As we know, gaming has always been a formidable learning method, so training in the field of cyber security has also been moving in this direction for some years to prepare young talents to face the current scenario, in constant and rapid evolution.
These are real competitions called Capture the Flag, in which the players, divided into teams, compete on ethical hacking challenges, learning about network infrastructures and the complex world of cyber security. A practical training capable of involving both the experienced professional and young talents.
Cyber attacks are on the rise and cyber security experts are lacking
We know the context well. Threats to IT networks are constantly growing, indeed, they have increased considerably in the last period, thanks to smart working, a consequence of the pandemic, which has brought out serious critical issues in the management and security of networks and data. A highly dynamic scenario, which changes and evolves rapidly and has highlighted the shortage of adequately trained personnel. Experts capable of effectively fighting cybercriminals. Thus the universities have launched specific training courses, but the problem remains that of having immediately operational resources in the world of work.
The CyberChallenge.it project
Completely different is the approach of the CyberChallenge.it project, born in 2017 with the involvement of the Sapienza University of Rome, today it involves 31 universities and a military academy. This is a project that involves young people aged 16 to 23, experts and enthusiasts of cyber security, who are placed in an intensive three-month training course with an almost completely practical cut. Stimulated by the competition, young people are immersed in the world of ethical hacking where they carry out real IT security competitions in controlled environments.
The name, Capture the Flag, refers to the famous game, only here the participants must conquer pieces of code (flags) of the opposing team and protect their own.
Two types of competition
Players are involved in two types of competitions. One, called Jeopardy, involves participants from each team in challenges where they pass a number of tests, such as attacking websites. For each challenge passed the team gets a flag and accumulates points. Obviously, the team with the highest score wins. In this type of competitions there are no interactions between the teams, as happens in the Attack / Defense competitions. In these challenges the teams attack each other, trying to penetrate the opponent's system to capture the flags that the organizers have prepared as they have to adopt the best strategies to defend themselves. The environment is protected and the activities are constantly monitored by the organizers. Again, the team with the highest score wins.
The new generation of cyber experts
Competition and game systems such as these help to generate interest in children in the world of computer security and at the same time prepare figures capable of entering real contexts in a very short time, thanks to the practical cut of the courses. In a few years, the growth in the number of universities participating in the project offers the possibility for more and more young people to undertake this path, from the nearest and most convenient location. All this, in the European context that sees the launch of similar projects also at an international level. Since 2014, ENISA has been organizing a Cyber Security Challenge every year involving children aged 16 to 25 from 20 countries.