A question answered with a question is often infuriating. On some rare occasions though it can be inspiring. When Tom Levasseur asked a local college why they don’t take advantage of gamification by integrating some of the challenge and fun of hacking competitions into their program they responded with “Why don’t you …?”
The government of the United Kingdom have seen the advantage of and have been running cybersecurity challenges for students for some time. Tom made some calls and spoke with the management of these cyberchallenges to reinforce the jumping off point for the program. The next step to building a challenge on the scale of that was to find support at a high level of government, but this proved difficult at the time. When it seemed like this approach could be drawn out he switched tactics. “I thought, I am just going to start.” Tom recalled. He was quick to let me know that he didn’t do it alone. Together, Algonquin College and his company HackingAway.org won a grant from Industry Canada to develop a cyber range for academic and commercial use. The paradigm of developing a Canadian program for cybersecurity challenges leveraging public-private partnerships may have begun there. So started the process of forging a pathway of building opportunities by bringing together community, companies and students for mutual benefit. To do this, Tom moved from providing challenges at universities and colleges to bringing them all together to regional events. This event combines an enjoyable and insightful learning experience for students with a great opportunity for employers to meet potential future cybersecurity professionals. The Smart Cybersecurity Network (SERENE-RISC) became involved with the challenges in 2016 as part of our drive to collaborate with local community efforts to help grow the event by assisting with the administration.
Cyberchallenges are different from a Capture the Flag (CTF) style hacking competition. They are breach simulations designed to be educational first with guidance and mentoring provided throughout the event. The mentors are provided by event sponsors and it provides a great chance for security professionals to share experience and approaches with the students. Teams at the events are given a challenge to work through as they progress through the stages of first breaching a company then moving through their network. Each stage provides pause for all the participants to learn and contribute without groups being left behind. The practical nature of the event allows sponsors to get to know the students as they progress past problems and experience how they think creatively, communicate, work in a team and interact with the mentors. This has made the events great for companies looking to hire or offer internships. The events are limited to 10 teams of up to 4 participants to make sure that none of the students are lost in the crowd. After the challenge, an opportunity is provided for sponsors to interview the participants so they can better understand the professional aspirations of each student.
“It has worked out well for the sponsors so far”, said Tom, “all of the sponsors we have had in the past who are still looking to hire have come back for the next event”. The reason for this is in the focus of the event. Unlike a job fair where students might be shopping for careers as much as they are browsing through companies, the cyber challenge attracts students with a genuine interest in cybersecurity. From the perspective of an employer, this is a drastic difference. “A sponsor put it like this”, Tom shared, “After a job fair they get a stack of 200 resumes to sort through and maybe none of them are suitable, whereas at the cyberchallenge there are 40 resumes… and all of them are exactly what they need”. Those kind of time savings for companies are not an accident. Tom has been working with advisors from many companies and universities from the beginning to ensure that the learning outcomes for teachers and the return on investment sponsors are both maximized. In just the past three events, over ninety undergraduate students participated, with fifteen being hired. The support of sponsors is important not only to make sure that the events are sustainable but also serves the community. The sponsors allow the challenge to be provided at no cost to the students, removing any potential economic barriers to the opportunities. Tom was clear that the challenge was all about bringing more talent across to the field of cybersecurity for their benefit and for the benefit of cybersecurity in Canada. This may be why the Mayor of Ottawa has become the Honorary Patron of the event in the capital to help it bring as much as possible to the region. The events in Toronto and Montreal have also been looking for similar support to match the many hours of volunteer time put into the events in those regions.
As I see it, these events are a win for educators, a win to employers and a win to the wider community. They provide an interesting learning opportunity for students in a safe environment, an opportunity to meet talented people in an environment that allows them to shine; and encourages everyone with an interest in cybersecurity with a supportive career path here in Canada.
The next event, to be hosted at York University in Toronto, will be on April 27, 2018. The roster of challenge participants may have already filled up but there are still opportunities for companies to sponsor the event to be a part of the mentorship and interview portions of the event. Please visit http://cybersecuritychallenge.ca/cyberscsi-toronto/ for more information.
Full disclosure: Tom Levasseur was previously on the SERENE-RISC board and we are a collaborative partner for the cyberchallenges. All of the cyberchallenges have been operated as non-for-profit events.