Major, well-funded contests entice students to consider cybersecurity careers

Public, private institutions aim to develop cyber professionals to fill national, global shortage

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

As a high school junior in suburban Pittsburgh, Tim Becker wasn’t sure what he wanted to do with his life until he stumbled into Carnegie Mellon University’s picoCTF, a free, online hacking contest.

Capture the Flags—or CTFs—are a type of computer security competition in which contestants reverse-engineer, break, hack or decrypt information encrypted or hidden on servers to which the participants have access. When competitors unlock specific information, they “capture the flag” associated with the task and earn points for the team.

Photo: David Kelly,
Tim Becker, a captain on Carnegie Mellon’s student hacking team

CMU’s competition had “almost everything to do” with Becker’s decision to major in computer security at the university, he said. He entered the 2013 picoCTF competition with a team of high school friends and found it simultaneously confusing and exhilarating.

“By the end of the first night, we were in the top 20 teams out of a couple of thousand,” Becker said. “We really surprised ourselves. Pretty much for the remainder of the competition, I was committed to doing as well as we possibly could. We ended up in third place. After that, I was really sold.”

Reducing dearth of cybersecurity pros

Competitions like CMU’s have sprung up around the country and the globe. Their goal is to encourage and build a talent pipeline for the booming cybersecurity sector by encouraging the development of computer security skills by middle and high school students.

Martin Carlisle, director of academic affairs for Carnegie Mellon University’s Information Networking Institute

“PicoCTF is very specifically designed to help get people thinking about careers in computer security at younger ages,” said Martin Carlisle, director of academic affairs for Carnegie Mellon University’s Information Networking Institute.

Related: Cybersecurity’s people problem: More millennials needed

The number of open cybersecurity jobs were pegged at 1 million in 2015 in a report by Cisco—a number expected to balloon to 6 million globally by 2019, with a projected shortfall of 1.5 million professionals to fill the positions, according to Symantec CEO Michael Brown.

The demand is so great and the available work force so small that the profession boasts its own student organization, the National Cybersecurity Student Organization, created expressly to support the development of cybersecurity students through educational programs at academic institutions and through professional activities and networking.

Contests such at picoCTF increasingly take advantage of the virtual nature of the tasks by expanding their competitions nationally and globally to attract more participants. CMU has open-sourced picoCTF, enabling schools and computer clubs around the country to run their own versions of the competition. Independent contests include Phillips Academy CTF (PA-CTF), at the private Phillips Academy Andover in Massachusetts; High School CTF (HS-CTF), organized by student members of the computer science club at West Windsor-Plainsboro High School North in New Jersey; and Thomas Jefferson CTF (TJ-CTF), at the Thomas Jefferson High School for Science and Technology, a magnet school in Alexandria, Virginia. CMU’s 2017 picoCTF, which ended April 14, attracted over 18,000 participants.

‘Grab them young’

A student on a hacking team in Stavanger, Norway competes in picoCTF.

Enticing high school and middle school students to the field through contests such as picoCTF is the right way to go, said Robert R. Ackerman Jr., founder and a managing director of Allegis Capital, an early-stage Silicon Valley venture capital firm that invests heavily in cybersecurity.

“Young people have a set of critical thinking skills in the digital environment that go a long way,” Ackerman said. “This is an area young people have grown up in, and their brains are almost wired for it. When we grab them young, over time, their skills build on that early foundation.”

And companies are willing to pay for the expertise. Cybersecurity workers command salary premiums over other IT workers ($6,500 per year, or 9 percent in 2015, according to a study by Burning Glass Technologies). Entry-level cybersecurity positions often are as “information security analysts,” a position U.S. News and World Report ranked seventh on its 2017 list of best technology jobs, and 52nd on the top 100 jobs overall, with a median salary of $90,120.

Ackerman is particularly bullish on tapping the country’s community colleges to most quickly fill the job pipeline. “When it comes to cyber, you can graduate people with meaningful requisite cyber skills from a two-year, community college program,” he said. “And these are good jobs. This is an area for quality job growth.”

Underscoring Ackerman’s point, Maryland’s Prince Georges Community College is hosting the 2017 Community College Cyber Summit (3CS) June 28-30, the only national academic conference focused on cybersecurity education at the community college level.

Public-private partnerships vital

Norway students compete in a picoCTF contest.

Understanding their current and future need for cybersecurity professionals, private companies and public institutions beyond colleges and universities also are becoming involved. CMU’s picoCTF will award more than $30,000 in prizes from corporate and government sponsors including digital, technology, consulting and operations services provider Cognizant, Aetna, Boeing, the National Science Foundation and the National Security Agency.

NYU’s 2017 contest awarded more than $1 million in scholarships and was sponsored by organizations including Google, the U.S. Department of Homeland Security, IBM, Raytheon, Intel and the NSA. In addition, the NYU Center for Cyber Security is offering doctoral scholarships and fellowships to college-level finalists who emerged victorious at the contest’s three global hubs.

Becker is now a captain on Carnegie Mellon’s student hacking team, the Plaid Parliament of Pwning (PPP). The team has won DefCon’s Capture the Flag competition—informally known as the Super Bowl of Hacking—three times in the past four years.

“The competitive aspect is one thing, but by far, the most important thing you get from the competition is how much you learn,” Becker said.

The 20-year-old junior now is strongly considering graduate school to study cryptography.

More stories related to cybersecurity jobs:
Help wanted: More women in cybersecurity jobs
Three steps to fixing the cybersecurity talent shortage
Brown University launches milestone executive cybersecurity program
Scholarships aimed at closing cybersecurity talent gap