War game sites, i.e., things like TryHackMe, HackTheBox, Root-Me and a LOT of others.
Capture-The-Flag events (CTFs). Even if you don’t solve a challenge, you learn something, which means 100% of the time, you win every time. Check out OpenToAll if you want to join a team/community to learn more. CTFtime is a great resource for when CTFs are happening. They happen EVERY single week. Seriously.
Study groups. I really enjoy bouncing ideas around with others. A study group based on working through a security book or focused on building a skill is a great way to learn as well as to network. For example, I am part of a local group (that meets over zoom) that alternates between going through a book and doing something active, like a set of challenges.
Personal challenges. I always have 1-2 of these going at any time. I set a goal to learn something or achieve a certification. I pick a “prize” if I am successful. Clearly, I like gamification of these kinds of things, so I make a fun personal challenge out of it.
Do you guys have any recommendations for learning resources for those who are younger? Maybe high school or even middle school, age-wise. I know a couple people who have kids that are pretty interested in learning more on the security side, and they don’t have a ton of good resources for it at school.
So my oldest son is heavily into scripting and computers, so I’ve pointed him to free cybrary, what used to be Microsoft Virtual Academy (not sure what they renamed it too), and various scripting sites that are all free…specifically Python. That coupled with me answering his questions.
My younger sons use Scratch(sp?) for their initial coding. They are all still trying to filter out what they enjoy doing, but it’s turning out to be coding and programming.
Check out PicoCTF. It is geared toward a younger audience.
Nostarch also has a ton of great books for kids.
Do you know where their interests might be? There are also some great programming sites that have gamified the entire learning to program experience.
Sorry, one last edit…many high schools now have CTF teams. They could look into that. That way they could try a variety of things like reverse engineering, programming, binary exploitation, web application security, crypto and so on. Some of the high school teams are really good too which implies a great learning environment.
Ooh I haven’t seen Scratch before, this looks like a cool starting point for kids programming. I feel like kid me would’ve loved a story creator like this
They’ve been pretty interested in programming and red teaming, actually. Something CTF oriented might really be up their alley.
Thanks for the other recommendations as well, I’ll pass them on!
I know im late to this party but in a past life i helped referee for FIRST Lego League which is apparently becoming more popular but they had teams for elementary school kids to make lego robots perform certain tasks and i cant remember the language it used but it was more or less drag and drog logic.
I too have had the same question as @holly_wilsey of how do you engage kids in Cyber Security. I had visited a few elementary schools locally and we tried to do some presentations and most of them were just a little too over their head. For example we tried to do a ceaser cipher with them but ran into kids that were still learning too read so that failed. We did however get moderate interest in a password stealer using a kali linux box putting out a fake wifi and having kids try to login to a fake fortnite page. I think the kids enjoyed getting to be the bad buy and revealing to the other kids that they have the password.