DSD, Telstra join forces to lure security talent

The Federal Government and Telstra have again joined forces to hold a 24-hour cyber security competition with the aim of luring the best IT graduates to work for them.

The main DSD, Telstra and CERT hub.

The cyber security challenge, held yesterday, is an initiative of the Prime Minister and Cabinet and a joint partnership between the Defence Signals Directorate (DSD), Telstra and CERT Australia.

A fictional situation and network is created for the event: security vendor Synergistic Cloud Computing has consulted an external security agency (teams of four, from universities and TAFEs across Australia) with fears the popularity of its Very Secure Transfer Protocol product will make it a target for hackers.

Participants are then given 24 hours to undergo a range of tasks including penetration tests on a web application and network, analysing the company’s product source code and checking for vulnerabilities.

The DSD built the virtual environment for the fictional company on Microsoft technologies and IBM servers, hosted by Telstra in one of its Melbourne data centres. Participants log in via VPN and attempt to complete the range of tasks given and detect vulnerabilities inserted into the network by DSD staff.

Four DSD workers, two CERT Australia staff and 10 Telstra employees were allocated to the task.

Telstra’s new chief information security officer (CISO) Mike Burgess, formerly the long-running cyber security deputy director of the DSD, said while it was a reasonable expense in terms of staff effort, it was worth the financial cost to get good people on board.

“Absolutely we are after good talent. We’d love them to think ‘maybe a career in cyber security is interesting, I’d like to do that for a living’,” Burgess said.

“There’s a bit of healthy competition between Telstra and the Government in this regard. The fact that we’ve come together to collaborate shows we’re in competition for staff, but we’re collaborating [on the initiative]."

He said a big market for good cyber security professionals and a short supply of skills was making it difficult to find talent.

“We’re trying to encourage those guys and girls [in a standard IT course without a security specialisation] to think about a career in cyber security. And ultimately, Telstra, DSD and CERT Australia would love to recruit them.”

Staff wanted

As a result of last year’s competition, DSD took most of the winning team, a University of NSW squad, on for work experience over the summer. The department expects those students will apply for jobs at DSD after graduating, Burgess said.

Telstra did not take on any new staff from last year. This year, the telco is well equipped to make new IT security hires thanks to its recent billion-dollar deal with Defence, Burgess said.

He said he would employ as many appropriate workers as arose from the competition. 

“If I find ten good people, we’ll give all ten a job. There is actually demand.”

Telstra’s internal security workforce is a 200-strong team. The infosec professionals are spread across states, mainly located in the telco’s security operations centre in Canberra and global operations centre in Melbourne. The security division works on protecting both the security of the telco and of its customers. 

It fends off between 50 and 100 attacks on the telco a day, Burgess said. But how often hackers get through was unknown.

“We get a whole range of activities coming from individuals, criminals, protest groups, up to high-end espionage. Most are pretty easy to bat off, but some are quite complicated. But we’ve got their mark and can stop them,” he said. 

“If you have a really good hacker, you don’t know the techniques they are using. So we do all the basics and we’re there detecting the unknown. The security industry is good at saying ‘here are all the vulnerabilities and here are the techniques’, so we cover the known,” Burgess said.

The University of NSW this year secured the winning spot for the second time in a row, and also placed teams in second and third position.

The winning team will be taken to the July Black Hat conference in Las Vegas as a guest of Telstra, while second and third place getters will get a choice of the latest smartphones and tablets.