Graduate Students Score Big with Capture-the-Flag Cyber Skills

January 25, 2019

By Ben Hosking

After weeks of pizza and practice, top cybersecurity students from Khoury College recently scored big in the National Cyber League competition. The undergraduate team came in 13th out of 368 teams, and two Khoury graduate students finished in the top 1% of the 3,324 individual competitors

Commenting on the competition, Professor Guevara Noubir, Director of the Khoury College Cybersecurity Graduate Program, says, “The National Cyber League provides an environment for students to develop and practice their technical skills in cybersecurity both for defense and offense, and a level playing field for skilled students to shine and demonstrate their abilities.” These kinds of competitions provide direct experience for students to apply their classroom skills to real-world scenarios.

Siddhant Verma (MSCY ‘19), one of the two graduate students in the top 1%, heard about the competition from Professor Jose Sierra, Associate Director of the Khoury College Cybersecurity Graduate Program. It looked like a good place to hone his “capture-the-flag” cybersecurity skills. The competition challenges students to find token flags in various websites through a combination of code hacking and human intelligence in nine different tracks of cybersecurity.

One problem involved “open source intelligence” – looking for clues available to the public. With only a network device address given to them, competitors had to figure out the password of the Wifi. Verma found the password on the white board from a fictitious Foursquare event photo. Verma has seen cybersecurity flaws before, when he worked at startups in India. At one company, he discovered a bug in an online grocery shopping app which allowed a user to pay whatever the user wanted for a product.

“There are many competitions similar to the Cyber League, but this one is unique in that anyone can participate in the cyber league at any level nationally,” remarks Professor Sierra. “If you are a well-prepared student you can participate, but newcomers benefit from participating as well.”

Together, Sierra and Noubir helped set up a weekly meeting for students to study together, complete with pizza, coaching, and lab space. The encouragement is worth it. “The Cyber League is a stepping stone to the National Collegiate Cyber Defense Competition,” adds Sierra.

One of Verma’s best friends, Sanchit Sokhey (MSCY ’20), also finished in the top 1%. Sokhey was reluctant to join at first, but his roommate said, “You’re going to learn something, and there’s nothing to lose, so why not compete.” For him, the National Cyber League has been what he calls “a highlight” at Khoury College. Sokhey says, “It has increased my confidence that I can contribute to the field.”

After graduation, fellow competitors Sokhey and Verma both hope to work as cybersecurity analysts at either a firm or a large company. Verma, who came to Northeastern to learn more about cybersecurity and use those skills for good, hopes to later on start a security company of his own. Sokhey would like to become an enterprise security architect. They both thank Professor Noubir and Sierra for their teaching. Going forward, Verma believes that more students should take part in this kind of event. “You get to learn a lot.” In fact, Sokhey is already forming a team this semester.

Correction (February 26, 2019): Graduate student Stuart Sutton (MSCY ’19) also helped lead the information and training sessions each week for the competition. Sutton remarks, “I recommend the competition to all cybersecurity students, [as well as] interested mathematics and computer science students.”