Carnegie Mellon University aims to build a talent pipeline into the cyber workforce by introducing computer security skills to middle and high school students through picoCTF, a free, online hacking contest that starts March 31, 2017. Now in its third year, the virtual game of capture the flag (CTF) has previously drawn nearly 30,000 people.
“Right now, we’re facing a tremendous shortfall in computer security experts,” says David Brumley, project lead for picoCTF, the director of CyLab and a professor of electrical and computer engineering. “The root of the problem is that most people don’t even know that computer security is a field they can go into. Building awareness is a major goal of picoCTF.”
This year, players will be competing for over $30,000 in prizes, thanks to this year’s corporate sponsors. Anyone may register to play, but only U.S. students in grades 6-12 are eligible for prizes. Registration will remain open until the end of the competition, and there is no penalty for registering after the competition’s official start date, March 31.
For two weeks beginning on March 31, participants will learn to reverse engineer, break, hack, decrypt or do anything necessary to solve a series of challenges that are centered around a unique storyline. Challenges start out easy and become increasingly difficult.
...most people don’t even know that computer security is a field they can go into. Building awareness is a major goal of picoCTF.David Brumley, Director, CyLab, Carnegie Mellon University
“To get started, you just need critical thinking skills,” Brumley says. “We lead you throughout the game to develop more and more sophisticated notions of computer security so that by the end, you’re solving real crypto problems and performing at a high level.”
Tim Becker, an undergraduate student studying computer security at Carnegie Mellon, played picoCTF in 2013 as a high school student and uncovered a talent he never knew he had.
“I competed with some friends for fun, but none of us expected to do that well,” Becker says. “But we ended up finishing in 3rd place, and that’s how I ended up getting into this field.”
Fast forward four years, and Becker is now a captain on Carnegie Mellon’s student hacking team, the Plaid Parliament of Pwning (PPP). The team has won DefCon’s Capture the Flag competition – informally known as the “Super Bowl of Hacking”—three times in the past four years.
The Carnegie Mellon team has open-sourced picoCTF, enabling teachers to run their own version of the competition themselves if they choose. Because of this, several high schools have made their own version of picoCTF that have introduced thousands more K-12 students to computer security, such as Phillips Academy CTF (PA-CTF), High School CTF (HS-CTF), and Thomas Jefferson CTF (TJ-CTF).