Wherever I travel, the top concern on the minds of CIOs and chief information security officers is the same — everyone needs more cybersecurity talent. The problem has become especially acute in government, where it’s compounded by an improving economy, growing enterprise cyberneeds and a retiring public workforce. The bottom line: Hiring cybersecurity staff is hard for state and local governments.
What can possibly be done? If the most experienced cyberexperts are becoming too expensive, how can the public sector attract the skilled security professionals it needs?
One answer growing in popularity is to “get in the game” — literally. Across the world, various forms of cybercompetitions are growing in participation. Federal, state and local governments are working with nonprofits to encourage the development of cybersecurity skills through individual and team competitions.
Or, to use a sports analogy, if you can’t compete in the free agency market for top talent, refresh your “farm team” and grow your own talent starting at an early age.
All across the U.S., young people love to compete and not just in sports. There are many academic competitions, from university debate teams to the National Spelling Bee to high school quiz bowls.
But how do cybercompetitions fit in?
According to the U.S. Department of Homeland Security’s website on cybercareers and studies: “DHS believes hands-on cybercompetitions are a valuable learning method for all students, regardless of level. Cybercompetitions are interactive, scenario-based events or exercises that help students develop and increase cybersecurity skills outside the traditional academic environment.”
Typically teams of students work together to attack and defend against the opponent’s networks and computer systems. For example, in a cyber “capture the flag” game, players race to answer security challenges by seeking digital “flags” hidden on servers, in encrypted text or in applications. When a player or team submits a flag, they receive points for solving the challenge. The team with the highest cumulative score wins.
There are plenty of cybercompetitions geared toward different skill and age levels. A few options:
1. The Air Force Association CyberPatriot program has three main programs: the National Youth Cyber Defense Competition, AFA CyberCamps and the Elementary School Cyber Education Initiative.
2. The annual National Collegiate Cyber Defense Competition, which began in 2004, is like the March Madness of cybercompetitions. Colleges compete in state events, leading to regional and national competitions.
3. The U.S. Cyber Challenge consists of competitions, cybercamps and a virtual community to help the public and private sectors, as well as high schools and universities.
4. SANS Cyber Aces offers state competitions as well as national opportunities for individuals to compete and learn. NetWars, also from the SANS Institute, is a cybergame based on the idea that the best way to learn is via hands-on experience with real-world scenarios.
5. The National Cyber League provides ongoing virtual training for faculty and students to develop and validate cybersecurity skills using content aligned with individual and team games. This approach is used across diverse industry certifications, curricula, job roles and verticals.
6. The Michigan Cyber Range offers many chances for public- and private-sector organizations to test team skills in Alphaville, a virtual small town. They can attack and defend the city hall, utilities, library and more in various scenarios.
Cybercompetitions have become the new normal for learning and improving ethical hacking techniques and cyberdefense in a safe, fun, challenging environment. Whether you’re a middle school student just starting to learn cybersecurity concepts, an unemployed millennial who wants to switch careers, a midlevel security expert with a computer science degree or a government supervisor trying to attract the right employees, it may be time for you to join a cybercompetition.
My advice? Get in the game.