. So I think that the shift needs to be from, you know, raising a generation of people who are, you know, very smart, talented and capable, but really the reason them in the way of becoming creators of technology versus consumers of technology. So, you know, if they find a problem that they need to solve, how can how can you create a new technology to solve that particular problem? If you look at some other cultures, it’s very prestigious to work in the technology industry, it’s very, it’s very well regarded, much like we regard in our culture, you know, you know, physicians and and healers and, you know, business people very, very, very, you know, profound careers like that, right? That that shift needs to happen to, you know, okay, these are, these are very good careers. But these careers over here, these STEM careers over here are very, very good careers. They’re very lucrative, and you can help change the world, you can you can solve some pretty big, significant world problems just through the use of technology, engineering, and those sorts of things. So I think that that that shift just needs to happen from that, you know, that that paradigm shift needs to happen from looking at technology as something that we just consume, versus versus create.
Steve King 19:56
Yeah, and you know, positioning these fields as a You know, technology, engineering and math, for example, it can be off putting the folks that are sort of afraid of math, and maybe aren’t very good at it. But to me, you know, cyber security is a is a problem solving exercise. It’s like doing crossword puzzles in a way, right? I mean, so it exercises your, your mind if you’re in any kind of role within cyber security. So maybe changing the positioning of this to, to a problem solving exercise isn’t quite as freaky, as you know, like, hey, I want to study quantum mechanics, mechanics or quantum.
Heather Monthie 20:38
Right. And there’s, I mean, there’s absolutely a need for people that understand calculus and linear algebra and these kinds of things that in employment, applying them to physics and quantum computing, there’s absolutely a need for that, but there’s so many ways you can get involved in technology and becoming creators of technology and, and, you know, if you know, a little bit of algebra, you’re gonna do okay, and you know, with cybersecurity, I, you know, I always kind of stand there starting to kind of study this a little bit now to that cybersecurity is like, it’s like a treasure hunt, and kids that are really good at gaming, and you are very good at, you know, considering strategy and and, you know, looking at things from that from the bigger picture and making decisions, making quick decisions, and investigating that kind of thing. And so they’re saying, you know, there’s some research coming out now saying that, you know, some of these kids that these are going to be great, these are kids are gonna be great at cybersecurity, because cybersecurity is just that it’s, it’s, it’s investigating, it’s like a treasure hunt. And you’re just you following one clue to the next clue? And, you know, sure, you know, sure math is going to help with that, but it’s not the end all be all, they’re
Steve King 21:38
absolutely not. Absolutely, and we’re out of time today. But I think we did a pretty good job here of talking about the need for education and, and cybersecurity and, and hopefully, this will be intriguing to some of our listeners. And we’ll get more people involved here. So I want to thank you again, for taking time out of your schedule to join me and what I thought was a very nice exchange. And thank you to our listeners for joining us in another episode of cyber theories exploration into the complex world of cybersecurity technology and digital realities. Until next time, I’m your host, Steve King, signing out.