Finalists in the Cyber Security Challenge UK masterclass competition have been battling it out this week in a realistic cyber battlefield designed to test a range of technical and soft skills.
Ensconced under the Victorian arches of an active railway line in Shoreditch, east London, the modern-day information warriors are striving to defend a fictional energy company from a series of increasingly sophisticated and damaging cyber-attacks while communicating their findings to their client, government and the media.
In the scenario, Bolt Energy has developed a new nuclear-powered energy source the size of a lightbulb but someone is leaking the details to the outside world. From their security operations centre (SOC), the defenders must follow forensic clues to identify and plug the leak.
For the 42 finalists – who range in age from 16 to 56 years old – the Cyber Security Challenge Masterclass is the culmination of a year of qualifying rounds which started when they responded to a call for candidates earlier this year.
[Video] Power Play: What does it take to win the Cyber Security Challenge?
Very strong tech skills remain a prerequisite for success, including forensic analysis, incident response and live network monitoring. However, in keeping with experience gleaned from numerous real-world attacks, there is also an emphasis on understanding the business under attack, the type of risks and threats faced and negotiating through legal, financial and a range of human issues and skills.
An essential element of winning involves the ability to communicate to leadership and management. They must also demonstrate an ability to not only use their skills in isolation but also work as a team to leverage the strengths of others. Adherence to ethical and legal concerns are also taken into account.
Dr Robert Nowill, chairman of the cyber security challenge UK, told SCMagazineUK.com, “This year in particular, we made sure right from the start that teams realise that in order to win the team event you have to demonstrate both soft skills and deep technical skills. The point is to attract new people in.”
The aim of the challenge, established in 2010, is to help combat the industry's skills shortage, increasing awareness of the sector and its opportunities, as well as identifying new talent that may well come from non-traditional sectors and routes into the industry – with past finalists including a postman and a chemist.
Using 3-D gamification of initial challenges is seen as a way of encouraging participation by those who may not have considered the sector – including women, who make up just 10 percent of the cyber-sec workforce, but are a larger proportion of gamers.
Cyber Security Challenge CEO Stephanie Daman told SCMagazineUK.com that there is a growing uptake in computing among girls at school, but while prospects for the future are bright, the current situation – which sees just two women contestants out of the 42-strong field of candidates (which in itself represents a 100 percent increase on last year) – is disappointing.
Although the Cyber Security Challenge is know primarily for its competitions (including CyberCenturion for school-age contestants), her organisation's main role is education.
Referring to the government's freshly announced National Cyber Security Strategy, she said she was hopeful that additional funding would be made available to enable the Cyber Security Challenge to expand further into schools, universities and other areas, including working with “people with slight disabilities which make it difficult to find (these) roles, but that can make them very good at cyber-security”.
Talking to the finalists themselves, 17-year-old A-level student George Osborne explained that he had an interest in networking, entered the competitions more for the challenge than as a career option and had been surprised and delighted to find that he had progressed to the finals.
‘Sarah', who wished to remain anonymous, told us that she ‘stumbled across' the website when researching something else entirely, but has always had an interest in problem solving, such as reverse engineering an Android App, and the competition intrigued her.
And the oldest contestant, Chris Bailey who has worked in various roles in IT but not in security, explained how he also got involved by ‘giving it a go' out of general interest – but was now seriously considering a career switch to cyber security, having found that he can now demonstrate that he has the necessary skills and aptitudes.
It goes without saying, the career prospects for all finalists are bright, whether they get snapped up by the sponsors, GCHQ, NCA, PWC and others, or the industry in general.
Claire Pluckrose, senior manager in the National Cyber Crime Unit at the National Crime Agency, told SC that part of the rationale behind the NCA's sponsorship of the event was to “encourage that talent to join law enforcement or use those skills to keep the UK safe.”
Neil Hampson, UK cyber security practice leader at PwC concurred, telling SC that PwC had indeed recruited finalists from the Challenge in the past, but added that it was also about helping the economy as a whole.