The cybersecurity threat landscape evolves quickly, continually, and consequentially. This means that the "transfer" of cybersecurity learning is crucial. We compared how different recognized "cognitive" transfer theories might help explain and synergize three aspects of cybersecurity education. These include "teaching and training" in diverse settings, "assessing learning" formatively & summatively, and "testing & measuring" achievement, proficiency, & readiness. We excluded newer sociocultural theories and their implications for inclusion as we explore those theories elsewhere. We first summarized the history of cybersecurity education and proficiency standards considering transfer theories. We then explored each theory and reviewed the most relevant cybersecurity education research; in some cases, we broadened our search to computing education. We concluded that (a) archaic "differential" transfer theories are still influential but have negative implications to be avoided, (b) "constructionist" theories are popular in K-12 settings but raise issues for assessment and transfer, (c) many embrace a "general cognitive science perspective" that can resolve tensions between modern "cognitive-associationist" and "cognitive-constructivist" theories that are popular with innovators, and (d) new "perceptual" and "coordinative" theories have potential worth exploring. These insights should support "generative" cybersecurity learning that transfers readily and widely to future classes, tests, and workplaces. These insights should be beneficial when designing and using cyber "ranges" and other hyper-realistic simulations, where transfer assumptions inform costly design decisions and undergird the validity of performance as evidence of proficiency.