Here at TechnoBuffalo we wanted to create a new series that gives the companies, executives and friends in the industry who we work with a chance to talk, to hear their voices heard and to discuss matters that mean something special to them. Whether it’s about privacy, as NQ Mobile’s product chief Gavin Kim wrote about, or inspiration, as HTC’s senior manager of global products JB McRee covered, or any other idea, we wanted to create a new platform to make their voices heard.
This week, we have a piece penned by the lead member of technical staff in AT&T’s chief security organization, Patrick McCanna. We’ll let him take it from here: the rest of the text in this piece was written by McCanna.
Information security is an incredibly satisfying and interesting career, but it can be a dangerous journey from security neophyte to seasoned professional. If you want to learn how to protect networks and servers, first you have to understand how to attack them. A successful career in cyber security requires extreme curiosity and a bit of mischief, and hopefully some of today’s kids and tweens will choose to break into this field. But I worry that a misunderstanding or an error in judgment could prevent them from achieving their full potential – and our industry will lose some incredible minds in the process.
To be fair, safely maturing into infosec is not easy. A “Hacker Kid” is likely to know more about computers than their parents and this can create problems right from the start. Can parents who don’t understand how the Internet works provide the right guidance about appropriate online exploration? These kids may be thinking about portscanning networks and exploring more advanced techniques. Most parents are only prepared to talk to kids about Facebook privacy settings. This is a big gap.
Moreover, it is possible to accidentally bring down systems and networks when you’re testing a security tool for the first time. And today’s legal system is far less forgiving of hacker experimentation than when I was growing up. Young hackers need guidance and mentorship on how to safely explore online environments and infosec tools without inadvertently crossing the line.
For example, Defcon kids/rootz asylum is a 2 day conference for kids interested in becoming “white-hat” hackers. It’s kind of like a Big Brothers & Big Sisters program for the future generation of hackers. AT&T has supported this program since its inception three years ago, and as an infosec professional and a parent, I am especially proud of our commitment. Defcon Kids/r00tz asylum helps provide these young hackers with the guidance they need to safely learn about network and computer security.
I have seen 10-year-olds pairing off in the hallways at Defcon Kids trying to explore and share what they learned. These kids were learning soldering, programming, network exploration and more. And more importantly, they are getting guidance on responsible Internet behavior that we never had at their age.
But this isn’t just a one-way educational street. Kids who have grown up with easy access to Wikipedia and instant communications bring their own unique perspective for others to learn from. For example, some kids view the Internet exclusively through the lens of “apps.” This brings unique insights into what’s possible on the Internet. For us old timers who are constantly thinking in terms of client/server concepts, this focus on the app as the Internet is interesting. The Internet may evolve far beyond the browser by the time these kids are in charge, but this also suggests we might be teaching kids the wrong things about online safety. We probably need to do something better than teach kids to look for a green keylock in their browser window if they spend most of their time outside the browser and instead in mobile apps.
Still, Defcon Kids/r00tz asylum is more than learning online safety or cool tricks with computers. Kids need room to make mistakes and they need guides who can help them understand responsible behavior in the hacking community. This appeals to me as a parent and it’s something I feel is important to the culture of innovation at AT&T.
Kids need room to make mistakes and they need guides who can help them understand responsible behavior in the hacking community.
To me, it’s important for my daughters to learn how to make the best of their mistakes because we all make them. So let’s give the kids some cool projects to explore and teach them concepts that are applicable in the real world. Let’s provide them with guidance that helps them make good decisions in the future. Defcon Kids/r00tz asylum is a great program.
Patrick McCanna is a Lead Member of Technical Staff in AT&T’s Chief Security Organization. He is responsible for driving security in mobile network architecture, platforms & services. He started working in the security industry in 1998 and has been focused on defining what “mobile security” means at AT&T since 2003. He has a B.S. in Computer Science with a Math Minor from Linfield College. Patrick dreams about Androids that don’t dream about Electric Sheep.