Latest Sophos Cyber Security Challenge seeks to address critical Linux security skills gap

August 20, 2012 Sophos Press Release

The Sophos Linux Challenge launches on August 27th 2012. Facilitated by the Cyber Security Challenge UK, the Linux challenge will test contestants’ skills in identifying security issues on a Linux system. As well as detecting a series of attacks against the server by the bad guys, competitors will be asked to detail exactly how it has been compromised and make recommendations on how to fix the problems. Registration for this challenge will close at noon on Wednesday 22nd August.

A large number of major online attacks have hit the headlines over the past 12 months, with some high profile organisations suffering data breaches that have resulted in customer and password information being exposed. Given that the vast majority of the web’s infrastructure is based on Linux systems and with more than 85% of threats targeting companies via the web, Linux security skills are essential. Despite this, Linux – along with many other IT skills – is rarely taught in schools, making it highly prized by employers. Those who are successful in the Sophos competition will be able to show potential employers that they have the essential skills needed to protect businesses’ crucial web systems.

James Lyne, director of technology strategy at Sophos, said “Last year we ran the first Linux competition and we’re keen to boost the numbers in this year’s competition and also to make some more noise about the Linux skills gap. There have been some steps towards improving the ICT curriculum in schools but we can no longer stick our heads in the sand. The web is the main tool used by cyber criminals to target both business and consumers so we still need to do much much more to teach vital skills like Linux programming in schools and universities and to nurture the young Linux generation.”

Commenting on the spate of password breaches, Lyne added “Last year we saw a number of attacks based on SQL injection. Although we’re still seeing incidents of SQLi, the new ‘trend’ this year seems to be more towards password and password hash stealing, made possible because organisations are still not securing their data effectively. The frustrating things is that weak password hashes, malware distribution and database theft can often be easily prevented with simple best practice – further evidence that the right focus and skills aren't often in place.”

The Cyber Security Challenge UK, supported by sponsors from industry, government and academia, runs a series of competitions each year. These competitions identify new talent to meet the growing need for more skilled professionals in the cyber security sector. The competitions pinpoint both the skills and aptitude that employers most require. Competitors in this competition will need to be familiar with the configuration of Linux operating systems, as well as typical daemons configured on this platform.

"The lack of deep technical skills in cyber security is the principal reason that many organizations are unable to defend their computers and networks and data" said Alan Paller, Director of Research, SANS

Tony Campbell, CIO, InfoSec Skills, reinforced Lyne’s comments, saying: "While Microsoft Windows remains the most widely used operating system in the home, it is important to realise that most IT utility services we rely on as consumers do not use Microsoft technologies. Computing appliances which apply services such as our e-commerce systems, telecommunication services and web hosting, are almost certainly based on one of the many Unix/Linux variants available, however the skills deficit for managing these systems is a growing problem.”

“Today, every sector of industry is rapidly expanding into the 'cloud' in terms of its computing requirements, and it's apparent there is a real and immediate skills gap to manage these requirements and run the systems, especially in terms of security,” continued Campbell. “The hacker community on the other hand cuts its teeth using Linux systems, giving them the edge over all aspects of the growing economy. The need to train up the next generation in both security and diverse computing environments is of paramount importance to the UK as a whole and should be wholly encouraged if we are to survive in this brave new world."

Anyone interested in registering for a Challenge competition should visit the Challenge registration page - https://cybersecuritychallenge.org.uk/registration/ - where you will find all the details you need to take part. Other competitions coming up include a packet capture analysis competition run by the SANS Institute during which competitors are asked to identify and interpret various types of network and web application attacks.