On Tuesday November 14, 42 of the UK’s most promising amateur cyber-sleuths competed in an ultra-realistic cyber defense simulation in the annual Cyber Security Challenge UK Masterclass, the final stage of a competition designed to inspire and unearth cyber-talent across the UK.
The event, a culmination of a year of online and face-to-face qualifying rounds involving thousands of participants, was held in a fabricated, industrial-style security operating center at the historic Trinity House in London, the home of British shipping.
The competition (which this year also included six of the top talents from Cyber Security Challenge Singapore) saw candidates from a range of age groups divided into teams to take on the role of security consultants, brought in to investigate a suspected insider threat at fictitious shipping company Fast Freight Limited. They soon discovered that a newly appointed COO was to blame for the missing files and that he has been working with cybercrime group Scorpius – a ‘notorious’ crime syndicate attacking organizations across the world and extorting them for money.
The participants were tasked with defending the company from cyber-attack, carrying out forensic analysis to build a case against the corrupt COO before presenting their evidence to a mock court of law featuring real barristers, a situation often faced by those in the cybersecurity industry when a crime has been committed.
A Helping Hand
Speaking on the morning of the event, Nigel Harrison, acting CEO of Cyber Security Challenge UK – a non-profit, government backed organization dedicated to enabling more people to become cybersecurity professionals – said the Masterclass provides the perfect opportunity for budding cyber-enthusiasts to showcase their talents in a complex, life-like scenario.
“Our philosophy as an organization is to give people a helping hand to get on the first rung of the cybersecurity career ladder,” he added. “All of the contestants are amateurs; they are looking for careers in this profession but they are all amateurs at this stage. One of the most important things is that we’re not just looking for those who understand the technology and perhaps fit the image of a ‘hacker in a hood type’, we also want to help people become employable in the workplace.
“We are really looking for soft skills like team work, planning, reacting to incidents, being able to brief and take charge – we want those real stars who can go into the industry and we’re always trying to drive the message that there is a home in cybersecurity for all sorts of people."
Cybersecurity applies to all sectors - transportation, shipping, banking - it's vital to everybody, Harrison said. “We thought it appropriate, as we’re in the home of shipping at Trinity House, that we connected the challenge to a maritime theme – which also gave us the opportunity to put a little bit more emphasis on industrial control systems.”
“Cybersecurity is still very much a growing and emerging profession, so we need events like this to make sure that we get that heightened perception of what we do”Rob Partridge, Head of Commercial Development, Penetration Testing, BT
Red Versus Blue
This year the Masterclass was developed by global telecoms firm BT, in partnership with aeronautical company Airbus, networking and cybersecurity firm Cisco and the Cyber Technology Institute at De Montfort University. The event was supported by Checkpoint, Darktrace, 4 Pump Court, the National Crime Agency and the Bank of England.
It was BT’s own real-life Red Team that was trying to break into the network of the fictitious shipping company, again giving the contestants a taste of the type of tests they would face in a career in cybersecurity.
Rob Partridge, head of commercial development, Penetration Testing at BT, said BT’s involvement in the Masterclass was about both finding untapped talent and helping to raise the profile of cybersecurity as a profession.
“Cybersecurity is still very much a growing and emerging profession, so we need events like this to make sure that we get that heightened perception of what we do”, Partridge told Infosecurity.
Taking the Challenge
The participants had their hands full throughout a busy day of proceedings, but one took a few minutes away from the action to speak to Infosecurity about his experiences in the competition.
“Back in 2014 I found a BBC Click episode which highlighted the Cyber Security Challenge, and since then I’ve done a lot of their online challenges and been to some of their face-to-face events,” said competitor James Nock, 17. “ I’ve been to the European Cyber Security Challenges in 2015/16 and this led me to qualifying this year for my first Masterclass.”
Nock explained that his passion for cybersecurity is driven by a love for problem-solving and programming, along with the fact that more people are needed to fill the skills gap in the industry.
“Normally I do reverse engineering and malware analysis, whereas today it’s been more forensic analysis, so the Masterclass has given me the chance to take skills I already had and apply them to new situations. It’s been a little bit of a different area than what I’ve been used to.”
As the day drew to a close so did the Masterclass for 2017, with the event rounded off in style at the Cyber Security Challenge UK Awards Dinner at the Grange City Hotel. It was here that team Daman was announced as the winners with 'Mo' crowned as Cyber Security Champion, pipping runners up Harvey Stocks and Tim Carrington.
The Cyber Security Challenge UK has always gone to great lengths to help inspire the future generation of cybersecurity workers, and this year’s Masterclass showed, once again, the great work the organization is doing. So far, 50% of previous Masterclass competitors have secured jobs in the industry, and there’s no doubt the skills and experiences gained by the participants in 2017 will see that trend continue.