Q&A With Former eCTF Competitor: Ben Janis MITRE’s Embedded Capture the Flag (eCTF) competition provides student competitors with the invaluable hands-on experience of creating secure embedded systems and then learning from design vulnerabilities as they attack other systems. Today we met with engineer and former eCTF competitor, Ben Janis, to learn more about his experience in the competition.
How did participating in eCTF affect your career path?
It taught me the skills and the mentality that I now use daily. You can learn about cybersecurity in class, and you will think you understand the concepts. But, when you’re trying to design a secure system with functional requirements and platform constraints, most of the classroom learning goes out the window. You’re faced with the complexity of the system and implementation, and you need to think like an attacker. Participating in eCTF prepared me for that.
What was the most valuable part of the competition?
The eCTF puts participants through the experience of trying to design a secure system and then learning from your errors as they are revealed in the attacks of others. In the real-world environment of the eCTF design phase, you experience the nitty gritty details of the difficulties of implementation. For example, if you intended to use an RSA token, and it ends up running to slowly or is too large to fit on the microcontroller, you are forced to adapt your design on the fly.
Once you make it to the attack phase, you switch perspectives from defender to attacker and the competition seems completely different. While analyzing other teams’ designs, you start realizing mistakes that you made. At the same time, other teams attack your system, poking holes in the design you created. After long hours of work to create a secure system, it is painful to see the flaws, but the learning is unbelievable.
The setting is the closest thing to the real world of vulnerability discovery and exploitation that I have ever seen. Unlike classroom assignments on embedded security design, in eCTF there are no known or expected solutions. Whether it’s a cryptographic weakness, an implementation error, or a vulnerability to hardware attacks, you will be finding fissures in designs intended to be secure, which is exactly how it works in the professional world.
What do you remember most about eCTF?
The memory that sticks out the most to me as an eCTF competitor is getting to meet the other teams at the Award Ceremony. It has a great atmosphere because everyone has spent a full semester communicating on Slack and looking at and breaking each other’s designs. We get to learn more about the interesting attacks and defenses that other teams devised and also spend time meeting and networking with the organizers and other competitors.
Why do you recommend that other students participate?
Although I didn’t know much about cybersecurity or embedded systems going in, I ended up falling in love with both. I made plenty of mistakes along the way, which I learned from and remember. I recommend that students participate in MITRE’s eCTF competition because I learned more from participating in the competition than in any college course. And I had a lot of fun doing it. If you are competitive or at least like to build and break things, this is an excellent competition for you.
Do you think that this competition helped you find your career?
I am now a senior embedded security engineer for MITRE, working with leaders I met during the competition. I found mentors while I was learning my way through the competition. Even though my team did not win, I did. I am glad that this year’s competitors will be able to meet even more companies.
Now in its sixth year, MITRE’s eCTF includes sponsorship opportunities! Sponsorship provides a direct path to top tier talent in the critical fields of computer science, engineering, and cybersecurity. This level of access advances the security talent pipeline and increases brand visibility.
For more information and to learn about registration or sponsorships, visit https://mitre-engenuity.org/growing-impact/ectf-embedded-capture-the-flag/.
© 2022 MITRE ENGENUITY. APPROVED FOR PUBLIC RELEASE. DOCUMENT NUMBER ME0055.