As the Symantec Cyber Career Connection (SC3) students embark on their internships, which started in February, we visit with one of the guest lecturers that taught a session at the Brooklyn pilot site. Dan Guido, CEO of Trail of Bits and ‘Hacker in Residence’ at NYU Polytechnic School of Engineering, gave the students some advice and training on how to gain the skills necessary for entering the cybersecurity workforce.
Read SC3 student Diana Shafer's views on why millenials should care about Safer Internet Day on TechCrunch.
SC3 is Symantec’s signature program that aims to address the global workforce gap in cybersecurity by training and certifying young adults in cybersecurity and assisting them in landing meaningful internships and jobs. To conduct the SC3 initiative, Symantec has entered into partnerships with two nonprofit organizations—Year Up and NPower—to develop educational programs for underserved young adults (ages 18-29) in the field of cybersecurity information. The participants of the programs will receive industry-recognized certifications, such as CompTIA A+, Network+, and Security+, which will greatly increase their earning potential.
The first class of 45 participants in three pilot locations (New York City, SF Bay Area, and Baltimore) will be qualified for permanent employment in entry-level cybersecurity positions by September of 2015.
The Brooklyn class was lucky to have Dan Guido share his experience and insights about cybersecurity and the importance of training in Capture the Flag (CTF) competitions to gain real world skills. We spoke with him to hear about his day at SC3 and his message to the students.
How did you get involved at SC3 in Brooklyn?
I was speaking on a panel at the 2014 NICE conference on cybersecurity education and I was talking about how to scale out security education and the value of CTFs, Capture the Flag competitions. Symantec approached me and asked if I would be interested in speaking with the students.
What are CTFs?
Capture the Flag (CTF) is a computer security competition that is usually set up as jeopardy-style to solve cybersecurity challenges. Teams race to complete the problems ranging from vulnerability discovery to forensics. CTFs serve as an effective educational tool and are associated with major security conferences. My company sponsors and helps design CTFs, such as Ghost in the Shellcode, CSAW CTF, and Build it Break it. The largest is DEF CON in Las Vegas.
What did you teach the students?
I talked about Trails Bits, Capture the Flag, and why I believe it is a great learning tool, how to approach it, and what skills are needed for success. We walked through a use case and did some defensive exercises and forensics. Then I had them play MicroCorruption, a free online tool that is always open, and helped guide them through questions that arose.
Why do you think CTFs are important as a learning tool?
CTFs provide immediate real world experience. Every challenge is one that a security professional would encounter in their daily lives: identify vulnerabilities in the code you must protect, evaluate how exploitable they would be to an attacker, find out if someone else already exploited the system and if so, develop a tool to root them out. CTFs exercise every step in this workflow.
Beyond teaching the right skills, CTFs are fantastic additions to any resume and are always a conversation starter in an interview. You can discuss your problem solving approach and the challenges you have previously solved. Most, if not all, security professionals recognize and understand the value of participation in CTFs.
Most important, CTFs are fun and addicting to play. You will join a great community of peers and want to keep coming back to learn more in each additional game.
Any last thoughts you would like to share?
The students were very enthusiastic and they were there because they wanted to learn. I gave them some pretty challenging scenarios but they weren’t dissuaded.
On our Trail of Bits website we have a free CTF Field Guide resource. I provided them with that information and gave them the schedule for upcoming CTFs.
Adding a CTF component to the program would give it the ability to scale. As mentioned, it’s one-to-one overlap to the real world and is an excellent learning tool. In the end it is absolutely necessary to provide hands on experience that CTFs can provide.
Thank you, Dan, for sharing your valuable advice with the SC3 students! For more information on SC3 visit http://www.symantec.com/corporate_responsibility/topic.jsp?id=cyber_career_connection.
Dan Guido received a BS in Computer Science with a focus in security from NYU-Poly. He is the CEO of Trail of Bits, a cybersecurity research and development firm in NYC, and the Hacker in Residence at NYU-Poly, where he teaches a graduate course in penetration testing and vulnerability analysis. In his free time, Dan is a moderator of Reddit Netsec, the largest security forum on the internet.