Chris Wysopal is Founder and Chief Security Evangelist at Veracode.
Something unusual is happening in cybersecurity: the hackers are getting younger.
Teenagers as young as 16 years old are behind some of the high-profile breaches in the past few years. The group Scattered Spider is making waves, but they are not alone. The new generation has shattered the mold. These are not bored slackers experimenting for fun. Many are skilled and recruited from gaming communities, where strategic thinking, speed and competitiveness are nurtured.
Some see this as a concerning trend, but it can also be viewed as an opportunity to rethink how the ethical hacking community engages with this next wave of talent. The choice is to wait until individuals cross legal lines, or reach them earlier, before curiosity turns into criminality.
From Curiosity To Consequences
Hackers aren’t born; they are made. The majority of people in this field did not set out to be criminals. They were curious, and that curiosity led them down a path.
These are kids who want to see how systems work, test their limits and show off what they’ve figured out. Those are natural, age-appropriate milestones that are celebrated when executed on athletic fields, in classrooms or in the music world. Online, however, it is trickier. With little guidance or ethical framework, teenagers can drift into darker corners of the internet, where they are rewarded for breaking things.
In the 1990s, the hacker collective L0pht, faced similar dynamics. There were no formal pathways into cybersecurity. Yet the group’s mission was to make the internet safer by exposing its flaws. Unconventional methods drew criticism, but the transition from outsiders to trusted advisors showed that hacking skills can evolve into legitimate expertise. Still, there certainly wasn’t a roadmap.
Now, there is a chance to build one.
From Gaming To Cybersecurity
Today’s young hackers often come from gaming, not traditional STEM programs. That’s not a bad thing. Games require fast decision-making, pattern recognition and adaptability. These same traits are valuable in cybersecurity—and cybercrime groups know it. They actively recruit from gaming communities and Discord servers.
The cybersecurity community needs to reach this talent first.
That’s the idea behind initiatives like The Hacking Games, which use AI-based assessments that map gaming aptitude and non-traditional skills to adversarial thinking. These programs introduce participants to ethical hacking, and illustrate how their abilities can be applied constructively.
It’s not enough to identify and nourish tech skills. Young people also need to see that curiosity can be productive and rewarding. Demonstrating real value and career-earning potential on the defensive side is critical. If this can de done before a kid ends up appearing in a courtroom, all the better.
Building New Pathways
What stands out about these programs is that they don’t rely on traditional resumes or GPA cutoffs. A computer science degree or perfect grades are not required. Creativity, persistence and problem-solving are what matter. Often, the individuals discovered through this approach are those who never saw themselves in cybersecurity—because no one told them they belonged.
Hacking For Good
One thing people outside the hacking community don’t always understand is the social pull. The stereotype of hackers as isolated loners misses the mark. Underground forums and private channels often provide a real sense of community, recognition and purpose. Those are powerful rewards for teens.
To provide an alternative, programs must provide that same sense of community: supportive, exciting and built around shared goals.
Mentorship plays a central role. Stories from security professionals who grew up tinkering with systems, breaking things to learn and eventually pivoting into meaningful careers normalize the idea that mistakes do not define someone. Skills can be redirected toward defending instead of attacking.
Closing The Talent Gap
The cybersecurity industry faces a persistent talent gap, yet often overlooks a pipeline of raw, self-taught talent because it does not fit conventional molds. That’s a strategic blind spot tilting the playing field toward adversaries.
Programs must do more than identify young talent; they must shape it. Hands-on experience, real challenges and environments that reward creative thinking—within safe and constructive boundaries—can redirect skills before they are misused.
Not everyone can be reached, but even a small percentage of the next generation can make a major impact on both individual lives and the security of essential systems.
A Future Worth Hacking For
There is tremendous opportunity ahead. A world can be built where hacking skills aren’t feared or criminalized by default, but understood, nurtured and channeled into a productive path. The task now is to show the next generation that there is a future worth hacking for.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?