Hacking competitions burnish cybersecurity resume
There’s a big question for those looking to get a job in cybersecurity: how can you prove to a potential employer you have the skills to stop hackers?
Demand is growing for cybersecurity employees, but companies are picky about who they hire. Having a computer science degree is helpful, and there are cybersecurity certifications that are supposed to prove your skill. But there’s another big resume item out there: winning competitions.
Devin Gergen works for the cybersecurity firm CrowdStrike. But when I talk with him, he’s not protecting computers, he’s hacking into them. “We’re trying to get commands to run on a computer using nefarious means,” he said.
Gergen was one of about 200 people at the recent NetWars championship in Washington, DC. It’s one of a bunch of new cybersecurity competitions. You win by showing you can replicate real-world hacks just like the “bad guys.” (And yes, pretty much everyone in cybersecurity really does refer to hackers as bad guys.)
“We saw a lot of bad guys taking advantage of these vulnerabilities we’re going against here in this competition setting,” Gergen said.
Winning NetWars isn’t just about bragging rights. Potential employers like John Strand are watching. Strand owns Black Hills Information Security. “Whenever I get a resume from someone and they say they are NetWars champion, that resume goes to the top of the list,” Strand said.
Given all the demand for cybersecurity employees, you might think it’d be easy to get a job. Not so said Vivi Langga. She is a college senior at San Jose State University specializing in cybersecurity. “It’s really scary looking at the requirements” for cyber security jobs, she said. Companies want years of experience, but they don’t want to invest in training you. “It’s hard to get your foot in the door,” Langga said.
To be more competitive, Langga and fellow students have been entering cybersecurity competitions. They’re trying to prove they’ve got what it takes to people like Alan Paller.
Paller directs the SANS institute, a cybersecurity organization that hosts NetWars and searches for people with the right stuff. Those people can be hard to find, he said. You can’t just go to computer science programs at the best colleges and recruit, Paller said, and every programmer isn’t necessarily good at cyber security.
“What we’re looking for,” Paller said, “are people who like taking things apart and who don’t care so much about putting the toys back together after they are done.”
Great candidates can be found in unexpected places, he said. Very unexpected places. Like the city offices of a small town in Oregon.
Jeff McJunkin started doing NetWars while he worked for the city of Central Point, Oregon as a systems administrator — the person who makes sure computer systems and servers are up and running properly. McJunkin ended going on to win the whole NetWars competition. He did so well, he was actually hired to run the thing.
So, the IT guy from a little city in Oregon hacked his way into a cybersecurity career. Vivi Langga and her fellow college students hope to do the same.