• United States



Where’s Waldo? Cyber Vulnerability Hunt

May 07, 20103 mins
Business ContinuityData and Information SecurityIdentity Management Solutions

From Rita Boland – Signal Online:

The USCC is a national talent search and skills development program that intends to find 10,000 young Americans who possess the interest and skills to become cybersecurity professionals. The treasure hunts hope to peak interest in the work and the camps by taking advantage of people’s natural desire to compete. Karen Evans, the director of USCC, hopes the strategy will arouse more curiosity than standard announcements about a camp. She explains that the program tries to instill the idea that people attending the camps  “are cool and know their stuff.”

Competitors face off only against others in their state to win the trips.  Each state presents the same problems on the target system, but it facilitates the competition and the camps on its own timeline. California and New York both are up and running now, and Delaware’s contest begins May 1. Interested students can register on the Security Treasure Hunt website, which also lists camp locations and dates.

One week into the competition, California had 58 accounts established with 149 quiz attempts. Fifty-two accounts were up and running in New York. Participants can take as long as they like to resolve the problems in the challenge. The questions are not part of a hacking effort but instead assess basic cybersecurity skills. If competitors are unhappy with their scores, they can go through the challenges multiple times until they are satisfied. Evans says that this willingness to try again shows that “they’re really competitive. That shows a certain amount of interest.” The information goes to the state treasure hunt officials.

During the camps, which are held at universities within each involved state, participants attend classes and take part in another competition at the end. Evans explains that the goal is to build on people’s competitive nature while making them aware of opportunities other than hacking to use their skills. She states that no one wants groups of people breaking into networks.

The long-range plan is to match participants with organizations that need their abilities. She describes the treasure hunts and following events as a blend of Facebook, Progressive (the insurance company) and eHarmony, because they have a socializing facet, a comparison phase and eventually a matchmaking aspect.

Evans says the Security Treasure Hunt is exciting to her because it identifies talent early and moves those people into the cybersecurity pipeline. “It’s a very different way of trying to reach out to people and match them up with opportunities,” she explains.