CyberTitan Three: HedgeSight is 2020
This year’s CyberTitan three “Hedgesight is 20/20” pushes the students into realms which are beyond the comfort zone of seasoned security professionals like me. I’m just lucky that the Octopi Managed Services Inc. team has expanded in 2019 to include some world class talent in security architecture, Linux OS security, full stack software development and of course our mainstay capabilities of Windows active directory and network security. I am humbled and awed at the capability of the “octo-team” and what has already been accomplished.
Virtualizing Cyber Titan
Unlike previous CyberTitan events, about two months ago we got handed a massive curve ball as a result of Covid-19 – this year’s event needed to be delivered virtually and it needed to be more awesome than ever before. That required a massive change in design, location and fortunately in addition to the awesome cyber security skill set the team has, several members bring near elite level “gaming skillz”. One of the biggest challenges we identified would be team-to-admin and team member-to-team member communications over voice and text – luckily, we had an Octopi team member comfortable with Discord – communications problem solved.
With a senior team member comfortable with networking, VPN and the open source software stack the daunting challenge of virtual delivery of CyberTitan three for 10 teams, 6 VM images (60 VM’s + 10 vulnerability scanning VM’s in total) was figured out and delivered in four weeks. Through our network of Winnipeg based IT companies - Les.net - we were able to rent space in a data centre that gave us access to a one gigabit per second fibre link to the internet.
If your interested in more information about CyberTitan, exactly what CyberTitan is, along with "behind the scenes" interviews please visit this awesome coverage of 2019's event by veteran cybersecurity reporter Kim Crawley.
Designing the Challenge Scenario
The role and responsibility of a cybersecurity professional, or in the case of Octopi Managed Services Inc. in small and medium sized organizations will be varied and may include activities that have a tangential relationship to the core cyber security skills of vulnerability management and digital forensics – we wanted to replicate a “real-life” environment. The kind of small business that has a ½ a dozen to ten or more employees with absurdly high demands in service and revenue.
As the lead architect for CyberTitan and CISO for a Cyber Threat Intelligence start-up, Cyjax Ltd in the UK I have access to the all kinds of stories and threat actor activities. This year I was inspired by and wanted to incorporated elements from the 2016 Indictment of Iat Hong and his crew of cyber criminals, as well as the April 2019 SWIFT report “Three years on from Bangladesh” Tackling the adversaries”. I like “real life” cyber-crime to base the Cyber Titan scenario and challenges on – just like 2019’s event had elements of the “Cyber-attacks and underground activities in Port of Antwerp”.
This year we built out some very interesting environments for both Windows and Linux security skill sets. An opensource based web application presenting an interactive & “real-time” simulation of a hedge fund trading platform and a windows domain. Cyber Titan is moving closer to “real-life” cyber security challenges in a “real-world” than ever before.
A day in the Life of…
One of the goals of CyberTitan, ICTC and all of our sponsors is to prepare Canada’s next information security professionals. The reality of a job in cyber security is not everything you do will always be “core” cyber. The students can be expected - for points - to be tasked with creating and submitting a network map to the scoring system. For those of us in the industry with experience in incident response, a network map is an absolute necessity!
The cornerstone of cyber defence is of course vulnerability management but, “vul mgt” is not just about “pushing patches to boxes”. The students should look deeper into configurations, unnecessary services and potentially unwanted programs. As I like to say in my public presentations “You have a zero percent chance of being exploited by a Silverlight exploit if you don’t have Silverlight installed in your environment.”
In Cyber Titan 2018 we introduced the idea of scoring for digital forensics tasks involving the identification and remediation of Indications of Compromise (IOCs). These tasks could not be more relevant to the experience of information security professionals with the “Cost of a Cyber Security Breach Reaching a Record High as Canadian Businesses Spend up to $5.8 Million to Recover”, according to the 2019 Scalar Security Study.
This year we are introducing another aspect to the scoring of CyberTitan. Over the course of the day the teams will be tasked with all manner of security focused service tickets. Completing these and submitting evidence in the form of screenshots - just like the digital forensics evidence discoveries – will gain points as well! It’s an aspect of “A day in the life of” an information security professional as “threat hunting” work can be interrupted by “Bob” from accounting needing an urgent password reset as he is locked out of the system.” This is the reality of a job in cyber security – interruptions happen and priorities in the organization change - sometimes on an hourly basis.
On the eve of Cyber Battle
It’s always an honour and privilege to play a small part of improving Canada’s cyber capabilities by investing in young people. The advice I can offer for successfully competing in Cyber Titan is “Think, Communicate, Plan, and Do.” Clearly the “Do” part is critical for a score but without the “Thinking, Communicating and Planning” you may hurt your teams score. I wish the best of luck to everyone and please let me know what you thought of this year’s Cyber Titan event via Twitter @Phat_Hobbit.