Meet 2013’s Cyber Security Challenge Champ

The Cyber Security Challenge concluded its third edition yesterday. Months of fierce competition saw thousands of entrants battling it out over the course of the last year, with an overall champion announced on Sunday afternoon, 28-year-old GlaxoSmithKline employee Stephen Miller.

He joins a Cambridge student and a former postman as the three winners of Challenge to date. The competition is trying to help plug the skills gap in the industry, which is particularly concerning in the UK.

Just last month, the National Audit Office warned Britain could be vulnerable to attacks for at least 20 years due to a lack of computer experts, noting growth in skills had not matched the rise in Internet usage.

TechWeekEurope chatted with Miller, a graduate of Bath University, about his victory, the competitions as a whole and what he might go on to do in the future.

Meet the winner

Congratulations Stephen – you’ve been doing this over three years now, entering once in 2010 and again this year. How does it finally feel to have won?
Surprise to be honest. I didn’t think I’d done enough to win. I learnt quite a lot from the first year, which has helped, but it still hasn’t really sunk in.

It’s a fairly complex, niche area still, so what initially attracted you to security?
I first saw the competition on the BBC and thought that looks interesting. I’d done a bit of tinkering before that… quite a bit of web development stuff, knowing how things work.

The Challenge was more something I could have a go at and test my own skill level to see where I was. I was very surprised to be in the Masterclass [the final Challenge showdown] in the first year and two years later I was even more surprised to win the overall competition.

For me it was about measuring myself up against the competition and seeing how I did.

What technical skills did you have beforehand?
Mainly high-level languages like PHP, JavaScript. I did A-Level Computing… got some basic back-end experience and programming skills.

In terms of technical skills directly related to cyber, they were not massive. I’d come across a bit of malware, when friends had managed to download dodgy software from an email or whatever that needed removing. I had a LAN with some friends at the time, as we were doing a bit of gaming, and we had to work out how to remove it.

Little things like that have come up and helped me build the skills. I can’t put my finger on any one thing that has led to me coming this far.

The competitions, as they’ve come along, have helped me build up more and more skills in forensics, malware, etc. If you apply your mind and use what is made available to you, these competitions can provide a lot of the tools and information that you need at least to get started.

Then it’s really up to you to run with them, learn how to use them and apply them to the given exercises.

Do you foresee a career in IT?
I guess I’m not looking to make any sudden moves, I’m really just interested in what doors it might open, potentially within GSK.

A large amount of what the Challenge is about is attracting new people early in their career, where they are more prone to potentially switching to the industry. For me, it would be quite difficult to make that leap in terms of where I am. That said, it’s still given me useful skills and there’s a lot of overlap with what I do now, things like risk analysis, presentations.

This may open some further opportunities within the company that I can seek out.

What does your employer think of it all?
I’m not really one to blow my own trumpet, so amongst my own direct team, there’s probably not that many people who know yet.

Cyber Security Challenges?

How has the competition improved since the first year?
The main thing for me was changing the scoring criteria. The first year had a nice array of competitions but when we got together in the Masterclass it was quite disparate.

There was a school group who’d done the network challenge and they were dropped in the deep end with your typical hackers, with really strong technical experience but then maybe lacking something on the business side.

So what the competition has really achieved in the last two years is a lot more rounded set. If you look at those who made it to the Masterclass, they’ve not just got technical skills, they’ve got the ability to communicate to the team as well, which has been really beneficial.

And how can the Cyber Security Challenge improve in the years ahead?
It can really broaden itself out to get people in earlier. Me winning from my position shows you don’t already have to be in IT, or even have a really strong hacking background, or be an expert in a particular field, to really progress in the area. It shows anyone who has drive and capability can be successful.

The competition is going the right way with smartphone applications and partnerships with universities.

From a schools point of view it’s quite difficult. It really needs more media coverage… the general press have done a lot to cover the general issues in the industry, from things like state-sponsored stuff like Stuxnet down to basic data loss. Anything that can bring the Challenge into that context to bring people back to it would be ideal.

Are you a security expert? Try our quiz!