CyberChallenge.it, the 2021 edition at the starting blocks

01/02/21

CyberChallenge.it is one of the many responses that Italy is giving (along with new degree courses, professional training programs, and advanced training in research doctorates) for the identification of new, young talents to be educated in the field of security computer technology.

The program, in which 2020 Italian universities (together with Army Training Command and Application School of Turin), consists of a three-month course for the 20 best students, coming from high schools and universities, who obtained the best scores at the end of an admission test in logic and programming. The course provides students with the essential elements for learning cryptography, web and application security, hardware and network security.

The peculiarity of the training is that the topics taught prepare the students for competitions Capture The Flag (CTF), whose goal is to solve a certain security problem (for example, exploit a website's vulnerability) to find a "secret", said flag. The course ends with a local competition (jeopardy) between the participants and a national one (attack and defense).

The initiative was also held with great success at the University of Cagliari, which has participated since 2019, which has seen over a hundred students from schools and universities in 2020, and for the 2021 edition it is having the record of enrollments with over 150 students. 

Compared to last year the course has further improved, with new topics and with the participation of participants from previous years as tutors. Furthermore, for a year now, some of the participants of CyberChallenge UniCA have formed a team, Srdnlen, which participates in international competitions with excellent results (fourth in the Italian ranking and top 100 world ranking). 

 Unfortunately, the pandemic has forced everyone into an entirely online activity, but this has not prevented the significant participation and involvement of the children (also from a social point of view).

Before leaving space for the students, I would start with a question to colleagues Giorgio Giacinto (Dept. of Electrical and Electronic Engineering) and Massimo Bartoletti (Dept. of Mathematics and Computer Science) who coordinated the 2020 edition with me. I would ask Prof. Giacinto to tell how the CyberChallenge project was born and to prof. Bartoletti to say something about the quality of the participants in the last edition.

Giorgio Giacinto. "The project was born in 2018 within the newborn National Cybersecurity Laboratory of CINI. The lack of cybersecurity experts compared to the demands of the world of work and the forecast of their growth, has prompted the laboratory to arouse curiosity for this sector in younger people through play. In fact it is a discipline that at first sight can be frightening due to the amount of knowledge and skills required. The metaphor of the game allows you to overcome the initial obstacle and discover a fascinating and at the same time vital sector for security of each nation. The first edition was born at the University of Rome La Sapienza and then extended in the following years to the whole national territory. This model is becoming an example for other European nations."

Massimo Bartoletti. "The students who participated in the 2020 edition of the CyberChallenge deserve a special commendation: despite all the limitations imposed following the COVID emergency, they enthusiastically participated in the lessons and exercises, sacrificing their free time to solve the assigned challenges - and fitting all this with school and university lessons. The playful spirit of these challenges - in which the kids impersonate hackers who try to attack a computer system - is very helpful in stimulating their intelligence and their collaborative spirit. the main qualities developed by the CyberChallenge are perseverance, which is indispensable when you have to attack an apparently impenetrable system, and paranoia, which generally has a negative connotation, but for a computer scientist it is a virtue, because it allows you to never take for granted the security of a software system."

Now it's up to the guys: I would ask you to introduce yourselves:

Robert: I'm Roberto, I'm 21, I was born in Cagliari and I study IT here at the University of Cagliari.

Daniel: I am Daniele, I am 18 years old, I come from Fordongianus, a town in the province of Oristano and I am attending the fifth year in the OTHOCA state industrial technical institute in Oristano.

Sylvia: I'm Silvia, I'm 23, I'm from Sassari and I've been studying at the University of Cagliari Computer Engineering for 5 years, I'm currently specializing in Computer Engineering, Cybersecurity and Artificial Intelligence.

Guys, how did you find out about CyberChallenge? What stimulated your curiosity towards this path?

Robert: Towards the middle of my first semester (2018-2019) a professor told us a little about the CyberChallenge project, advising us to sign up and talking about what would be done. Unfortunately that year I was unable to participate, but I managed to sign up and pass the test the following year, in 2020. I signed up because I believe that the field of security is something that everyone must deal with, at least to get an idea on what is or is not safe to do, as well as being intrigued by topics like reverse engineering for a long time.

Daniel: I got to know the CyberChallenge project thanks to a professor who proposed it in class. I found in CyberChallenge the opportunity to deepen and learn about new things in the field of computer security, and also the opportunity to relate to other guys who share my same passions.

Sylvia: I met the CyberChallenge path in 2019, the first year of participation for the University of Cagliari, when during some lessons the professors had talked to us about the CyberChallenge program. As I learned that after the selections a course on IT security would be held, I decided that in 2019 I would participate in the selection in order to have more knowledge on IT security during the master's course.

What are the skills you have been able to work on thanks to CyberChallenge? How do you feel you have improved?

Robert: During the course we explored issues such as web security, system security, and cryptography. It is quite easy to be able to follow all the topics, and learn a lot from each category, although then, of course, if one wants to continue, it is important to specialize.

Daniel: The skills we worked on during the project concern the world of cybersecurity in general. During the CyberChallenge project I feel I have improved a lot in all the topics covered, even if slightly more in system security. I also improved on issues detached from cybersecurity such as team-working and programming skills in general.

Sylvia: Thanks to the preparation for the CyberChallenge tests I have improved a lot in programming, while during the course I have addressed specific issues on IT security and above all by directly testing certain vulnerabilities that, even if simulated, are very close to a real scenario.

Due to the COVID-19 emergency, the process was carried out entirely online, including the final stages. How do you rate this modality?

Robert: In some ways I'm sure the experience is better live, especially for the social part. At the same time, however, I believe that being able to do the lessons online has allowed us to deal with a wider range of topics, while being much more flexible as a modality. The only loss was not being able to participate in the live finals. All in all so I think the positives and negatives balance well, and I'm not sorry to have participated during this somewhat unfortunate year.

Daniel: Even though the journey was done entirely online we had the opportunity to interact with our teammates as if we were physically present, we have managed to create a relationship that I hope can be encouraged when the epidemic ends. The lessons were organized using flexible hours that allowed everyone to follow them. Even the practice sessions were carried out with punctuality and great organization, in addition to the professors, there were also the boys who had attended the course last year who helped us as tutors.

Sylvia: Although the online mode did not allow me to get to know my teammates in person, I was still able to interact in depth with many of them, helping us along the way in solving certain challenges. However, we managed to create a team and I didn't find many difficulties in following the lessons, asking for help from the tutors and in any case also having fun. In the end, it was also nice to know our voices, to become a group but to discover the faces only when the COVID-19 emergency has subsided a bit.

At the end of the training course, an important step is represented by the local and national finals. Roberto, as winner of the 2020 edition for UniCA, can you tell us something about how the tests took place and what your overall experience was like?

Robert: The local and national finals were held entirely from home. On the one hand, it's a bad thing, since all of us finalists have lost, let's say, the experience of traveling in groups. On the other hand, I think it can be very useful for those who, like me, suffer from anxiety, since being in a familiar environment like home, and still being able to organize themselves at will, certainly helps to remain calmer and perform better. I am very satisfied with my path, and I feel I have grown a lot in the field of security, although I still have a lot to learn. In fact, it is not uncommon that during the development of a program you now notice some flaws, even very dangerous ones, that I would never have noticed before.

Let's take a step back now and talk about the admission test. Daniele, you have completed a brilliant path and admission test, despite coming from an upper secondary school, showing that age is not necessarily a discriminant of merit. What do you feel like recommending to those who will participate in the selections? What advice do you feel you can give to prepare for the test?

Daniel: I recommend everyone to look at the material on the cyberchallenge site which is full of exercises you can perform in order to practice in view of the selections, I also invite everyone to take the selections calmly without getting anxious since the selections are not nothing impossible, so I advise everyone to try, even if you are afraid of not being able to pass them. In both cases you will have gained something.

Unfortunately, a major problem in the field of cybersecurity is the low participation of girls compared to boys. This year, the locations participating in the project (as well as CINI itself) are launching various initiatives to encourage the presence of women at CyberChallenge. During the last edition of CyberChallenge, UniCA was among the locations with more girls participating in the course (4 out of 20). Silvia, as a participant in the last edition of CyberChallenge, what advice do you feel you can give to the girls who intend to face the selections?

Sylvia: Unfortunately, there is still often the stereotype that certain professions are for males and others for females and this can sometimes block potential excellent professionals in the sector. This is the case of information technology, a work seen by "man" and security with the classic image of the male hacker. Given my experience both in a faculty considered male and in the CyberChallenge program, I advise all girls who are passionate about cybersecurity to leave the voices and stereotypes on one side and do their best to carry out a path that in itself does not imply having qualities that only men have but is based on logical skills that can be acquired by all.

For about a year now, those who have participated in CyberChallenge.it here at UniCA have had the opportunity to join a local Capture the Flag team, srdnen, which plays various competitions internationally. Could you tell us your experience within the team?

Robert: Joining the team is an opportunity to continue the path taken at CyberChallenge, and therefore continue to learn and improve in the field of security. In addition to being an opportunity to learn, it is also an opportunity to have fun: every month we do at least one race, where each of us collaborates to solve challenges, an occasion in which we talk between teammates, both challenges and any other topic. I am currently part of the Crypto team.

Daniel: Having joined the srdnlen team has allowed me to always keep myself trained and continue to improve myself, since we have training every week and every month we do several CTFs. Within the team I was very well received by all the members, we also constantly exchange information, we help each other and all this allows us to improve our skills. I am currently part of the reverser and pwners team.

Sylvia: Being part of the srdnlen team is an opportunity to continue improving on cybersecurity. Every week we have training to be able to better face the CTFs we participate in. These are also online for the COVID-19 emergency but we are still managing to create a good group and obtain good results during the competitions. Within the team, together with other boys and girls, I deal with the categories “Forensics, Misc and Web Exploitation”.

As a last question, what do you feel like recommending to the new generation? Can this path really help young people to develop cybersecurity skills and, why not, also to find work?

Robert: I think a lot more people should try to enroll in the course. One piece of advice I would like to give is to try the admission test, even if anyone, seeing only 20 places available, might think they won't be able to enter. I think that almost all the participants had this fear, despite having entered at the end, and maybe even reached the final. Very often we see reports of attacks on very important infrastructures, which probably could have been avoided by giving more importance to teaching the security factor. I think this path is an excellent opportunity to plug these holes, and perhaps discover that you want to continue in the sector, a great job opportunity as there is a great need for experts.

Daniel: I recommend anyone interested to try to participate in the program, because I see CyberChallenge a great opportunity for us young people. Yes, this path helps young people to develop cybersecurity skills that one day could also be used in a workplace. The CyberChallenge project is also funded by large companies that are interested in investing in young people. Furthermore, having attended the project allowed me to participate in BlackHat Europe 2020.

Sylvia: I recommend to anyone interested to participate in the program, train a lot with the old tests on the site and do everything to get into the 20s because it is a very strong experience from many points of view. Above all, I recommend taking the test calmly, leaving anxiety out the door. Yes, CyberChallenge helps you develop and improve cyber security skills and luckily find a job too. A few months ago I was contacted by a company and one of the first things that emerged during the interview was the appreciation for having participated in the CyberChallenge program. Not only that, at the end of the course you have the opportunity to get to know all the sponsoring companies of the program and therefore also be able to find a working ambition in the various cybersecurity sectors.

Thanks guys, and good luck to the participants in CyberChallenge 2021!

Davide Maiorca, Ph.D.
AssistantProfessor
Pattern Recognition and Applications Lab
Department of Electrical and Electronic Engineering
University of Cagliari
For further information: CyberChallenge.IT