/ EXPERIENCE, CTF, UNIVERSITY, CYBER, SECURITY

My Experience in Cyber Security

Seven months ago I dove into the world of cybersecurity for the first time in my life. I am not an expert and I’m not so good at it, but in this autobiographical post I want to share the amazing experiences and opportunities I had.

CyberChallenge.IT

It all started randomly. Someday I bought a newspaper in order to read an article about a friend of mine who recently founded a startup (and I’ve coded its website :D). Right next to him there was a piece of news about a project, CyberChallenge.IT, with the aim of training a bunch of teens with cybersecurity skills. Needless to say, before finishing to read it I had already subscribed.

Passing the three different selections was not so hard, being just C/C++ knowledge. Nevertheless, I was really afraid since I didn’t know other contestants’ level. But I did it. I was one of the twenty people who joined from Genoa.

Three months of lessons started, two hours of theory and four hours of practice every week. We learned what a CTF is, we’ve been taught the basics of each field of security (web, binary, cryptography…) and we had a lot of fun.

During this period I chose my CTF nickname, pianka, that I’ll use only in the security field (want to know what it means?). Now when you’ll read it you’ll know it’s me :).

Magic gift from magic friend (I know the pic is crap, it's a beer mug with "pianka" carved on it)

After the training, we “fought” in a jeopardy CTF to select the best four of us who would have joined the finale in Rome. As a matter of fact CyberChallenge.IT was held in 8 different Universities in the country, 160 people in total. When the best 32 were selected, they challenged each other in an A/D CTF. I was not in the best four from Genoa and so no Rome for me :(. (If you don’t know what jeopardy and A/D CTFs are don’t worry, a post is coming)

ECSC

That seemed the end for me…

What I haven’t said, though, is that the aim of CyberChallenge.IT was to find 10 people to make the Italian team who would have joined ECSC18, the European Cyber Security Challenge, organized by ENISA. Every team must be made of 5 juniors and 5 seniors. Apparently, I had been selected as a junior, even if I was not in Rome…

A few months after the finale I received an email from the national team coach, telling me that, after being flagged by the local professor, I had been chosen to be part of the team.

Before the ECSC we reunited at the IMT in Lucca to meed each other, to share knowledge and to start thinking about the strategy to adopt during the competition. We spent an entire day on the topic of hardware security, being taught by the founder of Blue5, a company which works in the South-East of Asia, manufacturing secure hardware for governments.

This experience allowed me to meet lots of people and to expand my network, also because the coaches and 60% of the team are part of mHACKeroni, the huge Italian team that went to Vegas for DEF CON 26, one of the most important global hacker conventions, and challenging the best teams from all around the globe they arrived seventh.

The 14th of October I was on a plane headed to London, this year venue for the ECSC. The event organization was awesome. We stayed at the Tower Hotel, our rooms had a stunning view on the Bridge, the competition was held at the beautiful Tobacco Dock, the awards dinner was on a luxury boat on the Thames and the government opened the Tower Bridge to allow us to pass below it.

The competition was not so great, though. We did the best we could, but we only got sixth.

We know for sure that next year we’ll do better, but the team won’t be the same… New year, new CyberChallenge.IT “season”, new contestants, new national team. Clearly, this won’t stop me from improving my skills.

The Italian team fighting at the Tobacco Dock

ZenHack

One of the best things of this “adventure” of mine is that it gave me the chance to join ZenHack, the CTF team of the University of Genoa. This gave me the possibility to learn a lot and to get to know great people who can teach me a lot.

ZenHack is born just last year and therefore we are not at the same level as other local teams, but we are studying a lot and we know we’ll reach them. In the meantime, the University is improving its cyber sec initiatives, like the recently born ZenHackAdemy, a place for every student who is willing to learn security.

Thanks

After all of this, I have to thank a lot of people.
I must thank CINI, responsible for CyberChallenge.IT and for covering most of the expenses from Lucca and London
I must thank the professors and the ZenHack staff from the University of Genoa
I must thank all my fellow mates from CyberChallenge.IT
I must thank the people from the Italian team, as well as its staff and coaches.

I owe you an exciting seven months of my life and all that I’ve learned in this last period.