The UMBC Cyber Defense Lab presents
Hack, Play, Win: Lessons Learned Running
The Maryland Cyber Challenge
Richard Forno, UMBC
11:15am-12:30pm, Friday, 9 Oct 2015, ITE 231
An oft-cited and prominent concern facing the Internet security community is the need to identify and hire qualified cybersecurity practitioners able to fill critical technical, analytical, and managerial positions within the global technology workforce. A 2014 report from the Education Advisory Board discusses the “exploding” demand for qualified cybersecurity practitioners, noting that cybersecurity jobs grew by 73% between 2007-2012 compared to 6% in all other industry sectors. Similarly, Burning Glass, a national employment research firm, notes that there are nearly 23,000 available cybersecurity positions in the Washington, DC metropolitan area. Nowhere is this need more evident, or discussed more frequently, than in Maryland, a region some dub the ‘epicenter of cybersecurity’ education, research, and industry.
In response to this concern, events in the cybersecurity discipline, known as cyber competitions” or “cyber challenges” seek to motivate and encourage high school and college students toward careers in cybersecurity by developing their technical and teamwork skills while also allowing more experienced cybersecurity professionals an opportunity to practice their expertise in a challenging venue for professional recognition. The popularity and number of these events as a form of intellectual competition at industry security conferences like the DEFCON CTF or Department of Defense DC3 Digital Forensics Challenge and those within educational communities such as the National Cyber League (NCL), CyberPatriot, or the Collegiate CyberDefense Competition (CCDC) are but a few examples of prominent cyber challenges drawing worldwide participation. Other competitions, both large and small, are under continual development, as is a National Science Foundation-backed effort to create a national federation to support and standardize the rules, activities, and conduct of cyber competitions.
Given the popularity of these events, and the ongoing global desire to launch new ones, this talk will draw upon the experiences of organizing and coordinating the Maryland Cyber Challenge (MDC3) from 2011-2014 in offering advice to current and future cyber competition planners. What lessons from current competitions can help future competition organizers run successful challenges of their own? And are such events enough to prepare the next generation of cybersecurity professional? While no event will ever run perfectly, organizers must always strive to “get it right” – or as close to “right” as possible!
(This talk previews a paper accepted for publication in the December 2015 USENIX ;login;)
Dr. Richard Forno directs the University of Maryland, Baltimore County’s Graduate Cybersecurity Program, serves as the Assistant Director of UMBC’s Center for Cybersecurity, and is a Junior Affiliate Scholar at the Stanford Law School’s Center for Internet and Society (CIS). His twenty-year career spans the government, military, and private sector, including helping build a formal cybersecurity program for the US House of Representatives, serving as the first Chief Security Officer for the InterNIC, and co-founding the Maryland Cyber Challenge. Richard was also one of the early researchers on the subject of “information warfare” and he remains a longtime commentator on the influence of Internet technology upon society.