Image: Competitors at 2019’s AU & NZ Boss of the SOC.
For the second year in a row, Cosive have finished in 2nd place AU & NZ-wide at the 2019 Boss of the SOC Day, a massive cyber security capture the flag (CTF) competition involving hundreds of competitors. The competition took place on the 25th of July.
At Boss of the SOC, teams of up to four competitors are tasked with playing the role of Head of Security at a fictional organisation investigating a recent breach. Teams must use Splunk to traverse logs and answer investigative questions about the attack. Teams earn points for each question answered, as well as bonuses based on how quickly they complete each question.
Cosive competed alongside dozens of teams working out of the Joint Cyber Security Centre in Melbourne.
Competitors attended similar events in ten cities across Australia and New Zealand.
Cosive’s team (Andrew, James, Kayne, and Sid) finished in 2nd place with a score that fell just shy of the points tallied by 1st place winners NBN Australia. This is the second year in a row that Cosive have achieved a Top 2 finish nationally.
James Garratt, a Senior Security Consultant at Cosive, participated in the competition. He says the questions at BOTS test a wide range of skills, including knowledge of Splunk, firewalls, networking, and system administration. “There’s a big mix of stuff in there. Knowing how those things work is really advantageous in terms of knowing where to look for answers, but also knowing how to interpret the data. Then, it’s about being able to wield some Splunk query skills to more quickly narrow that down and tie things together.”
James says the dataset given to competitors, though fictional, does a great job of simulating the kinds of logs you’d trawl through after a real security breach. “The organisers do a really good job of putting the data together,” he says. “It’s really realistic.”
Sid Odgers, a Senior Security Consultant at Cosive, also formed part of this year’s team. He says that Cosive’s performance in the competition is helped by the team’s shared background as “old-school” sysadmins. “We all go back as IT operators, years and years. So it’s not just security. The security skills help, but the actual nuts and bolts of it isn’t really different to other network troubleshooting. That’s probably why we do as well as we do: we’ve all got really strong sysadmin backgrounds.”
James agrees that the team’s wide-ranging technical backgrounds are helpful. “Most people have had diverse careers before coming to Cosive, and diverse in different ways. Being able to bring that diverse experience together, and point it all at one problem, is where we shine through.”
After another close result this year, the team is eager to participate for a third time in 2020.
“On some level, it’s a validation of skills,” Sid says. “You come second by about 1,000 points, out of about 30,000 points total. You come second nationally. That’s not a small thing out of a couple of hundred teams. You walk away from that feeling pretty good about yourself.”
For James—who works remotely most of the time—the competition is a special opportunity to have fun while physically working alongside his Cosive colleagues. “It’s fun to do something with a few people that I don’t get to work with that often. Everyone being in the same building is quite enjoyable. Plus, I find the actual content quite interesting. The process you have to work through to solve the challenge is fun as well.”
Another thing the team enjoys about Boss of the SOC is the atmosphere, which is casual and fun despite the competition between teams. “I didn’t get a vibe that anyone was really stressing out. It’s laid back,” Sid says. “That’s what happens when you get 100 geeks on the same floor of a building.”
Though the team is overjoyed to finish Top 2 for the second year running, they believe they’re in with a strong chance to take home the trophy next year.
“I go into the day hoping we’ll do the company proud,” James says. “There’s a lot of good people who compete, so we’ll just keep doing what we’re doing. Maybe we’ll do a little more preparation next year,” James says, cracking a smile.
Regardless of the outcome, Sid believes that participating is well-worthwhile for Cosive. “It was good fun. It’s certainly something I’d be keen to do for a third year. I think we get value out of it. It makes you think, it focuses you, and that’s a good thing.”
