Building a great team is one of the most difficult challenges managers encounter. This is especially true in security, where the threat landscape changes so rapidly that it’s hard finding the talent we need to help keep our companies, and by extension, the internet, safe.
Luckily, there’s a few initiatives that make things easier on us, one of which Fastly participated in March 4-6. A group of us from the Fastly security team headed out to Rochester, NY, to attend the Information Security Talent Search (ISTS) at the Rochester Institute of Technology (RIT).
Photo credit: William James Ingalls</p>
The competition: stretching students’ abilities
This year was the 12th iteration of the ISTS, organized by RIT’s Security Practices and Research Student Association (SPARSA), a student-run organization that has been bringing together students interested in information security since 2001.
The Information Security Talent Search is one of a few security competitions in which multiple universities send their best and brightest students to compete as so-called “blue teams” against a group of industry professionals, who participate as a “red team.” The blue team is given a set of systems which they need to harden and secure, while the red team engages in offensive tactics, aiming to compromise the systems operated by the students. The ISTS is a bit unique amongst its peers as it also gives the university blue teams the opportunity to spend some time attacking systems other student teams are protecting. This year’s participants included students from Rensselaer Polytechnic Institute, Syracuse University, University at Buffalo, and many others.
Two Fastly engineers (both RIT alums and past blue team participants) took part in the contest as part of the red team: Zack Allen, a security researcher, and Rusty Bower, security engineer on the infrastructure team.
Photo credit: William James Ingalls
To stretch students’ abilities even further, the competition had a distributed control systems (DCS) angle. Each team managed a data center with a temperature sensor. When the temperature of their data center exceeded 80°F, the team’s servers were switched off to prevent fire. The sensor used the insecure but very common Modbus protocol to communicate with the process that scheduled the machine shutdown. Clearly, this became a common area of attack during the exercise. Securing this type of sensor-process interaction is a common scenario in many industries, but not something typically taught in schools.
Passion + opportunity
SPARSA invited me to give an opening speech to all the participants; I walked them through a number of major incidents, passing along ideas on how to outsmart some of the other teams along the way. There was immense passion amongst the participants — we spent at least 20 minutes discussing various questions on what it takes to work in the industry, finding great information security roles, and the greatest threats facing online services.
ISTS is a great way for recent graduates to find opportunities in the security industry. The conference was sponsored by several companies, and each of them were provided with resumes of job-seeking participants. It was also great to see many RIT alumni recruiting at the event — it’s clear SPARSA has built a great alumni community.
The fact that the next generation of security engineers is so passionate about security makes finding and hiring the very best talent easier. It’s efforts by students like these that directly translate into our industry’s ability to make the internet a safer place.
Photo credit: William James Ingalls
You may also like:
Announcing the second edition of the Fastly Security Speaker Series!
In February, our Chief Security Officer Window Snyder announced the Fastly Security Speaker Series, which we created to share cutting edge security topics with the wider community. We hosted over 50 security researchers and engineers...
Lean Threat Intelligence Part 2: The foundation
In part 1, I discussed the general workflow the Threat Intelligence team at Fastly uses to plan for projects. After performing research and seeing what others have done in this space, we can now move…
Recap of the Fastly Security Speaker Series
On February 25, we hosted 50+ security researchers and engineers from the Bay Area and beyond in our San Francisco office for the first event in the Fastly Security Speaker Series. This event brought together…