The demand for skilled information security workers is increasing all over the world. The Bureau of Labor Statistics predicts a 35% increase in IT skilled employment in the United States by 2031. This specialty is growing faster than the average for all occupations.
The European Union's Parliament is working to build cybersecurity capabilities across the Union in order to mitigate threats and ensure service continuity. Students studying computer science and cybersecurity will play critical roles in society in these contexts. As a result, encouraging the next generation of information security experts and ethical hackers is critical.
To reduce the barriers to computer science and cybersecurity education for students, particularly girls and women, intervention at earlier grade levels is required, as well as support from trained teachers in school classrooms.
Since 2011, picoCTF has steadily reduced the barriers to accessing cybersecurity education, becoming one of the most trusted, high-quality, free computer security education resources for learners and teachers worldwide. PicoCTF, originally intended as a uniquely offensive capture the flag style online competition, made an immediate impression. With the help of a well-timed grant from Cisco beginning in 2019, they were able to expand to year-round, easy, and accessible access to their program for anyone with a computer and Wi-Fi.
Bypassing barriers
Prior to picoCTF, the only way for young people to interact with computer materials was through traditional high school computer security competitions.
PicoCTF was founded by Carnegie Mellon University's (CMU) Cylab Security and Privacy Institute (Cylab) to spark interest in computer science among high school students. Its name is full of meaning, with 'pico' representing one trillionth in the metric scale and 'CTF' short for capture the flag. PicoCTF contestants would explore valuable life and career skills through a free online, ethical hacking-based game with a capture the flag framework during their annual fall competition. Players are challenged to put their creativity, technical skills, and problem-solving abilities to the test in this game. There are several types of challenges. When the puzzle is solved, the winner receives a string (called a flag), which is then submitted for online scoring.
Because access to the picoCTF platform is free, many more students could participate in the program. For example, 64 percent of players in picoCTF's 2019 competition said they were "more interested in pursuing cybersecurity as a career as a result of playing [the game]." With such positive feedback, the creators of picoCTF knew they had what it took to engage students.
Cyber security playground
In 2019, Cylab's leaders, such as Special Projects Manager Megan Kearns, determined that the program needed more engagement with teachers and classrooms around the world, but lacked the funds and resources to do so. The team proposed a strategy for Cisco to invest in picoCTF in order to incorporate teacher-centric and classroom changes into their platform.
PicoCTF, as a team, focused on providing more structured learning materials for middle and lower secondary students, as well as high school students, in addition to teacher and classroom improvements. PicoCTF launched picoGYM, an always-open learning playground where learners can access all previous years' picoCTF challenges, as well as treasure hunts, quizzes, and more, within a year.
Instead of a three-month competition-focused website, picoGYM launched a fully accessible, year-round learning platform. "Initially, picoCTF was just a competition to introduce students." Megan described picoCTF as "a year-round program for people to apply what they're learning in their classes and test out concepts they faced in the workplace but never got to address themselves."
PicoGYM will be available in September 2020. Cylab had over 65,000 visitors to the account-based site by December.
Encouraging girls to pursue cybersecurity
Cisco's second investment focused on increasing female participation in cybersecurity education by making an offering available to teachers in classrooms. "Part of our initiative [with Cisco] includes female testers in our outreach," Dr. Hanan Hibshi, CMU faculty advisor and picoCTF research investigator, explained. "As a result, when we invite people to participate in our challenges, we pay particular attention to female responses."
Dr. Hibshi clarified that they found success by paying attention to female feedback, particularly on details related to the game's organization and interface. The increase in female users over time demonstrates the success of focused engagement. Only 1900 female learners were measured in 2021, according to the website. By 2022, the number of girls and young women who accessed the picoCTF website had risen to over 10,000.
Megan stated that the "picoCTF development team has seen an increase in female challenge writers, which has influenced the increase in female players." She believes it is related to their outreach efforts because female CMU students and experienced CTF players speak to students about picoCTF and how to participate in CTF competitions at conferences and classrooms.
Learners of all skill levels can access cybersecurity content, think creatively, problem solve challenges, and have fun while learning cybersecurity concepts thanks to picoCTF's more comprehensive and complementary learning structure, new platform, and year-round access to picoGYM. At Cisco, we are intrigued and delighted to see more female students enrolling in and becoming interested in cybersecurity.
“The grants from Cisco have made a significant positive impact. It has allowed us the funding to focus on areas of improvements in the platform, facilitate user studies, go to conferences, and expand our understanding of what CTFs are, what they are capable of doing in the education space.” clarified Megan ,
“this is an area where diversity has the potential to make a huge difference in how we move forward in cybersecurity. Diversity is so important because creativity is so important to cybersecurity.”
Bright Future
Megan Kearns reports that people have approached her numerous times over the years to tell her that they changed careers after playing picoCTF. Her favorite example is a high school teacher who mentored his students through their picoCTF competition, which led to ten years of dedicated work as a team coach in many other computer security competitions.
One Twitter user, @Dawnlight246810 told Megan, “When I got into cybersecurity, picoCTF was my first-ever CTF I played. I learned so much from playing pico that I fell in love with security, got involved with infosec communities, and decided to pursue a career in security.”
“Of course our immediate goal is to increase the cybersecurity workforce.” said Dr. Hanan while adding, “but my long-term vision is that it becomes so everyone knows enough to stay safe online, enough not to be scammed, or to spend time to secure your passwords. Because you cracked systems before, you broke passwords through picoCTF, and you know that this is feasible and hackers can do it. So maybe you should do a better job of protecting yourself.”
Megan wishes picoCTF another ten years of success.
“Eventually, I would like for us to be redundant because everyone already understands cybersecurity,” she continues, “the way they understand algebra or mathematics.”
The European Union's Parliament is working to build cybersecurity capabilities across the Union in order to mitigate threats and ensure service continuity. Students studying computer science and cybersecurity will play critical roles in society in these contexts. As a result, encouraging the next generation of information security experts and ethical hackers is critical.
To reduce the barriers to computer science and cybersecurity education for students, particularly girls and women, intervention at earlier grade levels is required, as well as support from trained teachers in school classrooms.
Since 2011, picoCTF has steadily reduced the barriers to accessing cybersecurity education, becoming one of the most trusted, high-quality, free computer security education resources for learners and teachers worldwide. PicoCTF, originally intended as a uniquely offensive capture the flag style online competition, made an immediate impression. With the help of a well-timed grant from Cisco beginning in 2019, they were able to expand to year-round, easy, and accessible access to their program for anyone with a computer and Wi-Fi.
Bypassing barriers
Prior to picoCTF, the only way for young people to interact with computer materials was through traditional high school computer security competitions.
PicoCTF was founded by Carnegie Mellon University's (CMU) Cylab Security and Privacy Institute (Cylab) to spark interest in computer science among high school students. Its name is full of meaning, with 'pico' representing one trillionth in the metric scale and 'CTF' short for capture the flag. PicoCTF contestants would explore valuable life and career skills through a free online, ethical hacking-based game with a capture the flag framework during their annual fall competition. Players are challenged to put their creativity, technical skills, and problem-solving abilities to the test in this game. There are several types of challenges. When the puzzle is solved, the winner receives a string (called a flag), which is then submitted for online scoring.
Because access to the picoCTF platform is free, many more students could participate in the program. For example, 64 percent of players in picoCTF's 2019 competition said they were "more interested in pursuing cybersecurity as a career as a result of playing [the game]." With such positive feedback, the creators of picoCTF knew they had what it took to engage students.
Cyber security playground
In 2019, Cylab's leaders, such as Special Projects Manager Megan Kearns, determined that the program needed more engagement with teachers and classrooms around the world, but lacked the funds and resources to do so. The team proposed a strategy for Cisco to invest in picoCTF in order to incorporate teacher-centric and classroom changes into their platform.
PicoCTF, as a team, focused on providing more structured learning materials for middle and lower secondary students, as well as high school students, in addition to teacher and classroom improvements. PicoCTF launched picoGYM, an always-open learning playground where learners can access all previous years' picoCTF challenges, as well as treasure hunts, quizzes, and more, within a year.
Instead of a three-month competition-focused website, picoGYM launched a fully accessible, year-round learning platform. "Initially, picoCTF was just a competition to introduce students." Megan described picoCTF as "a year-round program for people to apply what they're learning in their classes and test out concepts they faced in the workplace but never got to address themselves."
PicoGYM will be available in September 2020. Cylab had over 65,000 visitors to the account-based site by December.
Encouraging girls to pursue cybersecurity
Cisco's second investment focused on increasing female participation in cybersecurity education by making an offering available to teachers in classrooms. "Part of our initiative [with Cisco] includes female testers in our outreach," Dr. Hanan Hibshi, CMU faculty advisor and picoCTF research investigator, explained. "As a result, when we invite people to participate in our challenges, we pay particular attention to female responses."
Dr. Hibshi clarified that they found success by paying attention to female feedback, particularly on details related to the game's organization and interface. The increase in female users over time demonstrates the success of focused engagement. Only 1900 female learners were measured in 2021, according to the website. By 2022, the number of girls and young women who accessed the picoCTF website had risen to over 10,000.
Megan stated that the "picoCTF development team has seen an increase in female challenge writers, which has influenced the increase in female players." She believes it is related to their outreach efforts because female CMU students and experienced CTF players speak to students about picoCTF and how to participate in CTF competitions at conferences and classrooms.
Learners of all skill levels can access cybersecurity content, think creatively, problem solve challenges, and have fun while learning cybersecurity concepts thanks to picoCTF's more comprehensive and complementary learning structure, new platform, and year-round access to picoGYM. At Cisco, we are intrigued and delighted to see more female students enrolling in and becoming interested in cybersecurity.
“The grants from Cisco have made a significant positive impact. It has allowed us the funding to focus on areas of improvements in the platform, facilitate user studies, go to conferences, and expand our understanding of what CTFs are, what they are capable of doing in the education space.” clarified Megan ,
“this is an area where diversity has the potential to make a huge difference in how we move forward in cybersecurity. Diversity is so important because creativity is so important to cybersecurity.”
Bright Future
Megan Kearns reports that people have approached her numerous times over the years to tell her that they changed careers after playing picoCTF. Her favorite example is a high school teacher who mentored his students through their picoCTF competition, which led to ten years of dedicated work as a team coach in many other computer security competitions.
One Twitter user, @Dawnlight246810 told Megan, “When I got into cybersecurity, picoCTF was my first-ever CTF I played. I learned so much from playing pico that I fell in love with security, got involved with infosec communities, and decided to pursue a career in security.”
“Of course our immediate goal is to increase the cybersecurity workforce.” said Dr. Hanan while adding, “but my long-term vision is that it becomes so everyone knows enough to stay safe online, enough not to be scammed, or to spend time to secure your passwords. Because you cracked systems before, you broke passwords through picoCTF, and you know that this is feasible and hackers can do it. So maybe you should do a better job of protecting yourself.”
Megan wishes picoCTF another ten years of success.
“Eventually, I would like for us to be redundant because everyone already understands cybersecurity,” she continues, “the way they understand algebra or mathematics.”