The demand for cybersecurity professionals continues to grow rapidly. The global estimate for unfilled cybersecurity jobs is about 3.5 million, including an estimated 750,000 in the United States. In addition to the need for cybersecurity professionals, all industries and organizations need employees to increase their technology and cybersecurity skills. As our world relies heavily on technology to receive information, purchase goods, and communicate, every individual is at risk of a cyber-attack in their personal and professional technology-based activities.

A critical component to developing cybersecurity professionals, as well as individuals with a more robust cybersecurity posture, is education and training. Over the past decade, there have been several initiatives to grow cybersecurity education. The development of the National Centers of Academic Excellence (NCAE) helped universities and community colleges develop cybersecurity programs that were nationally recognized. The work done by these NCAE institutions highlighted the gaps in computer science and cybersecurity courses within high schools. Only about 15% of U.S. public high schools have a cybersecurity course; this equates to only about 3.6% of U.S. public high school students who have access to a cybersecurity course.

While efforts have been made to introduce cybersecurity courses in high schools and provide opportunities for students, it's increasingly clear that high school is not the ideal starting point to spark interest in cybersecurity careers or engage students in cybersecurity topics and skills. To ensure a robust cybersecurity talent pipeline, educational opportunities must begin in middle and possibly elementary school. Middle school is a crucial time for children to explore potential careers and develop their interests, which can influence their future coursework. This underscores the importance of introducing cybersecurity courses and modules at the middle school level.

Although teachers, school administrators, parents, and other stakeholders acknowledge the need to offer cybersecurity courses and raise cybersecurity awareness for all students, many barriers exist to providing these courses and content at the middle school level. One significant barrier is the cybersecurity background, knowledge, and experience of middle school teachers and the fear of covering specific topics. To help address the background, knowledge, and experience of middle school teachers, there is a need to develop strong professional development for middle school teachers that is modular and replicable in schools.

During the summer of 2023, an 80-hour cybersecurity professional development was created for middle school teachers. The curriculum included critical components of cybersecurity, including ethics, careers, programming, risk, threat actors, and information security. In the following sections, we will look closer at the development of the professional development components, including curriculum, out-of-school activities, building a more robust cybersecurity posture, and teacher mentorship. This professional development helped to uncover the barriers and fears of teachers, school administrators, and students. The deliverables of the professional development include a replicable curriculum design for other middle school teachers, addressing barriers and issues in offering cybersecurity courses, and a repository of resources to help teachers enhance their curriculum.

Keywords: Cybersecurity, education, middle school, professional development, ecosystem, curriculum design, barriers.