Hacker HighSchool for teens: talking with Pete Herzog

Pierluigi Paganini April 30, 2016

An interview with Pete Herzog, the co-founder and Managing Director of ISECOM, about the Hacker Highschool (HHS) initiative.

Today’s teens are in a world with major communication and productivity channels open to them and they don’t have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them just for using the Internet. This is the main reason for Hacker Highschool (HHS).

Hacker Highschool

The school is an ever-growing collection of lessons written to the teen audience and covering specific subjects that are timely, interesting, and important for teens. In Hacker Highschool you will find lessons on utilizing Internet resources safely such as web privacy, chat, mobile computing, and social networks. Each Hacker Highschool lesson is designed as self-contained learning, no teacher required. Why? Because hacking is about discovery and that needs to be learned, not taught. The lessons are all technically correct, promote good moral behavior, resourcefulness, technical know-how, and empathy. All lessons work with a free “live

Why? Because hacking is about discovery and that needs to be learned, not taught. The lessons are all technically correct, promote good moral behavior, resourcefulness, technical know-how, and empathy.

All lessons work with a free “live linux” CD which will boot off any PC with a CD-rom drive to perform the lessons. HHS is a great supplement to student course work or as part of after-school and club activities.

But what about the projects and the aim of it? I’ve been talking with Pete Herzog, who is the co-founder and Managing Director of ISECOM, a security research non-profit focused on innovation. In 2003, Mr. Herzog co-founded the Hacker Highschool project to create open source lessons in security awareness and the hacker spirit of resourcefulness and self-teaching to teens. Besides being the first cybersecurity curriculum for teens, it’s also the first to focus on the psychology of how teens think and learn to be most effective. Currently, HHS is in its second release cycle, can be found in many repositories across the Internet, and is downloaded about 250.000 times a month. Pete is also noted speaker and writer on trust, security, and hacking and provides security coaching for various types of clients to help them learn how to make their products, services, and lives more secure.

  • Do you can use and explain with 3 keywords to describe who is a hacker?

A hacker is resourceful, curious, and always learning. Hacking is a method of problem solving that combines resourcefulness, logic, creativity, and study. Hacker Highschool helps teens learn hacking as a method to figure out how things work (such as with the Scientific Method) and to further learn by doing. Hacking is usefully applied in nearly all fields as it builds upon what is known to create new things, foods, designs, etc. When applied to computers and networks, it also teaches safety and security in a world quickly drowning in information where to be safer teens today need to know the facts from the fraud, the real from the fake, and the bad from the good.

  • How and when is the idea of school born? Which is the main mission and strategy?

I have to say it’s SCARY how companies are abusing young children as part of the public that they encourage and trick into uploading more and more of their private lives to become part of the marketing and consumer machine. Combine that with online predators and criminals and you quickly see that kids are not using technology- they are being USED by it. And unfortunately, the parents and teachers who are to keep them safe are either in the same trouble or clueless what to do. So the only realistic way to handle this is to unleash the curiosity and daring that all teens have so they can protect themselves. And that is our mission. We started the school in 2003 when I realized that when teaching the OPST (www.opst.org) for a couple of years that college students did better than seasoned security professionals on the hands-on exams. We realized it was because college students didn’t have to unlearn many bad habits that the professionals had which gave them more time to practice. So we knew if we could reach young people before they could learn any bad security habits then they could really learn to protect themselves online. That’s how we knew Hacker Highschool had to be more than teaching cybersecurity, it had to make sure that young people had the right set of skills to take advantage of all that technology without themselves being used by it. It just so happens these are also skills needed today to be great cybersecurity professionals, ensuring them a safe future in whatever they do.

  • In your opinion which kind of skills need to be developed and  implement  in the security  sector to protect us from cyber criminals?

There are too many parrots and not enough pirates in security. That means we need those willing to do the work to be secure and not the ones who will repeat what somebody else wrote on a checklist. This “parroting” happens because without the fundamentals, security seems really impossible. But since there’s a misunderstanding of what the fundamentals are in cyber security, people are just getting the wrong information. It’s not about what products you need to use or even what checklist you need to follow which, sadly, you can get a degree or certified on all levels for both of those. Because that won’t make you secure. People need to understand where security comes from, know how to analyze an attack surface and how to match the right security controls to the right interactions. Those are the fundamentals and will make you secure.

  • In particular, what can we say about the next generations of cybersecurity experts and fighters considering that everybody says that there is a big lack of competence and specialized figures and experts?

Some industry groups have decided that cybersecurity was a specific profession which meant suddenly we could count the number of people graduating with cybersecurity degrees and getting specific cybersecurity certifications. Which also meant, since had hadn’t previously existed before, suddenly we don’t have enough of them! But is that really true or just how what we’re counting them? Ask yourself where did the first ones come from then, the ones who are teaching the cybersecurity professionals before we had anyone called cybersecurity professionals? They were people who learned IT and understood the security fundamentals. My point is that we don’t need more cybersecurity experts, just more experts who can apply the security fundamentals in their chosen field of expertise.

  • What about the future of the project and the goals to achieve your mission?

Our organization ISECOM  was founded on open source and so for us it was an obvious choice to continue Hacker Highschool in this way. Information sharing is a cornerstone of education and progress, we assure that the information is always freely available for those who want to grab it and read it. Then in order to pay for the project we re-package the information in other ways like books, seminars, and videos which we then sell. This assures we can keep the project alive and improving while also assuring that the next generations we reach will be empowered to keep themselves and the rest of us safe. Currently, the lessons are written by a small, core group and edited by an even smaller group. Sometimes we get bodies of original security writing donated to us by the author who allows us to re-purpose it into the lessons. Translations are handled by volunteers and managed by the core group. We do not keep data on who are using the lessons or where. We have some anecdotal evidence from people who contact us and say they used it or they heard of it being used somewhere. What’s important is that people know it’s there, free, and open-source for anyone to use.

Last year we came a few weeks away from shutting down the project due to lack of money and capable volunteers. But we really didn’t want it to close. So instead we re-invested heavily in it again from our own pockets to try to make it fully sustainable with www.isecomacademy.com which brings high-quality videos of the lessons to classrooms and home schoolers around the world.

Thanks to Pete Herzog for the time dedicated and if you wanna follow him and his activities (I hope so) this is his twitter account @peteherzog 

About the Author Emma Pietrafesa

Dr Emma Pietrafesa (Ph.D.) researcher and communicator. Postgraduate specializations in management and public communication, international relations and diplomatic studies. She has been working in the field of research and communication for over 12 years, focused on: ICT and social media, open source, cyber harassments, cyberbullying, international relations, gender issues, health and safety at work. She is Author for Italian digital magazines www.TechEconomy.it and www.girlgeeklife.com.

Twitter: @EPietrafesa

[adrotate banner=”9″]

Edited by Pierluigi Paganini

(Security Affairs – Hacker HighSchool, Hacking)



you might also like

leave a comment