This summer, I designed and led a weeklong cybersecurity camp that aimed at introducing middle schoolers to the world of ethical hacking. I’ve always been passionate about cybersecurity, but I realized that most kids grow up using technology without learning how to stay safe or think critically about it. I wanted to change that.

My goal was simple: to make cybersecurity exciting, accessible, and empowering. Over five days, I taught students how to recognize phishing attempts, crack simple codes, explore hidden messages in files, and eventually solve their own Capture the Flag (CTF) challenges. The camp was open to any students curious about how hacking really works—not in movies, but in real life.

Planning this camp wasn’t just about showing up and teaching—it was about building something from scratch. I started preparing several weeks before the first day, with the goal of making cybersecurity fun, understandable, and hands-on for middle schoolers. Since I wasn’t already an expert, the first step was teaching myself the very skills I planned to pass on: encryption, ethical hacking, basic password cracking, and more. I spent hours researching, testing tools like CyberChef and Flipper Zero, and studying how real Capture the Flag (CTF) competitions are designed.

Once I had the skills down, I created all of the materials myself: slides, printed handouts, phishing simulation emails, cipher puzzles, and even a set of flashcards for “Hacker Trivia.” I wanted each day to feel immersive—like the students had stepped into a new part of the hacker world.

To recruit students, I designed flyers and shared them with local parents and school groups, explaining that this would be a beginner-friendly introduction to hacking—but in a way that promoted ethical thinking and online safety. I also designed a custom beginner CTF competition, which would be the final challenge of the week. I structured it with multiple flag types so every student, regardless of their strengths, could participate and feel successful.

All of this planning was driven by a single idea: what would’ve made me excited to learn about cybersecurity as a kid?

The camp ran from July 14 to July 18, Monday through Friday, four hours a day. Each day had a theme, building on the one before it, and every activity was designed to be interactive, hands-on, and fun.

Day 1: Hackers, Passwords & Internet Safety

We kicked off with a “Hacker Name Generator” icebreaker, where each camper got a funny alias like “Shadow Potato” or “Glitch Wizard.” That set the tone—lighthearted, but curious. We dove into what cybersecurity is and the different types of hackers, then played a password strength game where I tried to crack the weak ones they created. The moment I guessed a password like “soccer123” in seconds, their eyes widened. We closed the day with a phishing detective game, using real-looking email screenshots to train their eyes.

Day 2: The Internet, Hackers & How Attacks Work

Day two was about understanding how the internet actually works—and how attackers exploit it. We role-played an internet request with campers acting as browsers, routers, DNS servers, and firewalls. Later, in the “You’re the Hacker” simulation, small teams used cards representing attack methods (like phishing) to plan fictional hacks on school servers or video game accounts. They had to justify their attack chain and present it to the group. Another team played the defenders, challenging the hacks and explaining how they’d stop them. It was one of the most creative sessions of the week.

Day 3: Secrets, Ciphers & Hidden Codes

This was the most puzzle-heavy day. We cracked Caesar ciphers, created spy messages for teammates to decode, and then raced around the room in a cipher scavenger hunt. I hid clues written in Atbash, Base64, and Ceaser. The competition got intense—but in a good way. One team even figured out how to crack a shift cipher just by analyzing patterns.

Day 4: Hacking Tools & Investigation

By now, the students were ready for more technical tools. We practiced using Inspect Element to find flags hidden in fake website code and explored basic terminal commands like ping and ipconfig. That visual blew their minds. We closed with a mini challenge to prepare them for the final day: they had to decode, spot fake websites, and find simple flags.

Day 5: Capture The Flag Day

CTF day felt like the championship. Students formed teams, chose names, and received their challenge sheets. Flags were hidden in website source code, disguised in ciphers, embedded in image metadata, or locked behind phishing recognition tasks.

The camp made a clear impact on every student who attended. Many had never heard of cybersecurity beyond “hacking” in movies, but by the end of the week, they were decoding ciphers, spotting phishing messages, and thinking like ethical hackers. One camper went home and convinced their entire family to update their passwords. Another told me, “This is the most fun I’ve ever had learning something about tech.”

What struck me most was how quickly they built confidence—not just in solving puzzles, but in asking smart questions. They wanted to understand how things worked beneath the surface, and they supported each other like real security teams. Even the students who didn’t consider themselves “techy” left feeling empowered and included.

For me, this project was just as transformative. I had to learn the material from scratch, design a full curriculum, and run a camp on my own. I grew as a communicator, problem-solver, and leader. There were moments I doubted whether I could pull it off—but every time a student cracked a flag or lit up with an “aha!” moment, it reminded me why I started this in the first place.

This camp taught me that making a difference doesn’t require being an expert—it requires passion, effort, and a willingness to figure things out. I hope this is just the beginning of building spaces where more kids feel excited about cybersecurity and confident in their ability to shape the digital world.