With high-profile public and private institutions in the U.S. facing a growing threat from cybercriminals and cyberattacks, there is a growing push to prepare the next generation of potential IT security pros to meet the challenges.
Cyber games are one way to help teach the tactics, techniques and procedures (TTPs) of cybercriminals, offering exposure to simulations that help players improve their experience level and prove their cybersecurity value to employers.
This year, cyber athletes are preparing for the inaugural International Cybersecurity Challenge, a program that runs from April to October 2021 and consists of the U.S. Cyber Open and the U.S. Cyber Combine Invitational.
During the U.S. Cyber Combine, more than sixty elite cyber athletes will work with the U.S. Cyber Games Coaching team to hone their abilities.
The competition culminates with the selection of the first-ever U.S. Cyber Team to represent the United States at the 2021 International Cyber Security Challenge (ICSC) held in Athens, Greece in December, where more than nine countries will compete to become the world champion.
Founded by marketing firm Katzcy in cooperation with the National Initiative for Cybersecurity Education (NICE) program at the National Institute of Standards and Technology (NIST), the tournament was created to encourage the next generation of tech talent to achieve higher levels of competency in cybersecurity through training and competitions.
Improving Cybersecurity Career Visibility
The organizers hope the event will improve visibility for cybersecurity career fields by highlighting security professionals as cyber athletes with specialized strengths, skills and training. Similar to other sports and Olympic preparation programs, the U.S. Cyber Games allows athletes interested in cybersecurity and gaming to test their talents and improve their skills through competition and team training.
“Quite simply, gaming is fun and a perfect way to appeal to the upcoming generation,” said Jessica Gulick, founder and CEO of Katzcy and commissioner, U.S. Cyber Games. “Cyber games are a fundamental element to developing the next generation of a diverse and well-qualified community of cybersecurity talent.”
She noted that while education, certification and apprenticeship are important training instruments, games provide a safe and legal place to practice offensive and defensive techniques in a real-world environment with others.
The gaming environment can also be the ideal place to acquire the necessary skills in team collaboration, response and attack, and the results can be analyzed by potential employers to recruit those who fit best with their security team needs.
“Games remove the stigma of stereotypes associated with cybersecurity and open a path for players from all kinds of backgrounds, nationalities, education levels and age groups to learn and grow,” Gulick said. “This infusion of diverse skills and mindware will contribute to up-leveling our cybersecurity workforce. Games adjust to all skill levels and types.”
She explained today’s games can also be focused on policy, forensic puzzles, clue-based escape rooms and jeopardy questions, a level of variety that trains the workforce for defense-in-depth and breadth to enable comprehensive risk strategies.
“Today’s games can be played across a wide set of digital platforms with some games only requiring a cell phone to participate,” she said. “This ubiquitous access enables an extended population of individuals from all age groups, economic backgrounds and skill levels to learn, compete and grow.”
From Gulick’s perspective, games not only help build a better workforce, they keep the current workforce sharp and maintain a thriving community of cybersecurity professionals prepared for what the future might hold in cyberattacks and possible disruptive innovations.
“This is just the inaugural year of the U.S. Cyber Games,” she said. “We look forward to future seasons with growing numbers of cyber athletes.”
Mohit Tiwari, co-founder and CEO at Symmetry Systems, a provider of data store and object security (DSOS), also pointed out that cybersecurity and games are an exceptionally good match, since, unlike other disciplines, including programming languages or computer architecture, attackers and defenders punch back.
Would You Like to Play a Game?
“This interactive mode is hard to capture in a traditional lecture or assignment model, and it is no surprise that capture-the-flag contests are so popular,” he said.
Tiwari cautioned, however, that while games can attract and sharpen security knowledge, a real “day in the life” of a security practitioner is much harder to turn into a game.
“This is because security practitioners spend most of their time moving a large, legacy complex organization with a network of data, identities, devices and applications to a safer posture, working with organizational and people problems as much as with infrastructure and software security technologies,” he said.