CyLab's massive middle and high school hacking competition, picoCTF, launches its 2018 contest

Led by INI professor Martin Carlisle as picoCTF's Education Director, nine INI students served as problem developers for the 2018 middle and high school hacking competition.

Guidance counselors today are urging their students to consider becoming doctors, lawyers, engineers, and … computer hackers? That's the goal with picoCTF, Carnegie Mellon University's free, online cybersecurity competition for middle and high school students, which launches today for the fourth time since its inception in 2013.

"There's a huge shortage of professionals in cybersecurity, and limited opportunities for middle and high school students to learn about this field," says Professor Martin Carlisle, Education Director for picoCTF and Director of Academic Affairs in the Information Networking Institute.

The Ponemon Institute estimates that the average computer breach cost about $3.5 million last year. Digital security company Gelmato estimates 7 million data records are stolen every day. The goal with picoCTF, Carlisle explains, is for students to have an opportunity to develop interest and knowledge in cybersecurity.

"We're aiming to inspire a large number of students to enter the field and protect our way of life," Carlisle says.

Over 50,000 students have competed in picoCTF since it was first launched in 2013. This year's competition runs from September 28 through October 12.

"These competitions really help, because the kids see this and they say, 'This is challenging. This is what I want to do,'" says Frank Staffen, a computer science teacher from Thomas Jefferson High School in Jefferson Hills, PA, who has had dozens of students compete in picoCTF over the years. "The impact of picoCTF has been amazing. It has transformed our curriculum and impacted our school ten-fold."

Staffen's students have consistently placed among the top finishers out of thousands of teams that have competed each year. Many of his students discovered talents they never knew they had, and went on to study computer security in college.

"I had two students who had SATs the next day but stayed up all night solving picoCTF challenges," Staffen says. "They told me, 'We can re-take the SATs, but we can’t re-play picoCTF.'"

During the two-week competition, students will solve challenges that start out simple and become progressively more difficult. The challenges, which mimic real-life cybersecurity problems, were developed by the Plaid Parliament of Pwning (PPP), Carnegie Mellon's competitive hacking team famed for its 4-time champion status at the DefCon "World Series of Hacking."

The challenges in picoCTF are housed in an interactive game, designed by a team of students in Carnegie Mellon's Entertainment Technology Center.

Thousands of dollars in cash prizes are awarded to the top teams. Anyone from around the world can register and play, but only U.S.-based middle and high school students are eligible for prizes.

Meet the INI's Problem Developers

Nine INI students served as problem developers for the 2018 contest:

• Alex Fulton
• Rachel Eaton
• Sam Dlinn
• Carolina Zarate
• Julio De La Cruz Natera
• Chris Hensler
• Michael F.
• Rintaro Fujita
• Danny Tunitis

SAM DLINN (MS29), information security program

"PicoCTF 2014 was the very first CTF that I ever played and was instrumental in helping me learn more about Infosec. This was an opportunity to give back and help the next generation of hackers learn and I couldn't pass that up."

CAROLINA ZARATE (MS29), Integrated MSIS program

"As someone that started their involvement in security in high school through CTFs and other similar competitions, I really understand the value of these easier beginner-level security competitions. I want students to have these opportunities so that they may get the chance to learn more about security. "

Rintaro Fujita (MS29), KOBE INFORMATION SECURITY PROGRAM

"When I played picoCTF 2014 for the first time, I was impressed by the contents that allowed me to learn cybersecurity technology step by step with a catchy story and attractive problems. Now I am involved as a problem developer to provide the same wonderful experience that I had. This year, we have various CTF challenges which reflect recent situations to attract students to have more interest in cybersecurity."

Julio de la cruz natera (MS29), INFORMATION SECURITY PROGRAM

"It was interesting for me to be on the other side of the competition and I could not pass on the opportunity of helping spread the knowledge on cybersecurity. These competitions are really valuable for middle and high school students because it allows them to get involved in cybersecurity at a young age. Being exposed to these types of problems early is important, as they will start thinking of ways to (ethically) attack or defend information systems. In the end, it will help them be more prepared for when they pursue a career in information security, if that’s what they want to do."

Alexander Fulton (MS29), INFORMATION SECURITY PROGRAM

"PicoCTF has been a great opportunity to help try and continue to fill the niche of an entry-level CTF. We wanted to encourage people starting out in the cybersecurity space, of all ages, focusing on educational and approachable problems. As one of the first competitions that I ever looked at, it is very exciting to be able to see the whole project and problem development at all stages, and see all of the work and thought that goes into a competition of this scale."