Last week, I was one of the fortunate 22 winners of the California Cyber Challenge selected to attend a week-long training camp at Cal Poly Pomona. We had four days of intensive SANS training on exploit writing, Linux security, incident response/penetration testing, and digital forensics. We also had panels on ethics and education, and a job/scholarship mixer. The final day hosted a "capture the flag" event.
All in all, the event was wonderful. Events ran from 9-9, and great conversations with fellow "campers" and the instructors frequently ran until 1 or 2 am. The classes were so intense and packed with information that we frequently came out of them with headaches from the information overload, and more material on our DVDs and in our books to go over in our own time.
One of the really great things about information security in general and the camp in particular is that there are many different specialties a person can get involved in. Penetration testing (testing a company's security), vulnerability research (testing a program's security), reverse-engineering malware (taking apart a virus or other malicious software to see how it works), intrusion detection (watching a system for signs of hacking), and digital forensics (retrieving evidence from computer systems) all require different skill sets and personalities, and that's not even a complete list. I'm still new to computer security and until this camp I wasn't really sure what all the different fields were, what I would enjoy and what I was good at. A varied training camp like the USCC camps introduces the attendees to a variety of different disciplines and the methods required, which lets us discover what we're good at and what we enjoy, while also giving us a better background in the parts that aren't our preference. Learning how to write exploits is useful for determining how a virus works, or tracking down what happened on a system. For me, one of the great virtues of the camp learning for certain that I enjoy computer forensics. Now I can study it in more detail and get work experience for a career.
One aspect of events like the camp and similar security training events that is frequently underestimated is the social networking opportunities. I'm talking about the old-fashioned face-to-face kind, which can be supplemented by the Web 2.0 kind. Not only did I learn a lot from my outside-of-class discussions, but I also made connections that has resulted in me getting some volunteer experience and a team to enter the DC3 forensics challenge.
All in all, the Cyber Challenge camp is a wonderful kick-start for my career, and I'm incredibly grateful I had the opportunity to be a part of the first one.