Skip to content
European Cyber Security Challenge (ECSC)
Team captains from the participating countries                                                                   Credit: David Bohmann

 

This year’s European Cyber Security Challenge (ECSC) was recently hosted in Vienna. One of Ekco’s Information Security Analysts, Daniel Cahill, led the Ireland team in a two-day challenge which saw the best of up-and-coming IT security professionals from 28 countries and six guest countries compete against one another.

Here’s what Daniel had to say about his experience at ECSC and how these competitions can be key to feeding the pipeline of cybersecurity talent in Ireland.

What is the ECSC all about?

The ECSC is about getting young talent and young professionals from all around Europe to participate in various cybersecurity challenges to enhance their skills and knowledge. It’s also aimed at increasing awareness of cybersecurity as a career and the industry’s challenges, while highlighting the existing talent.

How do you get chosen to compete?

Each country has their own system of qualifying rounds. Some countries had hundreds of applicants and so they held quite a few qualifying rounds to get to the final 10. In Ireland we had fewer applicants, so we only had one qualifying round. Getting more people interested in cybersecurity as a career is something Team Ireland is working hard on.

Why do you think there was less interest in the competition in Ireland?

I think one of the reasons has to do with how college syllabuses are structured.  A lot of college courses don’t focus on cybersecurity until you’re in your second or third year. Many students also don’t have much interest in Capture the Flags (CTFs) because they think it’s too gamified and it’s not real world experience.

However, CTF game experience, even before college, can really help to get potential employers interested in you. Those within the IT industry know that a lot of the CTFs are actually quite challenging. With CTFs you’re detecting vulnerabilities in applications and exploiting them to get the flag essentially. I think we need to make young people who are interested in IT more aware of the benefits of participating in CTF challenges. They’re a lot of fun, too!

ECSC
Working through one of the challenges       Credit: David Bohmann

How does participating in CTF challenges and competitions like ECSC help you do your job better?

So there’s different categories within CTFs, for example cryptography, forensics, binary exploitation and reverse engineering. And the category that I work on mostly is web exploitation, which involves testing web apps and looking for vulnerabilities inside web apps. A lot of the work I do at Ekco is web app security or web app penetration testing. So I can be doing a pen test for a client and see it’s similar to something I’ve seen before in a CTF challenge. For example, a bypass that I found in a CTF challenge can work in a real-life pen test. So there is definitely a correlation between the research I do to try and figure out a solution to a CTF challenge and how I tackle an actual pen test.

Which challenge did you enjoy the most at ECSC?

Definitely Attack and Defence Day. Each team was given seven servers and we had an hour to look for vulnerabilities on them. After the hour was up, our servers were accessible to all the other teams. So you had to try and find vulnerabilities in your servers, patch them and then write exploits to steal other people’s flags. This would give your team points. It was quite interesting to see the scale of attacks coming in on our systems and then having to adapt our solutions, but also create our own exploits to be able to attack other people. It was really fun and the first time I’ve done something like that with over 30 other countries participating.

ECSC
Team Ireland at ECSC

What’s the best part of your job as an Information Security Analyst?

I enjoy the fact that with the pen tests, every job is different – a different company, a different website and a different system every time. So it’s nice to not be stuck on the same thing every week. And identifying system vulnerabilities for our customers means pointing out their business risks, so it’s important work.

You’ve been with Ekco for a year now. What made you decide to go into cybersecurity?

This is my first job out of college, where I started studying general computing. Then in my second year one of the other students introduced me to CTFs and I really enjoyed it. That’s where I started getting really interested in cybersecurity and switched courses.

How do you see your career trajectory over the next few years?

In the future I’d like to transition into security research, where you can take a deeper dive into an application or product and look for vulnerabilities. A pen test might only take a week or two, but with security research you get more time to look deeper into services to find vulnerabilities.

What would your advice be to a school leaver who was interested in pursuing a career in cybersecurity?

I think the main thing would be not to wait until you leave school to get involved in things like CTF challenges or bug bounties. Some of the competitors from the other ECSC teams were 19 or 20 years old, but already had 4 years’ experience, and they were insanely talented. This is one of the things we’re trying to push with Team Ireland. We’re focusing on how we can get people involved from high school age so that we can do even better in competitions like ECSC.

If you or someone you know is keen to enter the world of cybersecurity, then be sure to register for Ekco’s virtual graduate open day on Thursday 10 November from 11am-1pm. Registrations close on 8 November at 5pm.

Students learning

Question?
Our specialists have the answer