Ready to Rumble: US Women's Cyber Team Preps for Global CTF Contest

Source: Dmytro Sidelnikov via Alamy Stock Photo

Do they have what it takes to capture the flag?

The 12 members of a new cyberteam will find out this fall, when four international teams meet at the Kunoichi Cyber Games to see whose cybersecurity athletes have what it takes to win in an intense cyberskills tournament. These cyber athletes will have to demonstrate their mastery of forensics, Web security, reverse engineering, binary exploitation, and cryptography in competition at the 2024 Code Blue Conference, Nov. 14 to 15, in Tokyo.

The cyber athletes come from across the United States. Some are college students, participating in their first cyber-gaming competitions. Others are cybersecurity professionals, who have been working in the industry. All of them are women.

The Women’s Cyber Team will be officially commissioned at Cybersecurity Career Week, an event sponsored by the House Cybersecurity Caucus, NICE, and SANS, in Washington, DC, on Sept. 19, kicking off the cyber season of competition for the fledgling team.

The US team will take on the teams from Japan, the United Kingdom, and the European Union during the competition. Five members and two substitutes will compete for eight hours in a capture-the-flag (CTF) contest, as well as an attack-and-defense competition. Each team member has a specialty area of focus and a subspecialty.

Developing Skills, Confidence

The team is helmed by cybersecurity gaming veteran Ken Jenkins, CTO of Cymonix. A participant in many CTF and cyber tournaments held over the years, Jenkins was the head coach of the co-ed US Cyber Team in season 2 and the assistant head coach in season 3. The co-ed team is preparing for season 4’s international competition later this year in Chile.

For Jenkins, cyber gaming gives athletes the ability to flex their cyber muscles while developing skills and confidence – without their activities posing a threat to any actual business operations.

"I think it really helps overcome imposter syndrome. It’s also very validating of skills. They help you identify gaps and weaknesses. It also brings you together in a very safe place where you can make mistakes, and it doesn’t cause a business outage, he says. “I remember days of defending a network where I did the same 30 things, right? I logged into this system, checked these alerts, did this, analyzed this file. Wash, rinse, repeat, for weeks on end.”

Gamers, however, get the ability to reverse engineer a piece of malware or participate in red-team engagements that give them a plethora of new skills that they don’t get to exercise every day.

How the Team Came Together

Choosing the 12 competitors for the team was no easy task, notes Chelsie Cooper, the team’s assistant head coach and a senior intelligence analyst at CrowdStrike.

Around 50 hopeful athletes participated in season IV of the US Cyber Open CTF in June. This initial pool was then culled to a smaller group based on an assessment that included scores from participating in any of the National Cyber League or US Cyber Open competitions. A smaller pool of candidates were interviewed, and their soft skills were as important as their cybersecurity chops, focusing on leadership and communication skills.

“All of that came together in a very, very, very hard decision to only pick 12 of them because of all of them, they are very talented – well beyond their years,” Cooper says. “They are going places.”

Cooper’s role as assistant head coach isn’t to motivate the team, she says, because they’re already incredibly driven. Rather, the focus is on strengthening existing skills and identifying knowledge and skills gaps.

“It’s more so of a mentoring opportunity for us than it is anything else because they have the talent and they have the drive,” she says. “We’re just there to help guide them along the way to the competition.”

Leading up to the November competition, the team has been holding biweekly virtual office hours with the coaches, discussing logistics and working on competition skills. Each team member also has a buddy. The older, more experienced players who have competition experience are mentoring younger members to bolster their weak spots and build confidence.

Building a Talent Pipeline

While the co-ed US Cyber Team is for players ages 18 to 25, this new team recruited women ages 18 to 29 for the first year in an effort to build a pipeline of experienced women who could serve as coaches and mentors for future teams, says US Cyber Games Commissioner Jessica Gulick.

“In our field, with cyber games, even though you know cybersecurity and you’re a cybersecurity professional, it doesn’t automatically make you a good player for the game,” Gulick says. “So having that experience is incredibly valuable.”

The US Cyber Games program is in its fourth year; the co-ed team has 30 athletes, three of whom are women. Two of those women are also on the US Women’s Cyber Team, including Shiloh Smiles, 24, a graduate of The Citadel in Charleston, SC. Smiles is pursuing a graduate degree in computer and electrical engineering at George Mason University, while also working as a penetration tester for the US Navy.

For Smiles, the women’s cybersecurity team offers a unique opportunity to combine a skill-building competition with social ambassadorship – and a way to make friends who share a common interest and will face some of the same workplace challenges. Women make up less than a quarter of the cybersecurity workforce.

“Working in the military community, there are not many women, so it’s very rare that I meet another woman who is technical,” Smiles says. “That’s been the best part of the team so far – to meet 11 other women who are highly technical. I just think it is super-duper cool. And we have the upcoming competition in November, which is going to be an all-women competition. So that’s another opportunity to meet women from all over the world that are, again, highly technical. That’s definitely what I’m most excited for – the networking in the community.”

For 19-year-old Sarah Ogden, a student at Northern Kentucky University and one of the team’s younger athletes, the opportunity to learn and develop her cybersecurity skills has been a motivating factor. She had participated in CTFs in the past, so she jumped at the chance to join the team – and travel internationally. Ogden says she is looking forward to checking out the variety of vending machines in Tokyo, but when it comes to the games itself, she is keeping her expectations in check.

“What I’m most looking forward to is trying to learn as much as I can,” Ogden says. “I feel like my expectations are kind of low, so I’m not trying to stress myself out too much, just doing our best.”

Head coach Jenkins would love for his team to come in first place in Tokyo, but winning isn’t the only focus.

“We’re really more focused on bringing the countries together, bringing the women together, having them share their experiences,” Jenkins says. “I used to be dead-set on, ‘We have to win, right?’ But it’s not the only thing that matters in this inaugural year.”

About the Author

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master’s degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.