Getting the Kiddos into Cyber Security

[Erik LaRuffa]

Just read this great article, do we have any community members here at Anand, in the Cyber Security field?, industry or Gov? Any suggestions, insight, tips, etc, to get my 17 old son whom is interested, more involved?

http://www.futureofbusinessandtech....skills-gap?utm_source=taboola&utm_medium=paid

 

[highland145]

Sadly, my 15 y.o. isn't but his friend is. Also 15. NJROTC has a cyber security team at the H.S. They're given a virtual machine of Win, Linux, Win server, etc with multiple security compromises and they compete against other schools for repair times. Very cool imo. Pretty sure this kid could get some cisco certs and get a job right out of H.S. but his goal is the Naval Academy.

 

[[DHT]Osiris]

Just read this great article, do we have any community members here at Anand, in the Cyber Security field?, industry or Gov? Any suggestions, insight, tips, etc, to get my 17 old son whom is interested, more involved?

Security is a moving target, and so are the suggestions. It depends on what he's looking for/what you think you may want to provide to him. I've personally found the field to be fairly self-teaching/self-fulfilling, as in those who are interested in it tend to learn about it (or find ways to learn about it) and thus there isn't that much of a 'nudge' needed.

Are you looking at tools he could learn with? Or knowledge concepts to explore? Specific certifications that will get him job_making_x_figures? Or just generalized knowledge about the field itself?

 

[Savatar]

It sounds like your son has some interest, which is great! Perhaps introduce him to some security news sources, like blogs, reputable twitter accounts, or news sites so he can keep up to date with some of what's going on with cyber security and what people are talking about. Also, vulnhub provides a pretty fun way to actually practice penetration testing or reverse engineering techniques legally by providing downloadable VM images. Usually you can also find walkthroughs or instructional videos about how people passed the challenges given. These things are great at preparing for things like capture the flag events (companies like Symantec host these from time to time, and they are tons of fun), if there are any in your city. There are probably a few books that you can get, but be sure to read reviews, and in general stay away from books that just 'teach the tools' without teaching the underlying concepts and techniques.

Also, most big cities have a local 'hacker collective' where people meet and talk about things, but in my experience they tend to be very vulgar and not very professional - but they are pretty knowledgeable so you might still learn things, and some people who go are in other companies, so still provides some networking. I would be hesitant about introducing him to those unless you know he's mature enough and that he's not the type to fool around with the wrong crowd, though. If he's prone to drinking or he seems to have been drawn to bad influences/friends in the past, for example, then stay away.

 

[compcons]

I had a decent conversation with a security expert (DoD, airforce, SANS, etc.) over lunch a few years ago. We talked about the need for security professionals and how hard it was finding them. If I recall, he mentioned a program out of Baltimore college/university. High school students were being identified, sent to college, given internships, etc. to build up the population. I wish I had more details, but I am certain programs are out there.

Any student going down that path should not need to pay for college. Our industry is regularly credited with a negative unemplyment rate. People are needed and demand a premium.

As far as maintaining interest and gaining more insight, following industry experts like Kevin Mandia, Krebs, Ulevitch, and even Kaspersky to name a few. Also blogs like malware.dontneedcoffee has some intersting stuff.

Finally, remember that people will try to push for certifications for networking stuff. This won't be a popular comment, but networking is not cybersecurity. Its a very important piece, but those focus on setting up rules and such, not hunting down and uderstanding malware, the bad guys, and their techiques. That is cybersecurity.