I attended one of the 3 stream finals of the Cyber Security Challenge (CSC) ‘King of the Hill’ today. I was kindly invited some months ago as an influential blogger in the security industry which was nice, although Ellie (part of the CSC team), did tell me today that there are not many of us about, but still it was nice all the same!
Today’s event was sponsored by PWC and SAIC, there were proper journalists present from Wired, BBC (Adam Shaw) and City AM.
I was a little apprehensive going into today as Cyber Security is a little out of my area of expertise although the boundaries across security specialisms are constantly becoming blended and we now have to be experts in all disciplines (and HR and Legal and Audit and Risk Management etc etc). By the way the location was perfect with two of the most iconic landmarks in London, the Tower of London and Tower Bridge literally on the door step.
The morning kicked off with a brief presentation about the CSC and then we went straight into a very comprehensive demonstration of the exercise that the candidates would experience later in the day during their competition.
My Cyber expert and ‘ethical hacker’ was Jonathan of PWC, who’s knowledge was impressive, although he had only been in security for a couple of years! He gave me a whirl wind tour of the tools of his trade and I was surprised to hear that the penetration software is easily available and for free apparently! He went on to demonstrate how easy (for him) to compromise and potentially control a series of targets. He also showed me how a ‘password list’ is utilised by a hacker to automatically search for the specific password required to gain access to the chosen target (which I have read about but never seen done in front of me). Our password list contained 1.5m examples of commonly used passwords!
I was also shown how easy it is to hack a SMTP (Simple Mail Transfer Protocol…get me) which ultimately enables the hacker to send emails containing the actual companies domain name. These would appear to be official emails by the person receiving them but may for example contain a piece of Malware or inappropriate images (the implications may be far reaching as experienced by STARTFOR at the end of 2011). It certainly demonstrated to me the importance of simple preventive measures like choosing good passwords and ensuring regular security patching.
During the day I met a number of candidates, some first timers and others who attended last week’s event at Sophos. Most of the candidates I met are current university students with an interest in computers and/or cyber security but with little practical experience. It was good to see people who are in the early stages of their careers and actually have a hunger and eagerness to progress into this industry.
I also had the opportunity to speak to some of sponsors who are security professionals in their right and it was good to exchange ideas and to share best practice (which is exactly why I blog).
I actually came away with more knowledge then I walked in with, however I was truly shocked at just how easy 'hacking' is (with a few free tools and some technical know how of course). As I type this article there are thousands of people all over the world using these tools looking for opportunities and their next potential target.
I even found out what this type of art is called……
 |
| Ascii Art! |
What I like about the CSC is that it's nurturing talent and raising the profile of a profession which is apparently struggling to attract new talent - but at least they are doing something about it! Will the CSC attract more talent into the industry? Will it uncover new talent? Do we need to continue to protect our national infrastructure and business interests? I think it’s a resounding yes to all of these points and lets hope that the CSC continues to run for many years.
I look forward to watching the BBC programme (and of course if I am in it) and a special thank you goes to Ellie for the kind invitation and your hospitality on the day.
If you want to learn more about the challenge please click on this.
No comments:
Post a Comment
Thank you for your comments.
Team Chatback