From n00b to 1337: A CTF Story

my name is Sofia Michael and today I'm going to be delivering my talk from noob delete CTF story so this talk is going to be about how caption flag competitions are used to reinforce security learning and a positive that fun and friendly way and as a how CTF have helped me as an individual trying to break industry create that career path for me um so Who am I my name is Sofia I've just completed my second year of cyber security management at Bournemouth University I'm the vice president of the Bournemouth University cyber security society where we have over 120 paid members and we run ethical hacking sessions about twice a week I'm the student ambassador for cyber security

challenge UK of which I'm quite active or I complete a lot of competitive competitions with them I'm the ex Team UK representative for the European cyber security challenge of which we travelled to Malaga to last year and I've just won the best new security blog in the European cybersecurity blogging Awards so what is this easier what are capture the flag competitions so these competitions are where players compete with each other in different security challenges that reflect the current security challenges we actually face in real life so this can be anything from crypto challenges to where packing memory forensics or anything down to lock-picking as well you can also have attacked defense coverage of flag competitions where people literally hack

each other it's great fun and basically you find flags by solving challenges every time you solve a challenge you get some sort of code or string which we trade in for points so when I first heard about capturing flag competitions I had no idea what this was all I knew that I was having my time in academia where I study a management course and I wanted to make my technical skills better so that's where I came across the city of competitions so who are these people that compete and capture the flag competitions well we are the keyboard warriors basically the competitions that I do there enter University challenges where people meet up in a physical

location they compete in these competitions so the ones that I have been doing are run by cyber security challenge UK and which thought of all these universities meet our location and we do a competition on-site our online and offline challenges as well for CTF offline ones are very popular as you can do them remotely from home and they go globally as well thousands and thousands of teams compete in these kind of competitions so CTF competitions they're not only for script kiddies or noobs like me there's they have industry level competitions as well I've just returned for a competition in Dublin where there's been industry level CTF there and also companies do in-house competitions as well to help their

employees sort of better their skill sets and as you engage where they have to learn more in their current job roles so it's more than a competition absolutely it's a part of security culture it's a part of being a part of this community where you can have a friends lean on you can reach out for help when I first joined cyber I literally knew nothing I knew no one and I didn't learn it very quickly it's a wonderful community to be a part of a supportive and friendly community as well even if I just send out a tweet asking for help someone will get back to me eventually if I'm at a competition where you're supposed to be out for each

other's blood to get these flags to win the competition there will be someone there that wants to help you to help you kind of get those flags to get those points and when I first joined cyber I was told that you have to network if you want to do well you have to create that community make those connections so when you break into industry you have someone to lean on you have someone to reach out to and absolutely these competitions can be used for these as well these competitions have done more than just be a competition it makes it forces you to learn on the day as well obviously everyone wants to win if you come across

something you don't know about you roll there and then google it trust me because we want to when you want to get those flags you want to get those points and I've made so many friends and like connections as I said beforehand some of these competitions are sponsored by big names Amazon Deloitte and usually they are at these competitions so to be able to go up to these big name companies to make yourself known to make your mark in industry before you've even maybe gone into industry is an absolutely brilliant opportunity and also to meet other like-minded students are the like-minded individuals I know so many people now all over the country from all kind of

universities and backgrounds but I know will help me if I ever get stuck or if we just want a coffee just to kind of catch up as well so final thoughts as well these ethical hacking competitions have taught me more of just as much as the University coming from a cybersecurity management course I didn't have a lot of technical skills whatsoever I didn't even know how to install Kali I didn't know what SQL injection was I didn't know what nmap was it's just a bunch of letters to me so to be able to supplement my university education in the management and business side and to make myself a more balanced well-rounded industry professional bio so aiding my kind of

technical side nurturing those technical skills so I can understand the both sides of cyber is absolutely brilliant and I can't recommend that enough and it also aid non techie people to break into industry as I mentioned I was rich I really was a noob I'm not joking before I started doing these CTF competitions I had no idea about technical stuff and these competitions allowed me to kind of ease into the technical side of cyber because as I said people will help you and a lot of these challenges are set out people knew breaking into industry as well I personally in my society we have a lot of people coming from non-technical backgrounds a lot of people that do law

or they do psychology and they've come up to me saying how great it was to be able to be part of this community from the get-go and as I mentioned before quite a lot expand those networks make those connections make this vital kind of like foundations for you as a person trying to break into cyber I knew no one I had no idea where I was going a year ago and now a year later after I've been to all these after I went to my first competition I can now say that I have got quite a good network which I can reach out to and those who help other people bring into industry by introducing them to my

connections and these competitions they're not a small thing they are global and they have a global impact on the industry as I said especially with the online competitions anyone can join into it and the recent competition that I did do was Neverland where my team came top 30 globally and that was an absolute brilliant experience but I sued because you can you are going against a lot of people from all kind of backgrounds across the globe it's not just a small thing it's definitely a large global thing so thank you very much for coming to my talk today if you do want to contact me I do have a Twitter handle I'm speak fear if you do

someone to follow my blog where I talk a lot about my journey into cyber the goods the ugly and the bad please go to that blog there and I suggest might see a quick thank you to Rory as well who were being a great mentor and kind of helping me through my nerves this morning so thank you I'm happy to take any questions now or I will be hovering around the conference for the rest of the day if anyone wants to grab me in the hall or whatever so yeah any questions