MyDoom wins Cyber Security Challenge Masterclass
Team MyDoom has been declared the winners of the 2018 Cyber Security Challenge Masterclass. They overcame eight other teams in what was a great showcase of future talent for the industry. The Masterclass is the culmination of a year of competitions across the UK. It also included, for the first time, winners from competitions in Singapore.
Unlike many competitions, drawing across multiple competitions means that the Masterclass has a really diverse mix of ages, cultures and gender. For the younger contestants, this is a way of deciding if they want to follow this as a career path. The older contestants are already planning their career change and see this as a chance to show what they can do to the sponsors.
One contestant in particular not only won a Face to Face (F2F) competition earlier this year but received a job offer as a result. At 53, she is now retraining from teaching into cyber security. As an industry that is still trying to deal with huge skills gaps, this is the way it can begin to address its problems.
What was the scenario?
Fictional company Research4U (R4U) is a cyber intelligence and research company. It had suffered a previous cyber-attack which was blamed on its Head of Operations. That individual had been jailed for her part in those attacks. In addition to not disclosing why she attacked the company, she also chose not to admit her membership of a hacking group 29Alpha.
R4U runs a mix of Windows Server and Linux systems with most of the end-user desktops running Windows. It used GIT for source code management and delivered services via its own APIs.
After the original attack the company moved into offering fintech start-ups secure storage of their cryptographic keys. One customer is Th$ Crypt. They are a cryptocurrency exchange and their customers use an app to access their accounts. They use a third-party web application to access their accounts.
R4U was alerted to 29Alpha offering its customers keys in a data dump. The group also claimed to have installed ransomware on R4U servers.
What did the contestants have to do?
The contestants were split into eight teams. Each represented a team brought in to investigate and remediate the attack. They were also part of a larger company and one of the exercises was to hand over to another group in the company who would continue the investigation overnight.
The various challenges on the ground were very different. There were vulnerabilities to identify and patch. Malware attacks had to be remediated although taking the simple approach and just blocking them meant that they kept reappearing. Network traces and identifying bad code was also a challenge for the more technical team members.
This was not a contest, however, set up for the code geeks alone. The game designers also created soft skill challenges such as how to hand over the case to other teams and make presentations. For the first time in a challenge, there was also a mock press conference. This required teams to work together to decide what they could say and how to deal with public interaction. It’s a skill that is in short supply across many cyber security teams.
Across all the tests, different teams struggled with different elements. Blocking some of the attacks caught many out because they didn’t locate the malware source. It meant they lost time trying to deal with problems. The complexity of the scenario also meant that teamwork was a key element. Rather than everyone on the same problem, there was a need to be different roles to better understand the way the attacks worked. This required both good group dynamics, communication and inter-personal skills.
Sponsors getting a look at how the competition works
One of the interesting parts of the Masterclass is that sponsors from the various competitions came to observe. From a recruitment perspective this is a big win. They get to see individuals and teams working realistic problems. For the contestants, this is as much about a job interview as a competition. For the sponsors, this is a chance to see a room full of people showcasing what they can do in a way no job interview can replicate easily.
The sponsors were also able to sit in on the mock press conference. This allowed them to understand the types of questions that might be asked in such a situation and to see how the teams dealt with them. It should help them realise that building teams is not just about technical staff, something that many companies have yet to realise.
What does this mean
For Team MyDoom members, this is something to add to a CV when looking for employment. Employers are becoming increasingly aware of these types of competitions. Importantly, they are also beginning to understand which ones add significant value and which are more about good PR. In this case, the competitors had to win through other competitions to get a place in the final. That makes them all eminently employable.
For Cyber Security Challenge UK this is the end of what has been a stressful period in its history. It has brought in a new CEO and done so without any impact on what it is delivering. Moreover, it has expanded the number of competitions and increased the number of people engaging with it. It has also increased its awareness among companies which should lead to more sponsorship. This can only be good for the competition as it begins the planning for 2019.
The next step will be to select the right people to win the European Cyber Security Challenge. The UK team faltered under pressure this year in Europe. Next year, there is a belief that it can do better.
Industry: Cyber Security News
- SPLUNK SOC Analyst level 3, London.
SPLUNK SOC Analyst level 3, Must be able to commute to the City of London. Onsite role. Security clearance needed. The SPLUNK SOC Analyst level 3 must have current experience working within a SOC environment with specific experience using a range of tools and techniques to investigate security incidents. Current experience with Splunk is essential. any additional experience Individuals with Elastic Security SIEM are highly desirable. Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The role will include, but not be limited to working with sophisticated information security tools, investigating security incidents, incident management, technical escalation, process improvement, research into the latest threats, reporting etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt https://calendly.com/chris-holt/arranged-call-with-chris-holt-elastic-siem-engineer-soc Chris.Holt@dclsearch.com
- ISO 27001 & Business Continuity Security Specialist, End User
- United Kingdom
CH7828 ISO 27001 & Business Continuity Security Specialist, End User, £70,000 United Kingdom ISO 27001 & Business Continuity Security Specialist needed to join a Cyber team within an end user. The ISO 27001 & Business Continuity Security Specialist will have end to end responsibility for the information security and Business Continuity management system. ISMS/BCMS. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, very occasional travel to London office This is an exclusive role to DCL Search & Selection. Looking to interview immediately. https://calendly.com/chris-holt/iso-27001-business-continuity-security-specialis
- PCI- DSS Security Consultant, End User
PCI- DSS Security Consultant needed to join a Cyber team within an end user. The PCI- DSS Security Consultant will have end to end responsibility for PCI - DSS and its continuing certification. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. PCI objectives / 12 key requirements, OWASP top 10, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. PCI Cloud compliance, specifically someone with experience taking PCI-DSS from on premise into the cloud is HIGHLY desired. However, someone with Solid PCI experience with a strong technical background which include Cyber / Secure by design etc would be considered. Experience managing internal stakeholders and external third parties essential. Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection. 1st stage interviews to happen the week of the 14th September Arrange a call with Chris on https://calendly.com/chris-holt/arrange-a-call-chris-dcl-pci-compliance
- IAM Contractor CyberArk
Identity & Access Management Architect Contractor Flexible • Extensive PAM / IAM experience required, • MUST have CyberArk and or Beyondtrust. Privileged access management • Technical review, recommendation, design and hands on technical delivery. • 6 month contract Arrange a call with Chris Holt https://calendly.com/chris-holt/arranged-call-with-chris-holt?month=2020-09