Facebook Security Engineer Michael McGrew Serves As ‘Penetration Tester’ At Security Competition


WRCCDCLogo650Facebook Security Engineer Michael McGrew and a colleague attempted to hack the Western Regional Collegiate Cyber Defense Competition, but their intentions were pure: After discovering the Collegiate Cyber Defense Competition while he was a junior in college, McGrew started a club and brought a team to the WRCCDC, so his stint as a “penetration tester” was almost like returning to his roots.

McGrew described his experiences in a note on the Facebook Security page, as well as providing a list of similar security-oriented competitions for students.

He wrote:

The best security education helps students connect their classroom knowledge to real-world situations, and entry-level security jobs increasingly expect some hands-on experience. Not all school curricula today include these opportunities, though, so students often look outside of the classroom to build and solidify their skills.

I found myself looking for these same opportunities when I was a junior in college. I came across the Collegiate Cyber Defense Competition, a defensive security competition that puts teams of students in a mock business environment. The program challenges students to run their business while protecting their network and systems from a team of professional penetration testers looking for vulnerabilities. I started a club at my school and formed a team to bring to the Western Regional Collegiate Cyber Defense Competition. After practicing and reviewing strategies for a couple of months, we attended the competition and learned a ton. It set me up for other competitions and extra-curricular activities that prepared me to enter the security professional field.

In recognition of the value of these types of learning opportunities, Facebook helped sponsor the WRCCDC competition at the end of March. My colleague Javier and I joined a team of penetration testers attempting to breach the students’ systems. The challenging environment exposes students to hands-on experience with enterprise equipment. Teams are constantly under pressure to keep the business running smoothly and to secure and maintain their systems while defending against attacks. This simulation teaches teamwork, time management, risk assessment, and core technical security skills. Whenever we managed to get around one of their defenses, we were peppered with questions from the students: “How did you get into our server?” and “How can we secure our network from what you were doing?” Giving informal tutorials about security defenses and best practices to talented and passionate students was the highlight of my experience.

McGrew also offered the following list of related events:

  • CCDC: CCDC is a defensive competition for teams of college students to protect a mock business network against professional penetration testers.
  • CSAW Capture the Flag: CSAW CTF is an entry-level Capture the Flag event designed for undergraduate students.
  • U.S. Cyber Challenge: Cyber Foundations is a series of tutorials and quizzes for high-school students to learn about security and test their skills. Cyber Quests is an online quiz where the top-scoring participants are invited to a week-long camp with classes taught by SANS instructors. Registration is currently open for Cyber Quests.
  • CyperPatriot: CyberPatriot is a competition for high-school students where teams address real-life cybersecurity situations in a virtual environment.
  • MITRE Cyber Academy: MITRE Cyber Academy hosts annual competitions for high-school and college students that allow teams to compete against each other in different hacking challenges.
  • National Cyber League: The NCL provides an ongoing virtual training ground for students to develop, practice, and validate cybersecurity skills using lab exercises aligned with individual and team games.