Director, UK Cyber 9/12
Lecturer, Cranfield University
The UK Cyber 9/12 Strategy Challenge’s ‘Most Engaged’ Award officially launches 9 February - let the social media games begin!
On 9 February we are launching the ‘Most Engaged’ Award for the team that is most active on social media. The winning team will receive public recognition and the opportunity to publish on the Atlantic Council’s New Atlanticist.
The New Atlanticist blog “showcases expert analysis from the Atlantic Council community on the most important global issues. Featuring breaking news reactions, opinion pieces, explainers and focused analyses, New Atlanticist provides a comprehensive look at the top global headlines and the challenges facing the international community.” The winning team’s blog will go to over 20,000 New Atlanticist subscribers and be promoted to the Atlantic Council’s 235,000+ social media followers.
This year with the Cyber 9 /12 Strategy Challenge going virtual, we want to encourage more ways for students to connect with the competition, the sponsors and partners. We hope that you will be able to find plenty of highlights from your involvement to share on social media and have a bit of fun at the same time!
The competition will start on 9 February and run until 1pm GMT on 17 February, with the winners announced at the final competition prize giving.
Points will be calculated based on the following criteria and you must hashtag your team name to claim your team points:
1 point – a tweet featuring #Cyber912 and tagging @AtlanticCouncil and @cyber912_UK
2 points - a LinkedIn post featuring #Cyber912 and tagging the UK Cyber 9 12 Strategy Challenge page on Linkedin
3 points – Instagram post with the #Cyber912 and tagging both @cyber912uk and @AtlanticCouncil
5 points – film a 30 second video on your experience and share on Twitter or Instagram with #Cyber912
10 points each – a tweet from your University’s Twitter handle using #Cyber912, tagging @AtlanticCouncil and @cyber912_UK
Let the games begin and good luck!
UK Cyber 9/12 Strategy Challenge Organisational Team Member
I am Anthony Bryan, a recent master’s student who was introduced to the Cyber 9/12 Strategy Challenge event last year as a member of the 3AM team from Portsmouth University, given my interest in cyber technologies and the current state of the cyber landscape. My interest in the Cyber 9/12 competition initially revolved around testing my cyber knowledge, especially with regards to incident responding and the technical challenges faced in the scenario.
Throughout the competition my perspective changed, from initially wanting to test my knowledge against the particular cyber attack to completely immersing myself into the scenario, using it as a resource to enhance my learning of the policy and strategy issues, especially, as the scenario really did reflect reality and highlighted some of the difficult choices that the government would face. What I liked most about the competition is the experience! As a university student you learn the theoretical side of cyber security, policies and international relations however, the competition set the scene for a real-life situation that requires a hands-on approach and a realistic immersive experience – as I was briefing senior cyber security leaders as if they were the government.
The biggest take away for me was the chance to create new connections with extremely well-established individuals within the cyber community (and various other cyber-related areas). These are people who have fascinating careers in cyber and who I would not necessarily meet in normal circumstances at university; connections who have given me great support when needed. One of which provided me with the opportunity of carrying out a research project on a topic which is of significant importance to internet users across the world. This all came about because I was talking to them about what I was passionate about and what I was interested in doing following my studies.
Taking part in the competition also influenced the areas of cyber security I now want to explore, shifting from software/ programming aspects towards more policy related issues. This is mainly because of how challenging the Cyber 9/12 Challenge was, but also, I can see now how important it is to deal with the crises of today and tomorrow to understand the broader areas of cyber security and its relation to decision making. Despite the challenges faced throughout the scenario, I was surprised at how fun the Cyber 9/12 competition was. There’s more to the day than just competing. I was able to converse with sponsors, listen to impressive keynote speakers and partake in a few other fun activities throughout the day, all of which got me thinking about the type of career I wanted to pursue.
Having had such an amazing experience, I am now currently involved in the organising team for this year’s Cyber 9/12 Strategy Challenge. Its going to be interesting being a virtual event this year, but I have been a part of the core team designing the new scenario and I’ve enjoyed designing something that we hope the students will be challenged by and also enjoy. It is not long now until the competition and I hope that this year’s event will be as impactful on this year’s new competitors as it was for me. Good luck to everyone competing this year!
From Competitor to Coordinator
By Emma Schroeder
Assistant Director, Cyber Statecraft Initiative, Atlantic Council
In February 2020, I had the incredibly rewarding opportunity to be a part of the Atlantic Council’s third annual UK Cyber 9/12 Strategy Challenge. My team was all-female and international, representing King’s College London where we were all studying for our master’s degrees, but hailing from the United States and France. For almost two months we prepared for the upcoming competition by studying cyber incident responses over lunch in the cafeteria, writing iterations of our situation assessment long through the night in library study rooms, and laughing over celebratory pizzas in cramped dorm rooms. Finally, on February 17, we entered BT Tower.
My team was formed in a class on cybersecurity policy and strategy. Throughout the year, we learned about the cyber strategies of major countries and supranational organizations, preparing us for our upcoming cyber policy and strategy competition. But what we didn’t have a chance to learn – what no class had ever taught me – was the experience of putting those strategies into action. Cyber 9/12 provided, even more than the opportunity to learn about specific cyber issues, a glimpse into the experiences of a senior decisionmaker in British cyber policy.
Walking into that judges’ room was walking into a cabinet briefing. Our assessment of the scenario would form how the nation’s top leaders viewed these events. Our policy recommendations would steer the United Kingdom’s course through the crisis and shape the successive international environment. The judges, though they are not truly cabinet members, are representatives of think tanks, private companies, and universities that are spearheading our evolving understanding of cyber strategy and policy. Through their questions and their feedback, I was able to build a foundation of how cyber policy and strategy are executed at the top levels of government and how, throughout my career, my work could contribute to their success.
This experience is why university students congregate to Cyber 9/12 competitions all over the world. But what happened outside the competition room was just as formative for me. I had the opportunity to hear from amazing speakers that could share their first-hand experience on topics ranging from the dot com boom to the UK’s digital infrastructure strategy. In one of these forums, Matt Warman MP, Minister for Digital Infrastructure, perfectly summed up the mission of the Cyber 9/12 Strategy Challenge when he spoke of the need for translators in the field of cyber security. Having studied history and international affairs in my undergraduate and graduate programs, for a long time I believed that my lack of technical skills would impede any career opportunities in the field despite the fact that I had developed a strong interest in the strategy behind cyber. But through MP Warman’s speech, speaking with present company representatives, and getting to know my fellow competitors I learned that my humanities skills were valuable and that my skillset was of direct interest to those organisations who were supporting the Cyber 9/12 event. I had been taught to critically analyze dense source material and synthesize evidence into a supported and convincing argument. From a skillset point of view, maybe interpreting and analyzing hundred-year-old documents was not too dissimilar to analyzing and conveying cyber challenges into a form that that policymakers could understand.
Cyber 9/12 proved to be a pivotal turning point in my life. With the lessons I learned in developing my team’s situation assessment and presenting our policy recommendations, I completed my graduate dissertation on the strategy of cyber conflict. With new skills and heightened confidence, I obtained my master’s degree on the History of War, with a focus on military strategy and cyber policy. With an understanding of how my skills and experiences fit into the ‘cyber world,’ I started a new job after graduation as an Assistant Director of the Atlantic Council’s Cyber Statecraft Initiative - the very team that houses the Cyber 9/12 program.
This journey has become cyclical. As I write this, my team is coordinating with the amazing leadership team of the 2021 UK Cyber 9/12 Strategy Challenge to help deliver another memorable experience to a new group of teams. To these teams I will say, take every opportunity this challenge gives you: learn from the judges, connect with company representatives, and share your experiences with one another.
The Atlantic Council’s Cyber 9/12 Strategy Challenge, a one-of-a-kind cyber policy and strategy competition, is an intensive and exhausting process for student competitors. Before they set off on this demanding journey, these competitors (and their academic advisors) may ask themselves why this competition is a good use of their effort, how it complements their education, why it’s important to their future career, and why a diverse group of organizers and supporters are passionate about helping them succeed. Before dedicating themselves to the competition, these competitors and their advisers deserve to understand (with apologies to film director Frank Capra) “Why we fight.”
I’ve had the privilege to coach teams from Royal Holloway University of London in three Cyber 9/12 Strategy Challenges: London 2018, where the team earned first place; Geneva 2019, where the team was a semi-finalist; and London 2020, where the team earned third place. From this vantage point, I have watched my student competitors and others as they grapple with the competition. I have also seen these same students learn several valuable lessons.
Throughout the challenge, teams simulate analyzing and synthesizing information about cybersecurity threats and then briefing senior government officials with findings and policy recommendations—all under high-pressure. The competitors delve into information assembled into three separate briefing packs, called an Intelligence Report, that include real and fictional research, online media, private sector threat analysis, government intelligence documents, and even a television news update.
The competition forces students to use a variety of disciplines they might not otherwise employ on their academic journey. Teams must look beyond their individual domain specialty, whether it be computer science, law, cryptography, political science, risk management, or any of the wide array of education backgrounds represented. The competitors must be prepared to justify their recommendations within the emerging framework of international law, which increasingly pervades state decision-making on cyber operations. The competitors assess the risks and potential impacts of hostile cyber operations and countermeasures; then, the competitors articulate their assessments to expert judges playing the roles of decision-makers in government.
Throughout the competition, teams are encouraged to think holistically about the needs of an entire society, deliberate on how to prioritize domestic and international responses to the crisis, and consider non-cyber impacts and responses. The competitors’ chances of success in the competition increase tremendously if they exhibit an appreciation of the practicalities needed to implement their recommendations—like the time and resources needed to adopt new laws or procedures, to commission new offensive cyber programs, to task or redeploy limited civil service resources, to leverage support from non-state actors such as the community of CISOs and security vendors, to persuade international partners to participate in multilateral action, or any number of other responses they wish to suggest.
Teams are forced to confront the reality of decision-making in an atmosphere of less-than-complete, potentially inaccurate, and sometimes conflicting information. They must sift through messy and diverse sources of intelligence and synthesize a picture of threats that can be explained to non-expert decision-makers in minutes—all while being careful to assign appropriate degrees of confidence to different elements of their report. They must learn the difference between acting as an honest broker of available evidence (which is the job of an analyst) and acting as an advocate for a specific outcome (which is not).
The best competitors learn and demonstrate good teamwork skills. They face difficult choices in how to allocate tasks among themselves. The time pressure of the competition begins at a relaxed pace with weeks available to produce and deliver Round 1 submissions. Those selected to advance to Round 2 have a single overnight window to absorb significant new intelligence and revise their view of the situation. The very few teams who advance to the Final Round face the highest-pressure component—they are given only a few minutes in which to absorb a critical additional intelligence before briefing the judges who simulate government leaders—often comprised of people who have served in the senior civil service roles the students simulate.
The competition itself is a labour of love for a large group of volunteers from industry, government, and academia. The organizers and volunteers put in a considerable amount of effort to develop a competition’s intelligence pack and recruit and coordinate the expert judges who simulate decision-makers.
Each competition reflects local values, methods, and standards. Judges in London simulate UK government officials; judges in Washington, DC simulate US government officials; and judges in Geneva simulate a multinational “task force of European leaders” including heads of government and defense. Competitors must be prepared to make recommendations that are most appropriate for the relevant environment.
Of course, no competition is perfect, and no simulation is perfect. For that matter, the process being simulated is itself far from perfect. Judges and competition officials must eventually rank teams. Despite tremendous effort from organizers and judges, reasonable people can argue about aspects of the competition process as well as the results.
But I find that the students who take the most from the competition are those who embrace it for the learning opportunity it represents. I have watched students climb and conquer steep learning curves. I have seen cryptography students gain a better understanding of politics. I have watched students of law and international relations learn to appreciate the intimate practicalities of cyber operations. I have seen computer science students learn how international law influences operations. And I have watched as all of them learn more about how the decision-making “sausage” is made.
Students interested in cybersecurity learn valuable lessons from the Cyber 9/12 Challenges that they are unlikely to encounter anywhere else in academia. Competitors finish the competition better prepared to communicate their ideas to a wide variety of influencers and decision-makers. They all finish better prepared to address the complex threat-filled environment presented by modern cybersecurity. They all finish better prepared to contribute new ideas and new thinking that may someday help to reduce the risks of unnecessary conflict carried out through the cyber domain.
These are all good reasons to compete.
And in the context of this competitive simulation, this is, I believe, why we fight.
Robert Carolina (BA, University of Dayton; JD, Georgetown University Law Center; LL.M-Intl Business Law, London School of Economics) began teaching legal and regulatory aspects of cybersecurity at Royal Holloway University of London in the 1990s. He is the author of the Law and Regulation Knowledge Area of CyBOK: The Cybersecurity Body of Knowledge. This is a revised version on an article originally written for a Royal Holloway newsletter. Correspondence to: Robert.Carolina@sciocertus.com.
I hope you will take the chance and sign up today!
My Experience Of the UK Cyber 9/12 Strategy Challenge
Threat Hunt CyberSecurity Analyst
I first took part in the competition when I was a Computer Science student back in 2018. Coming from a computer science background, I had a narrow understanding of what cyber security is outside of technology. I had no contact or experience in cyber policy or strategy. The UK Cyber 9/12 Strategy Challenge completely changed my view of cyber security starting with the registration phase when I found out how diverse my team was. Every team member was studying for a completely different degree: Politics, Economy, Computer Science and even Chemistry.
I find it quite hard to describe what it feels like to take part in the Cyber 9/12 Strategy Challenge. Close your eyes and imagine your country slowly slides into an ongoing cyber crisis. Furthermore, imagine it is your team’s job to advise some of the most important people in the government on the best course of action in order to avert the worst-case outcomes. The scenarios rapidly and unexpectedly evolve between the phases until the climax is reached in the 3rd phase. Cyber 9/12 takes you through a rollercoaster of emotions, from adrenaline to potential moments of despair, due to the well-thought structure of the competition, the unbelievably realistic scenarios and the incredible judges, whose day job is to do this for real!
If this sounds exciting or the very thought of it gives you goose bumps, your team should apply as soon as possible! And if not, come along and give it a try – I promise you will have an amazing time. I had so much fun that I decided to compete one more time in 2019 and learnt lots more about the cyber security industry. I can also say that Cyber 9/12 was a factor in my decision to further study cyber security and continue with a career in this field – I now work at Price Waterhouse Cooper where I advise companies how they can be better prepared for cyber incidents.
I have learned a lot from taking part in the competition but, for me, the most important thing was understanding that diversity is at the heart of a successful cyber security team. I wanted to help the Cyber 9/12 organising team in continuing to spread their message. I believe every student should have the chance to enjoy the competition and the plethora of lessons that it teaches. Keeping this thought in mind and looking for a challenge, I volunteered to be a part of the UK Cyber 9/12 2021 organising team where I am working in the scenario development team.
The task of contributing to creating a realistic and challenging scenario that will keep both students and judges engaged has pushed me to the edge of my limits, thinking how I would respond to and deal with the issues were are putting in front of the students. I hope they enjoy it! As part of the organising team, I can certainly say that I am having fun while learning something new, once again as part of this fantastic competition.
I hope you will take the chance and sign up today!
Behind the Curtain: Bringing the Cyber 9/12 Competition to life
Dr Danny Steed, Head of Strategy at ReSolve Cyber
Those visiting the BT Tower over the past two days would see the hussle and bussle of 17 student teams, competing from universities all across the UK. This the third year for the Atlantic Council’s Cyber 9/12 in London has gone off without a hitch, growing to a record size in participants. What may go missed however, are the months of dedication and passion needed for Cyber 9/12 to happen in the first place. For the students, preparation begins two months before the competition; for us the organisers, it begins six months before.
Building a competition worthy of attracting high-calibre student competitors begins first and foremost with a compelling scenario. The challenge lies in identifying a topical theme in cyber security with policy appeal, and weaving an escalating situation against which the students can respond to. The objective of the entire exercise is to challenge our student teams to provide credible policy responses to a scenario that, if left unchecked, could fast threaten UK interests.
Writing such a scenario is no mean feat. Writing begins in earnest six months out, with the senior planning team convening to agree first exactly what themes will be followed. For 2020, the policy challenges of telecommunications investment from abroad, and the role played by problems such as deep fakes, provided the driving forces behind the intelligence packs that are provided to the teams.
From that point on, it becomes a question of what information to provide the students, how to weave the credible (and factually informed but ultimately fictional) narrative that student analysis is directed to. Intelligence packs will contain a mixture, some real world reportage, but the bulk originally authored materials ranging from news reports to classified intelligence reports, email correspondence and private industry whitepapers. All materials are designed to provide the trail of breadcrumbs for student teams to prepare their submission and briefings against.
It takes great dedication from the senior planning team, and help from generous friends across government and industry, to create and proofread the materials to ensure they reach the standard for challenging all 17 student teams. It is also a great deal of fun! While trying to create a credible illusion for the students, the students challenge us each year to be better, more on trend, closer to the reality of policy in this country. Simply put, the quality of the students we have the pleasure to host and meet keeps us honest and on our toes.
A real joy of being part of the competition is moving from the early morning meetings and late night planning calls to finally meeting our contestants across two very busy days. The experience of judging comes with a juggling act; giving the students a taste of the realities beyond academia, where you are pressed very hard indeed by time-pressed decision makers for clarity, versus how to nurture young students who may well be exposed to briefing leadership figures for the first time in their lives.
In this, a huge effort is made to carry out briefing sessions with all our judges at each stage of the competition, to ensure that everybody understands the context of the scenario and the expectations for judging. Given that a large number of highly experienced colleagues from across industry, government and academia volunteer their time to judge, it is imperative to work hard to ensure that such a disparate group sings from the same hymn sheet.
For those students who do not progress to the semi finals, the organisers created a Coaching & Mentoring Session on day two. The purpose of the session is to provide teams with the opportunity to dissect their feedback from the judges, providing a one-to-one session with highly experienced senior cyber security professionals. Not only this, but students also get to benefit from access to genuinely amazing people in the types of jobs most students simply do not know even exist. Having the chance to chat directly with experienced professionals takes the competition beyond the scenario to give students the chance to learn about wider career expertise.
Building a pathway
The Cyber 9/12 competition now spans several countries, with annual events held in Washington D.C., New York, Munich, Geneva, and London. While the objective can be shallowly viewed merely as an interesting diversion for students during a busy university term, to us organisers it is about so much more. For those of us who have worked in cyber security delivery for years at this stage, few are as aware of the skills shortage as we are. The skills shortage extends far beyond just technical expertise and those schooled in STEM subjects.
There is a growing imperative to identify and nurture the next generation of strategic thinkers in cyber security, in revealing to students from a wide range of non-technical degree subjects that there really are so many pathways to working in cyber security. Cyber security is about far more than technical skills, with technologies that underpin our entire way of life - from our critical national infrastructures through to the most sensitive areas of our personal lives - there is a clear need to entice students into cyber security, not deter them because they do not study STEM subjects.
The Cyber 9/12 competition serves as a proud standard bearer that builds a pathway for students to build the confidence to believe that they can work in cyber security. The success of the competition year on year, not only here in London but across our other partner teams internationally, is testament to two facts. First, there really is a need for non-technical minds to drive cyber security leadership. Secondly, and most important of all, there are legions of incredibly talented and devoted students who want to be shown the way into cyber security. The proudest thing about helping to organise the competition is meeting these wonderful young people and (hopefully) convincing them that working in cyber security is worthwhile. For those of us finishing the competition today, red-eyed and sleep-deprived, meeting these students makes every late night call and planning session worth each and every second. See you all next year!
Deputy Director, UK Cyber 9/12 Strategy Challenge
Lecturer, Cranfield University;
Robert Black is a Lecturer in Information Activities at Cranfield University, at the UK MoD’s Defence Academy, where he leads the classified Cyberwarfare in Intelligence and Military Operations module of the Cyberspace Operations MSc. He is also Deputy Director of the National Cyber Deception Laboratory. His interests lie in understanding the role cyber can play in interstate relations, confrontation and warfare. He has extensive experience working with cyber practitioners and has worked with cyber operators in the planning and delivery of cyber operations. His research interests include Cyber Deception, Information Warfare & Covert Action in the Modern Age.
A Week (well nearly...) in the Life of a Cyber 9 / 12 Organising Team member
Monday 10 Feb 2020
Just finished my day job and it's time to focus on the Cyber 9/12 UK Strategy Challenge. It’s a week to the finals and the excitement is building, but there is still quite a bit of work to be done. All 17 teams have submitted their situation assessments, so I advise the marking team they can get started, but must remember to do my bit, too!
A quick phone call with Cyber 9/12 UK Strategy Challenge Director because one of the sponsors has offered a fantastic prize for some of the students. Now, to work out how to make the logistics work because we need to check a few issues – Immigration Law, who would have thought?!
Time for a quick bite to eat before reviewing the second stage of the scenario pack, which will be given to the successful semi-finalists at the end of Day One. We’ve got some really exciting angles to the scenario this year and have been working on it for over four months. However, recent events are beginning to echo some aspects of the scenario written back in November/December time..... it's always interesting to see reality play out like we predicted. Another quick call with the Director and we decide it's worth having a chat with the Scenario
Lead on Tuesday evening to determine if we need to revise the scenario a week from the competition. Not ideal!
Tuesday 11 Feb
A lunchtime call with the Director. We have a big debate about flower displays for the VIP Dinner - all the big issues! We also need to provide caterers with final numbers and dietary requirements. I spend a long time fighting with Excel.
Have a quick dinner before heading into a call with the Director and Scenario Lead to debate the second and third stages of the scenario. We decide we need to revise and refocus a couple of themes so they don’t correlate too much with the real world.... all will be revealed to the students next week! I hope they appreciate the subtle touches to the scenario. We work longer than planned... in fact by the time we hang up it's nearly midnight – oops!
Wednesday 12 Feb
I’m chasing confirmation from a couple of the industry and government subject matter experts who are going to be judges during the competition. We have a fascinating variety of judges from UK government policy experts through to industry leaders in cyber operations and response. It’simportant to balance the judging panels to ensure a good spread of experts for each of the competing teams.
I call the Director on the way to a work meeting and provide an update on the number of attendees. We are getting very close on headcount but think we should just have enough wiggle room - I think this could be the biggest wiggle we have done yet!
Wednesday evening means it’s time for the Organising Committee’s weekly call. A lot of people are otherwise engaged tonight, which is not ideal a week before the event. Not to worry - most have advised of their actions or sent updates. We are a few days out and it feels like everything is falling into place.
After the call, I run through some outstanding tasks with the Scenario Lead, before a quick chat with the Director to confirm we’re under the final headcount. Then I draft a couple of emails for some judges finalising logistics and start allocating judging panels to different rounds. I think that’s it for now.... until the next scenario pack is ready for review.
It’s gone 1130pm and I think about heading to bed...... then I remember I still haven’t started marking the student Situation Reports.... It’s a job for tomorrow!
Just before I head to bed for the night, I suddenly realise I owe the Director another phone call..... we haven’t set a contingency plan for Coronavirus. I review the NHS guidance and will ask BT for more hand sanitisers around the competition space. The national guidance remains means we can push ahead with the competition..... phew. Let's hope nothing changes before Monday.
Thursday 13 Feb
Today is a day of lectures peppered with emails and questions from different sponsor organisations asking whether they can swap judges because of pressing work commitments. We do our best to juggle the different requirements as the judges are kindly giving of their time. We get confirmation that we have a senior FCO representative confirmed to talk at the VIP dinner, so it will be a fascinating set of speakers for the evening - from the ICRC, to the FCO, to the US Cyberspace Solarium Commission! Can't wait for that!
I finish lectures at 6pm and sit back down to work when disaster strikes!! Excel tells me the file is damaged and will attempt recovery!! Seriously, don’t let this happen to me now.... Not 3 days out from the competition. What has happened?!?! After what feels like an eternity, the file loads up and Excel highlights the repair it has done. Some strange error code on one of the lines? Perhaps I have been “cybered”... wouldn’t that be ironic? Main thing now is to take a backup and make sure we have a spare copy of the file, just in case.I received the updated scenario pack 3 from Andreas, the Scenario Lead, and will get to that after dinner... oh and mustn’t forget those 17 situation assessments that need to be marked too. Oh and I just promised Ashlee and Joh in the comms team I would write my blog for them so it
can go live tomorrow morning. So if you are reading this, the email to BT has been sent, comments have gone back to Andreas and the 17 situation assessments should be marked.... Who am I kidding.... I’ll still be doing them on the weekend!!
All of the Organising Committee are busy people who work around their day jobs to ensure the Cyber 9/12 UK runs smoothly. I really do hope the students thoroughly enjoy themselves next week and find the scenario challenging and interesting.... And that the judges and representatives from industry and government can get stuck in offering the students valuable advice.
Roll on the competition, it is so close now, can’t wait!
Futureproofing the Talent Pipeline
‘Change is the only constant’ – a quote from Greek philosopher Heraclitus which perfectly sums up the world that those of us who work in cyber security live in.
The threats change, the perpetrators, their goals and techniques change, the organisations we protect change – even the pace of change changes! To be successful, we must constantly think about how business and customer needs are evolving. It can feel like like a security team has a higher purpose: people’s livelihoods and, in extremis, their safety can be at stake.
Jobs in the cyber security industry have traditionally been reserved for technical wizards, or those who have lived and breathed security since their teens. But as the industry matures, it is increasingly apparent that cyber security must become broad church. A wide spectrum of skills and experience is needed to drive change, both technical and cultural, across the smallest to the largest organisations. At Sage, the global market leader for technology that helps small and medium businesses perform at their best, the security team must be multifaceted and conversant in the language of the business, otherwise we’d quickly become irrelevant.
Deep subject matter experts will always be in high demand, but to deliver effective security many organisations are waking up to the fact that you need other skills. For example – to engage with all levels of the business, from the Board to sales teams to software engineers, you need great communicators. People that can present complex issues in succinct and compelling ways, people who can zoom right out and see how all the pieces fit together. You need people who understand the human dimension to cyber security, who are empathetic and can help shift behaviours and attittudes towards what is often considered a dry topic. You need people who can understand how geopolitics, statecraft and other societal conditions influence the cyber threat in different sectors in different parts of the world. The list goes on. Critically, you need diversity to come up with the best ideas and avoid groupthink, something the industry has sometimes succumbed to in the past.
That’s why I’m really proud that Sage is a gold sponsor of this year’s UK Cyber 9/12 Strategy Challenge. A competition that is helping break the mould of what a cyber security expert ‘should’ look like, by giving students from a variety of backgrounds and experience the opportunity to work together to solve the knottiest cyber problems. Via initiatives such as Cyber 9/12, we make it easier for underrepresented groups, who might otherwise struggle to break into the industry, to find opportunities to experience a career in security and also demonstrate the unique value they personally can bring.
We‘re excited to see how the 2020 competition takes shape and are really looking forward to meeting and competitors from across the UK Sage is also thrilled to offer the winners a paid internship within our Security Team, where they will experience first hand, how a FTSE100 company delivers cyber defence around the clock and the globe.
Ben joined Sage Group as Global Chief Information Security Officer in 2018, after 16 years in the UK Government. Sage is the UK's largest technology company, trusted by millions of small and medium businesses worldwide to deliver the best cloud technology, with the best support and partners to manage finances, operations, and people. At Sage, Ben is responsible for protecting the global technology estate, products and cloud services for over 2 million customers in 23 countries.
Ben left the UK Government as Deputy Government Chief Security Officer, based in the Cabinet Office. Ben was responsible for all aspects of protective security policy and coordination across 48 government departments and over 400,000 civil servants. Ben’s remit included cyber and information security, personnel security, counterterrorism, counterespionage and investigation of serious incidents and cyber breaches, including contravention of the Official Secrets Act.
While in government Ben worked within the UK’s crisis response apparatus (COBR) and was involved in numerous national incidents, including the 2017 WannaCry outbreak. Ben also led many transformative security reforms to redesign organisational structures, unlock government access to commodity technology and public cloud and modernise decades old security policies and practices.
Women in Banking & Finance
We frequently hear the terms ‘Cyber 9/11’ and ‘Digital Pearl Harbor,’ but what might policymakers do the day after a crisis? The Cyber 9/12 Strategy Challenge is an annual cyber policy competition for students to compete in developing national security policy recommendations tackling a fictional cyber incident, offering a fantastic insight into the real world possibilities of a career in STEM.
On 17th and 18th February, 17 teams of four will compete in a series of strategy challenges associated with cyber security and conflict, designed to identify and foster the next generation of policy and strategy leaders for the challenges of the future.
Women and Banking in Finance (WIBF) are delighted to once again be a supporter of Cyber 9/12, an event which shares our commitment to nurturing diverse talent and networks. For the second year running, Cyber 9/12 has achieved an even gender split of competitors, which is such an important achievement given how underrepresented women are in STEM roles. Only 14% of the people working in STEM in the UK are female. Only one-in-six tech specialists in the UK are women. Only one-in-ten are IT leaders. And, worse still, despite significant growth in the number of women working in IT roles, female representation in the technology sector has stalled over the last ten years.
It is becoming increasingly clear that harnessing the power of ‘cognitive diversity’ is the solution to tackling complex problems; and the more diverse is a team, the more likely it will be able to overcome challenges and bounce back during difficult situations. Diversity is not just about a mix of backgrounds and cultures, but about the variety of ideas that are essential for the modern workplace. It helps us to avoid group-think which leaves us exposed to blind spots.
Anna de Rosier is the CTO-deputy of Women in Banking & Finance
This is why events such as Cyber 9/12 are key to developing and showcasing diverse talent. As well bringing real-life scenarios to the forefront, it drives the importance of building diverse teams that work towards a common goal, bringing all their combined skills and knowledge to the table. It also offers students a unique opportunity to interact with expert mentors and high-level cyber professionals while developing valuable skills in policy analysis and presentation.
To be resilient in the face of future cyber security challenges we need a talented and diverse workforce consisting of technical, policy and strategy skills. Crucially, the UK Cyber 9/12 Strategy competition pulls together mixed discipline teams, combining these different types of expertise, and gives them a realistic joint challenge.
According to the recent UCAS data, the percentage of female graduates with core STEM degrees is steadily growing; however, the split is still just 26%. This is also translated in the female STEM workforce, with women making up 22%, showing that some work needs to be done to encourage women to both study these subjects, and transition into the workforce.
The Cyber 9/12 competition therefore provides an excellent vehicle to promote the dialogue around the value and need for cyber strategy and policy expertise, how to generate these skills sets and strengthen the teamwork between both technical and non-technical disciplines.
Having a broad range of inherent and acquired diversity brings a larger pool of different ideas and lots of different perspectives to work with. Sameness has limitations where diversity is boundless. Sameness can move quickly towards damaging decisions, but diversity has a natural system of checks to balance the process.
This is something we have harnessed within our own digital team at WIBF, recognising the value of diversity, and where its team members can lean on each different experiences and work together to achieve spectacular results.
Anna de Rosier is the CTO-deputy of Women in Banking & Finance and a co-lead of their Digital team. She has 20 years’ experience leading large transformation programmes and projects for top tire banks including senior roles at the JP Morgan, Barclays Capital, Barclays Corporate, and HSBC. She has extensive experience delivering programmes and change initiatives across front-office, regulatory and big data space. She has managed globally diverse teams from IT, the business and vendors. Anna has MSc with Distinction in Business Management and is certified as a Practitioner in the government accredited Managing Successful Programmes (MSP) methodology.
Women in Banking & Finance (WIBF) has been championing women in financial services for 40 years. Our mission is to bring a gender lens to UK Financial Services by connecting, challenging and inspiring our network to unlock the full potential of financial services for all.
We are a not-for-profit, volunteer-led network, dedicated to connecting individual members and institutions across the industry and the UK, with branches in Birmingham, Bristol, Edinburgh, Glasgow, London and Manchester. We seek opportunities to challenge and inspire as a thought-leader, in collaboration with our partners and members (both male and female), to help deliver tangible change in the financial services industry.
Please find the WIBF at https://www.wibf.org.uk/ or on Twitter @WIBFtweets
The ‘Most Engaged’ Award officially launches
1 February - let the social media games begin!
This year we will be presenting the inaugural ‘Most Engaged’ Award to the team that is most active on social media. The winning team will receive public recognition and the opportunity to publish on the Atlantic Council’s New Atlanticist.
The New Atlanticist blog “showcases expert analysis from the Atlantic Council community on the most important global issues. Featuring breaking news reactions, opinion pieces, explainers and focused analyses, New Atlanticist provides a comprehensive look at the top global headlines and the challenges facing the international community.” The winning team’s blog will go to over 20,000 New Atlanticist subscribers and be promoted to the Atlantic Council’s 120,000 social media followers.
The competition will start on 1 February and run until 1pm on 18 February, with the winners announced at the final competition prize giving.
Points will be calculated based on the following criteria and you must hashtag your team name to claim your team points:
1 point – a tweet featuring #Cyber912 and tagging @AtlanticCouncil and @cyber912_UK
3 points – Instagram post with the #Cyber912 and tagging @AtlanticCouncil
5 points – film a 30 second video on your experience and share on Twitter or Instagram with #Cyber912
10 points each – a tweet from your University’s Twitter handle using #Cyber912, tagging @AtlanticCouncil and @cyber912_UK
Let the games begin and good luck!
Principal Manager, Cyber Defence Incident Management
(Vodafone Group CyberSecurity)
What to expect from UK Cyber 9/12: a view from the judge's panel
Sonia Kumar — Principal Manager, Cyber Defence Incident Management (Vodafone Group Cybersecurity) — is one of the judges for this year's competition, having made her debut on a judging panel in 2019. Here, she gives her thoughts on why industry needs more cyber security experts, what inspired her most during the 2019 Cyber 9/12 strategy challenge, and what our 2020 teams can do to give a top performance when facing the judge's panel.
"My job as a Principal Manager in Vodafone Group Cybersecurity operations is to lead Vodafone’s collective response to global cyber incidents. Specifically, I lead a team of cyber security incident managers who are dedicated to the task of protecting Vodafone’s customers and helping society remain secure and resilient in a world of increasingly sophisticated cyber-attacks. Being part of Critical National Infrastructure (CNI), alongside the organisation’s commitment to enhancing the lives of citizens, makes Vodafone an attractive target for cyber-attacks. Vodafone therefore recognises the importance in identifying future cyber security talent, especially future strategists. From my experience as a cyber defender, I know that the cyber security community of tomorrow needs to be a balance of both technical and non-technical minds, which is why I am taking time out of my working routine for the second consecutive year to support UK Cyber 9/12 as a judge.
2019 was my inaugural year as a judge and I was so impressed with the calibre of competitors and teams that I had the privilege to support. Cyber 9/12 gave me great confidence that the UK has a great pool of talent from which to fill the critical shortage of cyber security professionals. I loved the passion that I saw and felt during the competition and was glad to see diverse teams from all over the country. The atmosphere last year was energised and vibrant and it was evident how much work the teams and coaches had invested in producing their oral and written cyber briefs.
Following on from 2019, I have some advice to give to UK Cyber 9/12's 2020 participants. First and foremost, it is really important to read, understand and follow the brief(s). If you get this part wrong, then it won’t be the most favourable start for you. Teams will have received their first scenario packs by now, so work together and work meticulously on preparation. Preparation and research will be key to a good start. Think about the scenario and the different evolutionary paths that it could take. Think about why the event is called 'Cyber 9/12'. What are you helping to protect against? You are senior advisors to government and industry, so I want the information presented to me to be clear and without any ambiguity.
Remember, you are working as a team and should therefore distribute the work evenly. In the cyber security arena, success is not gained by individuals acting alone nor individuals seeking credit. Success is very much a team game and I want to see that throughout the competition and across all teams. Teams will receive continuous feedback from me and my fellow judges and my advice is to exploit that feedback as best you can. Not many people get the opportunity to get so much (free!) advice from so many senior cyber leaders, so don’t feel slighted if you hear something that you don’t like — your judges know what they are talking about! Not only will I be judging against the options presented to me, I will be looking for attributes that I look for in my own Vodafone team members such as team interaction and cohesiveness, presentation skills and team resilience. I follow the 'Spirit of Vodafone' and would advise you to do the same: we earn customer loyalty. We create the future. We experiment, learn fast. We get it done, together.
The competition will be exhausting but, as serious as the advice given above might sound, you will learn so much and you really will have a lot of fun. Take time to network and time to build your portfolio of cyber security connections and don’t forget to show support to your fellow competitors. The venue is amazing especially the revolving floors… Make the most of this fantastic opportunity and remember that everyone who is part of UK Cyber 9/12 — whether the organising team, sponsors, judges or coaches — is really happy that you have decided to be part of this memorable event."
Sonia Kumar is Principal Manager, Cyber Defence Incident Management (Vodafone Group Cybersecurity)
Dr Tim Stevens, Kings College, London
UK Cyber 9/12 Strategy Challenge:
For the Brave-Hearted, Not the Faint-Hearted
The UK Cyber 9/12 Strategy Challenge is a unique opportunity for students to experience the complex world of cybersecurity decision-making. Its immense value lies in its attention to the political and strategic aspects of cybersecurity. Cybersecurity is a technical endeavour, for sure, but high-level decisions of national cybersecurity are made in government and civil service meeting rooms. Cybersecurity, as with all forms of security, is political – Cyber 9/12 confronts this truth up-front and centre.
Cyber 9/12 gives students a flavour – under pressure – of how to develop courses of action in the face of an unfolding cybersecurity scenario and how to pitch these possible courses of action to government decision-makers. It helps them understand how to balance the competing interests of multiple stakeholders in situations of great uncertainty. Crucially, it equips them with the skills, insights and experiences essential to developing proactive cybersecurity professionals across government and beyond.
As coach of the King’s College London Cyber 9/12 team, I have seen first-hand how students need to be forensic, critical and creative in response to the intelligence reports (scenario packs) provided to them as the simulation unfolds.
It is your task to filter the deluge of data, intelligence, official memoranda, commercial reports, news items, social media and rumours. What can we plausibly assemble from this diverse information about the situation as it stands? What will happen next if we don’t act? What will happen if we do? How should we calibrate our responses in light of domestic and international political concerns? What are we missing?
As with ‘real-world’ cybersecurity, trust nothing and expect the unexpected. The scenario design team are devious and will happily distract you with red herrings and misleading correlations!
None of this is easy. You can expect significant ambiguity, deliberate obfuscation, incomplete data, false trails and fake news, not to mention frustration and late nights. From these you will build a set of policy recommendations to take to your bureaucratic bosses. They are short of time; how will you communicate complex ideas to them, whilst cutting through the inherent uncertainty of the cybersecurity environment?
On the day itself, you will present your initial findings and proposals to the judges. This can be daunting but, if you are well-prepared, this is your opportunity to demonstrate your analytical and presentational skills to the panel. They will want to know that you have thought about the scenario deeply and have left no stone unturned. They will assess you on your ability to synthesise and process the information given to you. Senior officials will demand accurate, actionable advice and it is your job to provide it.
If this doesn’t excite you, you may be in the wrong competition! If you love a challenge, then UK Cyber 9/12 is the place to be. You will make friends while developing skills, teamwork and confidence. Cybersecurity requires young professionals with the courage and adaptability to make difficult decisions based on imperfect evidence. Cyber 9/12 helps meet this profound need through people like you. Good luck!
Dr Tim Stevens is Senior Lecturer in Global Security and Head of the KCL Cyber Security Research Group, Department of War Studies, King’s College London. @tcstvns
UK Cyber 9/12 2020 is now LIVE
It's official! The first scenario pack for this year's UK Cyber 9/12 strategy challenge has been sent out to participants and the 2020 competition is now live!
Our teams have just a few weeks to submit their written assessments. After that, they'll come to London's BT Tower on 17th February to present their policy recommendations in person, with our panels of expert judges acting as the senior decision-makers in this scenario.
By the end of the day, we'll know which teams are going through to the semi-finals and therefore who will be getting Scenario Pack 2 to work on overnight...
It's all being kept under wraps, so we can't say too much. But we did manage to catch up with our cyber scenario guru, Andreas Haggman, earlier this week, and here's what he had to say:
Andreas Haggman, DCMS
"The scenario is based on some of the biggest geopolitical and technical cyber security trends visible today. The scenario themes have been curated to present a challenge specific to the UK context, testing participants ability to consider how the UK might respond to problem with both tactical and strategic dimensions.
The events in the scenario may be fictitious, but to anyone paying attention to cyber security news they will not seem far-fetched. These are issues governments must take seriously, even if they are wicked problems with no clear-cut solutions…
All very cryptic, I'm sure. But we're with him on at least one thing -- good luck to all our teams!
Let battle commence...
Pete Cooper is CEO of strategic security consultancy Pavisade,
Atlantic Council Senior Fellow, and the founder and director of UK Cyber 9/12
Teams competing in 2020 event announced!
It’s now less than three months to go until the Cyber 9/12 strategic competition returns to London’s BT Tower for the third year. Huge thanks go to BT for continuing to support us as our strategic partner – this competition really could not happen without our partners and sponsors.
Thanks to the 25 teams that registered for the competition – it’s fantastic to see interest and engagement growing year-on-year! Unfortunately, though, we can only take so many teams forward to the main event.
The UK Cyber 9/12 team are therefore very excited to announced that we have invited 17 teams to compete in London on 17-18 February. These teams hail from Bournemouth University, the London School of Economics, King’s College London, Queen’s University Belfast, Royal Holloway University, University College London, University of East Anglia, University of Manchester, University of Oxford, and University of Portsmouth.
Huge congratulations to these teams and their mentors! And if you weren’t successful this time round, please do remain engaged with the competition this year and don’t be discouraged from trying again next year. Cyber security needs a multidisciplinary approach and people from drawn from a range of backgrounds – and this, of course means, you!
We’re really looking forward to another amazing competition this year – and especially the creative ideas that the students will bring to the table in response to the 2020 scenario as it unfolds.
techUK is proud to support the work of the Atlantic Council’s Cyber 9/12 competition which bridges the cyber skills shortage by encouraging university students from a range of policy and technological backgrounds to get involved in the cyber industry.
It has long been clear that there is a cyber skills shortage, and the UK government recently announced that it plans to carry out a second audit into the state of the Country's cyber security workforce.
With 2018’s shocking revelations that just under half of all businesses felt they were insufficiently skilled to deal with a cybersecurity breach or attack, it is crucial that we promote efforts to increase cyber security skills across industry. Though there is clear demand for cyber security career paths, university courses related to the subject receive less funding than more traditional counterparts such as mathematics or physics.
Consequently, routes into cyber from other disciplines are much needed for those exploring their future career options and Cyber 9/12 provides a valuable opportunity.
The competition generates blended learning, allowing university students to understand the value of professions involved in the cyber sector while also emphasising the needs for a diverse cyber security workforce with a multitude of soft and technical skills. We at techUK believe diverse perspectives, like those promoted in the Cyber 9/12 competition, lead to more innovative solutions.
Gary Dreyer, one of the members of the winning CamPhishing team last year, highlighted how the competition can open up cyber security to those exploring alternative disciplines. While undertaking his MPhil in International Relations at the University of Cambridge, he saw Cyber 9/12 as an opportunity to learn more about the cyber realm and ensure that he would remain cyber aware in his future career.
Gary told techUK that his understanding of current issues in cyber security and his strategic communications skills were vastly improved by the competition and that it also provided him with excellent networking and social opportunities, giving him a strong connection base in the cyber industry, and allowing him to explore the geopolitical ramifications of cyber threats.
It is opportunities like this, where students are given an understanding of how the cyber security industry works and how it can impact other sectors of society, which makes techUK so supportive of the competition.
Commenting on techUK’s support for the competition Talal Rajab, techUK’s Head of Cyber and National Security, said: “techUK is delighted to be supporting the Cyber 9/12 Strategy Challenge. The cyber skills shortage is a well known problem, with a recent parliamentary report urging government to address the growing UK cyber security skills gap. Much of the work done in this space to date, however, has focused on growing technical skills and capabilities.
That is why initiatives like the Cyber 9/12 Strategy Challenge are so important, as they focus on developing “soft skills” like strategy, policy analysis and presentational skills that are also in short supply in the sector.”
Talal is the Head of Programme – Cyber at techUK, the trade association for the UK tech sector representing over 850 companies
Andreas Haggman, DCMS
Skills, teamwork, late nights and other reasons why
Cyber 9/12 rocks
Andreas Haggman (@Andreas_Haggman)
I first came across Cyber 9/12 (the Geneva edition) as a PhD student at Royal Holloway’s Centre for Doctoral Training in Cyber Security. I was instantly enamoured by the competition because I had long looked with envy at the CTFs and hackathons available to technical students. Finally, I thought, here was something that seemed to be just as exciting as any technical competition or game, but in my seemingly niche non-technical space. Cyber 9/12 lived up to those expectations and so much more.
I have many vivid memories from my time in Geneva, from rehearsing our team’s well-choreographed presentation to winning the award for Most Creative Policy Response.
What stands out though is both the exhaustion and satisfaction from staying up until 3am working on our policy responses to the second intelligence pack. In those wee Swiss hours, we really pulled together as a team and came up with some surprisingly brilliant analysis and policies. Sure, we might not have made it through to the final round, but I was proud of our efforts and the enjoyment working so closely with a team all in the same boat was worth the bleary eyes the next day. Teamwork really does make the dream work.
Aside from the value of teamwork in general, my single biggest takeaway from competing in Cyber 9/12 was understanding the importance of multidisciplinary approaches to cyber security. On our team we had a mix of technical and non-technical people from different backgrounds (and also gender representation) which led to some very innovative policy formulation.
What really hit the lesson home for me though, was after the event when we reflected back on our experiences, and the technical person on our team said their main takeaway had been that “in international relations it matters more who did it than what happened.” I had not previously appreciated that from a technical standpoint the who is much less relevant than the what because problem-solving does not assign blame. In policy, however, responsibility (the who) is an important matter that is part of solving the problem. Before Cyber 9/12 I had bought into interdisciplinarity on a theoretical level, but the event allowed me to experience the benefits of it first-hand.
Helping to facilitate the 2019 competition
Cybersecurity is about more than technology. The UK Cyber 9/12 Strategy Challenge was founded to broaden the debate around the cybersecurity challenges we face, and the workforce we need to tackle them. Since we started in 2018, we have highlighted the need to broaden the way we think of cybersecurity skills, incorporating areas such as political science, policy, and international relations.
We are proud to have found and coached amazing competitors from across many UK universities. These competitors have come from multiple disciplines and demonstrated fantastic teamwork, knowledge, and the ability to be future cybersecurity leaders.
This year, Rapid7 provided the prize for the winning team, bringing them to Las Vegas to experience the DEF CON security conference. The blog below from one of the members of the winning team, Ainsley Katz, details her experience of competing, attending DEF CON, and entering the cybersecurity community in a professional international relations capacity. Thank you and congratulations to Ainsley and the rest of the Cambridge University team for participating in the competition, and demonstrating amazing insight, passion, and engagement through both the competition and their trip to DEF CON.
Pete Cooper is CEO of strategic security consultancy, Pavisade, Atlantic Council Senior Fellow, and the founder and director of UK Cyber 9/12
Ainsley Katz, "CamPhishing", University of Cambridge Winning Team 2019
Cyber Takes Flight: My Experience Competing in the Atlantic Council’s Cyber 9/12 Strategy Challenge!
If someone asked me about my post-grad plans in January, I wouldn’t in my wildest dreams have envisioned flying an F-35 in Las Vegas or working at the U.S. Cyberspace Solarium Commission. In January, I was studying for my MPhil in International Relations and Politics at Cambridge University, and my understanding of all things cyber was almost as rudimentary as binary code flying around in space. All this was prior to participating in the Atlantic Council’s Cyber 9/12 Strategy Challenge.
Though I had no prior cyber experience and enough on my plate with my Master’s coursework and dissertation, when I learned of the Atlantic Council’s Cyber 9/12 Strategy Challenge, I felt strangely compelled to participate.
Just as mysterious was the gravity by which a hodgepodge collection of three fellow MPhil students and myself coalesced, received sponsorship from Cambridge's Academic Centre of Excellence in Cyber Security Research (ACECSR), and found a team coach in ACE-CSR member Dr. Jat Singh. However it happened, suddenly — and seemingly ex nihilo — team CamPhishing was born.
"CamPhishing", University of Cambridge Winning Team 2019
From Left: Gary Dreyer, Ainsley Katz, Tomass Pildegovics, Jamie MacColl
Competing in the Cyber 9/12 Challenge was one of the most unique, valuable, and enjoyable highlights of my Cambridge experience. The Challenge sees UK university teams take on the role of senior government advisors tasked with assisting Ministers in responding to an evolving cyber attack. Over two days, the scenario evolves through three rounds with a grand finale in front of senior UK cyber security experts.
Winning the Cyber 9/12 Challenge was as incredible as competing. For the First Place Prize, CamPhishing was generously sponsored by Rapid7 to attend the huge cybersecurity conference, DEF CON, in Las Vegas. Over the course of the conference I heard the likes of Representative Jim Langevin, Jane Harman, and Rapid7’s own Jen Ellis discuss Congressional efforts to address evolving cyber issues.
I also learned about the current challenges faced by Tor, heard Bruce Schneier’s clarion call for greater technologist involvement in policymaking, and listened to the White House’s Joshua Steinman discuss the elimination of the Cybersecurity Coordinator role on the U.S. National Security Council. Oh, and did I mention I flew an F-35? Granted, it was an F-35 flight simulator in the DEF CON Aviation Village and my flight skills weren’t at all up to the snuff of an Air Force pilot, but it was nonetheless quite the experience.
Three Fifths of Team ‘CamPhishing’
From left: Tomass Pildegovics, Ainsley Katz, Jat Singh
All in all, the Atlantic Cyber 9/12 Strategy Challenge certainly succeeded in interesting me to work in cyber.
Since DEF CON, I have begun working as a Cyber Strategy and Policy Analyst with the U.S. Cyberspace Solarium Commission. The Cyber 9/12 Challenge prepared me to think critically about proportional and viable policy options when dealing with cyber attacks while DEF CON not only taught me vital practical and technical topics in cybersecurity, but also introduced me to some of the most impressive and interesting individuals working on cyber issues today.
For these reasons and more, I wholeheartedly recommend the Cyber 9/12 Challenge to students, regardless of their prior experience (or lack thereof) in all things cyber.
Main prize sponsor 2019