NetWars Tournament of Champions Tests the Skills of the Nation’s Top Cyber Security Practitioners

Brian Musthaler
By | November 28, 2012

Posted in: Network Security Trends

Sometimes, life imitates art, and vice versa. Consider the Tom Clancy’s Net Force series of novels created by Clancy and Steve Pieczenik, and written by Steve Perry. The storyline of these books centers around a special division within the FBI tasked with combating crime on the Internet and protecting the country from untold cyber threats. If the premise sounds familiar, maybe it’s because the U.S. Secretary of Defense Leon Panetta recently gave a speech about how military engagement in cyberspace is becoming increasingly important and the threats there are significant. Panetta says the U.S. military is prepared to engage in battle, if and when necessary, in cyberspace.

If the U.S. Secretary of Defense is now talking about cyber security, it must be a big issue, and that means the country has a need for well-trained and highly skilled expert practitioners. Besides colleges like MIT and Carnegie Mellon University, where can we expect to find the best and brightest cyber security minds that are honing their skills to address the cyber challenges we face? According to Ed Skoudis, Director of the SANS Institute’s NetWars Project, these skilled experts are in the corporate world, in the military and national security agencies, and – believe it or not – in our high schools.

I recently had a chance to interview Skoudis to learn more about a skills development program called SANS NetWars.  It’s a hands-on, interactive learning environment that enables information security professionals to develop and master the skills they need to excel in their field.

Below you’ll find Q&A excerpts from my interview with Skoudis.

Musthaler: Can you give us some background on NetWars – what it is and who it’s for?

Skoudis: NetWars is a multi-level training program that helps people develop and master skills pertaining to cyber security. All of the exercises are interactive, and we award points to participants as they prove that they have mastered a skill. It’s like a video game environment where people step through the different levels. The participants learn while working through the various challenge levels, all hands-on, with a focus on the types of skills they can use in their jobs every day. The competition aspect of the learning is a friendly competition. Participants can see each other’s levels and scores, which we believe incents them to build their own scores by mastering more skills.

The SANS Institute started offering NetWars about two years ago to try to provide cyber security some extra teeth. Originally NetWars was created for high school and college students with the goal of helping build a pipeline of 10,000 or more skilled cyber security practitioners that can help defend our country in cyberspace.

Over time the military saw what we were doing with NetWars, and they really liked what they saw. Now the Air Force runs NetWars about once a month for their cyber warriors, the Army runs it about once a quarter, and we run it at SANS conferences probably five or six times a year.

Musthaler: What is the tournament aspect of NetWars?

Skoudis:  SANS Institute offers a NetWars training session/tournament over an intense several day period—usually 2 or 3 days. Most often we offer NetWars at our own conferences, but different agencies host their own, like the Air Force does. Participants go through the hands-on training, step through the experience levels, and earn points as they do so. At the end of a session, we name a “champion” of that particular tournament.

This December, we are hosting the NetWars Tournament of Champions.  We invited the best NetWars contestants from the past 20 rounds of NetWars, as well as competitors from other “capture the flag” type of competitions—things like the CDX competition that the NSA (National Security Agency) runs for the various military academies.

The Tournament of Champions is an interactive challenge that is a mixture of defensive, analytic, and offensive skills. It’s not a one-trick pony. If a participant is really good at just one skill, they’re not going to do well at this event. Participants need to have a broad range of cyber security skills, and that’s why we’re pretty excited to find who is going to come out on top.

Musthaler: Earlier you talked about NetWars originally being for high school students. Will they be participating in the Tournament of Champions?

Skoudis:  The Tournament of Champions event in Washington, D.C., is going to have the champions from the previous 2 years. Plus, it’s also going to have 15 of the best high school competitors who competed in the Cyber Foundations competition that, in fact, we’re running now. One of the things that we’re trying to do is to get these high school students really excited about cyber security. They will be participating with professionals and military personnel, and they’ll get to see how it works. We recognize that they don’t have all the experience and skills the other participants have, so we’ll be providing them some special coaching so they don’t feel too intimidated.

Musthaler:  I was going to ask about that. Obviously these students don’t have the training and background that a professional would have …

Skoudis:  Don’t underestimate them. Many of these kids are good! Really good!

Musthaler:  How do IT professionals get involved in NetWars?

Skoudis:  They can participate in NetWars for free by attending a conference where we offer NetWars such as at SANS conferences as well as the EDUCAUSE Conference, and the Joint Warfighting Conference.

Musthaler:  For people who participate, and those who place fairly high in the competition, what do you think this does for their employment outlook or professional status?

Skoudis: It really helps. It gives them bragging rights among the cyber security and tech community. I’ve seen some folks start to put it on their credentials and resumes. We’ve also seen some of our best military NetWars participants earn some serious promotions.  Beyond the military, there are several private sector participants that did well in NetWars, and they’re really doing well in their careers and putting this stuff on their resume. It’s exciting to be able to help find these people that are so good and to watch their careers really pop.

Musthaler: Have you heard of any employers that may be looking for people who have won, placed or even just participated in a NetWars competition?

Skoudis:  In fact, I have. There’s a bank that sent me an email saying, “Hey, we’ve heard some people did very well in NetWars. Can you direct them to us?” Also, there was a Silicon Valley software company that said the same thing to me: “We’re interested in people who did really well in NetWars. We need someone who can operate at a Level 4 skill set.”

Musthaler:  For the average IT professional who may want to get involved in a NetWars tournament, what skills should they have before they engage in this?

Skoudis:  They should have foundational computer skills. Specifically, they should know networking, operating systems, especially Linux, and the fundamentals of how Linux is put together. They should understand Linux file systems and where things like browsers store things in the file system. No scripting knowledge is required. You can get through Levels 1, 2 and 3 without scripting knowledge. However, by the time you get to Level 4, it really helps to understand some scripting such as Python, or Pearl, or JavaScript, or some combination thereof.

Musthaler:  Do you attract security professionals doing hardening, as well as penetration testing?

Skoudis:  Most definitely, and that’s an important thing. While we call it NetWars, some people get into this mindset that it’s all offensive, all pen testing centric. But if you look at NetWars itself, it is a blend of defensive – meaning system hardening and just really good secure system administration, analytics, malware analysis, forensic analysis – and offensive, being vulnerability assessment and penetration testing. We try to balance it across the spectrum. Not any one area dominates. As such, your general security practitioner, system hardening person, or even a security focused system admin would find value in these events.

Musthaler:  How often is the content refreshed? There are always new vulnerabilities, and cyber security is changing so rapidly.

Skoudis:  We’re constantly building new content. On a monthly basis we’re adding new capabilities, features and challenges to NetWars.  Some of the stuff we’ve added recently includes forensic analysis, memory analysis of memory captures of infected machines, machines infected with things like Stuxnet. We’re incorporating a lot of malware analysis. We have some huge new things coming in the future of NetWars, like SCADA and smart mobile devices.

Musthaler: Do you engage partners like security vendors in providing ideas on real-world scenarios?

Skoudis:  We have worked with companies to create this content. We’ve also received input from some of the banks and government agencies as to what goes into NetWars. They’ve also helped to create and beta test some of the content.

Musthaler: You sound excited about what you are doing with NetWars. How would you summarize what you are trying to do with these events?

Skoudis: Yes, my team and I are very excited about what we are doing with NetWars. It’s amazing what these people can do. Summing it up, we recognize that there is a giant security skills deficit that the country faces, and we’re trying to do our part to help with it. Second, we’re trying to help people with their careers; and more importantly we’re trying to foster the next generation of cyber security experts with our high school programs.

Musthaler: Where can people learn more about SANS NetWars?

Skoudis: They can visit our website at

You May Also Be Interested In: