Start Your Career In Cyber

Simon Fraser University
Surrey Campus

The Next Regional Competition Starts In

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Start Your Career In Cyber

You Can't Get a Job Without a Resume...

And you can’t build a resume without a job.
Break that cycle!
Earn a real cyber job working with top cyber professionals.
Full time & fully paid. You won’t be working a helpline or fixing printers. 

One-Day Event in Your Region

Cyber*Sci is Hacking in the morning, interviews in the afternoon, and summer job/intern/co-op offers  by supper. Full-time positions may need follow-up interviews later in the week.

Win National and International Travel

Winners in each region advance to CyberSci national finals, and top teams there go on to represent Canada at international events – in Prague, Vienna or Athens.

h

Eligibility and Rules

Regional events:  Participants must be
1.)  full-time students at a Canadian university or college and  2.) must be eligible to work in Canada.
National finals: You must also be a Canadian citizen or landed immigrant.

Got an Elite Team Already?

Prove it.  Come and compete against the best in the Canada, Europe, and the rest of the world.

u

Just Beginning?

Cyber*Sci is a great place to start. There will be mentors and coaches. This is a fantastic learning opportunity.

Who Can Send a Team?

Cyber*Sci welcomes Canadian college and university teams. Up to 4 members per team. 2 teams per school.

Registration

Students who wish to participate in Canada’s Cyber Security Challenge cannot register directly through our site.
You must register through your school in order to verify that you are an eligible post-secondary student.

Find a list of all eligible schools and see registration info here.

If your school is not listed, contact one of your professors to inquire about having your school register to participate in the Challenge.  Unfortunately, we cannot register you or your school without having a teacher or official student club contact us.

Background For Students

If you’re looking for a great job in this field, and if you’ve done a few courses and practiced some skills, then this is the event for you. The sponsors hiring at this event are not stuck on your resume, they are looking for people who can show they’ve got talent. You can break out of the trap of “can’t get a job due to no experience, and can’t get experience due to no job”. This is your chance to break into a career in cyber security!

Your future responsibilities

You will work on live cyber security projects with supervision and coaching from experienced security professionals in a full-service IT security department.

You will get real-world experience and have the opportunity to work with and receive training from members of teams such as:

  • Cyber Operations: Security monitoring and security device management services.
  • Security Assurance teams: Vulnerability management, security assessment and pen testing services.

    You are a team player with a strong interest in cyber security who can plan and organize work and react quickly to change. You provide consistent attention to detail and monitor the quality of your work. You are also able to manage protected and confidential documents and information. As well, you possess strong written and oral communication skills.

    Responsibilities may include:

      • Performing vulnerability management testing of information systems and applications
      • Producing written and analytical reports and dashboards on key cyber risks
      • Monitoring security alerts of potential hacker attacks detected by security systems such as: Intrusion Detection & Prevention Systems (NIDS/NIPS, HIDS/HIPS, WIDS), Log Monitoring, File Integrity Monitoring and SIEM
      • Investigating and reporting on potential security incidents
      • Assisting with IT security investigations, exercises and tests
      • Identifying and notifying organization of discovered security threats
      • Providing recommendations to clients to assist with eradicating discovered threats

    Must possess:

      • An interest in the cyber security field
      • Solid skills with Linux commands and/or Windows PowerShell
      • A moderate to advanced knowledge of networking protocols and configuration gained from class work, labs and probably hours of tinkering with your home network (physical or virtual routing and switching)
      • Perhaps some experience with cyber challenges (CTFs) either in person or online
      • A strong desire to learn and grow while working alongside highly experienced members of a well-established IT security

    For the Cyber*Sci regional event in 2021/22, the following skills will be useful:

    Networking fundamentals
     – How a network device communicates over TCP/IP.  (first 4 layers of TCP stack)
     – Network commands and tools
     – Nmap, including outside of local subnet.
    HTML / Web servers
        – Understand web exploit techniques such as SQL injection, file includes, command injection, directory traversal.
    Basic SQL
        – Show, describe, enumerate databases and tables.
        – Basic “Select” statements and wildcards.
    Forensics
        – Memory Analysis
    Reverse engineering
       – and beginner binary exploitation
    Cryptography
       – Knowledge of cryptographic algorithms and their weaknesses
    Application vulnerability analysis
    Latest Security News
       – Following of security news and known vulnerabilities

    Hacker Tools and Techniques
       – So many!  But at least how to create and interact with a reverse shell.

    Basic programming skills

    Not these…
    For our Regional cyber challenges, you will not needs these skills:
     – No interaction with routing protocols (RIP, BGP, OSPF, etc.)

    And remember
      –  It’s a hacker event; there will be surprises… and no apologies!

     

      Suggested Resources for Learning IT Security

      To Get Started:
      1. Build a home lab. Any PC or laptop with an i5 and 8GB of memory will be excellent, but you can get away with even 4GB for two Linux VMs.
      2. Try some exploits Install VMware Player or Fusion then add a Kali VM for an attack platform and Metasploitable 3 as a victim.  (Get help online.)
      3. If you have time, try some of the blogs, books or news feeds from the list below. Pick the one you like best, and keep up.

      Books:
      The Hacker Playbook 3
      Linux for Hackers
      Rtfm: Red Team Field Manual  (Older, but still useful)
      Kali Linux  (Finally, a newer Kali book. 4.5 stars)
      The Web Application Hacker’s Handbook  (Older than the dinosaurs, but no one has even tried to do a better one – beginner and intermediate)

      News:
      The Hacker News (Points to latest news stories. Find what you’re interested in and navigate to the original stories)
      risky.biz  (Easy-listening weekly podcast. More professional and credible than any other)

      Online challenges & training:
      Hack the Box  (Freemium)
       – Hack-the-Box Walk-Throughs  (Saved write-ups for HTB)
       – Hack-the-Box Meetups  (Live monthly workshops to solve HTB with others)
      TryHackMe  (Hack the Box alternative)
      Virtual Hacking Labs  (Paid)
      Offensive Security (OSCP)  (Top of the line, but expensive!)
      https://www.blackhillsinfosec.com/blog/webcasts/  (Free webcast & training)
      https://portswigger.net/web-security  (Free training)
      https://pentesterlab.com/ (Paid)
      https://www.wizlynxgroup.com/pwntilldawn-ctf/ (Free)

      Build a home lab:
      – VMware Player is free.  Run 3 full, or 10 small VM’s on a PC or nice laptop.
      – VMware Workstation costs a few hundred $ and adds more networking support.  Free for students.
      – VMware ESXi is free, highly professional, and will help you in corporate IT Centers where real companies with massive installations use VMware all the time. You must be able to work in a VMware environment if you want to be a pentester.  However, you need to dedicate a computer to build an ESXi server. HapiRat runs 32 VM’s and 20 virtual networks on ESXi using an i7 box with 16GB mem.  http://hackingaway.org/small-esxi/  Any PC or laptop with an i5 (or i3 with multi-thread support) and 8GB of memory will be excellent, but you can get away with even 4GB for two Linux VMs.

      Tools for your home lab:
      https://www.kali.org/  (Includes nmap, Metasploit, ncrack, john-the-ripper and many other important tools!)

      Add or import some vulnerabilities to your home lab:
      https://www.vulnhub.com/

      YouTube Channels:
      Ippsec 
      TCM
      Nahamsec

      Penetration Testing is a great career, but it’s not easy to get into. 

      Your best shot is to take a job – any job – in cyber, to get experience.  And while you’re doing that, try completing this training path. It was compiled by someone who recently rocketed very quickly from first cyber job to full time pen tester in just three years.  She still has a lot to learn, but this is definitely the path.

      Some steps are free or low cost.  Others are expensive – but for a reason.  If you have a job in cyber, your employer might pay.

      Introduction to Pentesting:

      1. Practical Ethical Hacking – The Complete Course: https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course
      2. Linux Privilege Escalation for Beginners: https://academy.tcm-sec.com/p/linux-privilege-escalation
      3. Windows Privilege Escalation for Beginners: https://academy.tcm-sec.com/p/linux-privilege-escalation
      4. TJ_Null’s list of OSCP Like boxes (HackTheBox, TryHackMe, VulnHub, etc.): https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview
      5. OSCP Certification: https://www.offensive-security.com/pwk-oscp/

       

      Active Directory Pentesting:

      1. Attacking and Defending Active Directory: https://www.pentesteracademy.com/activedirectorylab
      2. OSEP: https://www.offensive-security.com/pen300-osep/
      3. Advanced Red Team Lab: https://www.pentesteracademy.com/redteamlab
      4. Global Central Bank: An Enterprise Cyber Range: https://www.pentesteracademy.com/gcb

       

      Introduction to Red Teaming (with Cobalt Strike):

      1. CRTO: https://courses.zeropointsecurity.co.uk/courses/red-team-ops
      2. Raphael Mudge’s YouTube videos: https://www.youtube.com/watch?v=q7VQeK533zI

       

      Web Application Pentesting:

      1. Web Application Hacker’s Handbook: https://www.amazon.ca/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
      2. PortSwigger Web Security Academy: https://portswigger.net/web-security
      3. OWASP Top 10: https://owasp.org/www-project-top-ten/
      4. OWASP WSTG: https://owasp.org/www-project-web-security-testing-guide/
      5. OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/


      Programming:

      Great skill to have.  No time to describe here, but programming skills are extremely useful / very necessary!  Especially .NET and Python.

      Reverse Engineering, Steganography, other CTF Challenge Skills:

      Not here.  On purpose.  These are tons of fun, and build computing knowledge.  But none of these are part of penetration testing.

      (Last updated: May/22)

      Video of Regional Hiring Event

      Top Schools Participate