The Cyber Security Challenge UK Masterclass competition winners were announced Tuesday night with the overall individual winner, Mo Rahman, a 22-year-old computer science student crowned the UK's best cyber security talent of 2017, while the winning team was, Daman, including Caroline Haigh, David, Harrison Speight, Joshua Green, Justin Rowley, and Thomas Steven Brook – plus one entrant who does not wish to be identified.
The 42 finalists – including six contestants from Cyber Security Challenge Singapore - had won through a year of online and face-to-face qualifying rounds to reach the grand finale of the challenge where they had to lead the defence in an industrial-style simulated Security Operating Centre (SOC) against a simulated cyber-attack on fictional shipping company and its fleet.
In what organisers described as an ultra realistic three-day competition, the scenarios were created by BT, in partnership with Airbus, Cisco and De Montfort University and supported by Checkpoint, Darktrace, National Crime Agency, Bank of England and 4 Pump Court
Candidates took on the role of security consultants, brought in to investigate a suspected insider threat and soon discover that a newly appointed COO was to blame for the missing files and that he has been working with cyber-crime group Scorpius. They had to conduct forensic analysis and help to build a case against the corrupt COO working on platform created by the team at De Montfort University's Cyber Technology Institute.
The whole event aims to promote the sector for new entrants as well as identifying individual talent, and Caroline Noakes, Minister for Government Resilience and Efficiency commented: “We face a shortage of cyber security professionals, not just here in the UK but worldwide. To address this, we are doing more than ever before to inspire people to pursue a career in cyber security. We will continue to work in partnership with organisations like the Cyber Security Challenge UK to make Britain secure, confident and prosperous in the digital world."
While largely a technology event, it does cover the wider range of skills needed by today's CISO. Representatives of each team had to present the evidence they uncovered to a mock court of law, featuring real barristers, to ensure that all information has been obtained lawfully and that enough of a case has been brought to bring action upon the individual – and naming no names, anecdotally some contestants reported being “ripped apart” by the barristers – no doubt a valuable learning experience.
But as Matthew Lavy, Barrister at 4 Pump Court noted, if the corrupt COO is to be convicted for his crimes, it is not enough for the competitors to work out what he did and how. They also have to persuade the Court that, “ their forensic work can be trusted – that the evidence is clean, that the chain of custody is secure, and that the logic of their analysis is sound. To do this they ... have to explain the evidence they have and what it shows in language that a judge and jury can understand.” Thus the role of the barristers is to “put competitors through their paces by testing whether they have what it takes to give expert evidence in Court and play their part in ensuring not only that the cyber-attack stopped but also that justice is done.”
“With ever changing and increasing threats, it's more important than ever that those who will be keeping our organisations safe from potential threats and vulnerabilities in the future are given the opportunities to learn and hone their skills now,” commented Neal Semikin, Head of IT Security at the Bank of England.
Nigel Harrison, acting CEO of Cyber Security Challenge UK, adds: “This event is designed to mirror challenges faced by leading industry experts, in order to identify the UK's best talent. ...Traditional recruitment methods don't work in the world of cyber-security – often the most talented individuals don't stand out on paper and events like this allow us to put the best talent in the country in front of many of the leading organisations in the country that are seeking more cyber security skilled workers.”
Dave Palmer, Director of Technology at Darktrace also pointed out that, “the best cyber-security professionals don't always come from the most obvious of backgrounds, but from a wide range of areas and disciplines – from STEM subjects to humanities and arts.”
The cyber security industry faces a projected shortfall of 1.8 million cyber-security workers by 2022, according to a study by ISC(2)
Mark Hughes, CEO, BT Security, adds: " It is through programmes like the Cyber Security Challenge that we can raise the profile of the industry and find tomorrow's cyber experts that will help us close the skills gap in the industry.
Kevin Jones, head of Cyber Security Architecture & Innovation, Airbus agreed, commenting: “In order to be able to combat the ever-growing cyber threat, we must be able to attract people to the sector who have the skills and competencies required. Events like the Cyber Security Challenge UK play a key role in showcasing the varied and challenging careers that are available within the cyber sector and provide a safe and representative environment within which the future cyber-professionals can learn and develop the right skills and ethics.”
Scot Gardner, Chief Executive, Cisco UK & Ireland explained that the challenges presented wer very real. “Every industry is confronted with tackling security throughout their business. Whether through education and trust in their people, with the technology they use or the processes that they have in place.”
The challenge certainly worked for the contestants with winner Mo Rahman commenting: “Competitions such as this equip you to deal with a huge number of challenges and provide you with a direct route to industry. Cyber Security Challenge UK was a principal factor for my interest in cyber security and in kick starting my career.
“The experience I have gained over the last couple of days is unrivalled and simply can't be obtained outside of these real world settings. Working with industry experts has given me the confidence to enter the industry and pursue a career in an area that I have developed a true passion for.”