Cyber Security Challenge – The Masterclass

On Friday the 8th of March, the city of Bristol woke up to what they assumed would be a normal Friday in the vibrant city. What they didn’t know was that throughout the day 40 cyber security (made up of students, IT professionals, and even an English teacher from Scotland) hopefuls would be arriving from around the UK to take part in the Cyber Security Challenge Masterclass (the final) hosted at the HP labs in Bristol.

Now before I go any further a special mention needs to go the Cyber Security Challenge team that organised the weekend and made sure we all got to where we were suppose to be. A massive amount of time and effort went into the event (which was awesome) and I mean imagine trying to organise us lot (the phrase “herding cats” comes to mind).

The Masterclass was to take place on Saturday and was a full on day of Cyber Security goodness, the challenges were put together by HP & Cassidian CyberSecurity UK and you know it’s not going to be easy. Both challenges were team based so each of us had been assigned to a team for the day making 8 teams ready to battle it out (so that’s 5 to a team just in-case you were wondering).

There were 3 main prizes to be won for the event:

1. Cyber Security Challenge Winner
2. Cyber Security Challenge Runner-up
3. Cyber Security Challenge Winning Team

Early on Saturday morning the contestants were photographed so that the assessors could spot the trouble makers easily (and the fact a lot of contestants were called Steve) and then we all hopped onto a bus for the journey to HP labs. On arrival we signed in, surrendered our mobile phones (no Google…) and started the much needed intake of coffee (well in my case anyway).

Now I’m not going to give you a minute by minute account of the day, just the important parts.

We all took a seat in the main auditorium and received our briefing for the day, in the morning 4 teams would take part in the technical challenge put together by Cassidian, and the other 4 teams would take part in a policy challenge created by HP. Then in the afternoon we would swap, sounds straight forward doesn’t it..

Now I would like to mention at this point when we were sitting in the auditorium, standing behind us were a rather large amount of assessors, these were the men and woman that would be judging us as a team and as individuals to determine who the winners would be. They came from a range of different companies and government bodies and all gave up their weekends to help out (thank you) on the day and to give us grief during the presentations (in a nice way of course).

My team named “Caterham” (they were all car names) had the technical challenge first, which was a realistic APT (advanced persistent threat) scenario based around a company that sold management systems to Formula 1 teams and they believed they had been compromised. It was our job to determine if they had, to what extent and give a presentation on our findings.

If you want to read a bit more about both challenges, you can find it here:

Now I suck at Malware/Forensics (but not for much longer, it’s next on my list) so I wasn’t looking forward to it, luckily as a team we worked well together and the skills I was lacking in that area, were complimented by others in my team and I was able to contribute in other areas (no I didn’t fetch tea and coffee for everyone). Needless to say 1 hour 45 minutes to search for a threat on a medium size network isn’t long and we managed to find the stolen data with about 20 seconds left (cutting it close to say the least).

Now the environment we used wasn’t just a bunch of VM’s, the techs at Cassidian spent a lot of time and effort building a self contained environment that they actually infected themselves over a period of time to give us a realistic APT to investigate and this was alongside they normal day job (big thank you guys).

After some lunch we moved onto the Policy Challenge created by HP, which was more around determining risk based on a given network layout and with a budget of 1.5 million to “solve” the issues we believed existed. Again we had 2 hours to prepare a presentation and then 9 minutes to present to some more assessors who asked us questions, one of which was James Lyne who if you ever met before will know him asking you technical questions isn’t going to be fun (although I still stand my statement that buying zero day attack protection, won’t protect you from zero day attacks because after all they are called zero day for a reason).

That was the end of the day, we all assembled again for the final briefing in the auditorium were the technical lead for Cassidian gave us a run down on how to find the APT (to much groaning and forehead slapping by the contestants). We all then received a certificate to show our attendance and then HP provided a goodie bag on our way out and we hopped back on the bus.

At this point the assessors all got together and plotted our fate, sorry I mean worked out who the winners were, which believe me couldn’t have been easy or fun (unless you like that sort of thing).

Now Saturday evening was an informal dinner, the previous years winner gave a brief talk about what to expect if we won, and then the group of 40 contestants with enough hardware and skills to take over a small countries IT infrastructure were let loose for the evening. Fear not the hotel wireless network wasn’t abused (I don’t think) but I believe that they attempted a Denial of Service attack on the hotel bar that went on to 06:30 am.

On Sunday the Masterclass lunch and prize ceremony was planned. We all had team feedback sessions booked and I think it’s really important to mention that the Cyber Security Challenge team really do want honest feedback and they take that feedback and use it to help shape the next events on what we tell them is good/bad.

After the feedback session we had a couple of hours to kill before lunch, then at 12 noon we all assembled nervously waiting to find out who the winners would be. A lot of the sponsors were there so it was a good opportunity for people to mingle and network. At 1 pm lunch was called and we all took at seats ready for some food and prizes.

Now they make you wait till the last 15 minutes of the lunch to find out the winners so there were a few nervous faces during the 2 hours. The first winners to be announced was the overall Team Winner, and the name that got called was “Caterham“.. oh wait that’s my team.. needless to say the team were very surprised and pleased and we all got some cool prizes (including a SANS course…).

The Cyber Security Challenge Runner-up was Steve Jarvis (a member on our team) and the overall Cyber Security Challenge Winner was Stephen Miller.

Now one of the things that makes the Cyber Security Challenge truly awesome is that all of the contestants won prizes, the price pool donated by sponsors was around £90K and is all designed to enable people to progress a career in Cyber Security so no one goes away empty handed.

The highlights for me were:

I had awesome fun and learnt some new stuff
Met some cool people and put some names to faces (by the way English teachers can be evil..)
Won some prizes (which is really just an added bonus)

A special shout out needs to go to Dan Summers (@Dantiumpro), if it wasn’t for him I would have never heard about the Cyber Security Challenges and wouldn’t have made it to the Masterclass and also a big thank you for bigging me up to a certain gentleman on my table (I was going to say pimping me out but..).

The next round of challenges are available soon, so if you want to be at a Masterclass next year, and are looking for a way into Cyber Security then go to and sign up TODAY.

1 thought on “Cyber Security Challenge – The Masterclass

  1. Pingback: Cyber Security Challenge – The Masterclass | Security-Vision

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s