IT security is a complex and extensive topic. But only well-trained and passionate security managers make today’s internet possible. The training of such managers is therefore an unavoidable topic of enormous relevance in future. It is hence important to make the security understandable for young people. The group ‘LosFuzzys’ uses a gamification approach to reach the students. They organize a CTF (Capture The Flag) event at the HTL Kaindorf in Styria. Anexia provides the infrastructure for the KaindorfCTF.
We asked Marcel Schnideritsch, one of the volunteer organizers, to share his knowledge: How do you help students to make such complicated topics comprehensible?
My name is Marcel Schnideritsch and I am currently working as a penetration tester at BearingPoint GmbH. Besides my main occupation I organize and host IT security competitions for students. Additionally, I am a trainer at the CyberSecurityAustria. Therefore, I know what matters when it comes to inspiring young people for IT security.
Preparation
Preparation is one of the most important things. Especially when it comes to conveying such complex topics like IT security. Accordingly, continuous further training is on the agenda. Because in order to minimize preparation time, you should be up to date with the latest technology.
My tip for preparation: Read everything you get your hands on about the topic you want to present. Only if you develop a deep understanding you can reproduce at topic in such a way that it reaches people.
Another important point in preparation is to find as much illustrative material and examples as possible. These can then be used to explain things.
Theory
As dry as it may be, you always need some theory. As a first step I always recommend a short introduction to the topic. Explain briefly what it is all about and what’s the crux of the matter. In doing so it is important to avoid getting lost in details. A rough overview is sufficient in most cases.
The best approach for me is certainly the ELI5 method. ELI5 stands for “Explain like I’m 5”.
Practice
Enough with theory! What better way to make something accessible than with practical examples?
For most of the topics in IT Security you can easily find examples. Nevertheless, I would like to give you an alternative to the blunt praying of examples. Our keyword here is CTF.
CTF (Capture the Flag) is a name for IT security competitions. These contests are about using your knowledge to find security holes and vulnerabilities. At the end you are rewarded with a so-called ‘flag’. You may notice that gamification also plays a major role here. Because especially in this age range of students, computer games are usually very interesting. This is also the reason why it works so easily. A good start for this is the competition PicoCTF. Levels from simple to medium difficult tasks, which have to be solved are part of the competition. The goal is to conquer the flag.
Without voluntary people like Marcel from KaindorfCTF, we would have an even harder time with the shortage of skilled workers. We are therefore happy to support groups and organizations that are trying to bring young people contact with IT topics.
We hope that Marcel’s tips will help you to get inspiration to start something yourself. Only if we invest in young people, we invest in our future.