You are sitting in your first period class in High School; the morning bell just rang and the announcements have just begun.  Two strangers are standing at the front of the room.  You don’t know who they are and don’t necessarily care as long as it means no class and no homework…. Your homeroom teacher’s lecture becomes white noise in the background.  You begin to trail off in thought and are soon interrupted:

“…here to discuss Hacking!”

(c) http://www.gamepur.comYour ears quickly perk up, no longer distracted, all of your attention directed towards the two individuals who had been strangers just minutes before.

Now that I have entered the “Real World” as a Corporate IMLP at the GE Headquarter in Fairfield, CT, I have seized the opportunity to become more involved with the Community. Specifically, the IMLPs are further developing a program known as Hacker High School. Hacker HS allows me the opportunity to speak to gifted math and science students on information security related topics (SQL injection, ethical vs. unethical hacking) for a few hours while giving the students an idea of what we do at GE.

This past week was my first Hacker HS experience so I was a little nervous and unsure of what to expect.  As I walked through the classroom doors with a fellow IMLP and a representative from GE's IT Risk organization we were greeted with the warmest of welcomes.

We soon kicked the day off with an overview of who GE is and gave a run through of leadership programs available at GE. After that, we went around the class with an ice breaker, quickly learning there were some advanced computer scientists present. We had advanced programmers, individuals hosting their own web servers, future graphic designers, game developers, all falling under the “future leaders of technology umbrella”.

By this point the class was oozing with excitement in anticipation of our security pitch.  As we ran through the hour and a half presentation we touched on information security related news such as Anonymous, HBGary, Sony, and Lulzsec. We then moved onto an intro into SQL, followed by a WebGoat demonstration where we showed simple SQL attacks in action and how to defend against them. The students were very responsive to all of the material we were presenting, which made it much more of a discussion than a lecture. One thing that shocked me was how quickly everyone was able to pick up SQL having had little or no database experience.

Finally, the fun part, the students were given the chance to apply what they had learned that morning. After the pizza party style lunch, we set up a virtual machine running an insecure web application.  The students were given a case study and told to “have at it”. The set of tasks contained items such as gaining access to the VM without a username/password, extracting the list of users and passwords, and implementing XSS attacks.  The moment the first pop up appeared on the home page proclaiming “Hello, you have been hacked!” it was easy to spot the guilty party smiling from ear to ear. I truly realized the level of excitement in the room when I caught myself in a light jog to answer a question!

Once all was said and done we held a recap session discussing how we could have defended against some of the attacks the students had just performed. A few of the main highlights were: password complexity, locking down ports, encryption, which all boiled down to being smart about how you store, secure and transfer information. All in all, this was an amazing experience for me. It allowed me to experience making a difference first hand and get these students excited about technology.  I can’t wait for the next session!