Team MyDoom has been declared the winners of the 2018 Cyber Security Challenge Masterclass. They overcame eight other teams in what was a great showcase of future talent for the industry. The Masterclass is the culmination of a year of competitions across the UK. It also included, for the first time, winners from competitions in Singapore.
Unlike many competitions, drawing across multiple competitions means that the Masterclass has a really diverse mix of ages, cultures and gender. For the younger contestants, this is a way of deciding if they want to follow this as a career path. The older contestants are already planning their career change and see this as a chance to show what they can do to the sponsors.
One contestant in particular not only won a Face to Face (F2F) competition earlier this year but received a job offer as a result. At 51, she is now retraining from teaching into cyber security. As an industry that is still trying to deal with huge skills gaps, this is the way it can begin to address its problems.
What was the scenario?
Fictional company Research4U (R4U) is a cyber intelligence and research company. It had suffered a previous cyber-attack which was blamed on its Head of Operations. That individual had been jailed for her part in those attacks. In addition to not disclosing why she attacked the company, she also chose not to admit her membership of a hacking group 29Alpha.
R4U runs a mix of Windows Server and Linux systems with most of the end-user desktops running Windows. It used GIT for source code management and delivered services via its own APIs.
After the original attack the company moved into offering fintech start-ups secure storage of their cryptographic keys. One customer is Th$ Crypt. They are a cryptocurrency exchange and their customers use an app to access their accounts. They use a third-party web application to access their accounts.
R4U was alerted to 29Alpha offering its customers keys in a data dump. The group also claimed to have installed ransomware on R4U servers.
What did the contestants have to do?
The contestants were split into eight teams. Each represented a team brought in to investigate and remediate the attack. They were also part of a larger company and one of the exercises was to hand over to another group in the company who would continue the investigation overnight.
The various challenges on the ground were very different. There were vulnerabilities to identify and patch. Malware attacks had to be remediated although taking the simple approach and just blocking them meant that they kept reappearing. Network traces and identifying bad code was also a challenge for the more technical team members.
This was not a contest, however, set up for the code geeks alone. The game designers also created soft skill challenges such as how to hand over the case to other teams and make presentations. For the first time in a challenge, there was also a mock press conference. This required teams to work together to decide what they could say and how to deal with public interaction. It’s a skill that is in short supply across many cyber security teams.
Across all the tests, different teams struggled with different elements. Blocking some of the attacks caught many out because they didn’t locate the malware source. It meant they lost time trying to deal with problems. The complexity of the scenario also meant that teamwork was a key element. Rather than everyone on the same problem, there was a need to be different roles to better understand the way the attacks worked. This required both good group dynamics, communication and inter-personal skills.
Sponsors getting a look at how the competition works
One of the interesting parts of the Masterclass is that sponsors from the various competitions came to observe. From a recruitment perspective this is a big win. They get to see individuals and teams working realistic problems. For the contestants, this is as much about a job interview as a competition. For the sponsors, this is a chance to see a room full of people showcasing what they can do in a way no job interview can replicate easily.
The sponsors were also able to sit in on the mock press conference. This allowed them to understand the types of questions that might be asked in such a situation and to see how the teams dealt with them. It should help them realise that building teams is not just about technical staff, something that many companies have yet to realise.
What does this mean
For Team MyDoom members, this is something to add to a CV when looking for employment. Employers are becoming increasingly aware of these types of competitions. Importantly, they are also beginning to understand which ones add significant value and which are more about good PR. In this case, the competitors had to win through other competitions to get a place in the final. That makes them all eminently employable.
For Cyber Security Challenge UK this is the end of what has been a stressful period in its history. It has brought in a new CEO and done so without any impact on what it is delivering. Moreover, it has expanded the number of competitions and increased the number of people engaging with it. It has also increased its awareness among companies which should lead to more sponsorship. This can only be good for the competition as it begins the planning for 2019.
The next step will be to select the right people to win the European Cyber Security Challenge. The UK team faltered under pressure this year in Europe. Next year, there is a belief that it can do better.