Cyber Security Challenge #6

Since my last full blog, my work life has taken a few turns, and I briefly left the world of journalism and my specialist subject of IT security. In that time journalists were kept busy by big stories such as the data breaches by Ashley Madison and TalkTalk, the ability to remotely hack a Jeep and the return of ransoms in the form of malware or “stand and deliver” style denial of service attacks.

After leaving the awesome IT Security Guru at the end of RSA Conference week (late April to the uninitiated) I joined analyst firm 451 Research.

Those six months have passed and upon leaving there and my return to journalism, I was delighted to attend another masterclass of the Cyber Security Challenge. The sixth winner since the programme began in 2010, 38 year old Peter Clarke won after completing a 48-hour cyber defence battle investigating and averting a simulated cyber attack involving a biological attack on Church House in the grounds of Westminster Abbey.

The final saw 42 (with 41 making it to the final day) combatants compete in the two-day Masterclass final, developed by a team from QinetiQ and supported by experts from Bank of England, GCHQ, National Crime Agency, BT, Cisco, Falanx Group, Roke Manor Research, Simudyne, and CyberCENTS Solutions.

IMAG0041.jpgIMAG0040.jpg

The Challenge was set up to try and remove the major skills shortage in UK cyber security, by getting more people interested in it and aiming to draw contestants from across UK industry. This year’s winner was an engineer for a car manufacturer, and around half of last year’s finalists are already in their first cyber security jobs.

One statistic that I did find interesting was that more than 50 per cent of the final 42 were involved in online gaming. I talked with Jess, the only female finalist who is studying in her final year of an BsC in Computer Gaming Programming at Leicester De Montfort University.

She told me that she first heard of the challenge through a presentation at the university, where a camp was also held with a capture the flag style challenge. I asked her if she was interested in a career in IT security, and she said she was as “it seems fun and people in security are all from industry and they are a lot more laid back”. Take from that what you will, but the next generation see this job as something enjoyable then it has got to be a positive.

Speaking to Bob Nowill, chairman of the Cyber Security Challenge UK, said that it was about making the challenge accessible. One addition was the online gaming experience Cyphinx which was designed as a Second Life-style environment. “Everything is solely online, this year we removed the face to face and used hacking labs and added to the techologies online,” he said.

I also spoke to Matt Anderson, EMEA director at the SANS Institute, who continued its sponsorship of the challenge. He said that as well as providing prizes, it is working with the challenge to bring unspotted talent through its own cyber academy.

What I’ve always admired about the Cyber Security Challenge is its willingness to talk to those who are not in the sector at a level that they understand. It isn’t about the gender balance and ensuring that the final year of university students win so that they are given jobs at GCHQ, it’s about presenting IT security as a career in a positive light.

As I said, there have now been six winners of the challenge and I’m fortunate to have met and interviewed several of them. This year’s winner said he only entered the Cyber Challenge eight or nine weeks ago without many qualifications, so to be the winner “is unbelievable”.

He said: “I’ve had an interest in cyber for several years now and keep a breadth of the current trends and tools in the industry, but this is the first step towards a future career in the area. I really want this to become my profession and the Cyber Security Challenge has given me a catapult into the industry that you can’t find anywhere else.”

All good news, and Nowill encouraged any individual to have a go at some of the games on the play-on-demand gaming platform.

Registration is already open for next year’s programme and a host of competitions are available to play now. Using the play-on-demand system which allows access to games any time, you could sign up and take part in just a matter of clicks.

I want my NME

News appeared today the mighty New Musical Express (NME) is to move to a free distribution model in order to boost flagging sales.

According to the BBC, this will boost the readership from a weekly circulation of 15,000 to around 300,000. Of course the move is not without precedent, as Time Out did a similar move a couple of years ago with free distribution on Tuesdays across the capital.

Now the 63 year old music paper, which I read every week from the mid 1990s to the mid 2000s should survive the inevitable collapse of print media that has seen national newspapers and magazines find different ways to diversify and generate a revenue.

In my view this is a great move for the NME. The days of it breaking news on its pages are over as people (including me) go to its website for breaking news, and Twitter and Facebook are there for tour dates and for bands to have a direct communication with fans.

What NME still offers is the interviews and profiles of the new bands that forms its central editorial, while its live and album reviews are what its journalists do best. I had some experience of the atmosphere having spent a week on work experience there in 1998 (biggest bands of the week were Embrace, Unbelievable Truth and Ultrasound, I had the pleasure of meeting some established journalists and rewriting faxed articles).

I really hope this enables the NME to survive as in the USA there is Rolling Stone and while in the UK we have lost Smash Hits, this is one musical institution which I hope will carry on.

tumblr_n3kho9Pb7K1qctvzro1_1280

Hop to the ground Victoria

Today I’ve added a new link to the blog my wife Victoria (or Vicky as some of you know her) has started about her (and hopefully I will be there too) travels to various football matches both in and out of London. Last season we were delighted to attend matches at Clapton FC, Waltham Abbey FC and Haringey Borough, while I made my first visits to Kings Meadow to see both AFC Wimbledon and Kingstonian, but there is so much to see in this city.

 

I’d recommend a regular for her blogs on where she has been, hopefully it will inspire you into doing some non-league groundhopping yourself https://groundhoppinggirl.wordpress.com/

RSA Conference 2015

At the time of writing I am in one of my favourite bars (Jack’s Cannery in San Francisco) looking back on another successful RSA Conference. How can I deem that it is successful? Well I got here, met old friends and made new ones, saw some great talks and got what I hope is some pretty good content for the day job website.

Of course the biggest news of the week regards the day job, with me announcing that I’ll be departing Eskenzi PR from my job as editor of IT Security Guru which has been fantastic, and I have never regretted turning down positions at more established titles to take back in summer 2013, to shift to 451 Research where I will be working from mid May.

I have had plenty of opportunities to announce this and it was hard to keep quiet, but the response has been fantastic. I’ve also had 3 common questions, mostly when do I leave/start, and what will I be covering? The answers in order: Friday 23rd April, Monday 18th May and “I don’t know yet”.

Little to say about the upcoming job apart from the team seem fantastic and I got a great welcome at an event in San Francisco this week. For the old job, I wouldn’t have left apart from for the right position and I’m leaving a fantastic team who I hope will remain friends.

I’ve done security journalism for close to seven years now and while I am not bored of it, the prospect of a change was great. In my time I’ve met plenty of great people and been fortunate to cover some great stories and research. I won’t hear anything about journalism being a dying profession, that is for another blog, but in the hands of the likes of Brian Krebs, Tom Fox-Brewster, Dan Goodin, John Leyden and Darren Pauli, security journalism is in a very good state.

As I started off by saying, this all took place during RSA Conference, the global gathering of security’s finest minds at the Moscone Center. This was my third visit to the conference, the previous two falling in my previous guise at SC Magazine in 2011 and 2013. To bring IT Security Guru here was a pleasure, I did submit talks to both RSA and its counterpart BSides SF, but with so many fantastic minds in town I am not surprised to have failed to make the cut.

The week started well with a comfy flight in via Calgary and a decent and cheap hotel. I’ll pass over the fact that my phone ceased to work and I was forced to buy a Mini SIM adaptor to use my 2009 era iPhone as my device of choice. In fact I’m writing this blog on it!

BSides was good fun with some good people, free bagels and plentiful coffee – by failing to buy a ticket in time I was advised to turn up at 8am and see if I could get in. No such problems with the jet lag and I got a good portion of the day in, and met with my new team in the evening before heading to the annual cocktail fest of TongaCON at the Fairmont.

RSA, for those who have not been, is a global gathering of IT security minds and since I last came, has switched its opening keynote speaker, branched its expo hall into two halls, and put its speaking and press rooms into new places. I’m not going to complain, everything was easy to navigate and kudos to the organisers and press team for an excellent job well done.

The coverage is likely across the Internet, and I hope I was at the best sessions (about 15 go on at any one time) so it takes some prior judgement to make sure you’re at the best ones.

RSA is also known for its social gatherings and I attended what I could with busy days and early starts, and I’ll pass the best party of the week to the bug gathering under the highway organised by Alert Logic, Barracuda Networks and Bugcrowd.

With my employment coming to an end officially on Friday morning, I’ll spend my last few hours writing the final interviews up, and pass control of IT Security Guru back to the team. Treat it well, a lot of hours have gone into making this great.

Across and over the line

This could be my most right-on post yet, and what I’m about to say may not be particularly original but there is a large part of society which will agree with me.

The trolling of Sue Perkins on Twitter over her link to the vacant host position on Top Gear is not only disgraceful, but it shows a poor representation of the show’s viewers. I can recall when Top Gear was a motoring programme produced by the BBC to fill a niche for enthusiasts. In the past ten years it’s brand changed to be about its presenters and their antics. The cars should have been annoyed, apart from a review of a new model that was tested by The Stig, most of the show was essentially Lad TV that anyone could enjoy.

Was it bad? No it was funny and it attracted a great calibre of guests and kept the cynical views of the hosts at its heart. Jeremy Clarkson was a great host as it goes, he followed the Jeremy Paxman model of doing what he thought was right and persisting until he was told otherwise (maybe that is what caused the downward spiral?) and kept together a show that developed a strong identity of 40 something men in denim enjoying themselves.

His departure and potential replacement has caused plenty of discussion and as I said at the top, bad headlines causing the comedian, writer and host to suspend her social networking activities due to death threats.

There is so much wrong with this it could take another 500 words to complete, but I suspect I am not alone in thinking that Sue Perkins and James May would be an excellent pairing for the next version of Top Gear. If it ends up being Chris Evans or Dermot O’Leary then it will show a lack of ambition at the BBC as they are doing a like for like replacement for Clarkson.

What the opportunity here presents is for a new direction, perhaps even back to the essence of motoring journalism. James May has proved himself to be an excellent pundit in his guise as “Captain Slow”, but I’d rather watch him than Bear Grylls talk about piston wear as I know he will know what he is talking about.

As for the host, a wise cracking, no shit taking female would be perfect, and as Suzy Perry has proved on the BBC’s coverage of F1 and Jacqui Oatley will hopefully demonstrate as ITV’s new football anchor, the right person in the right job can be a winning combination.

Time will tell if Sue Perkins is right for Top Gear, although I now fear that she will turn the opportunity down because of the death threats, and it will be up to the BBC to prove the haters wrong.

Let’s reclaim the originals

I think it is time that we seized back those works of art that are criminally butchered by the modern generation. I’m not talking films, I am talking songs. Mark Ronson is to blame – taking decent songs and covering them into bland, lounge level music.

I know Charlie Brooker offered some agreeable points on the Christmas songs turned into breathy advertising backing tracks for high street retailers, see the once sex-war-religion trilogy of Frankie Goes to Hollywood turned into a mush, but instead I am going to try and reclaim something I believe to be perfect. The Smiths song “Stop me if you think you’ve heard this one before” didn’t appear on the best of I bought in the 1990s, and doesn’t appear on their finest work “The Queen is Dead”, but it remains a terrific tune.

Mark Ronson turned it into…something boring. Here’s the one you should be listening to –

In praise of Cyberbully

Maisie Williams as Casey Jacobs

Yes that is a deliberately misleading headline, I’m not in favour of the concept of cyber bullying at all of course, instead this is about a drama that aired on Channel 4 in the UK this week.

Starting Maisie Williams from Game of Thrones (Arya Stark), the drama showed a real situation for a teenage girl on the internet. Apparently based on real events, it showed this late 30s viewer how the internet is used by teenagers, and how what you post can backfire on you.

A gripping tale reminiscent of the film Phone Booth, I don’t want to give away any spoilers, but I not only encourage you to watch it, but I would encourage schools to show it to students of mid-teenage years who may get caught in the same situation.

Rather than review it and give away a bunch of spoilers, watch it here while you can – http://www.channel4.com/programmes/cyberbully