A Comprehensive List of Cyber Security Competitions
As with any field, there’s only so much that book learning and theoretical knowledge can prepare you for on-the-job situations. Particularly for those planning to work in incident response, management, or engineering in cyber security, having the technical and decision making chops just isn’t enough. You’ve got to practice responding in real time. This involves rapidly analyzing where the weaknesses in your infrastructure are, diagnosing what type of attack is going on (and what might follow) and figuring out how to shore up your resources pronto.
Luckily for future (or learning) cyber security professionals, there are many cyber security competitions through which you can hone your skills. These competitions start at the middle school level and continue up through the ranks of cyber security professionals. While you may begin your journey just competing for fun, the most prestigious cyber security competitions often feature $100,000’s of prize money and help to shore up actual information systems and devices. For those in their college years, many competitions also lead to internships, job opportunities, the chance to travel, and scholarship money.
What is a Capture the Flag (CTF) Cyber Security Competition?
Capture the Flag (CTF) cyber events are some of the most popular forms of cyber security competitions. In some cyber security circles, successful CTF teams are elevated to the height of sports teams. This is aided by the spectator-friendly nature (well, for those who are savvy to the intricacies of cyber security) of capture the flag events, in which score boards often highlight the number of points held by all of the many teams competing in large rooms. But first, the rules.
CTF events come in a number of formats. The most popular formats for CTF events, however, are jeopardy, attack-defense, or a mix of the two styles. The jeopardy format involves presenting teams with a wide range of challenge types, similar to the television show Jeopardy. Only for each challenge, generally a technical solution is required. Common challenge types may involve networking, reverse engineering, cryptography, hacking, programming, mobile-centered challenges, and forensics challenges. For “Attack-Defend” game types, a range of virtual machines are often hosted on an isolated network. Both teams must compete to control as many of the networks as possible in a timed environment. Attack-Defend CTF games may include two or many teams. CTF events may last several hours, or up to several days.
CTF events are often some of the most heavily anticipated events at cyber security conferences due to their being live “gameplay.” Other competition types may involve the presentation of research or hacking feats that are then voted on by judges after accompanying presentations. Cyber security conferences focused on specific technology types of technology will often feature competitions and awards directly related to that type of technology. For example, Google’s Chromium Conference holds competitions surrounding exploiting operating system vulnerabilities in Chrome OS.
Now that we’ve covered some of the basics of cyber security competitions, check out our list of all of the major cyber security competitions organized chronologically below!
January
NCCDC: National Collegiate Cyber Defense Competition
Started in 2004, the National Collegiate Cyber Defense Competition was established with the aim of providing a template for cyber security organizations at the collegiate level as well as provide infrastructure for competitions between schools with cyber security organizations. Schools sign up for the annual competitions by first joining competition in the geographic region in which they are located. Competition then proceeds from qualifiers, to regional competition, to national competition.
- Homepage
- Approximate Annual Date: Jan-April
March
Pwn2Own
Pwn2Own is a hacking contest presented annually at the CanSecWest Conference. The contests challenge cyber security professionals to find flaws and exploit consumer software and devices. $100,000’s in prizes are available annually for contest winners.
- Homepage
- Approximate Annual Date: March
Pwnium
Pwnium is presented by Google and often takes place at the same location as Pwn2Own at the CanSecWest Conference. Challenges center around finding vulnurabilities in Chrome OS. In the past, several million dollars in prize money has been available to winning partipants.
- Homepage
- Approximate Annual Date: March
Pitcoctf
PicoCTF is a cyber security competition available to middle and high school students. The event is put on by Carnegie Mellon University, and places teams into an intereactive environment and storyline where they must hack, decrypt, reverse engineer, and break different sandbox elements. The competition is the largest cyber security competititon available to middle and high schoolers.
- Homepage
- Approximate Annual Date: Mar-April
Summer
U.S. Cyber Challenge
The US Cyber Challenge is presented by the Center for Internet Security, and offers a number of cyber security competitions. Competitions occur online and through the number of summer camps hosted by the USCC organization.
- Homepage
- Approximate Annual Date: Summer
August
DEF CON Contests
Probably the largest cyber security conference, DEF CON presents a wide range of contents that often change from year to year. Common competitions include hacking, lockpicking, scavenger hunts, and the highly prestigious capture the flag contest. The conference takes place in Las Vegas annually.
- Homepage
- Approximate Annual Date: August
Fall
Panoply
Panoply is a network assessment and network defense competition put on by the University of Texas at San Antonio. The timed event is put on at large conferences every year. In the competition, teams accumulate points through controling and operating critical network resources such as SMTP, DNS, HTTP, HTTPS, or SSH. Thoughout the competition, additional resources are added to the common pool that both teams are fighting over, forcing teams to choose between attempting to control new resources or defend exising resources.
- Homepage
- Approximate Annual Date: Fall Time
November
CSAW Capture the Flag (CTF)
The Cyber Security Awareness Week was founded by NYU Tandon Engineering School and is now celebrated around the world. With locations in North America, the Middle East, Europe, and Asia, the event is the largest student-run cyber security event in the world. Part of each year’s events include the prestigious capture the flag. Additionally, an applied research competition, embedded security challenge, and policy challenge are present. 2016 saw over 10,000 preliminary competitors at the high school and collegiate levels.
- Homepage
- Approximate Annual Date: November
Year-Round
NCL: National Cyber League
The National Cyber League was created in 2011 as a educational and recruiting tool. Every “game” that cyber security students and professionals participate in is built around learning objectives. And forthose seeking work, a “scouting report” can give future employers a glimpse of participant technical chops, time management, and ability to deal with pressure. Games are hosted in the “NCL Stadium” a cloud-based environment for competitions throughout an annual “season.”
- Homepage
- Approximate Annual Date: Year-Round
SANS NetWars
The SANS Institute offers a series of challenge types through their NetWars modules. These challenges are available for a wide variety of skill levels, and even feature a minituarized physical city over which challenge participants can attempt to compete for the cyber resources. The annual Tournament of Champions is hosted at the CDI Conference in which those who qualify through winning NetWars competitions face off. A wide range of competitions are available throughout the year in locations around the world.
- Homepage
- Approximate Annual Date: Year-Round
CyberPatriot
CyberPatriot is a program established for the K-12 education of students in cyber security by the Air Force Association. There are three branches of the program, including the National Youth Cyber Defense Competition, AFA CyberCamps, and Elementary School Cyber Education Initiative. The Cyber Defense Competition starts at the state and then regional level. Top competitors are then given an all-expense paid trip to the national finals in Baltimore, Maryland. At nationals, participants compete for national recognition and scholarship money.
- Homepage
- Approximate Annual Date: Year-Round
Mitre Cyber Academy
Mitre presents it’s annual STEM Capture the Flag challenge that is open to both current students and professionals. While current professionals may compete in the com[etition for education and training purposes, only eligible high school and college teams will be able to obtain winning prizes, scholarships, and internships. A wide range of other competitions are presented throughout the year by Mitre.
- Homepage
- Approximate Annual Date: Year-Round
Want your cyber security competition added to our list, contact us!