Hampton Roads gives us our mission.
We give back to Hampton Roads.

Every module starts with the real situation, then teaches the skill as the answer. No technical concepts. Storytelling, scenario cards, and group discussion throughout.

• Strangers online are still strangers. The threat: someone you only know from a screen wants personal information or photos. The skill: understanding that online friends who push for secrets or pictures are using a trick, and what to do when it happens. Group activity: "Would you tell a stranger at the mall?" scenarios mapped to online equivalents.
• What is personal information, and why does it matter? The threat: sharing where you live, what school you attend, or when your parents are away gives strangers a map to find you. The skill: knowing what is safe to share and what is not. Activity: students sort information into "safe to share" and "keep private" categories.
• When something feels wrong online, that feeling is right. The threat: predators use pressure, secrecy, and urgency to keep kids from telling adults. The skill: recognizing the feeling when something is not right and knowing that telling a trusted adult is always the correct move. Discussion: who are your trusted adults, and how would you tell them?
• Passwords are like house keys. The threat: sharing passwords lets people into your accounts the same way sharing a house key lets someone into your home. The skill: creating a password from a sentence, keeping it private, and never sharing it even with friends. Activity: students invent a strong password from a favorite sentence.
• Some things stay in the family. The threat: social media posts about where a parent works, when they are traveling for work, or what their job involves can be seen by people outside the family. For many Hampton Roads families this matters in a direct way. The skill: understanding that some information about home and family is private, even when it does not feel like a secret. Group discussion: what kinds of things do we keep just for our family? This module is framed around family privacy generally, with a brief age-appropriate note for military families that some work information is especially private.

Threats are named and explained. Students see what real attacks look like and practice identifying them. Group challenges, live demonstrations, and peer discussion throughout.

• Phishing: the attack that works because it looks real. The threat: a phishing email, text, or DM that looks like it came from a school, a game, or a friend is designed to steal your password or get you to click something. The skill: identifying the markers of a phishing attempt. Live demonstration using a defanged real phishing email. Group challenge: students compete to find every red flag before the timer runs out.
• QR code scams: the flyer in the hallway might be an attack. The threat: attackers place QR codes in physical spaces, on school bulletin boards, and in legitimate-looking handouts that redirect to credential-harvesting sites. This is actively happening in school environments. The skill: understanding that scanning a QR code is the same as clicking a link, and checking before scanning. Demo: students examine QR codes and predict destinations before scanning.
• What you send does not stay where you send it. The threat: once a photo or message leaves your device, you have no control over where it goes. Screenshots exist. Disappearing messages do not actually disappear. Content shared with one person gets forwarded to others without consent. This is the foundation of online image-based exploitation: someone has something you sent, and they use it to pressure you. The skill: understanding that digital content is permanent before posting or sending, recognizing when someone is pushing for photos or personal content as a warning sign, and knowing the correct response if it happens: stop responding, do not comply with demands, tell a trusted adult, and report to the NCMEC CyberTipline at cybertipline.org. This module is delivered with age-appropriate language in coordination with school counselors or administrators as requested.
• Social engineering: hacking people, not computers. The threat: attackers manipulate people using urgency, authority, and trust, not technical tools. Group exercise: students receive a scenario and must identify whether they are being manipulated and how. Discussion of real tactics used against students, parents, and school staff.
• Your digital footprint: what you post builds a profile, and that profile lasts. The threat: every post, photo, comment, and check-in is a data point. Individually they seem harmless. Together they reveal your location patterns, your relationships, your schedule, and your vulnerabilities. For Hampton Roads students, family posts about military deployments, base access, and job assignments create risks that extend beyond embarrassment. Posts made at 13 have shown up in job background checks at 22. The skill: auditing your own exposure, understanding that social media platforms are permanent record systems regardless of deletion, and thinking about the audience before you post. Exercise: students assess a fictional student's full social media presence, identify what an attacker, a recruiter, and a stranger could each learn from it, and discuss what they would change.
• Account security: passwords and two-factor authentication. The threat: reused passwords and missing 2FA mean a single compromised account opens the rest. The skill: creating strong, unique passwords and enabling 2FA. Live setup walkthrough. Discussion of what happens after an account takeover.
• Cybersecurity is a career, and it starts here. Hampton Roads employers in cyber, what the job actually looks like, and how students in this region have a head start. No requirement to be a "tech person." Introduction to CyberPatriot for interested students.

Specific threat actors, named TTPs, real incidents. Lab-style exercises, real tools on pre-approved demo environments. Aligned to CyberPatriot and CompTIA Security+ pathways.

• Threat actors: who is actually attacking us and why. Named groups, nation-state vs. criminal motivation, the difference between an APT and opportunistic ransomware. Case study: a real ransomware attack on a school district, what the attackers did step by step, what the school lost, and what could have stopped it. Discussion of why Hampton Roads is a specific high-value target.
• TTPs and the MITRE ATT&CK framework. How defenders categorize attacker behavior. Students map the school district case study to ATT&CK techniques. Introduction to how SOC analysts use this framework daily. Exercise: given an alert, identify the likely technique and stage of the attack.
• Image-based exploitation: the operation, the law, and what to do. The threat: financially motivated online exploitation targeting people aged 15 to 24 is one of the fastest-growing cybercrimes in the United States. Organized criminal groups run large-scale campaigns using fake profiles constructed from stolen photos. The pattern is consistent: initial contact on a gaming platform or social media, brief rapport-building, a request to move to a private video or image exchange, and immediate transition to financial demands backed by threats to distribute content to family, coaches, and classmates. Reports targeting teen boys rose 70% in the first half of 2025. The FBI has documented that complying with demands does not end them. Crisis resources and reporting procedures are provided as part of this module, and delivery follows safe messaging guidelines. The skills covered: recognizing the fake profile setup before it reaches the leverage stage; understanding why platforms, images, and contact patterns are the early warning signs; the correct immediate response if targeted (stop contact, do not pay, preserve evidence, report to cybertipline.org and local law enforcement, and tell a trusted adult); and the legal dimension that applies specifically to this age group: distributing intimate images of anyone under 18 is a federal crime, regardless of who sent them first or the age of the person distributing them. Students are not just potential victims in this area. They need to understand their own legal exposure as well. This module is coordinated with school administration in advance and school counselors are notified prior to delivery.
• OSINT: the two-way street, and why your past posts matter now. Attackers use open-source intelligence to research targets before attacking. So do recruiters. So do background investigators. A photo, a post, a comment from years ago can surface in a security clearance investigation, a hiring decision, or a targeting operation. For students pursuing careers at NCIS, NSA CSS, defense contractors, or military service in Hampton Roads, this is not theoretical. The SF-86 form for a security clearance asks about online activity and associations. Background investigators use the same OSINT tools attackers do. Hands-on exercise: Shodan, DNS lookups, WHOIS, and social media aggregation against a pre-cleared demo target. Students then flip the exercise, building a profile of themselves from public sources only, and assessing what a clearance investigator, an attacker, or a foreign intelligence service could learn. Discussion: what stays online forever, what can realistically be cleaned up, and what the standard is for people pursuing cleared careers in this region.
• Social engineering at scale: phishing kits, pretexting, and vishing. How professional phishing campaigns are built and deployed. Live examination of a phishing kit structure (sanitized). Pretexting scripts used in real vishing calls against help desks. Students practice identifying and shutting down social engineering attempts in role-play scenarios.
• Network fundamentals and what attackers see. IP addressing, ports, protocols, and the OSI model taught through the lens of what each layer looks like to an attacker. Wireshark capture demo on pre-approved traffic. Students identify normal vs. suspicious patterns.
• Introduction to ethical hacking and penetration testing. Reconnaissance, scanning, exploitation, and post-exploitation concepts. Legal and ethical boundaries, written authorization, scope limitations. What a real pentest engagement looks like and what the report delivers. Exercise: students work through a beginner Capture the Flag challenge with guidance.
• Career pathways: from this classroom to this field. CompTIA Security+ as an entry point. Navy Cyber Warfare Technician (CWT), Air Force 17D, and Army 17C pathways for students considering military service. NCIS, NSA CSS, and civilian defense contractor roles in Hampton Roads specifically. Virginia college programs. CyberPatriot as a direct pipeline. What salaries and growth look like in this field over a 10-year window.