Heinz College students conquer Deloitte Cyber Threat Competition

Daniel Tkacik

May 7, 2019

In a crowded office space buzzing with chatter on a chilly afternoon in February, four people paced nervously around a set of computers. A client company of theirs was suffering from an on-going cyberattack, and saving the company was on their shoulders.

Winning team of Heinz College students holding a check

Source: Carnegie Mellon University's College of Engineering

Fortunately, the cyberattack was just a simulation, and a company's fate wasn't actually on the line. But the four people, students in Carnegie Mellon University's Heinz College of Information Systems and Public Policy, thwarted the attack and won top honors at the 2019 Deloitte Cyber Threat Competition

"These competitions give the participants opportunities to demonstrate their skills at a level that is bigger than the confines of their university," said Nishith Yadav, a student in Heinz College's Master of Science in Information Security Policy and Management (MSISPM) program and a member of the winning team. "They help you evaluate your skills and plan out the learnings that you would require to be an efficient cybersecurity professional."

In addition to Yadav, the winning team consisted of fellow MSISPM students Lokesh Nandiraju, Karttik Panda, and Sanika Sawant. Each student won $2,000 in scholarship money for their performance against 15 other universities from across the country.

This was the fifth year CMU had sent a team to the competition, and CMU's first win.

"The team had efficient technical and policy knowledge of the cybersecurity domain," said Yadav. "As the competition was based on consultation practices, it required a balance of technical and policy skills which provided an ideal ground for the team to showcase their skills."

These competitions give the members opportunities to demonstrate their skills at a level that is bigger than the confines of their university.

Nishith Yadav, student, Heinz's Master of Science in Information Security Policy and Management (MSISPM) program

The competition, which spanned two months and ended in February, consisted of three rounds. First, teams tested their cybersecurity prowess in an online cyber competency quiz. Next, teams participated in an online wargame scenario, acting as consultants to a client company victim to a cyberattack unfolding in real-time. Finally, teams presented their findings about the cyberattack to a fictitious panel of company executives.

“In the first rounds, we test their technical cyber chops, but the final round is quite different from most cyber hackathon competitions, as we also test their business acumen,” Anthony Russo, a Cyber Risk Services principal in Risk and Financial Advisory at Deloitte & Touche LLP, said in a press release.

Panda is graduating from the MSISPM program this semester; the other three members of the winning team will graduate Spring 2020. All four are interested in cybersecurity consulting with the Big Four accounting firms – Deloitte, Ernst & Young, KPMG and PricewaterhouseCoopers.