Hello! My name is Carl, and I work as the Head of Security here at KRY.
That means I am responsible for all things security, from making sure our systems and infrastructure are properly designed and hardened, to being involved in making sure our processes and organization have proper security measures. I work closely with the developers as part of our RnD team in everything technical and with our legal team, and other team leads on matters of processes and routines.
Since about 2,5 years ago, when I started my last job, I have been a member of a capture the flag, CTF, team called HackingForSoju.We are around eight active players with as many additional ex-players still hanging around. All of us are IT security professionals or students with otherwise very varying backgrounds.
We're going to Bucharest!
Recently I took a short vacation to go to Romania and participate in a hacking competition. Our team managed to take second place in the qualifiers for DefCamp IT Security Conference and got invited to the finals in Bucharest. Three teammates and I flew down the day before the competition.
I managed to oversleep and had to rush straight from the bed to a taxi to catch the plane on time. Last Wednesday we arrived in a cloudy and rainy Romania and spent the day preparing at the hotel by going through previous challenges and looking at useful tools.
So what kind of hacking competition was it and what team am I talking about? CTF competitions are about testing your knowledge in IT security and hacking, similar to a programming or mathematics competition.There are a few formats, but by far the most common is what's called "Jeopardy Style". In this kind of competition, the organizers create some challenges in various categories. One such challenge might, for example, be to hack a website the organizers have created which contains a specific security flaw.
It started on Thursday at lunch and went on for 24 hours. We had a decent start quickly claiming a top three spot, followed by a languid evening and early night. Towards the morning we finally managed to get it together and finish a few challenges.
After being awake for that long, I usually feel horrible, and this was no exception. On the other hand, I didn't feel too bad and felt pretty happy and had a sense of accomplishment standing on the stage and receiving the trophy for third place!
After recovering with a good 15 hours of sleep, we finished the weekend with some sightseeing, great food and visited a karaoke bar until just hours before going home. Participating in these competitions is an excellent way to learn about IT security and keep yourself sharp and up to date with new technologies and techniques. Competing helps me in my daily work at Kry where I get the challenge of working with a great team in developing our product and keeping patients' data secure.