Job Prospects
"...the majority of them are self-taught.."
and if we find out how they got so good, we'll extradite them.
A 19-year-old student was crowned the UK Cyber Security Champion after beating all comers over the course of a year-long competition that tested computer defence skills. Will Shackleton, a University of Cambridge student who develops mobile apps in his spare time, beat over 3,000 entrants and 41 fellow finalists to win the …
"KPMG said it was cutting back on its sponsorship of the UK government-backed Cyber Security Challenge back in January after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruit into the infosec profession"
It seems to be attracting people who are good, but aren't just in it for the money; maybe this is an indicator of what KPMG thinks are the "right kind of potential recruit"?
Maybe KPMG aren't the "right kind of company"?
Or alternately, the people who go the competition are the best and brightest and looking for that adrenalin rush of stopping the 'big attack'. They probably aren't the ones that industry seems to want. Businesses seem to want people who are coming into the field to be excited about spending all day setting up user accounts and accesses. IOTW, boring jobs as the "exciting" stuff goes to the senior guys and gals.
@Mark 85:
From the sounds of it, the kid has his head on right and is not the adrenalin type. That guy at the left in the pic, he, I would keep an eye on, but the kid and glasses beside him I would hire them just on that pic and knowing they were around at the end of the competition.
@ Anonymous Blowhard:
There is no maybe about it. But some follow-up studies should be done just in case...
I can vouch for him, that's definitely what he looked like when he was concentrating!
Though quite what I was thinking about pulling that face I'm not sure I can recall.
As a side note what's with the terrible colour balance!, I know the lighting wasn't great down there but at least fix the skin tones! (pet peeve from my days developing photo's for a living, sorry)
"Initial suggestions of a DDoS attack proved false as finalists uncovered a sophisticated spearfishing ransomware campaign utilising emails that appeared to come from trusted sources but contained links or downloadable files that infected entire networks when opened"
This is totally ludicrous, the entire financial system taken down by an email attachment. Have these cyber-security experts considered not connecting their vital infrastructure to the Internet.
a) But then they won't be able to use social media.
b) Even if they did, the license key updates would still go over USB which is a huge attack vector.
c) It is very hard to have a usable, yet properly updated Windows system without Internet access. Setting up your own "Windows Mirror" is much harder than setting up your own Debian one. (Although I'm sure Microsoft will sell you an overly expensive version if you are big enough)
Other problems include internal attackers or attacks on business partners, or just general idiocity.
The big problem is that there are people who decided to build infrastructure on the systems which are hardest to defend.
I agree with the wrong sort of people angle, and he should not be overly surprised to win as the right sort of people stayed home or just don't have time for the whole charade.
I work in the industry, and since I signed up for the farce that was the first challenge, but dropped out as their crap outdated nortel vpn software wanted root on my box to work and refused to run in a vm. For a period of a day or two I suspected THAT was the first part to the test, were you dumb enough to give root to a java bean supplied by the UK gov on your own lab kit? But alas no, that was the level the bar was set at. Then the puzzle challenges, did they want to pretend to be a recruiting arm for mensa?
Since then I've been getting repeat mails trying to tempt me to join in, but I'm not the remotest bit interested in joining some PR stunt for the cameras as their incompetence the first time round proved it to be. Quick straw poll round others I work with is the same, nobody bothered entering.
I hope this really is designed as just some gov pr effort for the sake of the country if russia and china go mental in the near future, and some real off record recruiting has been happening behind the scenes. I know firsthand that other countries already use their honeypots and 3rd party "training servers" like this...
Anon, for what its worth.