We spoke to Mark Lane about unique ways to upskill and the value of capture-the-flag challenges in cybersecurity.
Mark Lane is a lecturer in applied cybersecurity at Technological University Dublin (TUD), the founder of ZeroDays CTF, one of the world’s largest capture-the-flag events and the manager of Ireland’s CTF team, competing in ENISA’s annual European Cyber Security Challenge. But he initially started out as a taxi driver, a job he hated through and through.
“I decided that I was going to go to college as a mature student and do something totally different,” Lane told SiliconRepublic.com. He soon enrolled in a computing degree course at what is now TUD and worked various IT jobs for a number of years, without finding a role that was personally or professionally rewarding.
“So, I decided I’d try and specialise in something more interesting and signed up for a master’s in cybersecurity and digital forensics. This turned out to be one of the best decisions I’ve ever made. I absolutely loved the course, found it very interesting and ultimately found my niche.”
It was during his master’s that he discovered capture-the-flag (CTF) challenges, which are exercises in which participants, either as part of a team or individually, safely identify and manipulate flaws in a system in order to ‘capture the flag’ and therefore win by using a range of cybersecurity skills.
“It took me a while and it was a winding road, but I eventually ended up doing something I love.”
Tackling challenges with skill
According to Lane, globally the cybersecurity landscape for professionals is extremely healthy as worldwide there is a shortage of experts, with Ireland being no different. People with cybersecurity skills can enjoy varied careers with a wide array of different roles such as security analytics, pen testing, threat hunting, consultancy development and more.
“Having qualifications and experience in cybersecurity really means the world is your oyster and you can work anywhere around the globe,” he explained. But for that to happen, students and professionals need to stay abreast of foundational skills as well as new and emerging capabilities. Soft skills such as the ability to communicate effectively are crucial as it is important you can work with a range of people from diverse personal and professional backgrounds.
“Also, being willing to constantly learn is a necessity in cybersecurity. The threat landscape and the technology landscape is constantly changing and evolving. This means keeping your skills and knowledge up to date, which can add pressure, but for me it means that it’s always fresh, there’s always something new and so there is always something interesting happening.”
Lane is of the opinion that educational institutions could benefit from integrating digital literacy into all courses as our world becomes increasingly digitised. Not only is it a skill that we all need nowadays, it would likely improve important areas such as critical thinking and fact-checking. He would also like to see primary and secondary schools introduce young people to technical skills such as coding, networking and Linux skills.
“Countries such as Estonia have been teaching coding in primary schools for years and it has paid huge dividends in terms of digital literacy, cyber resilience and cybersecurity and in terms of fostering a culture of innovation and start-ups.
“For universities, taking a more practical approach, giving real-world and project-based learning can be really useful and has proven very successful in TU Dublin on our cybersecurity degrees.”
Gamifying cybersecurity
He is passionate about the potential for CTF initiatives to vastly improve cybersecurity skills among people of all abilities. “That gamified approach really does work,” he explained.
“We can see the proof in the rising popularity, as this year, for the first time, we have teams competing at ZeroDays from every university in Ireland. I have also seen first-hand, as the manager of the Irish CTF team, how the skill level has increased year-on-year in these CTFs, including at ZeroDays CTF and the ECSC.”
Rewards and targets, via leaderboards and badges, can enhance engagement, keeping players motivated and eager to learn. Additionally, because many of the elements involve collaboration, it can be a valuable opportunity to improve teamwork and make friends, with a fun competition at its core.
“There are many benefits to gamified training, especially when we consider CTFs such as ZeroDays CTF, but [also] online learning platforms such as HackTheBox, TryHackMe, PicoCTF. These learning environments expose students to real-world simulations, often up-to-the-minute attacks, threats and vulnerabilities, but in a safe and controlled environment, where there’s no danger of those threats spreading to a wider network.
“These challenges also promote critical thinking, creativity and problem-solving skills and mentalities, which can be lifelong learning and applied to all sorts of scenarios and experiences.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
