UK students breaking into their schools’ networks sounds like a problem and, in some ways, it is. But it also shows curiosity and persistence – the traits that make the best defenders. With the right guidance, today’s young hackers could become tomorrow’s cybersecurity professionals, the kind of talent the industry is missing.
Recent reports of pupils breaching school IT systems highlight both the fragility of defences and the mindset that could strengthen them. As someone who started out in ethical hacking, I know the value of that mindset. Qualifications provide structure, but real learning comes from tinkering, breaking things, and then rebuilding.
My own career began with red team engagements, where success depended less on textbooks and more on creativity, adaptability, and learning by doing. That’s why, given the choice between a certified expert and a self-taught hacker, I’d hire the hacker every time.
Closing the cybersecurity skills gap with AI
The UK faces a critical cybersecurity skills shortage. Half of UK businesses admit they lack basic cyber skills, with 49% struggling to set up firewalls, manage data securely, or detect malware. At the same time, attackers are becoming more inventive and already arming themselves with the same AI tools that defenders are still learning to master.
This shortage cannot be filled by qualifications alone. Automation is already taking on repetitive tasks such as monitoring and triage, freeing human teams to focus on higher-value analysis and decision-making. Far from eliminating jobs, AI is reshaping them. Tomorrow’s defenders must combine technical expertise with adaptability and critical thinking – qualities no certificate can guarantee.
Why mindset matters
With automation handling the basics, curiosity has never been more important. AI can generate code, summarise threat reports, and even pass professional exams from top schools. But tools alone don’t solve problems – people do. The differentiator is how quickly someone can adapt when new threats or technology emerge. Cyber professionals who experiment, question assumptions, and learn by doing will always be better prepared than those trained only to follow a manual.
This is why the instincts of young school hackers matter. Left unchecked, they could become part of the problem. But if nurtured in the right environment, they could form a new pipeline of cybersecurity experts at a time when the industry desperately needs them. Treating them purely as troublemakers risks wasting talent that could instead strengthen defences.
Creating the right pathways
The responsibility doesn’t just lie with schools or parents; it rests with the industry, too. Businesses, government, and universities need to create clear pathways that take natural curiosity and channel it into legitimate opportunities. That could mean internships, training programmes, or ethical hacking competitions where students can sharpen their skills in a safe environment. These initiatives give young people a positive outlet and help organisations spot talent early.
By offering these opportunities, the industry can show students that cybersecurity isn’t just about breaking systems, but about protecting them. For many, that realisation can be transformative, turning a pastime into a purpose. It proves curiosity isn’t a threat in itself. When guided responsibly, it is one of the most valuable traits a defender can have.
Building future-ready teams
To seize this opportunity, organisations must rethink what makes a good hire. Credentials still matter, but they should be weighed alongside evidence of problem-solving, experimentation, and resilience. These are the traits that will make the difference when AI reshapes the threat landscape.
Cybersecurity has always been a race to stay ahead. Attackers are endlessly creative, and defenders must be just as resourceful. The students probing their school networks are a reminder that the next generation has that inventiveness in abundance. The challenge is not to ignore it, but to harness it and build a future where defences are driven as much by curiosity as credentials.
Stephanie Aceves is the senior director of product management at Tanium
Read more: Why firing for AI speed can cost your business more than it saves
