Hacker
HTB on the 401 Access Denied Podcast: Hacking Gamification and E-Sports
HTB’s Head of Content Innovation, Ian Austin, had the privilege of joining Joseph Carson at the 401 Access Denied podcast to discuss the impact of gamification and e-sports on cybersecurity.
Table of Contents
- Q/A Overview
- Can you tell me a little bit about you?
- We have a huge challenge in the industry with a massive skill shortage with millions of unfilled positions, what can we do to address this issue?
- How is gamification changing the way people develop skills and learn in the security industry?
- For cybersecurity events, what types of CTF (Capture The Flag) formats are available?
- What is the difference between machines and challenges?
- How hard is it to create new CTF machines?
- What type of prize money is up for grabs?
- Does it get very competitive between hackers?
- How does Hack the Box help students and universities get interested in cybersecurity?
- In Hack The Box can you explain what the difference between fortresses and endgames are?
- How global is cybersecurity gamification?
- How can companies get value out of cybersecurity gamification?
- Do you think this will turn into a sport such as E-Sports?
HTB’s amazing Head of Content Innovation, Ian Austin, recently had the privilege of joining Joseph Carson and the fantastic team at the 401 Access Denied podcast to discuss the impact of gamification and e-sports on cybersecurity upskilling and breaking into the security industry.
Hacking has become the new gaming, and here at Hack The Box we've been paving the way for gamification in cybersecurity training. Research has shown that gamification tremendously helps the learning and retention process. Here’s a look at Ian’s thoughts on the topic!
Q/A Overview
Can you tell me a little bit about you?
I head up the innovation and R&D functions at HTB, and love to create content while sharing with and learning from the cybersecurity community. My previous roles include system administrator (build), penetration tester (break), and security engineer (fix).
We have a huge challenge in the industry with a massive skill shortage with millions of unfilled positions, what can we do to address this issue?
We’re currently at the intersection of cloud and security, and we’re seeing that not only is there a huge demand for qualified professionals with cybersecurity skills, but also for cloud security knowledge. Individuals can upskill with platforms such as Cybrary and Hack The Box outside of a traditional university education. As long as you have the curiosity, drive and desire, you can use Hack The Box to gain the skills you need for a successful career in infosec. HTB Academy has a huge range of beginner-friendly courses to get you started. It’s also important that those already in the industry continue to promote cybersecurity as a rewarding and satisfying career choice.
How is gamification changing the way people develop skills and learn in the security industry?
Gamification enhances a hands-on approach to learning, making it fun and helping you to better retain learned skills. With gamification, learning isn’t a series of checkboxes, but a fun and engaging way to upskill. Research has shown that if you are engaged in your learning, gamification can help you learn and perform even better.
While not related to gamification specifically, further research has also shown that the processing difficulty effect allows you to more effectively recall learned skills. When our brains have to work harder to learn something or overcome a problem, it becomes much easier for us to retrieve this learning at some point in the future! This is why exploratory learning is a very effective learning tool, once you have a base of core knowledge. This is also why we’ve developed HTB to cater to different learning styles and experience levels. The guided learning in HTB Academy is very useful for building a body of knowledge, which students can attach unfamiliar concepts to.
Now is a great time to level up your skills, whatever your current level. Learn something specific like new programming languages or exploit development, or start from the basics with resources such as HTB Starting Point.
For cybersecurity events, what types of CTF (Capture The Flag) formats are available?
Jeopardy is the most popular type and great for people just starting out. It can cover all sorts of different categories like pwn, reversing, crypto, forensics, mobile, and even hardware, which Hack The Box have been leading the way in. This allows players to test their knowledge in and upskill across many areas of cybersecurity. There are also fun tournaments such as the HTB Hacking Battlegrounds, which provide the ultimate gamified heat-of-the-battle experience.
What is the difference between machines and challenges?
Challenges are smaller than machines and focused on a specific skill set or topic. With machines, you have different problems to solve, and they moreso replicate traditional pentests which involve multiple steps or phases.
How hard is it to create new CTF machines?
It can be challenging, but it’s also a great way to learn through research and developing content. Learning something new by creating a CTF machine can be really fun and rewarding, no matter where you’re at in your cybersecurity journey.
What type of prize money is up for grabs?
Prize money from CTFs can be lucrative, but you can also get paid decently (while sharing your knowledge with the community) by creating content like CTF machines and submitting them to HTB.
Does it get very competitive between hackers?
Yes it can get very competitive, but it’s also a supportive environment with people of different skill levels collaborating and learning from each other.
How does Hack The Box help students and universities get interested in cybersecurity?
Hack The Box partners with hundreds of universities around the world, providing materials that supplement their courses and curriculum, providing students with a safe environment in which to practice their skills. We also host the amazing annual HTB Uni CTF, giving universities all over the world the opportunity to compete against each other!
In Hack The Box can you explain what the difference between fortresses and endgames are?
Companies can submit fortresses, which are a great way for companies to identify the best hackers as potential candidates, as well as for skilled hackers to get noticed by potential employers. Endgames, on the other hand, are submitted by the community or internal HTB team members.
How global is cybersecurity gamification?
If you have a computer and access to the internet, anyone can learn cybersecurity through gamification platforms such as HTB. You only need the desire and curiosity to be successful. Another example of global gamification is HTB meetups all over the world, which is a great way for local communities to come together, socialize and learn, while having fun.
How can companies get value out of cybersecurity gamification?
Gamification makes continuous learning fun! Companies can use resources like the HTB Enterprise platform to identify and retain cybersecurity talent. Whether you are looking for a fun CTF competition for socializing with your teams and seeing who tops the leaderboard, or looking to assess candidates, Hack The Box gamified hacking has you covered.
Do you think this will turn into a sport such as E-Sports?
Absolutely, hacking is the new gaming! People are watching beginner and pro hackers on live streams. It’s interesting and beneficial from the spectator point of view to listen to them narrate their thought process. It’s only a matter of time before hacking becomes a recognized e-sport!
To listen to the full podcast episode, check out https://thycotic.com/podcast/43-gamification-ethical-hacking-esports-ian-austin/
