Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented IT experts channel their skills into high-paying jobs. This post explores the first part of that assumption by examining a breadth of open-source data.
The supply side of that conventional wisdom seems to be supported by an analysis of educational data from both the U.S. and Russia, which indicates there are several stark and important differences between how American students are taught and tested on IT subjects versus their counterparts in Eastern Europe.
Compared to the United States there are quite a few more high school students in Russia who choose to specialize in information technology subjects. One way to measure this is to look at the number of high school students in the two countries who opt to take the advanced placement exam for computer science.
According to an analysis (PDF) by The College Board, in the ten years between 2005 and 2016 a total of 270,000 high school students in the United States opted to take the national exam in computer science (the “Computer Science Advanced Placement” exam).
Compare that to the numbers from Russia: A 2014 study (PDF) on computer science (called “Informatics” in Russia) by the Perm State National Research University found that roughly 60,000 Russian students register each year to take their nation’s equivalent to the AP exam — known as the “Unified National Examination.” Extrapolating that annual 60,000 number over ten years suggests that more than twice as many people in Russia — 600,000 — have taken the computer science exam at the high school level over the past decade.
In “A National Talent Strategy,” an in-depth analysis from Microsoft Corp. on the outlook for information technology careers, the authors warn that despite its critical and growing importance computer science is taught in only a small minority of U.S. schools. The Microsoft study notes that although there currently are just over 42,000 high schools in the United States, only 2,100 of them were certified to teach the AP computer science course in 2011.
A HEAD START
If more people in Russia than in America decide to take the computer science exam in secondary school, it may be because Russian students are required to study the subject beginning at a much younger age. Russia’s Federal Educational Standards (FES) mandate that informatics be compulsory in middle school, with any school free to choose to include it in their high school curriculum at a basic or advanced level.
“In elementary school, elements of Informatics are taught within the core subjects ‘Mathematics’ and ‘Technology,” the Perm University research paper notes. “Furthermore, each elementary school has the right to make [the] subject “Informatics” part of its curriculum.”
The core components of the FES informatics curriculum for Russian middle schools are the following:
1. Theoretical foundations
2. Principles of computer’s functioning
3. Information technologies
4. Network technologies
5. Algorithmization
6. Languages and methods of programming
7. Modeling
8. Informatics and Society
SECONDARY SCHOOL
There also are stark differences in how computer science/informatics is taught in the two countries, as well as the level of mastery that exam-takers are expected to demonstrate in their respective exams.
Again, drawing from the Perm study on the objectives in Russia’s informatics exam, here’s a rundown of what that exam seeks to test:
Block 1: “Mathematical foundations of Informatics”,
Block 2: “Algorithmization and programming”, and
Block 3: “Information and computer technology.”
The testing materials consist of three parts.
Part 1 is a multiple-choice test with four given options, and it covers all the blocks. Relatively little time is set aside to complete this part.
Part 2 contains a set of tasks of basic, intermediate and advanced levels of complexity. These require brief answers such as a number or a sequence of characteristics.
Part 3 contains a set of tasks of an even higher level of complexity than advanced. These tasks usually involve writing a detailed answer in free form.
According to the Perm study, “in 2012, part 1 contained 13 tasks; Part 2, 15 tasks; and Part 3, 4 tasks. The examination covers the key topics from the Informatics school syllabus. The tasks with detailed answers are the most labor intensive. These include tasks on the analysis of algorithms, drawing up computer programs, among other types. The answers are checked by the experts of regional examination boards based on standard assessment criteria.”
Image: Perm State National Research University, Russia.
In the U.S., the content of the AP computer science exam is spelled out in this College Board document (PDF).
US Test Content Areas:
Computational Thinking Practices (P)
P1: Connecting Computing
P2: Creating Computational Artifacts
P3: Abstracting
P4: Analyzing Problems and Artifacts
P5: Communicating
P6: Collaborating
The Concept Outline:
Big Idea 1: Creativity
Big idea 2: Abstraction
Big Idea 3: Data and Information
Big Idea 4: Algorithms
Big idea 5: Programming
Big idea 6: The Internet
Big idea 7: Global Impact
ADMIRING THE PROBLEM
How do these two tests compare? Alan Paller, director of research for the SANS Institute — an information security education and training organization — says topics 2, 3, 4 and 6 in the Russian informatics curriculum above are the “basics” on which cybersecurity skills can be built, and they are present beginning in middle school for all Russian students.
“Very few middle schools teach this in the United States,” Paller said. “We don’t teach these topics in general and we definitely don’t test them. The Russians do and they’ve been doing this for the past 30 years. Which country will produce the most skilled cybersecurity people?”
Paller said the Russian curriculum virtually ensures kids have far more hands-on experience with computer programming and problem solving. For example, in the American AP test no programming language is specified and the learning objectives are:
“How are programs developed to help people and organizations?”
“How are programs used for creative expression?”
“How do computer programs implement algorithms?”
“How does abstraction make the development of computer programs possible?”
“How do people develop and test computer programs?”
“Which mathematical and logical concepts are fundamental to programming?”
“Notice there is almost no need to learn to program — I think they have to write one program (in collaboration with other students),” Paller wrote in an email to KrebsOnSecurity. “It’s like they’re teaching kids to admire it without learning to do it. The main reason that cyber education fails is that much of the time the students come out of school with almost no usable skills.”
THE WAY FORWARD
On the bright side, there are signs that computer science is becoming a more popular focus for U.S. high school students. According to the latest AP Test report (PDF) from the College Board, almost 58,000 Americans took the AP exam in computer science last year — up from 49,000 in 2015.
However, computer science still is far less popular than most other AP test subjects in the United States. More than a half million students opted for the English AP exam in 2016; 405,000 took English literature; almost 283,000 took AP government, while some 159,000 students went for an AP test called “Human Geography.”
A breakdown of subject specialization in the 2016 v. 2015 AP tests in the United States. Source: The College Board.
This is not particularly good news given the dearth of qualified cybersecurity professionals available to employers. ISACA, a non-profit information security advocacy group, estimates there will be a global shortage of two million cyber security professionals by 2019. A report from Frost & Sullivan and (ISC)2 prognosticates there will be more than 1.5 million cybersecurity jobs unfilled by 2020.
The IT recruitment problem is especially acute for companies in the United States. Unable to find enough qualified cybersecurity professionals to hire here in the U.S., companies increasingly are counting on hiring foreigners who have the skills they’re seeking. However, the Trump administration in April ordered a full review of the country’s high-skilled immigration visa program, a step that many believe could produce new rules to clamp down on companies that hire foreigners instead of Americans.
Some of Silicon Valley’s biggest players are urging policymakers to adopt a more forward-looking strategy to solving the skills gap crisis domestically. In its National Talent Strategy report (PDF), Microsoft said it spends 83 percent of its worldwide R&D budget in the United States.
“But companies across our industry cannot continue to focus R&D jobs in this country if we cannot fill them here,” reads the Microsoft report. “Unless the situation changes, there is a growing probability that unfilled jobs will migrate over time to countries that graduate larger numbers of individuals with the STEM backgrounds that the global economy so clearly needs.”
Microsoft is urging U.S. policymakers to adopt a nationwide program to strengthen K-12 STEM education by recruiting and training more teachers to teach it. The software giant also says states should be given more funding to broaden access to computer science in high school, and that computer science learning needs to start much earlier for U.S. students.
“In the short-term this represents an unrealized opportunity for American job growth,” Microsoft warned. “In the longer term this may spur the development of economic competition in a field that the United States pioneered.”
I always knew Russia was ahead of us, that’s been obvious for at least thirty years, I just didn’t realize how serious it was. We have the outlet of Silicon valley, while they’ve been dealing with their post-imperial collapse mafia state.
And look at the outcome it brought us this election cycle. Yikes.
Partially true. The statistics do not refer to “how many hackers does Russia produce” but to “how many individuals in Russia may be prone to an IT job”.
This means: there is a higher probability for a Russian child to have an IT job than an US one since the others are not so well paid.
Rationale:
– in the Civilized World (excludes Russia) you can make decent money out of other jobs, e.g. medical doctor or financial expert. No need to be an IT guy.
– Russia is a technology consumer and not producer. They are 100% dependent on western technologies and basically did not produce any processor, IT system, intelligent car, operating system, smartphone, digital camera. Nix, nada.
– As Russian exports depend over 90% over raw matter trading, they do not produce any advanced technology and their smart people are forced to work on repair (and ultimately hacking) services (their GDP relies over 90% on this car or technology repair services). Imagine a population of coal and ore miners and oil extractors that trade their goods on any shiny gadget you’re showing them. Of course they’re amazed by it and have the time to research it, hence e.g. the biggest hardware hacking forum (4PDA) in the world. The Civilized World works on producing things, Russia on consuming them.
– Hacking is not a job per se. It relies on having time to understand a certain technology, understand its normal rules and going around them. Nothing fantastic.
– I’ve met and had some discussions with some Ukrainian intelligence agencies (they are the best anti-Russian weapon). Basically they told me the “Russian hackers” are mostly young talented people that do not find a job and then are forced to work in the dark economy. Most of them hate the Putinist Regime and are humiliated by dumb rich oligarchs. If the Civilized World would find a way to get them out of there, there will be no Russian threat anymore. If this regime would be no more, Russia would be a free country. So sad, the world should be in digital danger because of a single individual.
– Russia has a single notable security company and that is Kaspersky.
– Russian hacking abilities are limited. Most of their exploits go around Microsoft Office and Adobe Flash, perhaps they are prepared by a limited set of individuals researching into these technologies. I would fear more the Chinese or Indian, they have more IT students.
– Exploits are discovered 10% from research and 90% from accidents. I would perhaps exclude fuzzing from here; NSA or CIA may have the upper hand in automated research and computing power. Therefore: if looking for the Russian hackers, you could find them around some military academies or programming companies. NATO have enough insiders in Kaspersky, so they would not be there.
It sounds like you have no idea what you’re talking about 🙂
See Yandex, Telegram, 1C, Kaspersky, GLONASS, or just the military industry in general.
The US is easily the biggest consumer state in the world.
You could add Pobeda,Lomo, Jiguli, Kamaz to the list of technology and the picture is complete. And perhaps the Mercedes that Tovarysh Putin is using. Or the cameras used to broadcast him on TV. Or the computers the SVR hackers are using, designed in USSRusia.
Could I add the transistor? No. The first computer in the world? No. Any famous medicine to save human lives? No. Stem cells? No. Space flight? Stolen German scientists. As the 2 watches the body looters hanging the Russian flag over Reichstag were having. Hmm… I smell a complete culture here.
@LOLSema
A pivotal means by which man went to space in the first place is thanks to Russian mathematics (State Space methods) that the U.S. “borrowed” in the ’60’s, moron!
Yandex can’t even manage a 50% marketshare in search in their own country:
http://gs.statcounter.com/search-engine-market-share/all/russian-federation
Yandex, the most notable Russian based tech company has a market cap of $9B (lets round up). Google made more than that in the last QUARTER with a market cap of $986B.
Telegram? lol, see here:
http://cdn04.androidauthority.net/wp-content/uploads/2016/05/whatsappstats.jpg
Telegram: 100M users
WhatsApp: 600M users
Facebook Messenger: 1.2B users
Tiny little 1C compared to the dozens of massive US video game companies? This isn’t even worth discussing, a complete joke.
GLONASS? You mean the Russian copy of GPS that launched their first satellite 4 (almost 5) years after the US?
>The US is easily the biggest consumer state in the world.
Of course! Because they can afford it! They have the largest GDP of any country on earth! (US 18T vs Russia 1.3T). US has 2x the population but 14X the GDP!
Sorry but Russians need to start really facing reality if they ever want the situation to change.
Russia is a gas station with Nukes. Don’t give them too much credit…
Sema, I take it you try to make a rule out of exceptions. Sadly said, Russia is a big consumer of technology and generator of none. Yes, US is also a big product consumer from China, but their economy relies on innovation and generate new products. Google, Apple, Microsoft, Oracle, IBM, HP, Volkswagen, Audi etc have nothing to do in their product design with Russia or China.
I used to work as an IT consultant in Russia for 2 years for a quite renowned financial institution. What I did not like and also found as an explanation for the overall country status was that people were blaming one each other and refused to cooperate. It was something like “I suggest not to do it and the reason is this…” or “It’s gonna fail and it will not be my fault”. Having something comparable with Silicon Valley will never be possible with this mindset, even with highly skilled individuals, it will take some generations to change a mindset. There is also a historical explanation: Russia switched from Middle Ages directly to Communism (and they’re still there) with little or no stopover in capitalism, therefore understanding the West might be a bit difficult for them.
LOL
I think that you are just another stupid ukranian lunatic .Who cant get his facts right .
Russia is a technology consumer and not producer – so is other 99 % of the countrys in the world .
Russian did not produce any processor, IT system, intelligent car, operating system, smartphone, digital camera – why do you need to invent a bicycle again ? But you can check – Astra Linux Os .Driveless truck manufacturer by Kamaz .Yotaphone 2 . Baikal CPU processor and so on.
Had discussions with some Ukrainian intelligence agencies – ha ha ha Gotcha . Im sure you mean the most corrupt intelligence agencie in western hemisphere .And yet they told you something that everyone else knew for the last 15 years Great Success . Now go and sell that priceless peace of information to your Masters maybe be they let you live a bit longer.
Russia has a single notable security company and that is Kaspersky. — Well again you cant get your facts right . Russian have more then one AV company – You forgot the Dr Web
Russian hacking abilities are limited. Most of their exploits go around Microsoft Office and Adobe Flash – Are you saying that from your personall expirience or Ukrainian intelligence agencie told you so lol /
It seems apparent that we have become the Eloi to the Russian Morlocks.
@Neal Rauhauser
Are you sure there is only one “mafia state”? How about the one that doesn’t educate its citizens, promotes status through the roof, and instead blows smoke up their behinds telling them how great they are? Or at least used to be in WWII, presented as the end of modern history…
So many ways to hack, so little time to do it. Here’s a fun question. What “if” we finally found a bulletproof way to preventing most hacking, certainly financial hacking. What would all those hackers in need of a “fix” do then? The Russian economy would suffer. The looney tune who runs North Korea would probably execute all his “failed” hackers (last sentence added for comic relief).
Just Googled the CIA, Israel’s Mossad, the UK’s MI6 (not the FSB) and found a 2011 Wired article on a certificate issuer being hacked. Some of the certificates were for domains owned by those agencies. It all ties in, everyone is connected somehow, ask the NSA about being hacked 😉
It’s pandemic and has been for a while but it’s actually getting worse (never say things can’t get worse – Bill Cosby comic routine from yrs ago).
So we should push US students to be more computer oriented/efficient. This will help stem the hacking tide but will also create more US hackers. Everyone will be hacking everyone else which will cause everyone to one up the other guy, self replicating I guess.
Mean while, back at the Bat Cave, I have avoided being hacked since my BBS days and later I got on the Internet (once Al Gore invented it). I do notice that I no longer see email scams to get into my computer but corporations and banks have become huge targets instead, follow the money I guess.
Thankfully Boris and Natasha are leaving Brian alone (they’re too busy stealing money) so he can inform us about the wonderful world of hacking. I missed the days when they only wanted to “kill squirrel and moose” :0
Everything Brian wrote is true, but there are other factors as well:
– Russians seem to possess an innate ability for chess, nuclear physics, and other technical subjects. Millennials and younger did not live through the space race when the Russians were the first many times, so they don’t know.
– In Moscow and St. Petersburg, Russians often take advantage of Americans in nightclubs by using an attractive woman to lure men back to an apartment where they can be robbed. Been there, almost seen that. Cyber-crime is simply the more intelligent version.
– Young Americans are far too busy worrying about the latest fat-butt celebrity than to study a difficult subject. And our educational system is a joke.
– Due to outsourcing and H-1B/L-1/B-1 visa abuse, many Americans who might otherwise have studied computer science have chosen other fields. This has been documented in a number of articles. Outsourcing and visa abuse started long before any IT shortages. I saw it in the early 1990s.
Brian,
There is an unwritten problem fueling the gap of cyber security professionals in the United States. That is the harshness in which the USDoJ pursues CyberCrime in young adults and those @ the age of, or in college. This is a turning point in their lives, that could lead to a CyberSecurity Star or blackhat for life.
To pinpoint a precise example, Daniel Placek, was one of the few that got a misdemeanor for his participation in Darkode. This was hailed as a “rare one in that it’s a beginning, not an end for someone.” — typically the USDoJ will pursue the charges at the other end of the spectrum and stick to them… even for potentially promising individuals who try to turn their life around after getting caught.
Following this path, there are (many) skilled coders and security experts that could have joined the light… but are now virtually unemployable because they have been labeled blackhats by the USDoJ. Given the difficulty to get legitimate career opportunities, what do you think will happen? My bet is they choose easy money and go back to what they know best. Or, they leave the country to put their skills to use for our adversaries.
My point is there really should be a path to redemption/diversion, granted I don’t know how it would work, who would manage it, the concept is simple… Permit suppression or deferred judgement of a subset of CyberCrime charges (including felonies) to give the defendants a chance to prove their value as a protector, thus giving them the opportunity to seek employment with fortune 50 companies in the USA who need their talent more than ever.
As a suggestion, “proving their value as a protector” could be attained by working with FBI Cyber for a specified period of time, before an evaluation takes place. Why would I suggest this? The FBI, has taken steps to hire a few people in this situation, but predominately lacks cutting edge CyberSecurity professionals even more than US Tech Firms.
Last October, I attended BsidesLA, a great, informal little conference, which the LA County District Attorney attends, and brings a few staffers. After the DA’s keynote, I asked his cyber-chief, what is done now to prevent future “pranksters” like Kevin Mitnicks from being prosecuted & jailed (5 years) by what I have sometimes termed the Injustice Dept.
This was a relevant question as Mitnick grew up in the 80s-90s in greater LA. His harsh treatment was noticed by many, and likely caused more than a few computer pranksers to don black hats.
Mitnick was admittedly out of control, broke into 40 corporate networks, but he claims he NEVER sought money or caused major trouble. Are today’s reckless teenage cyber-pranksters still treated as if hardened, criminal hackers.
I was mightily impressed by the answer: that every case is looked at individually, and that — when a teen hacker seems redeemable — the office tries to place him or her into a community service role which utilizes budding skills rather than driving them to the dark side.
I hope (and believe) the LA/DA is “walking the walk” as best he can, and that his attitude will have spread.
Jonathan
PS: Kevin has since written 4 excellent books, and built a cyber-security firm which has many institutional clients, including — the FBI who pursued and caught him in he ’90s !!!
Is this quote published anywhere?
Now that’s both amusing and scary. I used a fake email address, that of Bruce Schneier, to post the previous, as well as using TOR. And his photo appeared!
yeah that’s pretty much how Gravatar works 🙂
Back when I was in HS (late 90s), there were only 4 or 5 us in AP CS class. We all scored 1/2s on the exam except our Russian classmate who aced it and was already taking college classes. It didn’t help that our teacher was completely unqualified and we were still working on 8088s! We (the Russian guy and I) both went on to study CS at college together… he would bang out assignments in a single weekend while I would procrastinate as much as possible and then struggle to complete them on time; he was a very disciplined and self-motivated individual.
As far as the cybercrime aspects, I’ve always presumed it simply paid better and risk was low comparatively combined with the challenging nature. I’ve worked with Russian companies on outsourced IT projects and it tends to be fairly boring, straightforward work and they’re often competing with India for contracts…
The article is completely wrong. I have gone through the post soviet education of Computer Engineering and here is the reason, why so many hackers come from these countries:
1) For an ordinary human IT is the only social lift, as when IT lets you earn up to 3 000 USD cash monthly, other professions – barely $100 max.
2) There is nothing else you can do in your free time, besides drinking vodka, IT is the only way to connect with the outside world.
3) Education system is very weak and outdated, so mostly those, who come to get a formal IT education, started with IT on their own.
4) There is no innovation ever in IT, which originated from former USSR, all technologies cone from the U.S.
Only Linux allows me to stay away from alcoholism in Russia.
That’s truly interesting, as it’s only alcohol that allows me to stay away from Linux in the United States.
I concur. I am based in Romania, and I earn quite well as a network expert.
Thirty years ago, science education (especially mathematics) was still excellent. This was my foundation, as of many others that are now in their 40’s. But then we lived in a world free of distractions (no TV, no Internet).
Now, young people avoid science, except for one reason: IT is the only industry that pays much better. Nevertheless, it is still boring and too hard for many. Science education became a joke, because of very low salaries in education and many years of chaotic reforms, led by corrupted politicians. There is absolutely no reason for any vaguely competent guy to teach science and especially IT (would you do it if were paid the lowest salaries and led by corrupted directors?). The most of the talented guys teach programming themselves.
The second reason is the job market. We are at the supply end of outsorcing. Regulation is weak. We are required to do more, with less, and we became inventive for this reason.
But this is the white side. On the dark side, small crimes almost get unnoticed, and are not punished usually. Anyway, not as hard as in the US. And criminals do not usually do their stuff at home: their targets are abroad, so investigations are triggered externally (the local police is not bothered otherwise).
I’m not sure about what “top hackers hail from Russia” means. Those that get caught? Code authors? Perpetrators?
You want to “Dumb-Down” the Russian kids so they’re too stupid to hack? It’s easy:
1. Give them all mobile phones with unfettered 24×7 access to mind-numbing addictive Social Media.
2. In the few brief moments when the kids actually lift their heads up from their mobile phones, completely scramble their minds with something crazy like Common Core.
Done. Now you have a relatively harmless Lost Generation.
That is the whole idea! Thanks.
You’ve hit the nail on the head!
Yep, can be applied to any culture. May also use Xbox, PS4, etc.
Finally someone who realised the article was about education, not about hacking.
I got my skills because my mom tried to take away computer from me by all means. When she took away the monitor I had to understand how to connect the TV set to the computer. When she cut off dial-up modem cable I had to solder it. When we denied to pay internet bill I had to write compression proxy server offline, without internet connection, just remembering HTTP protocol from the top of my head.
So yeah, that constraints force people to circumvent them and to educate themselves.
As Anton has already written, in fact the IT education system is very outdated, with the exception of just a few universities, but high salaries attract so many people who are self-educated.
Brian,
Any response to Anton & scorp13?
What Anton and scorp13 is true, as well what’s Brian is saying. Russian school gives skills of problem solving, abstract thinking and algorithms. Subjects are taught in academic manner which allows to cover more in greater depth. Hands on skills are trained by doing 2-3 hour homework (for 2-34 subjects every day). Maths in Russia is at least 2 years in advance of US/UK: at 15-16 in Russia you learn what in US/UK will be taught at uni and only if you take advanced maths.
At the same time coding and internet is the only non-violent and way up the social lift or even way to earn living at all. So given the skills and social pressure people don’t have much choice and just become better at it.
This is most balanced and close to reality point in this thread. I can confirm vast difference of education approaches at early stages in Russia where I grew up, and UK where my son goes to secondary school now. College education is (was) good for general math, but not practical IT apart from a few best places.
One more thing to add though is the extremely good accessibility of IT stuff in Russia. Fast wired and wireless broadband is in abundance, and is dirt cheap. Plenty of cheap Chinese-branded hardware is readily available even in rural areas. And there’s still very relaxed attitude towards copyright and piracy, and laws are not really enforced. It means that entry price is very low – every kid on the block can have ALL the books and software to play with for free. It’s not that crucial now with all the open source and free online education movements, but it was an important factor back in my days.
I’ve responded to comments like this earlier, but as I stated in the lede of the story, this piece did not set out to examine ALL of the reasons so many hackers come from Russia. People saying oh this is all wrong because he didn’t talk about this or that in the story have missed the point.
Obviously, there are socioeconomic and cultural issues at play as well. I don’t disagree that much of the disparity has to do with the fact that there are few consequences for criminal hacking in Russia — particularly for those hackers who take care not to rob their own people. This is alluded to in the first sentence of the story. But the piece wasn’t intended to explain all of the issues: quite clearly it is just looking at the educational differences between the two countries on how they teach computer science. And yes you can say the same thing about math, logic and science, all of which can also help in a mastery of compsci topics.
Also, I think it’s important not to understate the impact of kids getting early (and deep) exposure to topics like computer science, which in many cases is crucial to a desire to learn more and eventually specialize in the subject.
A corrupt culture developed during the Soviet era, no punishment for the illegal activity if western targets are attacked, and fewer opportunities to use those IT skills to make a decent living.
Has the emphasis on IT always been as described? I recall, perhaps incorrectly, that in the very earliest days of malware Eastern Europeans we the preeminent producers of it.
“were the preeminent producers of it.”
I looked up the profile of a younger colleague of mine, a very good Russian developer we hired recently. Sure enough, he is a math major. Might not be the most representative survey but I think that with the CS education you’ve got a straw man, it didn’t matter before and it still doesn’t matter. Exposing kids to computer science topics can be done for a number of reasons. After all, this technology will play an important part in their lives, so they better know more than what’s obvious about it. But producing more computer experts IMHO isn’t one of these reasons.
Note that your analysis might also be built upon a false premise: it’s cannot be said whether Russian programmers really are better on average or whether good Russian programmers are merely more visible than the US ones. After all, a US company hiring will rarely see good US candidates because all of those already have a job and aren’t looking for one. Also, good US programmers are earning good money and are unlikely to engage in illegal activities. Russia on the other hand doesn’t have a Silicon Valley sucking up everybody who might eventually become a good programmer.
Quote from Brian:
“I think it’s important not to understate the impact of kids getting early (and deep) exposure to topics like computer science…”
I fully agree and from that respect, your article is right on target.
In my view, the major difference between the US and RU education system, and for that matter the former Warsaw-Pact countries, is the teaching of logical and critical thinking that’s lacking in the US. This includes all the teaching curriculum, not just compsci. Not to mention the practical application of curriculum and testing the acquired knowledge in depth.
BTW…
There are pretty good hackers in Romania as well. A former Warsaw-Pact country…
Absolutely exposure at a younger age is extremely important. My wife and I have been trying to push for both younger IT exposure and more female IT exposure at our children’s school. The girls have little interest unfortunately…which I believe is, mostly, due to their parents lack of understanding/pushing.
Add to this, the potential for making money. In the US we have a pilot shortage. Why? Mostly because the pay is so horrid, especially the first 10 years of a career. US Doctors are getting in shortage territory for the same reason. High paying career areas will generate interest at young ages.
So along with that earlier exposure to IT topics, the fact that they can jump to a higher quality of life drive more interest in the area.
Interesting assessment. Even with the idea that some of the comments make about how the educational system is weak and outdated, the fact that they even introduce the subjects at all at a young age is a major factor.
Informally here in the states and among people I know and talk to in the IT/Infosec world, I find most of us started at the 7-10 year old range if not sooner.
As far as the hiring issue goes though, it is not that we do not have the talent here in the U.S. but corporations get caught up in HR ideals such as degrees or certifications. From my own experience (and I have no degree), I found that higher education initially has a tough barrier to overcome, as it is usually repetition of prior teachings, the drill it in the head. the issue is that that same drilling in my case, had been going on for 4+ years (I did take the AP computer class and exam back in ’89 when it was programming based in Pascal). The cost of a 4 year degree where one does not feel they are actually learning is a bitter pill to swallow. Certifications can get expensive also depending on which ones you go for and if you are able to self study (Comptia, ISC2) or have to take a class (i.e. SANS).
In the end it does boil down to getting around the HR gatekeepers for a lot of jobs overall, let alone in the world of infosec (where HR really does not know what it is looking at or doing). I know many people who want to make the jump into the field but the barrier to entry for them is just something they have not been able to overcome. These are talented hackers who are self taught and therefore not always seen by the system.
I am not saying that the article is false by any means, but there is more that we do have to consider. STEM in schools is nice, but without the right curriculum, it won’t help.
Why would a High School\College kid go to any length to earn a technology degree when our government strives so diligently to give those jobs to international talent first. We are a sad nation and I hope it changes but I don’t see the blocks going into place to make it happen. “Learning is hard” is not the answer we should be hearing. “This generation is not teachable” is even worse and a sign of lazy GENERATIONS of educators. I love your columns Brian so keep pointing out the issues and giving answers even if they don’t want to hear it.
All of this brings up a larger question, and that has to do with whether problem solving skills are an innate ability, or whether they can be taught.
And part of it comes down to critical thinking skills. There are some in our society who don’t want children to have these skills because the children might then challenge other orthodoxies. The result is that a lot of children learn stuff by rote without understanding the how and why things actually work.
“Extrapolating that annual 60,000 number over ten years suggests that more than twice as many people in Russia “. Yes, but since the US population is more than 2X Russia, that suggests that a Russian kid is 4X more likely!
Back in the late 90’s while taking machine-code and assembler programming classes, the professor talked about how he felt that some of the best assembler language programmers were in Russia. He saw it coming. This article verifies it.
When I went to high-school along with the basic curriculum, we were taught vocational skills, metal shop, wood shop, auto shop, computing… There were also plenty of music and arts classes. Are we challenging our students enough today? Are we giving them a variety of options? Is the K-12 system too focused on prepping everyone for college?
Brian,
Was this article timed to coincide with that of your old co-worker’s at the Post today? Or was this post just serendipitously released?
No matter the coincidence, the two articles together paint a disturbing picture for the US over the next 20 years.
I agree that the early exposure to programming makes all the difference in the world, and allows for those more naturally inclined to code to begin the basics that much earlier in life.
Thanks for the education on this and all of your coverage!
I became very interested in comments, especially the difference in mentality in the comments. Anton said above that I perfectly understand that IT specialization is not the merit of some courses (that you understand – education in Russia is dead, like everything else except police and military industry), but this is a way to escape from reality in which nothing is remains except to drinking vodka (or some kind of very low cost booth).
In schools in cities with a population of one million+, so far (in 2017) there are computers based on the Pentium I 100/133 MHz (remember, the case with the button Turbo?). What can be the level of training on this mastodonts, they can not perform modern user programs – 100% protection from the attention of students.
I see how the propaganda of Russia works, if you write about some kind of competition, it makes me laugh. I write this message and try to protect myself from imprisonment, because in Russia jailed not only for denying existence of god, but for Tor. This is not a joke, visit https://freebogatov.org/en/ and you will see that Debian maintainer is jailed for a few moths.
The existence of an organization like Roskomnadzor (https://en.wikipedia.org/wiki/Roskomnadzor) contributed to the growth of the computer literacy of Russian citizens (and now Ukraine, because VK was blocked there). To visit LinkedIn, the user needs to know how to turn on Tor, VPN or Browser Turbo Mode – these are millions of users, not a bunch of geeks in the garage.
Now let’s talk about the most motivating – money. The average salary in Russia for 2017 is $355/month. Retail cost of the Windows 10 – $150. I think that you do not need to be a genius to understand that these people do not have the opportunity to afford a legal copy of Windows, hence the even more increasing computer literacy of citizens, because the OS needs not only to install, but also to crack. I as a man can say that the times when the girls were needed with this help also passed, now they themselves know how to install Windows … you understand me.
The salary of a good Linux system administrator is ~ $1110/month. The developer’s salary is $1650-2000/month or more. Do you feel the difference? From this it is obvious that working in Russia in 2017, not in IT, is equivalent to survival, in view of the dependence of the economy on oil materials. But after all, Russia is a very rich country, you probably wonder – where is all the money? Russia is building the most expensive sports facilities – the Olympic Games, 2018 FIFA World Cup for the sole purpose – to let foreigners dust in the eyes (if someone reads this and will attend the 2018 FIFA World Cup – refrain from visiting the Zenith Arena, you can die at this stadium, due to non-compliance with construction norms). The Russian government is an oligarchy that uses the police as a tool to suppress freedom of speech, and the courts to illegally put people to jail, such as Dmitry Bogatov. Are Russian citizens trying to fight this? Judge for yourself, the impeachment of Pak Kun He in South Korea was possible for corruption charges only for $78,000,000 (by the standards of corruption in Russia this is nothing), in Russia the investigation of corruption of Dmitry Medvedev scored 23,000,000 views on Youtube (https://www.youtube.com/watch?v=qrwlk7_GF9g) and the Russians have not received any answers.
Why this all and why so much politics? Above is a comment from Pessimistic Pete, which says that all these people are striving for IT because it is an opportunity to earn money or win a lucky ticket in the form of a job offer to the US/UK/EU/JP/anywhere except the CIS. And also that all these people would be sellers or lawyers in the US and I agree with him – it is the situation created by the Russian government that forces Russian citizens to increase their computer literacy, rather than any predispositions to mathematics or abstract thinking.
I hope for understanding and that I will not be imprisoned for this report.
> it is the situation created by the Russian government that forces Russian citizens to increase their computer literacy, rather than any predispositions to mathematics or abstract thinking.
I am from Russian and absolutely agree with this opinion.
I came to pretty much the same conclusions in my PhD, even though I did not really have the data to back it up. Now I do! Thanks.
Other important factors along with education might include high crime rate, and low income rate.
What I think most notable is the number and length of the comments on this topic and how so many of them are what I call the “yeah, but” variety. “Yeah, but” is what I commonly run into when people or organizations do not want to take responsibility for their poor performance. Of course the social, legal and economic climate are different in Russia and the U.S.; that’s hardly an excuse for the poor STEM performance of our education system overall.
Is alcoholism and poverty the only way to motivate students to get a better education? I think reforming our education system will do the job nicely, but you have to be willing to fight the forces opposing those changes and for the most part they are the educators and administrators, especially those who are unqualified to operate in the competitive STEM arena.
America has all the graduates in public recreation and political science it can possibly use, it needs scientists and technologists to compete in the modern world.
Is that Sputnik I hear beeping overhead?
Thanks for the article, Brian. Sputnik focused and inspired the US to do the hard work. My career has Sputnik to thank. Maybe these events will finally provide the current incentive that Sputnik did 60 years ago.
But the West is beating the Russians at Political Correctness. They may take all our industrial and military secrets and PII, but our liberal brothers and sisters can make them feel guilty about it. Now if they can just figure out a way to monetize political correctness for any but the professorate and journalists then our problems would be solved.
Education isn’t the only answer. Not too many of the top hackers I know are professionally trained.
Part of the reason is legacy: legacy infrastructure plus a lower standard of living forces programmers there to be “better” rather than just deploying sheer power to get the job done. This was particularly evident in the ex-military scientists.
Another part of the reason is economic: hacking is one of the more lucrative professions for a person in a poorer nation. Brazilians are also quite prominent from a skill perspective despite being even poorer and without the education.
A third part is a “mode of thinking”. IT people think they grok security – but the majority of them don’t. It really isn’t a function of technical capability or even necessarily education, it is a world view that looks at what isn’t vs. looking for the shortest path to achieve what “is”.
The last part is momentum. There are so many “success stories” from people making a good living being a hacker, that it spurs more people to get into it.
In contrast, first world students know full well that it is a lot easier to get into a top tier school and go MBA-bot/bankster.
What about the Russian FSB forcing kids to work for them? I know of cases where Russian hackers were forced to work for the Russian Intelligence or for criminal gangs. The what about organized cybercrime outfits working with/for the FSB and other Russian state organizations? In many former communist countries crime and state intelligence collude…
FSB forcing kids to work for them . Really ? And why do exactly FSB needs to force kids to work for them ?
As Brian stated in his arcticle Russia have alots of IT proffecionals so why force kids when you can hire a proffecionals ??
Slave labor dont give great results as we all know .
crime and state intelligence collude not only in Russian but all over the world its a global problem .
“‘Notice there is almost no need to learn to program — I think they have to write one program (in collaboration with other students),’ Paller wrote…”
When I took AP CS, I had to hand-write (i.e., in pencil) a Java program on the official AP exam, and had to do the same for in-class exams. No collaboration — though granted, it’s not as if it was particularly complex.
My thinking is that the fact that Microsoft handed over the source code to their operating systems to the Russians in 2003 and again in 2007 in order to gain market share there had something to do with it. It was supposed to be strictly controlled by the Russian Government, but we know that doesn’t mean a lot.
Education is the very foundation of a Civil Society – However, Quality of Education is not necessarily question of MONEY – There has to be fundamental changes in our APPROACH, APPRECIATION and ATTITUDE.
Finland, a small country (5.5 million people – Greater Houston – in an area of ½ of Texas) with a culturally homogeneous population, has one of the higher education levels in the world, ranking 1st and 2nd among middle school students in math, science, and writing – while US ranked 12th-15th. My high school (in Finland) was the same as the first two years in the US College. The US Higher Education (post-graduate) Institutions are excellent, however a large portion (and in some cases the majority) of the students are foreigners with their respective government sponsored funding. Who are we educating?
In my opinion, the following are some of the basic problems with our current educational system
• Schools should not be used for ‘Baby Sitting’ – the obligation and responsibility of raising children rest with the family unit, which unfortunately for most part is ‘broken’
• Why are the oriental children succeeding in our school system – appreciation for education and strong family value system
• As long as our basic education is funded with local property taxes, it never will be a national priority, and we will continue loosing ground to the other countries
• As long as we pay the garbage collectors more than (competent) teachers, our priorities continue to be in the garbage
• As long as ‘Social Standards’ require that everyone has to go through academically inclined High School and now even College, we have to continue to lower the standards – we lost the top long time ago, and we will never catch the bottom
• In the process, what are we doing to those students, who are not academically inclined (or interested at the time) – we destroy their self-esteem and totally de-value the trades, and then wonder where the welders, electricians, carpenters, mechanics, plumbers etc are.
• As a result of the college-push, we’ll end-up graduates working in call centers at $10.00-12.00/hour trying pay back their student loans
• All political and social factions (left, right and others) are fighting as to what the text books should contain, while forgetting what skills the students need to learn for today’s competitive society.
• Curriculum is created by those who are far removed from the 21st century technology, society and business/political environment.
• Teacher Unions are fighting for the protection of their members regardless the skill levels suitable for the high-tech and high-touch requirements for effective learning.
• The political correctness has reached some new lows, when elementary schools are required to show gay penguin movie to the students (Oakland, CA) without any parental opt-out provision, so that they would be socially adjusted – in other words some small activist groups are imposing and dictating their value system on everyone.
• Stalin said “ Give a child until age 6, and he is mine forever”
• Did you know, that there are only few text book publishers in the country, and that most of them have the following criteria (as an example) – Moses supposedly received the Ten Commandments, Jesus reportedly died for us and Quran IS the word of God. Think about the meaning of those subtle statements at early stage of one’s learning process.
Just a few thoughts
As Einstein stated: Education is not learning the facts, but teaching the brain the think.
If we leave aside political biases (and stereotypes) in the comment section, some of the points were missed out in the article.
Mathematical background that is given in Russian schools was advanced comparing to what my friends were learning in UK schools when I was graduating an ordinary Russian state school (not some private lyceum specialized on math/physics). Joining an institute (UK educational system), I could easily skip first two years of math lessons as they were covering the material of secondary school final years (aka Linear Algebra, Algorithms, Theoretical Geometry, etc.).
Talking about Computer Science – yes, it’s a social lift, as it’s a highly paid job currently in Russia, and there’s a constant deficit of developers, admins, and network experts on the market. IT sector is growing very fast for the last 15 years. On the scale of annual salaries, Moscow and St.Petersburg IT jobs on (Senior level positions) are pretty much equal to European average salaries.
Mentioning so trendy “Russian hackers”, It’d say that pretty much everyone would like to double/tripple their income. Bureaucracy and operations under different Legal system might cover those people who prefer to get “easy money” on cybercrime, rather then going on the career ladder in some big Russian IT holdings.
I have happened to work in the big company, making computers for USSR needs. Got really great background. What was actually being done – U.S. computers have been torn apart, software plain ripped, and all this put back together basing on own parts. Of very average quality. Yes, Russia has talent and anger to disrupt, that’s its key. It will fight damn hard to protect itself, and its most important influences. It lacks, however, in ability to create and exhaustively stand for the quality of make. Differs in attitude.
Most of all, I hate how world is turned into competition amongst aggressive empires, whereas it seemed, that peaceful cooperation is not only possible, but was way to go. With more and more powerful and sophisticated weapons, we proceed to great pointless destruction, in which there could be no winner, only total suffering. Support countries, that do not have ambition of global dominance – those are for the people of the world.
There are some important errors in the discussion of American computer science education above.
The AP curriculum criticized above is the new AP Computer Science Principles curriculum, which was introduced in the 2016-2017 school year to provide a broad introduction to computer science. This curriculum serves the same important purpose as the 101-style introductions do in the natural sciences. Physics starts with a broad introductory sequence instead of a mathematical physics course, so it’s quite reasonable for computer science to start with a broad introduction instead of a programming course.
The programming focused AP Computer Science A curriculum and exam still exists. Computer Science A is the exam which 270,000 students took over the last 10 years. AP Principles has been offered for only one year, and 45,000 students took the exam in its first year, which suggests that it can increase the number of US students pursuing studies in CS and IT.
You can find links to official information about both AP exams at https://apstudent.collegeboard.org/apcourse.