Building the Next-Gen Cyber Professionals · Keeping Young Hackers Out of Orange Jumpsuits (even if...

Building the Next-Gen Cyber Professionals

Ron Woerner

Tuesday, May 16, 2017, 11:00am

M100G-H

Keeping Young Hackers Out of Orange Jumpsuits (even if it's the new black)

Tweet along: #Sec360 www.Secure360.org

Alternative Title:

3

R U a H@cker?

I am

Ron Woerner

• InfoSec Architect, Carlson Rezidor Hotel Group

• Professor Cybersecurity Studies, Bellevue University

• >25 years corporate IT, 15+ Security

• CISSP, CISM, & Certified Ethical Hacker

• US CyberPatriot Mentor since 2011

• Mentor of the Year 2013-2014

Tweet along: #Sec360 4 Ron Woerner – Hacking Humans

www.Secure360.org

• These are my thoughts based on my studies and experiences

• Normal caveats apply

• Comments & questions are welcome any time

Tweet along: #Sec360 5 Ron Woerner – Hacking Humans

www.Secure360.org

Meet Charlie Kilo*

High School Sophomore

Hacker

* Name changed to protect the guilty

Tweet along: #Sec360 Ron Woerner – NextGen Cyber

www.Secure360.org

Kids are born to hack

8 Tweet along: #Sec360 Ron Woerner – NextGen Cyber

www.Secure360.org

What happens?


www.Secure360.org

Out of control

curiosity

No safe place to explore

Lacking

Teachers

Leads to Trouble


www.Secure360.org

“Kids today know so much technology”


www.Secure360.org

WRONG!

They know about tech.

Most don’t know how it works.

PFM*

* Pure Freakin’ Magic

Test time

How many ways does this have of communicating?


www.Secure360.org

Just because I have a degree in Computer Science doesn’t mean I know anything about computers…


www.Secure360.org

IT / Cybersecurity is not a part of standard HS curriculum


www.Secure360.org

Lack Experience

Lack Resources

No Time

FEAR

IT / Security People Needed

http://www.rand.org/content/dam/rand/pubs/res

earch_reports/RR400/RR430/RAND_RR430.pdf

Tweet along: #Sec360

Ron Woerner – NextGen Cyber www.Secure360.org

http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR430/RAND_RR430.pdf

http://www.rand.org/content/dam/rand/pubs/research_reports/RR400/RR430/RAND_RR430.pdf

What’s going well

• Individual teachers & programs

• Job opportunities & Internships


www.Secure360.org

• Gen Cyber

• CyberPatriot

• Hour of Code

• Hack4Kidz

• Hacker High School

• High School CTF

http://www.gen-cyber.info/

http://www.uscyberpatriot.org/

https://hourofcode.com/us

http://www.hak4kidz.com/

http://www.hackerhighschool.org/

http://hsctf.com/

Good Things



Good things

Good Things

https://www.uscyberpatriot.org/

https://www.uscyberpatriot.org/

What’s the answer?

How do we address the issues and multiply what’s going well?


www.Secure360.org 20

Embrace kids inner hacker

Teach them hacking?!

http://tomjsteel.files.wordpress.com/2012/05/with-great-power-comes-great-responsibility-spider-man.jpeg

CyberPatriot Demo


www.Secure360.org

Build your own playground


www.Secure360.org

High School CTF

http://hsctf.com/


www.Secure360.org

http://hsctf.com/

National Cyber Defense Competition


www.Secure360.org

http://www.nationalccdc.org/

http://www.nationalccdc.org/

PLEASE HELP!!!!!

1. More teams

2. More teacher coaches

3. The kids need the direction, or else they’ll turn to the dark side

4. You learn a lot

5. Professional mentors get CPEs / find recruits

6. Low $ needed

Volunteer Opportunities

• (ISC)2 Foundation - Safe and Secure Online Program

• (NCSA) National Cyber Security Alliance

• CyberPatriot

• Hackid Conference

• Hacker Highschool

https://www.rsaconference.com/about/rsac-cyber-safety/rsac-cyber-safety-volunteer-opportunities


www.Secure360.org














Benefits

Kids

Everyone

You


www.Secure360.org

Getting a Cybersecurity job

• Breaking into the Cybersecurity Field – Derek Carlin

• Breaking into Security – 2015

• Breakin' into Security

• Josh More • Breaking into Information Security

• Job Reconnaissance

Education

Experience

Training


www.Secure360.org

https://www.linkedin.com/pulse/breaking-cybersecurity-field-derek-carlin

https://www.linkedin.com/pulse/breaking-cybersecurity-field-derek-carlin

http://blogs.bellevue.edu/cybersecurity/index.php/2015/10/29/breaking-into-security-2015/




http://www.atlbbs.com/sharkin/breakin-dc404.pdf

http://www.atlbbs.com/sharkin/breakin-dc404.pdf

http://store.elsevier.com/Breaking-into-Information-Security/Josh-More/isbn-9780128007839/

https://www.eyrasecurity.com/portfolio-items/job-reconnaissance/

Links & Resources


www.Secure360.org

• Blogs:

• http://www.csoonline.com/blog/educating-next-gen-

cybersecurity-leaders/

• https://securityintelligence.com/cyber-competitions-do-you-have-

what-it-takes/

• Hak4Kidz - http://www.hak4kidz.com/

• CyberFed – http://www.cyberfed.org/

• CyberPatriot – http://www.uscyberpatriot.org

http://www.csoonline.com/blog/educating-next-gen-cybersecurity-leaders/










http://www.cyberfed.org/



Links & Resources


www.Secure360.org

• How To Geek School – http://www.howtogeek.com/school

• Microsoft SysInternals – https://technet.microsoft.com/en-

us/sysinternals/bb795535.aspx

• High School CTF – http://hsctf.com/

• Facebook CTF – https://www.facebook.com/notes/facebook-ctf/facebook-ctf-is-now-

open-source/525464774322241/

• EPIC HowTo Be A Hacker –

https://www.youtube.com/watch?v=tlezBUdD53w

http://www.howtogeek.com/school

https://technet.microsoft.com/en-us/sysinternals/bb795535.aspx



http://hsctf.com/

https://www.facebook.com/notes/facebook-ctf/facebook-ctf-is-now-open-source/525464774322241/













https://www.youtube.com/watch?v=tlezBUdD53w

Ron Woerner, CISSP, CISM

@ ronw123

ronw2007 (at) gmail.com

Tweet along: #Sec360 33 Ron Woerner – Hacking Humans www.Secure360.org

Building the Next-Gen Cyber Professionals · Keeping Young Hackers Out of Orange Jumpsuits (even if...

Documents

Transcript of Building the Next-Gen Cyber Professionals · Keeping Young Hackers Out of Orange Jumpsuits (even if...