Hacking Games: A Proving Ground for Tomorrow’s Infosec Leaders

The headlines seem to be dominated by hacks lately. Some of the top TV shows around the world heavily feature cybersecurity plot points and hackers, both ethical and not, as key characters. Cybersecurity and the consequences of getting hacked has entered popular culture in new ways over the last several years, but according to industry experts, there is a lack of qualified information security professionals ready to lead the world’s organizations to true cybersecurity. One way security professionals can prove they can perform the tasks needed to keep the world’s infrastructures secure is by participating in a hacking game.

Hacking games are great tools for students and experienced professionals alike to show potential employers that they not only possess the knowledge required to do a job, but also know how to do it. Most cyber games are built to mimic the real world scenarios cyber security professionals face on the job. Organizations want to hire experienced professionals to keep their infrastructures, data, employees, and clients safe from hackers. Another group that participates in hacking games is consulting firms and other technology companies. Companies have sponsored teams of their own professionals in the past to show potential customers and clients that they employ the best of the best and have what it takes to defend information.

Hacking games are typically set up as a series of different cybersecurity challenges structured as elimination rounds. One round may focus on cyber forensics, the next on hacking or penetration testing techniques. The standard model employs an automatic score bot that keeps a tally on how well each team is doing. Teams have to defend their “flags” from opposing teams while also collecting opponent “flags.” These flags represent servers or data stores or other targets.

Simulations like these that test a student’s or potential candidate’s applied skills are extremely important in a job with stakes that are as high as cybersecurity. Companies do not know how the people they hire will react and how good their skills will be in the event of a hack until they actually experience one. That is obviously not an optimal time to discover that an employee cannot apply his or her knowledge. These games are a great way to determine readiness before disaster strikes.

EC-Council Foundation, a charitable and educational cybersecurity training organization, is excited to partner with ISACA and host the finals of their hacking games, the global CyberLympics, during ISACA’s CSX North America conference, taking place in Washington, DC, USA, 19-21 October.

Eric Lopez
Senior Director, EC-Council

[ISACA Now Blog]