Mellon University aims to build a talent pipeline into the cyber
workforce by introducing computer security skills to middle and high
school students through picoCTF, a free, online hacking contest that
starts March 31, 2017. Now in its third year, the virtual game of
capture the flag (CTF) has previously drawn nearly 30,000 people.
"Right now, we're facing a tremendous shortfall in computer security
experts," says David Brumley, project lead for picoCTF, the director of
CyLab and a professor of Electrical and Computer Engineering. "The root
of the problem is that most people don't even know that computer
security is a field they can go into. Building awareness is a major goal
This year, players will be competing for over $30,000 in prizes, thanks
to this year's corporate sponsors. Anyone may register to play, but only
U.S. students in grades 6-12 are eligible for prizes. Registration will
remain open until the end of the competition, and there is no penalty
for registering after the competition's official start date, March 31.
For two weeks beginning on March 31, participants will learn to reverse
engineer, break, hack, decrypt or do anything necessary to solve a
series of challenges that are centered around a unique storyline.
Challenges start out easy and become increasingly difficult.
"To get started, you just need critical thinking skills," Brumley says.
"We lead you throughout the game to develop more and more sophisticated
notions of computer security so that by the end, you're solving real
crypto problems and performing at a high level."
Becker, an undergraduate student studying computer security at Carnegie
Mellon, played picoCTF in 2013 as a high school student and uncovered a
talent he never knew he had.
"I competed with some friends for fun, but none of us expected to do
that well," Becker says. "But we ended up finishing in 3rd place, and
that's how I ended up getting into this field."
Fast forward four years, and Becker is now a captain on Carnegie
Mellon's student hacking team, the Plaid Parliament of Pwning (PPP). The
team has won DefCon's Capture the Flag competition--informally known as
the "Super Bowl of Hacking" -- three times in the past four years.
The Carnegie Mellon team has open-sourced picoCTF, enabling teachers to
run their own version of the competition themselves if they choose.
Because of this, several high schools have made their own version of
picoCTF that have introduced thousands more K-12 students to computer
security, such as Phillips Academy CTF (PA-CTF), High School CTF (HS-CTF),
and Thomas Jefferson CTF (TJ-CTF).