How to find the next crop of cyber security experts
Hacking group Anonymous rose from obscurity last year to become a household name. Earlier this month it intercepted a phone call between the FBI and UK police discussing, ironically, the fight against cyber crime. The audacious hack was the latest in a string of high profile attacks targeting governments, police forces and corporations across the world.
Along with LulzSec – who famously breached Sony’s security last year – it is among the best known groups of hackers in an increasingly crowded field. Security professionals say the UK is woefully unprepared to face the spiralling threat to online security.
The Cyber Security Challenge was set up to help redress the balance. Last month geeks of all shapes and sizes were invited to the Royal Mint building to test their skills in a controlled environment. Entrants were pitted against each other to be crowned cyber security champion, the aim being to encourage young talent to join the security industry – and to help steer them away from the dark side.
The disparate group competing in the first semi-final would have made prize pickings for a Louis Theroux documentary, ranging from your stereotypical light-deprived teenager to eccentric 40-somethings with interesting tastes in facial hair. I chatted to Guy Plunkett, a (sadly very normal) IT professional who had entered last year’s tournament. He wasn’t there in search of a job – he simply wanted to test his skills against the best in the country. He was modest about his chances of progressing, saying security wasn’t really his field.
Before the pros kicked off I had a chance to test my cyber security skills in a warm-up challenge. I was teamed with Duncan Alderson, a threat and vulnerability manager at PwC (a major sponsor of the event).
His job is to test the IT security of companies by simulating attacks from cyber criminals. Sometimes this is done remotely but, on occasions, it involves visiting premises and blagging his way past the reception staff in order to physically jack into the IT system.
Our challenge was to compete against other teams to take control of vulnerable systems and – crucially – to secure these so another team can’t then steal them back. Essentially it was a big game of virtual capture the flag – and one in which I was comprehensively beaten.
“It takes a certain type of very methodical thinking to do this kind of work,” Alderson consoled me. “It’s not so much about having one great idea as going through a very long checklist of possibilities. From a security point of view this is vital – if you miss one thing off your checklist you could have overlooked a vulnerability.”
Later that afternoon the competition proper took place. Guy finished second and will go through to the final in Bristol next month, which will see the finest entrants from 11 events compete for the top prize.
Last year, postman Dan Summers was victorious. He now works for the Royal Mail threat and vulnerability team.
Cyber Security Challenge founder and director Judy Baker says he is a great example of what the event can achieve.
“Dan’s story is incredible, really. The events aim to plug the gap in the number of security professionals in the UK, to find new talent rather than to reward people already in the industry. Dan certainly achieved that. The calibre of entrants is getting even stronger so I expect the event to go from strength to strength.”
With cyber attack threat levels showing no sign of receding, we’ll need all the help we can get.