MyDoom wins Cyber Security Challenge Masterclass
Team MyDoom has been declared the winners of the 2018 Cyber Security Challenge Masterclass. They overcame eight other teams in what was a great showcase of future talent for the industry. The Masterclass is the culmination of a year of competitions across the UK. It also included, for the first time, winners from competitions in Singapore.
Unlike many competitions, drawing across multiple competitions means that the Masterclass has a really diverse mix of ages, cultures and gender. For the younger contestants, this is a way of deciding if they want to follow this as a career path. The older contestants are already planning their career change and see this as a chance to show what they can do to the sponsors.
One contestant in particular not only won a Face to Face (F2F) competition earlier this year but received a job offer as a result. At 53, she is now retraining from teaching into cyber security. As an industry that is still trying to deal with huge skills gaps, this is the way it can begin to address its problems.
What was the scenario?
Fictional company Research4U (R4U) is a cyber intelligence and research company. It had suffered a previous cyber-attack which was blamed on its Head of Operations. That individual had been jailed for her part in those attacks. In addition to not disclosing why she attacked the company, she also chose not to admit her membership of a hacking group 29Alpha.
R4U runs a mix of Windows Server and Linux systems with most of the end-user desktops running Windows. It used GIT for source code management and delivered services via its own APIs.
After the original attack the company moved into offering fintech start-ups secure storage of their cryptographic keys. One customer is Th$ Crypt. They are a cryptocurrency exchange and their customers use an app to access their accounts. They use a third-party web application to access their accounts.
R4U was alerted to 29Alpha offering its customers keys in a data dump. The group also claimed to have installed ransomware on R4U servers.
What did the contestants have to do?
The contestants were split into eight teams. Each represented a team brought in to investigate and remediate the attack. They were also part of a larger company and one of the exercises was to hand over to another group in the company who would continue the investigation overnight.
The various challenges on the ground were very different. There were vulnerabilities to identify and patch. Malware attacks had to be remediated although taking the simple approach and just blocking them meant that they kept reappearing. Network traces and identifying bad code was also a challenge for the more technical team members.
This was not a contest, however, set up for the code geeks alone. The game designers also created soft skill challenges such as how to hand over the case to other teams and make presentations. For the first time in a challenge, there was also a mock press conference. This required teams to work together to decide what they could say and how to deal with public interaction. It’s a skill that is in short supply across many cyber security teams.
Across all the tests, different teams struggled with different elements. Blocking some of the attacks caught many out because they didn’t locate the malware source. It meant they lost time trying to deal with problems. The complexity of the scenario also meant that teamwork was a key element. Rather than everyone on the same problem, there was a need to be different roles to better understand the way the attacks worked. This required both good group dynamics, communication and inter-personal skills.
Sponsors getting a look at how the competition works
One of the interesting parts of the Masterclass is that sponsors from the various competitions came to observe. From a recruitment perspective this is a big win. They get to see individuals and teams working realistic problems. For the contestants, this is as much about a job interview as a competition. For the sponsors, this is a chance to see a room full of people showcasing what they can do in a way no job interview can replicate easily.
The sponsors were also able to sit in on the mock press conference. This allowed them to understand the types of questions that might be asked in such a situation and to see how the teams dealt with them. It should help them realise that building teams is not just about technical staff, something that many companies have yet to realise.
What does this mean
For Team MyDoom members, this is something to add to a CV when looking for employment. Employers are becoming increasingly aware of these types of competitions. Importantly, they are also beginning to understand which ones add significant value and which are more about good PR. In this case, the competitors had to win through other competitions to get a place in the final. That makes them all eminently employable.
For Cyber Security Challenge UK this is the end of what has been a stressful period in its history. It has brought in a new CEO and done so without any impact on what it is delivering. Moreover, it has expanded the number of competitions and increased the number of people engaging with it. It has also increased its awareness among companies which should lead to more sponsorship. This can only be good for the competition as it begins the planning for 2019.
The next step will be to select the right people to win the European Cyber Security Challenge. The UK team faltered under pressure this year in Europe. Next year, there is a belief that it can do better.
Industry: Cyber Security News
- CONTRACT SOC Manager. London / Birmingham. URGENT Immediate role.
REF7847 Contract SOC Manager. SC cleared, London / Birmingham. Initial 3 month Contract. SOC Manager needed to for an URGENT 3-4 month CONTRACT. SC clearance is essential. The project is to aid in the setup, implementation and management of resources to help with the initial stand up stages of a new SOC within a greenfield site. This is a short term contract role whilst a permanent hire is brought on over the coming 3 to 4 months. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
- SPLUNK Level 3 SOC Consultant, SIEM Splunk, London / Birmingham
REF CH7825 Level 3 SOC Consultant, SIEM Splunk, London / Birmingham £55,000 + Level 3 SOC Consultant, SIEM SPLUNK needed. Security Clearance. Permanent role Level 3 SOC Consultant, SIEM SPLUNK needed to join a public sector client. The ability to achieve SC clearance is essential. MUST have experience working with SPLUNK ideally to an Advanced Power User level. Splunk Enterprise Security (ES) knowledge and hands on experience highly desirable. The role will include, but not be limited to; managing and handling incidents end to end, supporting and mentoring level 1 / level 2 staff, supporting the SOC manager in the delivery of the SOC roadmap, engaging with the client stakeholders (other technical teams) as and where needed, use case development, advanced search and reporting etc. The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt use this calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Chris.Holt@dclsearch.com
- Aspiring Cyber Partner. Business lead, market maker.
Aspiring Cyber Partner (management consultancy) with Cyber specialism into Healthcare, Utilities and or Public Sector. Working with new and existing clients to help them solve, transform or evolve their cyber capabilities. MUST have; A proven management consultancy background in cyber. A history of identifying and closing new business opportunities. Currently Revenue generating / must be able to demonstrate recent wins. Client facing to board level with international businesses. Team leadership / mentoring experience. Extensive cyber industry experience. Digital transformation, Start-up environments etc. Experienced presenter at industry events, to be the public face of a business / capability. Breadth of knowledge across Cyber security. Service definition / creation. Would consider a senior director with experience delivering the above looking to step up. All conversations kept in confidence. To arrange a discreet call book a time to speak in my diary via https://calendly.com/chris-holt/cyber-partner-call Chris.Holt@dclsearch.com
- Internal Security Auditor, Level 1 Service Provider (ISO27001)
- Upto 65,000 plus benefits
Internal Security Auditor ISO 27001, PCI, needed to join a Cyber team within this expanding Fintech business. The Internal Security Auditor will have end to end responsibility for planning, delivering, remediating any findings etc. Experience working within financial services is highly desirable. This Is a great time to join a newly formed and growing Cyber team within a rapidly expanding fintech, that is taking a major share of its market. We are looking for someone with experience, (but not to be limited to) a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling etc. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection.