We invited Oscar O’ Connor, Security Advisory Practice Leader for the UK & Ireland, to write about his experience as Chief Competition Assessor at Cyber Security Challenge UK. Bringing together experts from across industry, government and academia, Cyber Security Challenge was created to encourage talented people into the Cyber Security industry. Has Oscar nurtured the next Cyber Calamity Forecaster, Cyber Attack Agent or maybe even Juvenile Cybercrime Rehabilitation Counsellor? Only time will tell…
In April 2013, my boss at the time called me on a Thursday afternoon to see whether I could cover for one of my colleagues at a Cyber Security Challenge camp that weekend. Having nothing better to do, I agreed and duly turned up at the Defence Academy on Friday morning, not knowing what to expect. What I found was a group of 48 amateur enthusiasts, competing in teams, performing all kinds of challenging tasks relating to aspects of Cyber Security. My role was to score each contestant against a range of criteria drawn from the Skills for the Information Age framework… on paper would you believe?
I observed, chatted to fellow assessors, contestants, our hosts and various guests and made some long-time friends along the way. It was the start of a six-year journey which ends today, Friday 22nd March 2019. A very sad day for all of us who have been involved in, or touched by the Cyber Security Challenge UK.
The Cyber Security Challenge was set up 12 years ago by a small team originating in the Cabinet Office and Centre for the Protection of National Infrastructure (CPNI). The goal was to find ways of attracting hidden talent of all ages into the Cyber Security industry. Initially it was aimed at finding technical talent for some of our government agencies (*cough* GCHQ *cough*). The team attracted some sponsors from the defence and security industry and The Challenge was born.
Every year since then, a series of online games have identified talented amateurs, who would be invited to one of six one day events. At these “face-to-face” events, I would put the contestants into teams, and they would work together to solve a series of rather devious and entertaining challenges. The best performers would be invited to the year-end “masterclass” - The Challenge’s showcase event of the year. These lucky 42 would compete for an astonishing array of prizes donated by sponsors and supporters. In the time I have been involved, more than £1m in prizes have been awarded, including training courses, Raspberry Pi’s, books, tickets to Black Hat and BSides events and so on. Every competitor got something tangible to go home with, and most got job offers.
The team of assessors I have been privileged to work with are drawn from the community of sponsors and Challenge Alumni. They are a wonderful group of more than 60 professionals from industry, government and academia. We have moved from scoring on paper to using a web application which makes life easier. We adjust how we score and the criteria we use for each event as we learn what works and what doesn’t. It has been one of the greatest things I have ever been involved in - finding, encouraging and nurturing talented people, watching them grow and develop confidence in their ability and ultimately so many have made the transition from talented amateur into professional roles doing what they love.
Sadly, cutbacks in government funding and the emergence of Cyber Discovery and Cyber First, have resulted in The Challenge changing direction to focus on early years, the 7-14 age group. Consequently, this is the last face to face competition. After six happy years of involvement and four years as Chief Competition Assessor, we have selected the final team to represent the UK at the European Cyber Security Challenge Final. My work here is done.