The New Faces of Cybersecurity

Posted · Add Comment

by Hahna Latonick

I joined the Codecraft family halfway through 2016 and one of the priceless opportunities I had was teaching the next generation about cybersecurity. For the past 10 years, I served as a cyber engineer in the defense industry, mentoring young professionals and college students. But at Codecraft, I had the chance to teach elementary, middle, and high school students about cyber defense and ethical hacking. What an amazing experience so far!

During the summer, we held a 4-day cybersecurity camp where the students explored current cybersecurity threats, such as ID theft, phishing, Trojans, viruses, malware, wireless vulnerabilities, social networking, and more. The students related the information they learned to real world situations through class-based discussions, case studies, and hands-on projects. We also discussed commonly held misconceptions about the topic of computer security. As you can see from the photo below, we had a blast!

dscn4522-edited

In the Fall, we held two cybersecurity labs: Cyber Patriot and Ethical Hacking. Cyber Patriot is the National Cyber Defense Competition for high school and middle school students. The students learn how to identify and mitigate vulnerabilities in a variety of operating systems and networks, such as Windows 7, 8, 8.1, Server 2008, and 10 in addition to Ubuntu 14 and Cisco IOS. There are several rounds to the competition with the National Finals Competition happening later in April 2017. This year, I coached a middle school and high school team along with phenomenal technical mentors from top cybersecurity companies local to Melbourne, FL.

 

img_1941Our middle school team is currently #1 in the State of Florida and ranked 15th worldwide at the end of Round 2 for the Middle School Division. They will advance to the State Round in January 2017. Our high school team ranks 9th at the State level and, overall, the team ranks in the top 18% worldwide. They are advancing to the Platinum Tier of the State Round and has a chance to become eligible for the National Finals Competition! The success of both teams is a reflection of their enthusiasm and commitment to learn about cybersecurity and new technologies. We are also grateful for the technical mentors who volunteer their time, sponsorships by ALTR and Northrup Grumman, and the parents bringing them to Cyber Patriot practice.

img_1992In addition to teaching about cyber defense, I truly enjoyed teaching Codecrafters about ethical hacking. Back in 2014, I was a DEFCON Capture-The-Flag (CTF) finalist, a global computer security competition that is better known as the “Olympics of Hacking”, placing in 6th and ranking in the top 1.5% of ethical hackers worldwide. Hacking is simply thinking of new and innovative ways to make, break and use anything to create a better world. Certified ethical hackers, like myself, understand and know how to look for weaknesses and vulnerabilities in target systems and use their knowledge and tools in a lawful, legitimate, and permissible manner to assess the security posture of target systems.

I was, therefore, excited for the students to learn how to break, hack, decrypt, reverse engineer, and solve a variety of computer security challenges. The games they trained on were all configured with the intent of being hacked, making it an excellent, ethical and legal way to get hands-on experience.
img_1995Students explored web exploitation, software exploitation, cryptography, forensics, fuzzing, and more. Web exploitation involves finding and analyzing vulnerabilities in web applications with the aim of determining what unintended behavior can occur due to such flaws and developing solutions to take advantage of the vulnerability identified. They learned how to conduct source code analysis to spot vulnerabilities in web applications coded in HTML, CSS, and JavaScript. They practiced SQL injection, a technique used to gain access to web server information and resources, on a fake online trading platform where they can buy and sell stocks, bonds and currencies. The students learned Python to create and hack different classical cryptographic ciphers. They were also exposed to assembly language concepts, working through several puzzles in constructing a program to complete a specific task. They even solved a variety of CTF challenges!

15241216_925367877598369_300763366012353331_nThe high schoolers explored software exploitation on Windows and Linux which involves finding and analyzing vulnerabilities in software applications. They became familiar with buffer overflows and how to defeat a variety of modern security mechanisms. They practiced fuzzing, which is a method of entering random data into a program and analyzing the results to find vulnerabilities. As part of their vulnerability research, they sharpened their knowledge of reverse engineering and debugging. Ultimately, they developed their own exploits to hack the training applications.

In addition to practicing exploit development, they learned how to create their own cryptanalytic tools in Python. They solved several crypto challenges that were derived from weaknesses in real-world systems and modern cryptographic constructions. In solving each exercise, the students learned a good deal about how cryptosystems are built and how they’re attacked.

14590467_903670613101429_6154049420499393053_nI didn’t learn and become skilled in cyber defense and ethical hacking until I was in college and later as an engineer. I’m amazed at the privilege these students have to discover and practice these different cybersecurity concepts, especially since they are in elementary, middle, and high school. They will have a voluminous number of opportunities to choose from simply because they know how to code, how to secure information systems, and how to ethically hack systems as well. Cybersecurity is one of the most in-demand, fastest growing, and highest paying careers that use a variety of skills, such as problem solving, analytical thinking, creativity, and communication. It affects every aspect of our economy and society, from small startups to governments to hospitals; thus, these students have the opportunity to become cybersecurity professionals in any organizations that align with their passions and interests. Our nation’s national and economic security depends on having a cybersecurity workforce that is confident and capable of protecting our most sensitive information and critical infrastructure. I’m proud that Codecraft is playing a role in this important mission by grooming the new faces of cybersecurity.