Hacker Christmas Tree, or How to spend Children's Day in a non-children's company

Once in December, we spoke with one friend about how we were bored with all these classic New Year trees with round dances, rhymes and bunny masks. And when our company decided to hold Children's Day, I immediately thought that this event was in good proximity with the New Year holidays. Let's make an alternative tree.

In fact, the event was based on quite a serious idea: to tell and show the children of Positive Technologies employees where and how their fathers and mothers work. To spend such a positive career guidance.
')
For what? There is one problem that many parents face working in such abstract areas as ours. Adults every day go to the mysterious work that children do not see and do not understand. But children are forced to engage in their abstractions at school - and the parents, in turn, do not know what is going on behind the school threshold. This situation does not improve mutual understanding in the family.

When my eldest son was four years old, he said in kindergarten that his dad was a janitor. On weekends, we cleared snow with a janitor’s shovel, and it’s not surprising that he remembered such visual, fun and useful business as his father’s “profession”. Such observations led to the fact that the chapter “Hidden worlds” appeared in my “ Guide to Zen for Parents ”. One of its conclusions is that it’s necessary to show children their work, even if it seems to you that it’s difficult for them. Because children understand much more than it seems.

Although there are useful tricks here that facilitate understanding. We will tell about some in this article. Suddenly, someone also wants to show offspring to their non-child profession.



As you already understood from the very first photo, Santa Claus must be bearded, even on a hacker Christmas tree. But the bloody robe in our profession is optional. But you can make nice slides for the performance.

By the way, preparing a presentation for children is a good way to learn how to make presentations for adults. Technological colleagues love to cram a lot of small schemes and long texts into each slide, and bring the number of slides to at least 50. Then they come to marketers and ask them to improve on the basis of secret principles that marketers should know. And the principles of these secret - as dogs uncut. Miller's number, color coding, the use of recognizable images and human faces, incentive signals, and so on.

But everything can be done much easier. Imagine that you are making a presentation for seven year old children. The same slides can be successfully shown to adults.



The same applies to the format of the performance. The first part of our children's program was officially called the “mini-lecture on safety”. However, normal children (like normal adults) are very bored listening to long monologues without the opportunity to ask questions or express their own opinions. No, the best study is a dialogue.

In our case, the children told us even more funny stories than we told them. “Do you know why passwords are needed?” I ask. "Yes! My mom's password is 1985! ”- the girl of six in the first row responds immediately. Everybody laughs. "You can not make a password from the date of birth!" - Strongly notices another fighter of the same age.



For the leader in such a game, the main thing is to follow the general movement of thought, so as not to go far to the side. It is not always easy. During a conversation about viruses, one karapuz with a serious face suddenly asks: “When will we talk about music ?!”

That's the turn! Tell him about earworms? Advise to read Oliver Sachs' Musicophilia for the night? No, let's save this topic for the older group. Before the event, we conducted a survey of employees, counted children of different ages and decided to arrange two Career Guidance: the first for the younger (6-10), the second for the older (10-15). This report is about the younger group.

However, small age is not a hindrance for them: they had their own considerations on all security issues. On a classic Christmas tree, such a game would be called “tell a poem to Santa Claus”. But it was more interesting here: in fact, the children taught each other on real stories. Horizontal training often works better than vertical.

True, there is a trick of managing the process. Since my studies at matheme, I am sure that any complex concept can be explained “on the fingers” - only you need to find a suitable idea. If you ask the child what he thinks about “open communication protocols,” he is unlikely to support the conversation. Another thing is to offer an analogy: you want to pass the note to a friend-classmate, but you do not want to be read or replaced by others. How to proceed? It is with such a presentation of the problem that they immediately invent both encryption and black / white lists, and other information protection technologies. And slowly the work of parents becomes clearer.



But enough lectures, I want to move already! The rest of the New Year traditions are also translated into a practical direction. Instead of a round dance - a circular tour of all branches of the company, from hacked ATMs to the office of the general director. The role of fireworks is played by the large screens of the Security Operations Center (SOC) - cyber-attacks are being tracked here, pysch-pysch! Some SOC employees did not know that the children would come. It seems to them that this is an attack.

But in general, a tour does not mean "chaotic movement." The company is large, if desired, you can get lost for a long time. Therefore, we in advance, before the event, sat down and chose “ten stops” on the map - the most interesting places that can be shown to children. And they warned everyone with the newsletter about the company that some running around could happen.

What else happens on the trees? Competition? That's just passing by the gym. Everyone suddenly really wants to catch up.



After physical education, the main hit is a soda machine running on Soviet three-kopeck coins. Almost like the game "Fir-tree, light up!", Only gives soda.

Now would have a snack, but ... Christmas traditions do not end there. We tell hungry children a classic story about the abduction of gifts and treats. Only in the role of the kidnappers - evil hackers. However, they were in a hurry, and fleeing, lost a couple of laptops. This is our only clue.



This is how a real hacker quest for two children's teams starts. First, they brute force password-protected laptops ... and very quickly pass this stage. Of course, we didn’t make it, but it was amazing to hear exclamations from “first-graders” “try admin!”

The maze map opens. In fact, this is a map of our office - and made it much earlier, for solving more serious work tasks (see details in the post “ Creating an Interactive Office Map ”). It turned out that the same tool is very convenient for children's quests. It happens like this: you do serious things, but in the end you get something useful by chance.



Of course, for children, the map is simplified. But even for such a pass is not easy. On some doors - electronic locks that require a special card. Need to apply social engineering! By the way, mothers (employees' wives) and even grandmothers, who came with their children, actively participated in the event. They liked no less than the children.



In the secret room found is the third stage of the quest - it is necessary to decipher the coded phone number. Here, hungry children also show an unexpected ingenuity: they begin deciphering the letter sequence from two sides. As a result, this stage passes ahead of the scheduled time. Call up to the hacker-thief. He gives up and says where the treats are hidden.



A feast for the whole world and gifts is the best way to consolidate the knowledge gained (“Dad, now I definitely want to be a white hat!”) In parallel, there is a drawing contest on the walls. The first to set an example was our CEO in his office - but in the office there are still many walls for drawing, and one just opposite the kitchen. Children draw hackers, viruses and themselves, write wishes.

Finally, you can still independently explore the workplaces of parents (“Dad, why do you have my doll here?”)



Now we are preparing to conduct a second career guidance for the older group. It is already clear that the quest for them to do more difficult. Something in the spirit of our " Competitive Intelligence " on PHDays.

I also suspect that the older group will want to know how the security economy is structured. With the younger, we somehow went around this topic. But the high school is already a monetary relationship, and for sure there will be tricky questions about business.

However, such fun at adult events enough. A couple of weeks ago, I arrived late with one report, the author of which advertise DDoS attacks well. “100 MBit / s for just $ 79!” He said. Then it turned out that it was a law enforcement officer who spoke about the fight against DDoS. If I were a schoolboy, I would immediately ask him where to get such a robust botnet. Purely for educational purposes, of course. And then, after all, the USE is already on the nose ...



Author : Lyokha Andreev, Positive Technologies Technical Marketing