Now I’ve had my share of competitions and especially computer science competitions. I had my first one when I was about 10 (that meaning I’ve spent half of my life doing CS competitions). And I’ve seen a lot of them…and I’ve seen pressure and people breaking under pressure. But I had no idea that I’ll participate in something that will make all of that look like child’s play. Now if there was one thing many of us hated back in high school was the feeling that everything we’re doing is so damn useless in real life.. real life problems are nothing like *THIS*. Why are we wasting time solving these problems? Some arguments were flying around about how these problems are actually stripped down reflections of real-life issues (very true, by the way, for all you youngsters out there), but that doesn’t satisfy the average energic teenager. We needed more. We needed to see our stuff work in something that “looked real”. I thought no one ever really understood that and as I grew older I also stopped caring about it all that much. As of 2008, I stand corrected. I know now that at least a few people that DO understand and DO care… And kudos to them for that and everything they do!
When our team won the State Qualifying round, although we went there with nothing but a desire to learn and gain some experience, I felt happy for our completely unexpected victory and somehow sad because that meant more work that was not planned for and another competition in March. But nothing in this world or the other could have prepared us for what the three-day marathon in March was really all about. Security you say? Just security? Oh damn security, that was the *easy* part, just change [ALL] the default passwords (I have failed utterly at that, I must admit), patch, setup the firewall correctly, backup and prepare for the worst because IT WILL HAPPEN and monitor/log your stuff so you can report events. But take that, add tons of business injects to it, add a phone system that just keeps ringing (well..at least it did as long as I could keep the phones running, it didn’t ring too much after it got hacked the 4th time) and an unhappy CEO and you have just a VAGUE idea of what our regional was like.
We had everything one could ever ask for in terms of “realism”. Clients trying to use their services (too bad there weren’t more volunteers for this), a CEO to increase pressure, a fantastic red team to simply break any belief you ever had in your abilities to secure a computer, a hectic schedule, business injects flying in like questions from a three year old and all the problems in the world. As they say in that recent blockbusters, in this situation “numbers count for nothing”, unless your team moves and thinks as one. And this time we didn’t and that’s why we only got 3rd place. But we’ve learned our lesson…we’ve learned it very well.
And I just adored what they guys came up with instead of a certificate. You see, something like this can’t be just written down on paper. What certificate can explain the hell that was loose down there? What certificate could encapsulate the pressure and work that was done? It was a cyber-war out there and it should be treated as such. So they were kind enough to honor us with challenge coins 🙂
Other than all the knowledge I’ve gained and all the knowledge I will gain from now on as a result of the incentives this brought through, it also made me think a lot about my career, about what I want to do. It really opened my eyes about a lot of things in the field of computer security that I had no idea about… and I don’t think I could’ve ever really experienced them in any other way. So, if you’re reading this and you’re a US student interested in computer security… put together a team and get going. And if you happen to be lucky enough to be in the Mid-Atlantic Region…prepare for the most exciting and demanding thing you’ve ever went to.
People usually say this when they win something… well we didn’t win any prize, but I feel I’ve won a lot of other things, so I would like to take this opportunity to thank Tim Rosenberg, Joe DeCree(and everybody else at White Wolf Security), Casey O’Brien, the whole red team and all the people who made this happen! This has been by far the best competition experience in my entire life! And don’t worry fellas… we’ll be back next year.. and this time, we’ll be ready. Make it just as interesting 🙂
PS: Oh, I shouldn’t forget. I also need to thank Trevor Ford for putting GW’s team together and for keeping me there when I was having doubts about this whole thing. I will not forget this anytime soon, thank you my friend.