Organizations of all shapes and sizes around the globe are feeling the strain of the ongoing cybersecurity talent shortage. According to the Fortinet 2023 Cybersecurity Skills Gap report, nearly 70% of security leaders say they face additional risks because of the skills gap, and 56% indicate they struggle to recruit new, qualified talent. Meanwhile, cybercrime continues to flourish, with attackers upping their game and introducing new, more sophisticated tactics to infiltrate networks at every turn.  

To help shrink the skills gap and ensure that organizations can find the qualified professionals needed to fill crucial roles, Fortinet is committed to training 1 million people in cybersecurity by 2026. Helping to progress toward this goal, the Fortinet Training Institute partners with academic institutions to develop the future cybersecurity workforce with the skills they need to excel in the industry.

As part of this focus, Fortinet sponsored two capture-the-flag (CTF) events: Carnegie Mellon University's picoCTF (pico Capture the Flag) and the MITRE Embedded Capture the Flag (eCTF) competition.

Capture-the-Flag Competitions Offer Students an Opportunity to Demonstrate Cyber Skills

Capture-the-Flag competitions offer learners an engaging, hands-on opportunity to test their cybersecurity skills and compete against one another. The concept is simple: Participants use their hacking skills to infiltrate a network, search for intentionally placed vulnerabilities, and use those to "capture" a final string of code to prove all the vulnerabilities were located. These competitions are especially useful for students looking to put the knowledge they've learned through academic courses or certification programs to the test as they prepare to pursue a related degree or enter the cybersecurity job market.

Carnegie Mellon University's picoCTF competition is a free, global, capture-the-flag challenge created by security and privacy experts at the university. Founded in 2013, Carnegie Mellon University CyLab Security and Privacy Institute's picoCTF has been working to introduce cybersecurity to the future workforce through its annual online hacking competition, which typically is held over two weeks and covers skills such as cryptography, web exploitation, forensics, binary exploitation, and more. The institution also provides year-round cybersecurity education content-ranging from learning guides to a monthly online lecture series-for learners of all skill levels online, as well as picoGym, a practice space where learners can solve challenges from past picoCTF events.

MITRE's eCTF competition provides participants with experience in creating secure systems and learning from their mistakes. The program differs from traditional online-focused challenges by focusing on embedded systems, which present unique security challenges. The competition runs for several months and includes both design and attack phases to offer participants offensive and defensive opportunities. This allows time for the development and execution of advanced attacks during the attack phase. Participants were asked to design and implement a key fob system for a car door lock in this year's competition. The system must protect the car from unauthorized entry and thwart attacks such as key fob cloning.

Congratulations to This Year's picoCTF and MITRE eCTF Winners

Fortinet is thrilled to recognize the 2023 winners of both the Carnegie Mellon University picoCTF and MITRE eCTF competitions that the company sponsored:

Carnegie Mellon University picoCTF Winners

Teams

• First place: redpwn, with participants from Georgia Institute of Technology, University of Maryland, and University of California Los Angeles
• Second place: UofTCTF, with participants from University of Toronto, Canada
• Third place: idk jack, with participants from University of Toronto, Canada

Individuals

• First place: University of Toronto, Canada
• Second place: University of British Columbia, Canada
• Third place: Indian Institute of Technology (Indian School of Mines), Dhanbad, India

MITRE eCTF Winners

• First place: Carnegie Mellon University, 28,158 points and 79 flags captured
• Second place: University of California Santa Cruz, 17,167 points and 61 flags captured
• Third place: University of Illinois at Urbana-Champaign, 12,586 points and 49 flags captured

Ongoing Cybersecurity Education Opportunities Will Help Shrink the Skills Gap

While many public- and private-sector organizations are working to close the cybersecurity skills gap, the 2022 (ISC)2 Cybersecurity Workforce Study shows that despite adding 464,000 security practitioners in the past year, the workforce gap has grown twice as much as the workforce. This underscores the need for enterprises to develop creative strategies when it comes to educating and recruiting new cybersecurity talent.

One of the most critical steps the industry can take to attract more qualified professionals to the field is to offer engaging cybersecurity education opportunities to students and other untapped talent pools. The Fortinet Training Institute offers many initiatives with that goal in mind. Beyond providing industry-recognized training for both existing security professionals and anyone interested in cybersecurity, Fortinet is proud to sponsor CTF competitions around the globe to support developing the cybersecurity workforce of the future.

Find out more about how Fortinet's Training Advancement Agenda (TAA) and Training Institute programs-including the NSE Certification program, Academic Partner program, and Education Outreach program-are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.