At Black Hat 2019 I had the pleasure to meet some AT&T colleagues who are now my new InfoSec buddies! I met Marc Kolaks and Don Tripp from the Office of the CSO at the AT&T Cybersecurity booth.
They told me about the weekend event they were volunteering for at Defcon. So, being nosy I had to hear all about it and get some pics from the event (couldn’t attend myself due to date conflict with Diana Initiative.) First some cute kid pics!
R00tz started back in 2011; originally called Defcon Kids. It is an event designed specifically for kids to introduce them to “White Hat” security. It includes hands on events, talks, and contests that are specifically geared for a younger crowd, including lock picking, soldering stations, capture the flag contests, technical talks and more. One of the keys to the success of the event is that all these activities are specifically designed for and targeted for a young audience and include an Honor Code.
Some of the key aspects of the Honor Code include the following values:
- Only do good
- Always do your best
- Constantly improve
- Think long-term
- Be positive
- Visualize it
- Inspire others
- Go big & have fun!
In general, the kids are encouraged to explore, to innovate and to learn.
The “rules” that govern R00TZ participation include:
- Only hack things you own
- Don’t hack anything you rely on
- Respect the rights of others
- Know the law, the possible risk, and the consequences for breaking it
- Find a safe playground
AT&T participation: past and present
AT&T has participated in the r00tz event for the last few years. We’ve grown from being only a financial sponsor into actively participating.
Patrick McCanna & Marc Kolaks were the key individuals to get ATT involved. Patrick provided the contacts, and Marc arranged for the sponsorship. They saw a fantastic opportunity for AT&T to make a positive impact in the otherwise nefarious realm of hacking.
One of the major contributions that AT&T provides to the r00tz event is the “Junk Yard”
This event provides piles of old electronic equipment ranging from cell phones to routers to typewriters. The kids are provided with hand tools, and eye protection (this year some AT&T Cybersecurity sunglasses were provided), and are allowed / encouraged to dis-assemble all this equipment simply to “see what’s inside”.
In addition to the Junk Yard we’ve created various hands on activities ranging from penetration testing demonstrations to a customized version of the Hacker Games and Link buster in order to teach security “best practices” in a fun environment. Along with the “games” we also hosted MIT’s SCRATCH programming environment to allow the kids to experience computer programming on a fun an easy to understand platform.
Another addition to this year’s event included providing information to parents on AT&T’s ASPIRE program and information on STEM (Science, Technology, Engineering & Math) opportunities for their local schools and communities.
R00tz is “community involvement” at its finest… It offers an opportunity “give back”, and the impact we have is not limited to any single community, as the kids come from all over the US, and in some cases, all over the world!
As you can see from this pic from r00tz Asylum 2019, this concept of educating kids to be white hat hackers is really catching on!