Over the past few years we launched and ran two university-level hacking competitions in order to attract bright students to our field, with the long term goal of addressing the skills gap in cyber security.
Analysts estimate that, globally, over the next few years, in the field of cyber security there will be a gap of over a million people between the positions that need filling and the people with the skills to fill those positions.
In 2015 we founded the international Cambridge2Cambridge cyber security challenge, in collaboration with MIT CSAIL, which first took place at MIT, and then in 2016 the UK-level Inter-ACE among the UK ACE-CSRs, which first took place at the University of Cambridge. The Inter-ACE has now expanded beyond the ACEs and the C2C admits university students from anywhere in the world. None of this would have been possible without strong cooperation between academia, government and industry. We are grateful to our many supporters, who are all credited in the report.
After three years, my precious collaborators Graham Rymer and Michelle Houghton have moved on to new jobs and it is time for someone else to pick up the torch. To help our successors, today we publish a comprehensive technical report distilling our experience running these events for the past three years. We wrote it for all those who share
our vision and goals and who wish to take these competitions forward: we hope they will find it useful and it will help them make future editions even better. It contains a detailed chronicle of what we did and an extensive list of lessons learnt. Attendees of the Security and Human Behavior 2018 workshop will have heard me speak about some of the associated challenges, from fostering cooperation to redressing gender balance to preventing cheating, with detours into Japanese swordsmanship and Plato.
The extensive appendices contain a wealth of training material including write-ups of our practice CTFs and of the Inter-ACE 2018 for which we developed the problems in-house, as well as the latest course notes for the binary reverse engineering training seminar that we ran in Cambridge several times over the years, initially for our own students and then for hundreds of ACE-CSR participants.
We hope you will enjoy our report and that it will inspire you to contribute to future events in this series, whether as a participant, host or supporting institution, and keep the momentum going.
Frank Stajano, Graham Rymer, Michelle Houghton. “Raising a new generation of cyber defenders—The first three years of the Cambridge2Cambridge and Inter-ACE cyber security competitions”. University of Cambridge Technical Report UCAM-CL-TR-922, June 2018, 307 pages. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-922.pdf