Last Friday, March 3, 2017, I participated in my sixth Information Security Talent Search (ISTS) at the Rochester Institute of Technology (RIT). ISTS is an annual three-day cyber-attack/defend competition, hosted by SPARSA, the college’s premier cybersecurity club. This competition is a unique event where college defenders on “blue teams” can compete with other teams to defend their network, perform challenges, compete in a CTF and attack other teams.
The incredible thing about ISTS is how it gets executed from year to year. There is a body of knowledge that is transferred from one competition year to another, and undergrads try to implement lessons learned from organizational structure, timelines, technologies implemented and feedback from competitors and red team.
The kicker, though, is that the planning period may be 365 days, but execution of building the competition network and running it has to be done in less than 24 hours. This is due to the fact that SPARSA only gets access to the competition area 16 hours before the competition must begin. That means that a group of white team members, or the referees of the competition, had to move 100s of pieces of networking and computing equipment to the area, construct it, run miles of ethernet cable, spawn dozens of virtual machines and setup monitoring software for health checks overnight. Since the inception, there hasn’t been one ISTS prep night where white team got sleep. Talk about dedication.
Passion (and some necessity) breeds dedication & creativity
The theme for this year was reminiscent of the popular computer game “Civilization.” 10 teams were assigned countries with resources and a bank account. In order to survive, teams must declare war to steal resources or become allies with others to share resources. The uniqueness of a competition where students manage geopolitical relationships at the same time as securing a Juniper SRX creates a stressful but fun environment.
In my opinion, the creative aspects of the competition stems directly from passion for the security field as well as hanging out with others who share that same passion. Bruce Potter recently wrote an article on the importance of security clubs and how he wished they existed when he was in school. I can confidently say without SPARSA, I would not be as successful, as smart or as passionate for the field as I am now. Every Friday at SPARSA consisted of me eagerly showing others what my latest side project was, which most of the time included me finding a subject I sucked at and trying to learn more about it. The best way to learn something is to teach others, and when a club fosters this kind of environment it is able to bring the collective intelligence and creativity of the members up over others.
Security clubs in college are great, but I will argue they are even better in the “real world.” Once I graduated, I brought with me a network of friends and colleagues that I could reach out to at any time to get answers to questions, job prospects or a beer in a city while traveling. At conferences like Shmoocon or DEFCON, it’s hard not to see SPARSA alums and current members moseying around between talks or hacking CTF challenges. This type of community reach keeps us connected and we bring the club passion into our full-time jobs. Learning about the latest news, having side projects, getting pinged from other members keeps me sharp in my current position here at ZeroFox. From my day to day, I can use my security chops to solve problems here because security clubs have taught me how to learn and how to be creative. I hope my cohorts from SPARSA can confidently say that as well.