Secure Your Seat for SANS Northern VA Spring- Tysons 2019. Save $350 thru 12/19.

SANS CyberStart




Girls Go CyberStart - What's Next?

Continue to build your cyber security skills by engaging in the following resources, competitions, camps, associations, and ideas - many of which are free. And stay tuned for the next CyberStart challenge! Follow @CyberStartUS

Competitions

PicoCTF: https://picoctf.com/ Probably the competition most like CyberStart
What: Capture The Flag
Who: High School and Middle School students
Cost: Free
When: About every 1.5 years, next one is Fall 2018 (Can use picoCTF 2017 site which is still open for practice)

Description: picoCTF is a computer security game targeted at middle and high school students. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge.

CSAW High School Forensics: https://csaw.engineering.nyu.edu/hsf
What: Capture The Flag
Who: High School and Middle School students
Cost: Free
When: Late September

Description: students work in teams to identify and analyze electronic evidence. During the online Qualification Round, teams choose from categories including network analysis, mobile forensics, live system forensics, steganography, file carving, and more, answering questions to earn points. The teams with the most points are flown to NY to compete in the on--site Finals, where the CSAW Mystery waits to be solved.

CyberPatriot: uscyberpatriot.org
What: Securing Virtual Machines
Who: High School and Middle School Students and ROTC groups
Cost: $165 - $205 per team
When: 4 -5 rounds of play from Sept - Feb

Description: CyberPatriot teams training and competitions are similar to sports teams. Sponsored by the Air Force Association, the Cyberpatriot Competition is designed to give hands on exposure to the foundations of cyber security. In each competition round, 6-member teams are provided one to three Windows or Linux virtual machines. These machines contain several vulnerabilities, and students are given a set amount of time to clean and secure the images. Each team must also fix the configuration of a Cisco Packet Tracer network. The top 12 teams of all three rounds compete in the National Championships in Baltimore, MD.

National Cyber League: https://www.nationalcyberleague.org/about
What: Capture the Flag
Who: College Students but open to High Schools class teams
Cost: $25 / student
When: 2 rounds each, Fall (Sept-Nov) or Spring (Mar - May)

Description: students work both individually and as teams to solve a series of challenges in a number of cyber security areas, including wireless access exploitation, password cracking, open source intelligence, log analysis, cryptography and scanning and reconnaissance, among many others. Competitors solve the cyber security-related challenges to find "digital flags" hidden on servers, in encrypted messages or in applications



Resources

Learning with others:

GenCyberCamps - GenCyber is a program that provides FREE summer camps across the nation designed for elementary, middle, and high school students, and teachers. Funded by the NSA/NSF, the camps are actually designed and run by universities and community colleges. Some are local day camps while others are several week overnight camps. Some are co-ed, some are girls-only and some are only for teacher professional development. Check the site to see where camps have been offered in past years and find the one that's right for you!

CyberPatriot Camps - To get a taste of what CyberPatriot is like, find one of these one week day camps near you. It will cover the basics of computers and how to secure networks and harden Operating Systems. The best part is the final day competition which has real CyberPatriot images and live online scoring against other camps. Check the site to see what local schools or universities are running Cybercamps open to the public.

Girls Who Code - focused on giving girls access to the computing skills that are a critical path to security and prosperity in today's job market.

Afterschool clubs - Free materials and projects so you can start a club in your school.
Summer Immersion program - for current 10th & 11th grade girls; 7 week program hosted at leading tech companies in several locations around the country; FREE including transportation. Hurry to apply, applications close 3/16!

Local University Cyber / Coding camps - there are many summer camps focusing on technology & coding & cybersecurity. A Google search like "cyber security summer camps for high school students" will deliver a lot of results; try narrowing it down by your state or city. Here are a few examples: CS4CyberSecurity camp for HS girls at NYU Tandon School of Engineering or Cyber Defense Training Camp at University of Maryland. Be sure to check the cost before applying.


Learning on your own:

Practice CTF website - HackerFire - A set of CTF challenges based on foundational cybersecurity concepts. Each challenge includes a "Knowledge Resource" as a learning tool for the concept. Created by a former administrator of the CSAW CTFs. Basic CTF is free, cost for upgrades or classroom license.

Crypto: NSA Crypto challenge of the week - OR app for iPhone - HackerFire - NSA's CryptoChallenge game challenges students to decode hundreds of puzzles, which test pattern recognition skills through a series of cryptographs under various categories, including famous quotes, science, technology, engineering and mathematics (STEM) trivia, pop culture factoids and more. It's "you against the clock" to see how fast you can crack the code. Free

Linux: Terminus game - HackerFire - A game to learn Linux terminal commands. Loosely based on the old Zork game, the student has to use Linux commands in a terminal interface to find their way through an adventure land. Originally written as a class project by a group of MIT students, then completed as a Hackathon entry. Fun!

Forensics - CyFor Modules and Challenges take forensic topics, give you a mini-lesson and then a challenge to practice. Created by NYU Tandon School of Engineering which runs the CSAW HS CTF.

Python - Practice Python - has over 30 beginner Python exercises just waiting to be solved. Each exercise comes with a small discussion of a topic and a link to a solution. New exercise are posted monthly, so check back often.

Programming - Code.org - best place to find resources about all different types of programming. You can start with block programming or dive into more complex game coding or focus on Web CSS design. Code.org has online courses, lists of local schools offering classes and they run Hour of Code every year.

Web Vulnerabilities - OverTheWire.org - games based in a terminal interface. The Bandit game is for beginners to practice advanced Linux commands (beyond what was in Terminus); the Natas game is teaches the basics of web server-side security. As a bonus, it's SSH access just like in CyberStart!

Reference Guide to Infosec Terms - did you know that "!" is known as "bang"? That CISO is pronounced "seeso"? Are you writing MITM when it should be MitM? This guide is a great way to get up to speed on infosec terminology.

Materials aimed at college/professional level - useful for advanced high school students

  • Pivot Project - Ten practical exercises in how to use specific infosec tools such as Wireshark, nmap, exiftool, etc.
  • CyberAces Tutorials - narrated video lessons on 3 topics: Operating Systems, Networking and System Administrations. These topics are hard to find materials on and the tutorials are delivered in a short, easy to understand format. Periodically there are quiz competitions based on these tutorials. Created by the SANS Institute which is a leader in Infosec training.
  • Mitre Cyber Academy - video links to infosec topics (similar to Khan Academy) and challenges from previous MITRE CTF events.

Teacher resources:

GenCyber Educator camps - GenCyber is a program that provides FREE summer professional development camps across the nation designed for teachers of elementary, middle, and high school students. Funded by the NSA/NSF, the camps are designed and run by universities /community colleges. General goals are to prepare teachers to help students understand correct and safe on-line behavior, increase diversity and interest in cyber security, and improve teaching methods and materials for delivering cyber security content in K-12 curricula. Check the site to see where camps have been offered in past years and find the one that's right for you!

Code.org Teacher training - best place to find resources about all different types of programming. You can start with block programming or dive into more complex game coding or focus on Web CSS design. Code.org has online courses, lists of local schools offering classes and they run Hour of Code every year.

Education Discovery Forum (EDF) and CyberDiscovery - professional development summer camps to support teacher integration of cyber security topics into their classroom. Sponsored by NICERC, there are 4 different programs: Cyber Literacy 1 or 2, Computer Science and STEM: Explore, Discover, Apply (middle school)

Teachcyber.org - NSA funded curriculum includes K - 12 lesson plans, materials and links. Originally aligned with the Indiana State Standards, now accessible to all teachers. (Website goes live August 2018)

NICERC - Cyber Curricula - Four cyber-related curricula with a hands on focus. Covers topics such as hands-on curriculum that builds a strong cyber foundation for high school students. The course introduces students to cyber by blending robotics, programming, electricity, and elements of liberal arts. Students learn about the opportunities, threats, responsibilities, and legal constraints associated with operating in cyberspace Programming Basics, Foundations of Computer Science, Networking and Security, Artificial Intelligence, and Ethics and Societal Issues.


Read / Watch / Listen / Follow

The Code Book (Free) - Simon Sing - fascinating read on the history and workings of cryptography.

The Cipher Challenge - The Cipher Challenge was a set of ten encrypted messages found at the end of The Code Book when it was first published. It took over a year for all of the challenges to be solved - see how far you can get, then read the solutions/explanations on the website.

Future Crimes book and TED Talk - Mark Goodman - career in law enforcement, including work as Futurist with the FBI, Senior Advisor to Interpol and street police officer. He addresses how everything is now connected which creates beneficial technologies but also opportunities for criminals.

The Tangled Web book - Michal Zalewski - "A Guide to Securing Modern Web Applications". Very readable take on how the web works from a security perspective. If you liked the CyberStart Web challenges, this book will fill in the background on those hacks and then introduce even more ways that browsers and the web are vulnerable.

KrebsonSecurity - blog - Michael Krebs - independent investigative reporter. Stories focus on online crime investigations, latest threats, security updates, data breaches and cyber justice. He often breaks the big infosec stories and he must be doing something right - In 2016, his blog was the target of one of the largest ever DDoS attacks so that Google's Project Shield had to take over protecting his site to maintain its availability.

The Cuckoo's Egg Decompiled Online Course - The Cuckoo's Egg (by Cliff Stoll) is an iconic book about tracking a hacker spy through the early pre-Internet networks. Chris Sanders is an infosec researcher and trainer - he ran an online book club to discuss how the events in The Cuckoo's Egg are reflected in current digital hacking events. Delivered in 7 one hour video lectures with fun labs and demos to follow along. Download all of them and enjoy while you read the book at your own pace.

Best Cyber Security TED Talks by Women In Cyber - a collection of smart presentations that demonstrates the many ways women are impacting the infosec field.

Twitter & Reddit - a large part of the infosec community use these forums/social media to exchange ideas and network. On Reddit start with www.reddit.com/r/netsec/. On Twitter try @SwiftonSecurity - the name is a parody but the information is sharp, funny and often simplifies infosec concepts. Then find many more experts to follow and learn from their posts


Make a connection - mentors, scholarships, conferences, recognition

Women in CyberSecurity (WiCyS) - mission is to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Check out the Resources tab for a comprehensive r competitions, scholarships, and internships.

National Center for Women in Technology - Annual High School Award for Aspirations in Computing honors women in grades 9 through 12 who are active and interested in computing and technology, and encourages them to pursue their passions. Award winners have access to internships, mentors and are eligible for scholarships from participating universities.

CyberCorps: Scholarship for Service - very selective program that provides scholarships which fully fund the typical costs incurred by full-time students while attending a participating institution, including tuition and education and related fees. Additionally, participants receive stipends of $22,500 for undergraduate students and $34,000 for graduate students. The scholarships are funded through grants awarded by the National Science Foundation. If interested, start your application late junior or early senior year of high school as the process is multi-step.