MyDoom wins Cyber Security Challenge Masterclass
Team MyDoom has been declared the winners of the 2018 Cyber Security Challenge Masterclass. They overcame eight other teams in what was a great showcase of future talent for the industry. The Masterclass is the culmination of a year of competitions across the UK. It also included, for the first time, winners from competitions in Singapore.
Unlike many competitions, drawing across multiple competitions means that the Masterclass has a really diverse mix of ages, cultures and gender. For the younger contestants, this is a way of deciding if they want to follow this as a career path. The older contestants are already planning their career change and see this as a chance to show what they can do to the sponsors.
One contestant in particular not only won a Face to Face (F2F) competition earlier this year but received a job offer as a result. At 53, she is now retraining from teaching into cyber security. As an industry that is still trying to deal with huge skills gaps, this is the way it can begin to address its problems.
What was the scenario?
Fictional company Research4U (R4U) is a cyber intelligence and research company. It had suffered a previous cyber-attack which was blamed on its Head of Operations. That individual had been jailed for her part in those attacks. In addition to not disclosing why she attacked the company, she also chose not to admit her membership of a hacking group 29Alpha.
R4U runs a mix of Windows Server and Linux systems with most of the end-user desktops running Windows. It used GIT for source code management and delivered services via its own APIs.
After the original attack the company moved into offering fintech start-ups secure storage of their cryptographic keys. One customer is Th$ Crypt. They are a cryptocurrency exchange and their customers use an app to access their accounts. They use a third-party web application to access their accounts.
R4U was alerted to 29Alpha offering its customers keys in a data dump. The group also claimed to have installed ransomware on R4U servers.
What did the contestants have to do?
The contestants were split into eight teams. Each represented a team brought in to investigate and remediate the attack. They were also part of a larger company and one of the exercises was to hand over to another group in the company who would continue the investigation overnight.
The various challenges on the ground were very different. There were vulnerabilities to identify and patch. Malware attacks had to be remediated although taking the simple approach and just blocking them meant that they kept reappearing. Network traces and identifying bad code was also a challenge for the more technical team members.
This was not a contest, however, set up for the code geeks alone. The game designers also created soft skill challenges such as how to hand over the case to other teams and make presentations. For the first time in a challenge, there was also a mock press conference. This required teams to work together to decide what they could say and how to deal with public interaction. It’s a skill that is in short supply across many cyber security teams.
Across all the tests, different teams struggled with different elements. Blocking some of the attacks caught many out because they didn’t locate the malware source. It meant they lost time trying to deal with problems. The complexity of the scenario also meant that teamwork was a key element. Rather than everyone on the same problem, there was a need to be different roles to better understand the way the attacks worked. This required both good group dynamics, communication and inter-personal skills.
Sponsors getting a look at how the competition works
One of the interesting parts of the Masterclass is that sponsors from the various competitions came to observe. From a recruitment perspective this is a big win. They get to see individuals and teams working realistic problems. For the contestants, this is as much about a job interview as a competition. For the sponsors, this is a chance to see a room full of people showcasing what they can do in a way no job interview can replicate easily.
The sponsors were also able to sit in on the mock press conference. This allowed them to understand the types of questions that might be asked in such a situation and to see how the teams dealt with them. It should help them realise that building teams is not just about technical staff, something that many companies have yet to realise.
What does this mean
For Team MyDoom members, this is something to add to a CV when looking for employment. Employers are becoming increasingly aware of these types of competitions. Importantly, they are also beginning to understand which ones add significant value and which are more about good PR. In this case, the competitors had to win through other competitions to get a place in the final. That makes them all eminently employable.
For Cyber Security Challenge UK this is the end of what has been a stressful period in its history. It has brought in a new CEO and done so without any impact on what it is delivering. Moreover, it has expanded the number of competitions and increased the number of people engaging with it. It has also increased its awareness among companies which should lead to more sponsorship. This can only be good for the competition as it begins the planning for 2019.
The next step will be to select the right people to win the European Cyber Security Challenge. The UK team faltered under pressure this year in Europe. Next year, there is a belief that it can do better.
source enterprisetimes
Industry: Cyber Security News
Latest Jobs
-
- IAM Consultant- OKTA
- Germany
- upto €90,000 plus benefits
-
I am looking for an experienced IAM process Manager to help drive forward a series of IAM implementation for a global Manufacturing business, Ideally you will be skilled with Okta and have knowledge of PAM Solutions, You will be responsible for: Driving the design and continuous improvement of complex IAM solutions in close collaboration with business partners Consult on the optimisation of IAM processes and design proper IT-based solutions to meet availability and quality targets Define technical specifications for SW-development (standards, design patterns, test cases, scenarios) and manage the life cycle of designed solutions Actively scan for relevant innovations and new technologies to identify further potential for improving IAM solutions and processes using OKTA Analyse new features of the regular Okta releases We are looking for someone with strong IAM experience as an Architect, Analyst, Technical Engineer, or similar role in the Identity and Security domain Experience with relevant certifications in development/administration, design and configuration of the Okta IAM platforms Familiar with LCM - joiners, movers, leavers, application federation - SAML, OIDC, SCIM and many other IAM terms Good mix of competences in IAM business process and project management concepts and tools e.g., ServiceNow, Jira, PRINCE2, SCRUM (agile)
-
- SAP Security Consultant
- France
- upto €70,000 plus benefits
-
I am looking for an experienced SAP Security Consultant. The ideal candidate will have a strong understanding of SAP security concepts and be able to apply them to real-world scenarios. ideally you will also have experience with Securitybridge or Onapsis, or a similar SAP security tool. Your responsibilities will include: Reviewing and auditing SAP security settings and controls Identifying and remediating security vulnerabilities Implementing security best practices Educating users on SAP security Experience experience in SAP security Experience with Securitybridge or Onapsis, or a similar SAP security tool would be very advantageous Strong understanding of SAP security concepts Excellent problem-solving and analytical skills Excellent communication and presentation skills Fluent in French & English
-
- Post Grad MSc Cyber security - Junior Cyber Risk Analyst wanted. UK
- United Kingdom
- Entry role
-
The perfect start to your new Cyber Security Career. Post Graduate Cyber Risk Analyst Wanted. Are you are fresh from earning your Cyber Security MSc and eager to start your career in Cyber Security? We are looking for a recent post graduate to join a forward thinking Cyber Security Consultancy for the ideal entry role into Cyber Security. Whilst employed industry experience is not expected, as full training and support will be provided, a history of recent education in Cyber Security / Cyber Risk is essential. We are looking for someone with an inquisitive mind, who is confident to ask the right questions and who isn't afraid to challenge the status quo. Superb communication skills are a must (in person, written and verbal) This is a UK based role that is remote first with monthly travel (1-2 a month) to meet with the team and in time to meet clients. If you aren’t available to travel this isn’t the opportunity. We are unable to provide VISA sponsorship as there will be a requirement to achieve Security clearance If you're adaptable, open to fresh perspectives, and excited to be part of a forward-thinking team and looking for an opportunity to help make a difference in a Cyber consulting role, this opportunity is for you. For more information apply here……
-
- Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared
- London
- OUTSIDE IR35
-
Microsoft Exchange Contractor | London | OUTSIDE IR35 | SC Cleared • We require someone that has experience of migration exchange from windows server 2012 to 2019. • In depth understand of On-Prem exchange server management and deployment. • Experience migrating On-Prem exchange servers from 2012 upwards. • Secure Email Gateway experience essential Due to the nature of the requirement the individual must be commutable to London 2-3 days a week.