Carnegie Mellon's CyLab challenges high school students to give hacking a try

March 27, 2017, Carnegie Mellon University
The winners from picoCTF 2014 listen to David Brumley -- project lead for picoCTF, the director of CyLab, and a professor of Electrical and Computer Engineering at Carnegie Mellon University -- speak at the picoCTF 2014 awards ceremony. Credit: Carnegie Mellon University CyLab

Carnegie Mellon University aims to build a talent pipeline into the cyber workforce by introducing computer security skills to middle and high school students through picoCTF, a free, online hacking contest that starts March 31, 2017. Now in its third year, the virtual game of capture the flag (CTF) has previously drawn nearly 30,000 people.

"Right now, we're facing a tremendous shortfall in experts," says David Brumley, project lead for picoCTF, the director of CyLab and a professor of Electrical and Computer Engineering. "The root of the problem is that most people don't even know that computer security is a field they can go into. Building awareness is a major goal of picoCTF."

This year, players will be competing for over $30,000 in prizes, thanks to this year's corporate sponsors. Anyone may register to play, but only U.S. students in grades 6-12 are eligible for prizes. Registration will remain open until the end of the competition, and there is no penalty for registering after the competition's official start date, March 31.

For two weeks beginning on March 31, participants will learn to reverse engineer, break, hack, decrypt or do anything necessary to solve a series of challenges that are centered around a unique storyline. Challenges start out easy and become increasingly difficult.

"To get started, you just need critical thinking skills," Brumley says. "We lead you throughout the game to develop more and more sophisticated notions of computer security so that by the end, you're solving real crypto problems and performing at a high level."

Credit: Carnegie Mellon University CyLab

Tim Becker, an undergraduate studying computer security at Carnegie Mellon, played picoCTF in 2013 as a student and uncovered a talent he never knew he had.

"I competed with some friends for fun, but none of us expected to do that well," Becker says. "But we ended up finishing in 3rd place, and that's how I ended up getting into this field."

Fast forward four years, and Becker is now a captain on Carnegie Mellon's student hacking team, the Plaid Parliament of Pwning (PPP). The team has won DefCon's Capture the Flag competition—informally known as the "Super Bowl of Hacking"—three times in the past four years.

The Carnegie Mellon team has open-sourced picoCTF, enabling teachers to run their own version of the competition themselves if they choose. Because of this, several high schools have made their own version of picoCTF that have introduced thousands more K-12 students to computer security, such as Phillips Academy CTF (PA-CTF), High School CTF (HS-CTF), and Thomas Jefferson CTF (TJ-CTF).

Explore further: US spy agency holds contest to find young hackers (Update)

Related Stories

Google acquires Web security firm reCAPTCHA

September 16, 2009

( -- Google announced on Wednesday that it has acquired reCAPTCHA, a company that produces the squiggly words used by websites to guard against spam and fraud.

Recommended for you

Technology near for real-time TV political fact checks

January 18, 2019

A Duke University team expects to have a product available for election year that will allow television networks to offer real-time fact checks onscreen when a politician makes a questionable claim during a speech or debate.

Privacy becomes a selling point at tech show

January 7, 2019

Apple is not among the exhibitors at the 2019 Consumer Electronics Show, but that didn't prevent the iPhone maker from sending a message to attendees on a large billboard.

China's Huawei unveils chip for global big data market

January 7, 2019

Huawei Technologies Ltd. showed off a new processor chip for data centers and cloud computing Monday, expanding into new and growing markets despite Western warnings the company might be a security risk.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.