My Experience Participating in HM’s Cyber Discovery Programme
Around three years ago, my computer science teacher introduced me to an opportunity that’s made a huge impact on my life. Known as Cyber Discovery, this programme invites 13-18 year olds in the UK to the world of cybersecurity in aim of nurturing the next generation of cybersecurity professionals.
After signing up, I was welcomed by 14 cybersecurity-related challenges -- if I passed this stage, I would have access to a whole treasure trove of problems to solve in the next stage. The difficulty progressed with each challenge. I didn’t have any particular background in cybersecurity, only a love for problem solving and programming. Looking back at it, I knew literally nothing. I remember working with some of my classmates on a challenge about the Linux terminal, literally clueless in regards to any of the commands. The programme taught me almost everything I know, little by little.
The programme is an incredible opportunity for young people interested in anything to do with problem solving to check out cybersecurity, and learn more about exploiting digital vulnerabilities, programming and digital forensics. Not only are there hands-on, practical activities and challenges to take part in and learn a lot of computer theory, but you may even end up with a world-renowned SANS (institute for security training, training and research) qualification at the end! [2]
What makes Cyber Discovery stand out is that you learn everything by doing: that was really helpful. Of course, my good friend Google didn’t let me down either. I remember spending a good portion of my Christmas break on the ‘extreme’ challenge of the first stage, the 14th one, learning how to approach the problem, finding an automated way to solve it by using Python, and accessing the website without using a browser: something that although might seem more trivial now, was something very, very new to me. I was really captivated by the challenges and that’s how I’ve reached where I am now, having attended two of the face-to-face camps which provided more specific cybersecurity training and were a lot of fun.
These initial 14 challenges make up the first of four stages of the programme: ‘CyberStart Assess’, which introduced me to the basics of the problems that I would later face. For example, brute-forcing code encrypted with the simple Caesar Cipher, or using ‘Inspect Element’ (browser tool that displays the HTML and CSS of a webpage), the console and some simple, yet essential terminal commands. By completing a set number of these challenges, I was able to qualify for the next stage. This initial stage sparked my interest in cybersecurity, and I was looking forward to further developing my skills in the next stage: ‘CyberStart Game’.
The second stage is officially my second favourite. It was very addictive. In the first year, there were only 2 bases: ‘Moon Base’ and ‘Head Quarters’, the first of which was full of Python 2 programming challenges (my only issue was that it was not Python 3 which is commonly favoured over Python 2) and the latter of which was full of a wide range of problems, from cryptography, to web exploitation and reverse engineering. I remember the difficulty with which I managed to install the virtual machine (I never even knew such a thing existed!) on which the challenges were to be solved, but the amazing way I felt after completing each challenge was totally worth it. This stage was where I learnt most, if not everything I know.
Since my initial year on this programme, 2 more bases have been added: ‘Forensics’ which has a whole set of challenges to do with hiding things in plain sight, investigating memory as well as hard disk images for signs of unusual activity (digital forensics); ‘Volcano’ which has some very extreme challenges involving binary and web exploitation. It’s definitely been a stretch for me!
The third stage really complemented my computer science studies at school. ‘CyberStart Essentials’ is a really thorough course which covers a lot of the content required to be able to tackle similar challenges and understand the science behind it. I learnt a lot about everything I did in ‘Game’ here and the final exam also awarded me with a nice certificate.
The last stage, ‘CyberStart Elite’, is definitely my favourite. Top-performing students in the previous stages are invited to a residential, face-to-face camp. Having attended twice before (and hoping I make it this year), I can really confidently say I spent the best days of my life there. Not only did I meet people who were very much like me, but I also learnt so much more about cybersecurity. In Year 1, there was even an event to hack a robot arm, and it was really fun (to fail at) trying to do so! Some students were also given the opportunity to get a SANS qualification which can help them get straight to industry.
Don’t just take my word for it though - I’ve interviewed another participant to share their experience too. Let’s go!
How has the programme been for you?
Cyber Discovery has been an eye-opening experience. It is my first introduction into the world of cybersecurity. I've always been good with computers, but the format in which Cyber Discovery challenged me was incredibly captivating. I particularly enjoyed the second phase of the challenge – CyberStart Game – in which I had to use the tools at my disposal to achieve a certain task. It's this process of being restricted, often in the form of having no permission or access to complete the task, and thinking outside the box that led me to sink hundreds of hours into this programme. I remember I used to get home and try to solve challenges all night until I fell asleep. The introduction of the volcano base, a set of challenges which require relatively more sophisticated methods such as pivoting or bypassing ASLR, has been very exciting and it shows how Cyber Discovery continuously challenges the participants as our skill set grows. The first and the third phase of the challenge – Assess and Essentials – are relatively less exciting. Essentials provides an opportunity to brush up on your theoretical understanding behind the techniques you use in other phases of the programme: knowledge that you will definitely find valuable when you read more advanced resources online which all assume a basic level of understanding in the topic. However, I have personally found the wording of the exams to be ambiguous and it is a shame that you don't get to see what you did wrong to improve. I found Assess to be quite easy, although I did struggle a bit due to complete unfamiliarity with the field: passing it is merely a test on how much you are willing to research on topics you don't understand.
How was Elite and how does it feel to have SANS qualification?
Elite definitely is my favourite part of the programme. Being able to meet other top-performing participants and exchange ideas in real life has definitely been exciting and a rewarding process. Working with others through larger, more complex challenges than the ones seen in Game has shown me alternative styles of thinking and approaches and allowed me to further advance my problem solving skills. Having a GIAC (Global Information Assurance Certification - which qualifies an individual to be a specific security practitioner) qualification is an achievement I'm very proud of, having access to such a comprehensive and reputable training and certification normally only accessible to professionals gives me the confidence to explore more about cybersecurity and take on more difficult challenges. The qualification is also very rare for people of our age, helping me to stand out in my university applications.
What would you tell someone who’s just heard about this programme?
I'd say: if you're interested in computer science and hate giving up, you should definitely try it.
Overall, if you’re interested in problem solving, are based in the UK, and don’t give up at the sight of a really huge hurdle, I would really recommend you to check this programme out. It has been so much fun to not only learn about, and get hands-on experience in cybersecurity, but also to be part of the community, which is really cool (trust me!).
Additionally, the great thing about it is that currently, you can get access to the challenges in ‘Game’ as well as some great webinars by the founder of this programme, James Lyne (the famous Agent J), without having to do ‘Assess’. Cyber Discovery has set up a ‘Virtual Cyber School’ which you can join today and enjoy until you can enter the next intake! If this has sounded even a little bit intriguing, I’d definitely encourage you to check it out; it will be a lot of fun.
Here’s a little message for anyone considering getting involved: R29vZCBsdWNrISA= .
References
[1] CyberDiscovery. Cyber Discovery: HM Government's Cyber Schools Programme [Online]. Available: https://joincyberdiscovery.com/. [Accessed: 17- May- 2020].
[2] SANS. Available: https://www.sans.org/ [Accessed: 28-May-2020].