Everyone I know is having kids.

Before you get worried that you reached the wrong blog, this isn’t about to get soppy on you.

This is the first time in my life where I have watched a generation of new people develop and see how their use of technology compares to mine as I grew up. It’s fascinating (if a little depressing) stuff.
One of the big concerns in the technical and mathematical industries is the lack of new talent coming up through the ranks. This decline starts early, with fewer students choosing mathematical, scientific or technical options and course and goes right through into the graduate employment market. The young folk (if only I was old enough to get away with that name), are turning away from science and maths based pursuits.

This got me thinking.

Nobody just wakes up at age 8 and decides that they want to be a research scientist, security specialist or mathematician without having had something in their experiences and upbringing to stimulate them.

When I was little, those sorts of stimulations can from exposure to technology. Not the clean and crisp Apple products we are used to today, this was the mid 1980’s after all – nothing in the 1980’s ‘just worked’. This was technology that you got enjoyment and use out of but not without making you work for it.

I remember spending hours playing on a BBC Micro computer at school – something so precious that our school only had one that it wheeled on a trolley between classrooms and locked away at night for fear of theft.

Later on when the home computer market went mainstream and my family finally bought a PC, I spent months tweaking and configuring – trying to coax this machine into the useful emblem of the future I was promised. Reading newsgroups and IRC channels, writing scripts, tools and websites (complete with scrolling marquees) to get everything I could out of it. Technology had come a long way at this point but not far enough that everything worked without effort. It made you curious about how it worked, it rewarded your effort when you learned a new language or configuration option with new functionality or improved performance.

Outside of traditional computing, our gadgets weren’t that shiny either. They were getting there but had frustrating limitations. I destroyed my first Nintendo Game Boy by taking it apart to install a backlight behind the screen so I could play at night. I was motivated to learn to solder, to understand basic electronics and to risk my valuable games machine in the pursuit of technical improvement.
Today it’s a very different world. The new generation learn to interact with their parent’s iPads before they learn to talk (see this interesting– example of what I mean at Computer World ). They have no concept of a world before ubiquitous computing.

The technology is not just everywhere either, it’s polished. When we upgrade we are often only changing aesthetics not core capability. When a young person has their first exposure to computers – they get a machine clean and ready to suit most of their needs. There is an app for everything you can imagine and even if the first one you try isn’t great – simply download another one – no harm no fuss.

There is very little motivation for a young person to look into the guts of the machine. Why would they want to know how a website works and how to write HTML when they can drag and drop? Why write an application or script when you can Google it and use someone else’s? Why open the hood of a computer or electronic device to see how it ticks – you’ll just invalidate the warranty?

As a penetration tester, I see the effects of this change a lot. A pattern of wannabe testers coming through that are entirely dependent on point and click tools. A generation with no concept of what the tools are doing at the operating system level. If a tool malfunctions or doesn’t have the capability they want at first glance, they just buy another tool. This lack of motivation and technical understanding can only lead to one place, a 2 tier system within penetration testing.

The first tier includes these tool dependent people, generating auto reports and going through the motions confined to their application suite. The trouble with this is that when things don’t go according to plan or technologies change before the tools to test them do – the first tier tester cannot adapt.

The second tiers are those who use tools to speed up the process but are able to understand the technology at a deeper level. They are writing the tools, scripts and algorithms, solving the hard problems and applying years of theoretical knowledge and practical experience to new situations and get results. They are the exploit developers and the reverse engineers. They are the cryptography experts. Sadly, however the number of people in this tier is diminishing.

It’s my worry that if we don’t start finding more people for this second tier – penetration testing won’t grow as a profession. Our techniques will not progress with the technologies we test and we will become ineffective.

Obviously, to every generation a few will be born with this curiosity built in and much to their parent’s confusion proceed with tearing up their own part of the technical world, but this small group however is not enough to keep the technical and scientific fields going.
Who will solve the tough scientific and mathematical challenges when the baby boomers et al retire and die? Who will do deep support for software and large computer systems? Who will keep us safe when operating in a ‘connected by default’ world?

We need to find a way to inspire those with no need to – to get curious about technology and how it works.

We need to build our own next generation.