Hey,

I would really like to start a competition in the high schools around where I live. I have been a teacher years ago and I also did some volunteer work in on high school, etc.

I think teenagers interested in InfoSec are often left learning tools by themselves and if not guided properly, can start hacking networks everywhere without permissions...

Finally, I am a French Canadian and there is close to no resource in French in this field.

So, I would like to create some kind of a club among different high schools in my city where we could meet once a month or something like that and organize a CTF among them. I really, really want to focus on the legal aspect of it. I want them to be White Hats, not the opposite...

Do you guys think it would be a good idea? Have anyone done that before?

Thanks for your advice!

Thanks Hayabusa,

I will keep you posted for sure. Meanwhile, I am just starting...

I was going to start by visiting high schools and try to talk to IT teachers and try to get some ideas from them to. They know their students after all...

Then I could do a little presentation to push the interest. I will probably have to write a letter to parents, school directors, etc.

Then we can start a web site, find a place to gather, do a few presentations and demos to really get the interest going. Then as you said Equix3n, have a workshop and organize a competition.

And you are right ETHICAL would be the keyword here...

Thanks chrisj,

I agree with you, I will be responsible of this kids until they are picked up. Also, I will start with one school, talk to the teachers and the director before I "see too big"!

My expectation is that any school will be afraid of us using their network. So I though of supplying the server, the switches, the cables, etc and the students bring their laptops. And since I wanted to put them in teams anyway, if one doesn't have a laptop, it should be alright.

But what about the CTF part. I don't want it to be too tough, but I want them to have a good challenge nevertheless. So what about this:

1) We meet twice a month and I give them a lecture on a single topic. Fro example, scanning with nmap using 4 or 5 switches.

2) The same day, they practice against the lab's server. Again for example, they use nmap to discover ports and enumerate services.

3) Every month or so, there is a bigger challenge where they will apply the knowledge they have learned recently. Ex: Reconnaissance, scanning, and an easy hack.

I also really, really want to put a big emphasis on ethic and defense!

It is a vast field and my biggest challenge will probably be to choose among many, many subjects...

@chrisj I was going to post the same thing, but you worded it more clearly
@H1t M0nk3y
Will you provide any study guide to the students or just refer some books? Don't hesitate to ask if you need any help with tutorials. I might help you out with some articles if you want.

Humm...

I also wonder if this teenager would understand enough about computers to even start such a project. They probably wouldn't know about even a router, what really is a firewall, yet alone TCP/IP, UDP, ports, NAT, etc.

Would anyone know about a 15 year old superuser who could even slowly start learning about these subjects?

I may be too optimistic... 

15 yr. olds are more intelligent than you think. I've seen some 13 year old kids hacking stuff like professionals (random sites). What level of stuff do you want to teach these kids? From your above post it seems to me that you're going too deep into the syllabus. Teaching the above basics won't take more than a day or two. At this stage, however, I think you should just give an overview of each of the phase-- Whois, Zone Transfer, bit of Google hacking & web based searching in Recon, 3-way handshake, ports, 2-3 nmap scans, what's a vuln. scanner with bit of nessus intro in scanning etc (Are you getting my point?)
Conducting a full fledged hacking class will be too much. Flow gently through each of the phase and let them explore the advanced stuff themselves.

Could you please provide a basic overview of what you want to cover-- any table of contents you've prepared?