The Future of Security Lies in Teaching Our Kids to Hack

Posted on by Tony Kontzer

You may have noticed that one of the themes of this year's RSA Conference is kids. They've been an overlooked part of technology industry events for too long, and this year RSAC is doing something about it.

Two keynotes focused on making the Internet safer for kids. And a big chunk of the second floor concourse at Moscone West was made over into an interactive Cyber Village exhibit designed to educate conference-goers about getting kids to think about security.

Any RSAC attendees with kids old enough to interact with technology know this is a serious issue. For children, interfacing with devices is second nature. They figure out how to use our phones faster then we do, they run circles around us with today's complex TV remote controls, and, as they get older, they work around any security we put in place to limit their online activities.

If we can't protect them, we need to teach them to protect themselves.

Oddly enough, one effective way to do this is to teach them how to hack and then redirect those skills, which was the point Christopher Hoff, VP and security CTO at Juniper Networks, made when he took the stage with 9-year-old wiz kid Reuben Paul on Wednesday afternoon. Even though the pair's live demo didn't work (Reuben was going to hack into Hoff's computer and "pwn" him), Hoff's message was clear: We need to invest in getting kids to respect and understand security.

I caught up with Hoff at the Cyber Village, and as counter-intuitive as it may seem, he said that letting kids developing their hacking skills would likely benefit the security industry down the road. "If you understand how to break things, you also can learn how to fix them and make them more resilient," he told me.

First, however, parents need to invest in guiding their children down this path, and that's where the Cyber Village comes in. "If they (parents) can get excited and interested, there's a higher degree of likelihood that their kids will, too," Hoff said.

Visitors are greeted by a few videos that play in a loop, including RSAC Program Chair Hugh Thompson discussing ethics (hacking, he says, is "the same as taking a brick and throwing it through someone's glass door) and security guru Ed Skoudis providing simple security tips (think in terms of passphrases, not passwords, and use special characters, "especially spaces").

The exhibit features a number of stations that that offer simple exercises for "training" kids in his way. There's a touch-screen exercises that show the kinds of simple decisions kids can learn to make their computer experiences safer. And there's a table game in which participants use tiles to construct their own network—consisting of servers, routers and firewalls—while attacking other players' networks or defending their own.

Hoff, who also runs the HacKid conference that will take place in September at The Tech Museum of Innovation in San Jose, said that making the process of learning security fun is critical to getting gets motivated to learn more.

"If you gamify something and there's a tangible reward, people will be more enthusiastic," he said. "Anytime you make it a game, it's so much easier."

If Hoff has his way, there will be more such games at next year's RSAC, when he hopes the Cyber Village will take up significantly more concourse space.

"We want to make it bigger and more impactful," he said.

Tony Kontzer

, RSA Conference

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community