We know how important the next generation of network defenders are. The students - young and not so young - who are training in the field of cyber security and incident response. They're learning what it takes to successfully defend networks against the adversaries who seek to do us harm through cyber means.
Not an easy job. And it's an even tougher job for those who are responsible for educating students, the lecturers, trainers, and teachers who work so hard to instill a wealth of knowledge into their students. From the basics of networking, to GRC, to what a good incident response plan looks like. There is a lot to learn, and there is a lot to teach.
Recognising this - and the importance institutions like TAFEs play in developing Australia's cyber workforce, we recently partnered with TAFEcyber (a consortium of 12 TAFEs who manage and run Australia's Certificate and Diploma in cyber security) to deliver a hands-on, fun, and all out awesome incident response challenge for TAFE students!
"Working with Retrospect Labs to conduct a critical incident response challenge, on a national scale, has been a great achievement and one TAFEcyber will continue to nurture in the coming years. The challenge has provided an invaluable experience for the students and lecturers currently in cyber security training at TAFE and will prepare them for the real world when these types of activities occur."
Julia Burns, Chair of TAFEcyber
In total, we had over a hundred students participate in the event, across a total of 21 teams. The students not only demonstrated that they had a great understanding of the fundamentals of incident response and that they were up to the challenge of responding effectively to an incident, but they also demonstrated that they could come up with some truly awesome team names (think Silence of the LANS and Gon' Snifin').
The teams played the role of an incident response third party provider, who had been brought in to assist a fictitious organisation investigate and respond to a significant incident they were experiencing. Teams had to conduct forensic analysis on real artefacts (like a memory dump and a disk image) to understand what had occurred on the victim network, the tradecraft used by the malicious actor, and produce outcomes like a network diagram, updates for senior executives, as well as consider how they would respond to media enquiries and what the legal implications of the incident may be.
Their findings and responses were used to score and rank them! Overall, we were very impressed with it being one of the highest scored (on average) competitions we've run!
"The competition was unique compared to the usual CTF challenges. Not only did it test our technical skills, but also our writing skills. What we enjoyed the most was brainstorming crucial details about the cyber security incident scenario. Ultimately we have learned new approaches to solve challenges throughout the process, and that is invaluable to our learning journey."
Winning team - Silence of the LANS
After seeing the great job all the teams did, their zeal for learning, and their desire to give things a go, we are feeling really good about the current cohort of TAFE students! If the students involved in this competition are anything to go by, our future network defenders, incident responders, and cyber security practitioners are well placed in tackling the biggest challenges Australia and the world face.