Australia's top hackers uncovered in tournament

from apperspective.net: Bunkered down in rooms across the nation, 43 teams of students spent 24 busy hours hacking IT systems non-stop this week.

Their challenge? To uncover flaws in a fictitious company's IT systems.

Telstra chief information security officer Mike Burgess said "If I find 10 good people out of this exercise, I'm going to give all 10 of them a job because there is actually a big demand for these skills"

Telstra, along with other government agencies, held their "2013 Cyber Security Challenge" on Tuesday and Wednesday to try to uncover Australia's next top IT security minds. The students' mission was to find the most flaws in the fictitious company's IT systems in 24 hours.

Groups of four students from 20 universities and TAFE colleges across Australia participated and Telstra said the competition proved so popular that it had to cap the number of teams per institution to three.

Winning team, "UNSW1", which included students Karla Burnett, Petr Novak, Jack Murray and Theo Julienne, from the University of New South Wales, were awarded a trip to the infamous Black Hat IT security conference in Las Vegas.

They could also be offered Telstra or government jobs in IT security, depending on how good they are, according to Telstra's chief information security officer, Mike Burgess.

They scored 94 points.

Earlier this year Burnett and Julienne were involved in cracking the secret algorithm used on Sydney's public transport tickets for buses, trains and ferries, which could have allowed them to print their own tickets.

The second and third places went to "UNSW2" (68 points) and "UNSW3" (66 points), two other teams at UNSW, which will each be awarded either a new smartphone or tablet of their choice from Telstra.

"If I find 10 good people out of this exercise, I'm going to give all 10 of them a job because there is actually a big demand for these skills," Burgess said on Wednesday, just before the winners were announced.

As part of the challenge, the teams were required to conduct testing on a fictitious security company's product called "Very Secure Transfer Protocol".

In the scenario created, the company, "Computer Security Synergistic Cloud Computing", was supposedly concerned that its popular product could be hacked and required it to be tested. Burgess said it involved the students being engaged as consultants to the company to "undertake a range of security consultancy functions to test the company's security". They were required to conduct what's called penetration testing on the company's web apps, network and product, as well as give advice in easy-to-understand language.

Burgess said Telstra hosted the fake company's infrastructure while Defence created the challenge.

Just last month Telstra was awarded a $1.1 billion six-and-a-half year Defence telecommunications contract, which will require 230 new jobs in Canberra, some of which will require security expertise.

Because of this, Burgess said Telstra was looking for new talent.

He said there was an IT security skills shortage in Australia and that this week's challenge was just one of the ways Telstra and government agencies could recruit staff who had the required technical skills.

There were several other reasons why the challenge was being conducted, Burgess said.

"One is just to raise awareness on cyber security as an issue," he said.

"It's also trying to encourage bright young minds to take up a career in cyber security. We're trying to encourage these guys and girls [to think about] a career in cyber security because it's an important national issue and ultimately Telstra, the [Defence Signals Directorate] and CERT Australia would really love to recruit these people, especially the good ones ..."

Although Telstra did not hire anyone from last year's challenge, Burgess said the team that won did work experience with Defence, where Burgess was recently deputy director of Cyber and Information Security.