Ben Spring, a student at the University of Portsmouth, has launched TryHackMe. It is aimed at those who want to learn and improve their skills around cyber security. The platform will deliver a range of Capture the Flag competitions, cyber security workshops, training and online courses. It plans to run its first HackBack CTF event on Saturday 9 March.
In a statement, Spring wrote: “I have created TryHackMe as a way to get others learning cyber security in an enjoyable and interactive way. Having a platform to deploy deliberately vulnerable machines in the cloud with supporting tutorials and questions, allows individuals with different skill sets to learn at their own pace.
“We now have over 1000 members registered and our platform is starting to be used within universities teaching Computer Science and Ethical Hacking. I hope that TryHackMe will be used by universities and companies around the world to attract and train more people for careers in cyber-security”
Spring has been able to get 14 universities to sign up to his platform. Whether all 14 will send teams to the first HackBack CTF competition remains to be seen. He has already attracted a sponsor, Context Information Security. It sees this as a way to build on its existing relationships with UK universities. The question for CIS is can they back up sponsorship with jobs and bring in other sponsors.
Can TryHackMe survive in an increasingly crowded market?
The first challenge that Spring will have to overcome is surviving in an increasingly crowded market. Seemingly every week there is at least one cyber security competition in the UK. Some of these are well designed and offer a wide variety of challenges. More importantly, they are supported by businesses who see this as a quick way to assess the capabilities of potential employees.
The second challenge is getting long-term sponsorship. Over the last year, at least two of the major cyber security training platforms have struggled to grow. This is not because of problems with what they are offering but because of competition in the market. Companies are jumping on the bandwagon to be seen supporting cyber security platforms in the hope it will raise their profile. What they are not doing is assessing how many people are engaging with the platforms and the quality of what is on offer.
Enterprise Times: What does this mean
One advantage that Spring may have is his main sponsor CIS. Between CIS and Spring, they should be able to engage across universities and importantly across disciplines. The challenge for existing cyber security training is that it appeals mainly to those on IT courses. The reality is that the industry needs a much wider set of new talent.
In the 1970’s the demand for mainframe programmers saw universities and technology companies engage with mathematics and other departments. They were able to sell the idea that there was more money and better careers in the new shiny world of computing that if students stayed with mathematics. There is a good case for a similar approach today.
Cyber security needs people with forensics (criminology), legal, psychology and other backgrounds. The ability to think about the whole attack chain such as why an attack appeals to a specific group rather than just the logical code. Spring has added forensics to the list of challenges for the first HackBack CTF but the other subjects are predictably focused on IT.
Can Spring can widen the discussion and engagement inside universities by drawing on his own student contacts? That remains to be seen. However, if he is successful then TryHackMe will have a real impact on bringing new talent to the cyber security market.