Cyber Security and Scams

CM-TECH

CADE MOORE POLYTECHNIC INSTITUTE

Sponsored by The Cade Moore Foundation, a 501(c)(3) Nonprofit

Minor in Security Studies

Cybersecurity, Geopolitics, and the Human Element

Core Curriculum - 2026 Edition

"Real skills for the real world."

Executive Summary

This webpage is an overview of CM-Tech’s academic minor, a Minor in Security Studies with a concentration in cybersecurity. In keeping with CM-Tech’s polytechnic philosophy of doing fewer things with exceptional depth, this minor is designed to be fundamentally unlike any cybersecurity program currently on the market.

Most cybersecurity programs focus narrowly on technical defenses: firewalls, encryption protocols, penetration testing, and compliance frameworks. Many charge exorbitant tuition and fees for knowledge that is freely available through quality open educational resources. This program takes a radically different approach. We teach the full picture: the technical foundations, yes, but also the geopolitical context, the root causes of cybercrime, the human psychology that makes social engineering possible, and the long-term existential threats like quantum computing that will reshape information security in the coming decades.

Our learners will understand not just how to defend systems, but why attacks happen in the first place. They will study the scam economies of Southeast Asia and learn that many of the people conducting those scams are themselves victims of human trafficking. They will examine how the legacy of war—unexploded ordnance, Agent Orange contamination, genocide—creates the conditions of poverty that make cybercrime an attractive (or coerced) occupation. They will study how nation-states weaponize cyberspace not for money but for strategic intelligence, and why the ultimate defense against such actors is improved diplomacy, not merely longer passwords.

Critically, this program prioritizes free and open-source learning materials. We draw from MIT OpenCourseWare, the Open Textbook Library, NIST publications, and other high-quality openly licensed resources. Our goal is to prove that a cybersecurity education can be both better and cheaper than what is currently available, and accessible to learners who may not already be tech wizards.

What Makes This Minor Different

Cultural Competence as a Core Competency

Traditional cybersecurity programs treat the adversary as a faceless “threat actor.” We treat them as human beings operating within specific economic, political, and cultural contexts. Our learners will develop the cultural competence to distinguish between a desperate worker in a scam compound in Southeast Asia who was lured by a false job advertisement and a state-sponsored advanced persistent threat group operating out of a nation’s military intelligence apparatus. These are fundamentally different problems requiring fundamentally different solutions.

Root Cause Analysis

We teach that cybersecurity is ultimately a human problem. The long-term solution to poverty-driven cybercrime is not exclusively stronger encryption—it is also poverty alleviation, economic development, and international cooperation. The long-term solution to nation-state cyber operations is not solely better firewalls—it is also improved diplomacy and international relations. We equip our learners to think about these systemic issues alongside the technical ones.

Historical Depth and Case-Study Pedagogy

From Alan Turing and the Enigma machine at Bletchley Park, to the young women of the Women’s Royal Naval Service who used chalk war games on a linoleum floor to defeat German U-boats, to the 2014 Sony Pictures hack and the 2015 Office of Personnel Management breach—we use real-world case studies to make abstract concepts tangible and memorable. History is not a digression from cybersecurity; it is the foundation.

Forward-Looking Threat Analysis

We address emerging threats that most programs ignore entirely. Quantum computing and the “harvest now, decrypt later” strategy—where adversaries steal encrypted data today, betting they can break the encryption once quantum computers mature—represents an existential challenge to current cryptographic standards. Our learners will understand why this is not a future problem but a present one.

Compassion as a Professional Skill

We teach that the resources exist for a post-scarcity world. Most people want to do what is best for their families and to give their children opportunities they did not have. Understanding this fundamental truth about human motivation is essential to designing effective, humane responses to cybercrime. Our graduates will carry empathy alongside expertise.

Free and Open Materials

Many cybersecurity programs ironically resemble scams themselves: charging learners thousands of dollars for knowledge they could freely acquire through Google and YouTube. We prove that a superior education can be built almost entirely on openly licensed materials from institutions like MIT, NIST, and the Open Textbook Library. We aim to be better and cheaper simultaneously.

Curriculum Overview

The Minor in Security Studies consists of six courses (18 credit hours). Courses are designed to be taken sequentially but can be adjusted based on learner readiness. Each course integrates technical content with historical case studies, geopolitical context, and ethical reflection.

CSEC 101: The History of Codes and Codebreaking

This course establishes that the desire to protect information—and the desire to steal it—are among the oldest impulses in human civilization. By studying the evolution of cryptography from ancient substitution ciphers to modern public-key encryption, learners gain an intuitive understanding of why security matters and how the cat-and-mouse game between codemakers and codebreakers has shaped history.

Ancient and Classical Ciphers

The course begins with accessible historical examples: the Caesar cipher (a simple letter-shifting technique used by Julius Caesar to communicate with his generals), the Spartan scytale (a physical device that encrypted messages by wrapping a strip of leather around a rod of a specific diameter), and the polyalphabetic Vigenère cipher that resisted cryptanalysis for centuries. These early examples demonstrate core principles—substitution, transposition, key management—that remain relevant in modern systems.

Alan Turing, Bletchley Park, and the Enigma Machine

The centerpiece of this module is the story of Alan Turing and the British codebreaking operation at Bletchley Park during World War II. The German military’s Enigma machine was considered unbreakable: it could produce over 150 trillion possible letter combinations for each message. Turing, a brilliant mathematician recruited by the Government Code and Cypher School, designed an electromechanical device called the “Bombe” that dramatically accelerated the process of testing possible Enigma settings.

Turing’s insight was profoundly important for the field of computer science: rather than trying to brute-force every possible combination, his machine exploited known weaknesses in German message protocols—such as the fact that operators often used predictable phrases like weather reports—to eliminate impossible configurations. His approach anticipated modern computational methods for decades to come.

The Bletchley Park story also serves as a powerful lesson in secrecy and institutional failure. After the war, the British government suppressed knowledge of the codebreaking operation for decades. Turing himself was prosecuted in 1952 for homosexuality (then a criminal offense in Britain), subjected to chemical castration, and died in 1954 at the age of 41. He received a posthumous royal pardon in 2013. His story is a sobering reminder that the people who protect us are not always protected in return.

Recommended viewing: The Imitation Game (2014), directed by Morten Tyldum, starring Benedict Cumberbatch as Turing. While the film takes considerable creative liberties (independent analysis found it only about 42% historically accurate), it effectively conveys the emotional weight of Turing’s story and makes the concepts of codebreaking accessible to a general audience.

CASE STUDY: The Enigma Machine

The Enigma device used a system of rotating wheels (rotors) to scramble each letter typed on its keyboard. Each time a letter was pressed, the rotors advanced, meaning the same letter would be encrypted differently each time. The German military reset the Enigma settings every 24 hours at midnight, giving Bletchley Park’s codebreakers a daily race against time. Turing’s Bombe machine could test thousands of rotor configurations per second, but the real breakthrough came from combining mathematical logic with intelligence about the Germans’ own operational habits. The lesson: even the most sophisticated encryption system can be compromised when the humans using it are predictable.

The WRENS of WATU: Women Who Won the Battle of the Atlantic

One of the most remarkable and least-known stories of World War II is that of the Western Approaches Tactical Unit (WATU) in Liverpool, England. In 1942, German U-boats were sinking Allied merchant ships at an alarming rate—over 1,200 in 1940 alone—threatening to starve Britain into submission. The Royal Navy turned to Captain Gilbert Roberts, a retired war-gamer, and gave him a staff not of seasoned officers but of young women from the Women’s Royal Naval Service (WRENS).

Roberts and his WRENS—some of them teenagers fresh out of school—created a war game on a large linoleum floor, using chalk lines to represent nautical miles and wooden ship models to simulate convoy battles. By interviewing survivors of U-boat attacks and translating German manuals, they made a stunning discovery: the U-boats were not attacking convoys from the outside, as the Royal Navy had assumed. Instead, they were sneaking into the middle of the convoys at night on the surface, using their fast diesel engines and mimicking merchant ships on radar, then firing at close range from inside the formation.

When Admiral Sir Max Horton, commander-in-chief of the Western Approaches, visited WATU, he dismissed war games as child’s play. He was challenged to play “The Game” and was defeated—by Janet Okell, a 20-year-old tactical analyst who had never been on a boat. Humbled, Horton implemented WATU’s recommendations. Within months, German Admiral Karl Dönitz ordered his submarines to withdraw from the North Atlantic entirely.

Recommended reading: A Game of Birds and Wolves by Simon Parkin, which documents this declassified story in full.

CASE STUDY: WATU and the Power of Simulation

The WATU story is not just a compelling historical narrative—it is a foundational lesson in cybersecurity. Modern “red team / blue team” exercises, penetration testing, and threat modeling are all direct descendants of the kind of adversarial simulation that Roberts and the WRENS pioneered on that linoleum floor. The lesson: you do not need to have been in the battle to understand how the battle works. What you need is rigorous thinking, honest analysis, and the humility to let the data override your assumptions—even if the data comes from a 20-year-old who has never set foot on a ship.

CSEC 201: Social Engineering and the Human Element

This course addresses the single most important truth in cybersecurity: the human being is almost always the weakest link. The most sophisticated firewall in the world is useless if an employee clicks a malicious link in a phishing email. The strongest encryption is irrelevant if someone can be talked into handing over their password.

Why Humans Are Vulnerable

Social engineering exploits fundamental features of human psychology that evolved long before computers existed. We are wired to trust authority, to reciprocate favors, to respond to urgency, and to help people who seem to be in need. These are not flaws—they are prosocial instincts that make civilization possible. But attackers have learned to weaponize them. This course examines the core principles of social engineering: authority (impersonating someone in power), scarcity and urgency (creating time pressure to prevent careful thinking), social proof (exploiting the tendency to follow what others seem to be doing), and reciprocity (offering something small to create a sense of obligation).

Phishing, Spear Phishing, and Pretexting

Learners study the mechanics of phishing campaigns—mass emails designed to trick recipients into clicking malicious links or revealing credentials—as well as spear phishing, which targets specific individuals with personalized lures based on publicly available information. Pretexting, the practice of creating a fabricated scenario to manipulate a target into providing information or access, is examined through real-world examples. The course emphasizes that these techniques succeed not because people are unintelligent, but because they exploit cognitive shortcuts that serve us well in most circumstances.

The Elderly as Targets

The course addresses the disproportionate targeting of older adults by scammers. Older adults may be more trusting, less familiar with digital interfaces, more isolated, and more likely to have accumulated savings. According to the FBI’s Internet Crime Complaint Center, Americans over 60 lost more than $3.4 billion to cybercrime in 2023—more than any other age group. Learners examine the psychological and situational factors that make older adults vulnerable and develop strategies for designing protective interventions that respect autonomy and dignity rather than patronizing the people they aim to protect.

CSEC 301: The Global Scam Economy

This is the course that most distinguishes the CM-Tech program from every other cybersecurity curriculum in existence. Rather than treating cybercrime as a purely technical phenomenon, we examine it as an industry—one with supply chains, labor forces, profit margins, and geopolitical roots.

Romance Scams and Their Evolution into “Pig Butchering”

The course traces the evolution of online fraud from relatively simple romance scams—in which a scammer builds a fake romantic relationship to extract money—to the far more sophisticated and devastating “pig butchering” schemes. The term, which translates from the Chinese phrase shā zhū pán, refers to the practice of “fattening up” a victim (the “pig”) with trust and apparent financial gains before “slaughtering” them by stealing everything. Scammers cultivate elaborate relationships with victims over weeks or months—sometimes posing as romantic interests, sometimes as investment mentors—before persuading them to deposit money into fraudulent cryptocurrency investment platforms.

According to the United States Institute of Peace, pig butchering scams generated an estimated $63.9 billion in global revenue in 2023. The U.S. Treasury Department estimates that Americans alone lost at least $10 billion to Southeast Asia-based scam operations in 2024, a 66% increase over the prior year. These are not petty crimes. This is an industry operating at a scale that rivals legitimate economic sectors.

The Scam Compounds of Southeast Asia

Burma, Cambodia, and Laos are the current epicenter of global scam operations. Scam centers in these three countries produced approximately $43.8 billion in revenue in 2023, equivalent to roughly 40% of their combined official gross domestic product. The operations are concentrated in sprawling compounds—sometimes converted casinos or hotel complexes—that can house thousands of workers.

The Workers: Victims, Not Villains

This is where cultural competence becomes essential. A 2025 Amnesty International investigation found that the vast majority of workers in Cambodian scam compounds were themselves victims of human trafficking. They had been lured by deceptive job advertisements posted on social media platforms like Facebook and Instagram, promised legitimate employment in customer service or technology. Upon arrival, their passports were confiscated. They were held behind walls topped with barbed wire, guarded by armed security, and forced to conduct scams under threat of severe violence.

The United Nations Office on Drugs and Crime estimates that workers are now recruited from at least 56 countries—from Indonesia to Liberia. Some were beaten or tortured for failing to meet fraud quotas. Others were subjected to electric shocks. There have been reports of workers jumping to their deaths to escape. The cruelty is twofold: the scammers who contact you may themselves be prisoners.

Important caveat: This empathetic framing applies specifically to workers who participate in scams due to poverty, coercion, or the absence of any better employment opportunity. There is an entirely separate category of actors—including the organizers, financiers, and political enablers of these operations—who bear the overwhelming moral responsibility. The rank and file deserve compassion; the people at the top, living lavishly off stolen money, do not.

Government Complicity

Credible investigations by Amnesty International, the U.S. Treasury Department, ProPublica, and the U.S. Congress have documented evidence suggesting that elements of certain governments in Southeast Asia have been complicit in—or at minimum have failed to meaningfully address—scam compound operations. In Cambodia, for example, the U.S. Treasury sanctioned Ly Yong Phat, a Cambodian senator and advisor to the Prime Minister, in 2024 for his role in serious human rights abuses connected to scam compounds he owned. In 2025, the founder of the Prince Group conglomerate, Chen Zhi, was indicted by the U.S. Department of Justice for operating forced-labor scam compounds that stole billions of dollars.

A U.S.-China Economic and Security Review Commission report described these operations as “joint ventures between Chinese criminal organizations and autocratic governments” in countries where “transparency is absent and rule of law is anemic.” Police raids on compounds frequently resulted in workers being relocated rather than freed. More than two-thirds of the scam compounds identified in Amnesty International’s investigation continued to operate even after police “rescues.”

Understanding the Root Causes: Cambodia as a Case Study

To understand why Cambodia has become an epicenter of the global scam economy, it is necessary to understand Cambodia’s history. This is not about demonizing a nation or its people. It is about recognizing the cascading consequences of conflict.

U.S. Bombing and Unexploded Ordnance (UXO). Between 1969 and 1973, the United States dropped approximately 2.7 million tons of ordnance on Cambodia, including 80,000 cluster bombs containing roughly 26 million submunitions. Up to 25% of these munitions failed to detonate. Today, with an estimated four to six million items of unexploded ordnance still in the ground, Cambodia remains one of the most UXO-contaminated countries on Earth. As of 2019, 20% of all villages in Cambodia were still contaminated. Farmers avoid fertile land for fear of triggering hidden bombs. More than 64,000 Cambodians have been killed or injured by landmines and UXO since 1979, producing one of the highest amputee rates in the world.

Agent Orange and Toxic Contamination. During Operation Ranch Hand (1962–1971), the U.S. military sprayed approximately 20 million gallons of herbicides—including Agent Orange—over Vietnam, eastern Laos, and parts of Cambodia. Agent Orange contained dioxin (TCDD), a potent carcinogen linked to cancers, birth defects, diabetes, and immune system disorders. The environmental contamination persists for decades. The Vietnamese Red Cross estimates three million people have been affected, including at least 150,000 children born with serious birth defects.

The Lawsuits. In 1979, U.S. Vietnam War veterans filed a class-action lawsuit against the chemical companies that manufactured Agent Orange, including Dow Chemical and Monsanto. In 1984, the case was settled out of court for $180 million—at the time, the largest product-liability settlement in history. The companies denied liability. The fund distributed approximately $197 million total through 1994 before closing. Separately, in 2004, the Vietnam Association for Victims of Agent Orange filed a class action in New York on behalf of Vietnamese citizens. In 2005, Judge Jack B. Weinstein—the same judge who presided over the veterans’ case—dismissed the lawsuit. The Court of Appeals upheld the dismissal, ruling that the herbicides were not intended as weapons against humans and therefore did not violate international law. The U.S. Supreme Court declined to hear the case in 2009. The Vietnamese victims—people whose land was poisoned, whose children were born with deformities—received nothing.

The PACT Act. On August 10, 2022, President Biden signed the Sergeant First Class Heath Robinson Honoring Our Promise to Address Comprehensive Toxics (PACT) Act into law—described as the largest expansion of VA health care and benefits in decades. The PACT Act added over 20 new presumptive conditions for burn pits, Agent Orange, and other toxic exposures, and expanded presumptive-exposure locations to include military bases in Thailand, locations in Cambodia, Laos, Guam, and American Samoa. This legislation was a landmark achievement for American veterans, though it does not extend to the local populations affected by the same chemicals.

The Khmer Rouge. From 1975 to 1979, the Khmer Rouge regime under Pol Pot conducted a genocide that killed an estimated 1.7 to 2 million Cambodians—roughly a quarter of the country’s population. Intellectuals, professionals, ethnic minorities, and anyone perceived as a threat were systematically exterminated. The country’s elderly population was particularly devastated, as entire generations were lost to the genocide or died prematurely from the toxic and dangerous aftermath of conflict.

When we put these facts together, a picture emerges. Cambodia is a country where the soil is poisoned, the land is mined, a generation was murdered, justice was sought in international courts and denied, and economic opportunity remains scarce. It is not surprising that criminal enterprises have taken root in such conditions. Some of those at the top of these operations may even frame their activities as a perverse form of reparations—extracting wealth from the countries whose actions contributed to Cambodia’s devastation. This framing does not make the scams acceptable. But understanding the context is essential to developing effective, humane responses.

The irony is sharp: the elderly are among the most frequently targeted victims of these scams, yet Cambodia’s own elderly population has been decimated by decades of violence and its aftermath.

CSEC 302: Nation-State Actors and Critical Infrastructure

This course shifts from poverty-driven cybercrime to state-sponsored cyber operations. The attackers here are not desperate individuals seeking to feed their families—they are intelligence agencies and military units seeking strategic advantage. Their targets are not individual bank accounts but critical systems: government databases, energy grids, healthcare networks, and the private sector.

A Different Kind of Adversary

While our empathetic framework still applies—we seek to understand motivations rather than simply condemn—the appropriate response to nation-state cyber operations is fundamentally different from the response to poverty-driven scams. These actors are not coerced by desperate circumstances. They are strategic, well-resourced, and persistent. The root-cause solution here is not economic development but improved diplomacy, international norms, and deterrence.

CASE STUDY: The Sony Pictures Hack (2014)

On November 24, 2014, a group calling itself the “Guardians of Peace” infiltrated Sony Pictures Entertainment’s network using destructive malware. The attackers stole employee emails, salary data, unreleased films, and personal information of over 47,000 employees and contractors, rendering thousands of computers inoperable. The FBI attributed the attack to North Korea, motivated by Sony’s planned release of The Interview, a comedy depicting the assassination of North Korean leader Kim Jong-un. The attack demonstrated that a nation-state was willing to inflict massive economic damage on a private company over what it perceived as a cultural insult. Sony’s security practices were found to be woefully inadequate: a PricewaterhouseCoopers audit conducted months before the attack had flagged weak internal security, and sensitive data was stored on unencrypted spreadsheets. The estimated cost to Sony exceeded $35 million in remediation alone. Source: FBI Press Release, December 19, 2014; Wikipedia, “2014 Sony Pictures hack.”

CASE STUDY: The OPM Breach (2015)

The Office of Personnel Management (OPM) data breach, attributed to a state-sponsored advanced persistent threat believed to be affiliated with China, compromised approximately 22.1 million records—including the detailed 127-page SF-86 security clearance forms of millions of current and former federal employees. These forms contain information about family members, foreign contacts, financial history, psychological evaluations, and other deeply personal data. The attackers operated inside OPM’s network for over a year, exfiltrating data gradually. The breach was particularly damaging for national security: the stolen data could be used to identify covert intelligence officers, blackmail government employees, or map relationships within the U.S. national security apparatus. A Congressional investigation found that OPM had been warned repeatedly about its inadequate cybersecurity—the agency’s Chief Information Officer acknowledged that Social Security numbers were not encrypted because of “insufficient capabilities of outdated systems.” Source: U.S. House Oversight and Government Reform Committee Report, September 2016; Wikipedia, “2015 Office of Personnel Management data breach.”

Healthcare, Utilities, and Critical Infrastructure

The course also examines attacks on healthcare systems (such as the WannaCry ransomware attack that disrupted the UK’s National Health Service in 2017, attributed to North Korea’s Lazarus Group), energy infrastructure (the Colonial Pipeline ransomware attack of 2021, and the 2015 Ukraine power grid attack attributed to Russian state actors), and other critical infrastructure. Learners analyze how the interconnection of digital systems creates cascading vulnerabilities—and how the consequences of a cyberattack on a hospital or a power grid are measured not in dollars but in lives.

Diplomacy as Defense

The course concludes with an examination of international efforts to establish norms for state behavior in cyberspace, including the Tallinn Manual on the International Law Applicable to Cyber Operations and the UN Group of Governmental Experts reports. Learners engage with the argument that while technical defenses are necessary, the long-term solution to nation-state cyber threats is diplomatic: building international agreements, establishing credible deterrence, and creating mechanisms for attribution and accountability.

CSEC 401: Emerging Threats — Quantum Computing and the Future of Encryption

This course addresses the most significant long-term threat to information security: the advent of quantum computing and its potential to render current cryptographic standards obsolete.

What Is Quantum Computing?

The course begins with an accessible, non-technical explanation of quantum computing. Classical computers process information in bits—each bit is either a 0 or a 1. Quantum computers use quantum bits, or “qubits,” which can exist in a superposition of both 0 and 1 simultaneously. This allows quantum computers to represent and manipulate many possible states in parallel. For certain specialized problems—including the factoring of very large numbers—this parallelism could allow quantum computers to find solutions exponentially faster than classical machines.

This matters because the security of most modern encryption relies on the extreme difficulty of factoring large numbers. The RSA encryption algorithm, which secures everything from banking transactions to government communications, is based on the mathematical principle that multiplying two large prime numbers together is easy, but determining which two primes were multiplied is extraordinarily hard for a classical computer—potentially taking thousands of years. In the 1990s, mathematician Peter Shor demonstrated that a sufficiently powerful quantum computer could solve this problem in hours or minutes.

Harvest Now, Decrypt Later (HNDL)

The most alarming implication of quantum computing is not a future scenario—it is a present-day strategy. Adversaries, particularly state actors and advanced persistent threat (APT) groups, are already intercepting and storing encrypted data with the explicit intention of decrypting it once quantum computers mature. This strategy is known as “harvest now, decrypt later” (HNDL), also referred to as “store now, decrypt later” (SNDL).

The U.S. National Institute of Standards and Technology (NIST) has warned that “encrypted data remains at risk because of the harvest now, decrypt later threat” and that “starting the transition to post-quantum cryptography now is critical to preventing these future breaches.” The U.S. Department of Homeland Security, the UK’s National Cyber Security Centre, the European Union Agency for Cybersecurity, and the Australian Cyber Security Centre all base their official guidance on the premise that adversaries are currently exfiltrating and storing encrypted data.

Consider the implications: government records, diplomatic cables, trade secrets, medical records, and financial transactions encrypted today could be decrypted retroactively once quantum computing reaches sufficient power. A breach enabled by quantum computing in 2035 may originate from data intercepted in 2025. The data has already been stolen; the victims just do not know it yet.

The Federal Reserve itself published research in 2025 analyzing the HNDL risk to distributed ledger networks, concluding that even systems that successfully migrate to post-quantum cryptography cannot retroactively protect data that was already harvested under classical encryption.

Post-Quantum Cryptography (PQC)

Learners study the emerging field of post-quantum cryptography—algorithms designed to resist attack by both classical and quantum computers. NIST finalized its first set of post-quantum cryptographic standards in 2024, and organizations are beginning the multi-year process of migrating their systems. The course covers both the technical concepts and the organizational challenges of cryptographic migration, emphasizing that the transition must begin now—before quantum computers arrive—because some information must remain confidential for decades.

CSEC 402: Root Causes, Cultural Competence, and Long-Term Solutions

The capstone course synthesizes everything learners have studied into a holistic framework for thinking about security.

Beyond Longer Passwords

We have the technical resources to live in a dramatically more secure world. Encryption, multi-factor authentication, biometric verification, and zero-trust architectures are all mature technologies. Yet cybercrime continues to grow. This course asks why—and proposes that the answer lies not solely in technology but in the human condition.

Most people want to do what is best for their families and to give their children opportunities they did not have. When legitimate economic opportunity is available, the vast majority of people choose it. When it is not—when the land is mined, the soil is poisoned, and the courts have offered no justice—some will turn to crime, and some will be coerced into it. The long-term solution to cybercrime driven by poverty is not exclusively longer passwords or physical security tokens. It also includes lifting people out of poverty and working with organizations like the World Bank, USAID, and regional development banks to fund projects that create dignified employment.

Holistic Security Thinking

Learners develop the ability to analyze a cybersecurity challenge along multiple dimensions simultaneously: What are the technical vulnerabilities? What are the human factors? What are the geopolitical drivers? What are the economic incentives? What are the cultural and historical contexts? This multi-dimensional analysis is what separates a truly effective security professional from someone who can only configure a firewall.

The Capstone Project

Each learner develops a comprehensive security proposal addressing a real-world scenario. The proposal must include technical recommendations, a root-cause analysis, an assessment of the human and cultural factors at play, and a long-term strategy that addresses both symptoms and underlying causes. Projects are evaluated not only for technical rigor but for cultural competence, empathy, and creative thinking.

Learning Materials and Open Resources

CM-Tech is committed to making this education accessible by prioritizing free and open-source learning materials. The following resources form the backbone of the curriculum. Learners may supplement with additional materials, but no expensive proprietary textbook is required.

Additional resources—including documentaries, podcasts, government reports, and news investigations—are curated and updated in the course companion guide. The principle remains constant: if a free version of equivalent quality exists, we use it.