Historically, the cybersecurity industry has been overwhelmingly male. A report by Cybersecurity Ventures said that in 2019, females represented 20 percent of the global cybersecurity workforce, up from 11 percent six years earlier. From the perspective of needing to build highly diverse teams to tackle highly diverse, complex problems, this is not good news.
This is precisely why the CMU team behind picoCTF, the educational platform aiming to bring more people into the field of cybersecurity, made sure its platform was present at this year’s conference for Women in Cybersecurity (WiCyS), a global community dedicated to bringing women together to celebrate and foster their passion and drive for cybersecurity.
“Our goal is to increase female participation in Capture-the-Flag (CTF) events because we understand the educational value that these events offer to enhance and polish cybersecurity skills,” says CyLab’s Hanan Hibshi, an assistant teaching professor in the Information Networking Institute (INI) and a faculty advisor to picoCTF.
... we understand the educational value that these events offer to enhance and polish cybersecurity skills.Hanan Hibshi, assistant teaching professor, Information Networking Institute
The picoCTF team—composed of students in the INI—hosted a workshop at WiCyS in which attendees learned about how to participate in CTFs as well as how to create challenges for CTFs. At its conclusion, participants were asked to design and submit their own challenge within 24 hours, after which the picoCTF team would select and announce three winning challenges. Over 150 people participated in the workshop.
“Only three were named as winners, but there were so many amazing and creative CTF challenges submitted,” says Hibshi. “Regardless of whether they won or not, all challenges are eligible to be included and deployed in picoCTF platform, and the challenge creators’ names will be recognized as such.”
The team also ran a mini competition using the picoCTF platform and received participation from over 200 women at the conference. CTF events tend to be informal gatherings where competitors bring their laptops to the CTF venue, work on the competitions while chatting, sharing jokes, eating, and listening to music. Not everyone in the venue were competing; some WiCyS members came hang out, learn about CTFs, and network with colleagues.
“We had an amazing presence from WiCyS participants who were gathering to chat, work on their challenges, and have fun networking with cybersecurity colleagues,” Hibshi says. “This experience has been amazing. The CMU team made an impact during WiCyS and helped encourage many amazing, bright women to start using CTFs as a skill-building tool.”
Both the INI and the Software Engineering Institute (SEI) served as sponsors of this year’s WiCyS conference.