In three months’ time, more than 400 cyber security students will fire up their machines and attempt to penetrate the systems of a fictional start-up incubator before the end of 24 hours.

For the first time, those tasked with attacking the company will come face-to-face with a similarly motivated team of defenders working to keep the ‘bad guys’ out.

In its sixth year of operation, the Cyber Security Challenge Australia (CySCA) – a joint effort to nurture the country’s next generation of cyber security professionals – is expecting its biggest participation yet.

The competition has grown steadily since its inception, from 40 students in 2012 to just under 300 last year, and an anticipated 400+ this coming October.

Telstra – one of the program’s sponsors – has built an entirely new technology platform for the 2018 CySCA to handle the growing volume of participants.

The new platform is made up of seven blade servers able to accommodate as many as 24 teams each – four times the capability of the previous platform.

Each team will be given its own set of virtual machines to work on, as well as a VPN endpoint to connect into their game environment from their university or TAFE base. Team environments are kept isolated from each other to prevent any dodgy behaviour from competing teams.

Cyber Security Challenge Australia (CySCA)

The challenge

Racing against the clock, players will work to solve a main challenge as well as a series of puzzles and problems in order to win points. The team with the highest points wins the overall competition.

They will be competing to break into – and defend – the systems of fictional start-up incubator BreakOutBox.

But while the scenario they are working with may be make-believe, the systems and technologies the students will be grappling with are very real.

They will need to demonstrate their ability to break into web applications, networks and systems; exploit vulnerabilities; work with cryptography; and perform network forensics and analysis. Players will need to be familiar with technologies and tools like Linux, Splunk, Wireshark, and Disassembler.

For the first time, students won’t only be playing the role of corporate penetration testers, assessing BreakOutBox’s systems for weaknesses and vulnerabilities by taking on the mindset of an attacker.

They will also adopt the posture of a ‘blue team’ – a posse of internal company defenders who maintain constant vigilance against attack.

The inclusion of a blue team challenge in this year’s CySCA is intended to recreate as much as possible real-world examples of the types of skills participating students will need to demonstrate to get a job in the field.

Cyber Security Challenge Australia (CySCA)


The winning teams will score a ticket to three of the biggest global and local IT security conferences.

The team that scoops first place will win flights, accommodation and entry to the popular DEF CON conference in Las Vegas in August 2019.

Flights, accommodation and entry to Kiwicon in Wellington, New Zealand this November are also on offer for the second-place team, while the team that comes in third will win the same for the BSides conference in Canberra 2019.

Each placeholder will also receive a tablet or mobile device for each team member. Other individual prizes are on offer for the competition’s various challenges.

An expression of interest form for universities and TAFEs is now open, and will close on August 17.

Start planning your teams to ensure you get your name in front of Australia’s biggest cyber security employers.

Many of the competition’s past winners have gone on to have careers with the challenge’s sponsors, including Telstra security specialists Lennon Jones and Darian Panter.

This year’s competition will be held over 9-10 October 2018. For more information, visit the Cyber Security Challenge Australia website.

Telstra is sponsoring the Cyber Security Challenge 2018 alongside the Australian Cyber Security Centre, AustCyber, PwC, Cisco, Microsoft, Commonwealth Bank, Splunk, BAE Systems and HackLabs.