In 2021, Retrospect Labs approached the Australian Women in Security Network with the idea of running an Incident Response competition style event, exclusively for women. It was all rather last minute, and despite a bit of chaos behind the scenes it all went off smoothly, with 100 women participating in the event. We think it was a big success!
For 2022, we all knew we had to do it again. And we had to do it bigger, and better! This time, we had more time to prepare, plan, and strategise! This meant we were able to increase the number of women who could participate in the event (up from 100 in 2021, to 250 in 2022!), that we were able to build a new scenario for the teams to respond to, and that we could organise some seriously top-notch prizes. Couple with some amazing sponsors (more on that below) - we felt ready to deliver the biggest, and best incident response competition exclusively for women yet!
Registrations opened, and participants were asked to complete a short survey assessing their skills against technical, communication, legal/privacy, and senior executive criteria. All important aspects of incident response, and all things we look to test as part of this competition. Incident response isn't just about being able to conduct forensic analysis, it takes a number of different skills and subject matter experts to make incident response successful. The competition and the scenario participants had to work through, and tasks they had to perform, reflected this. Once we got a handle on everyone's skills, we placed them into teams so that there was a mix of different skillsets, and that each team was balanced. The teams began the competition on 07 November - and had a whole week to make their way through the scenario, at their own pace. Playing the role of an incident response team brought in to help a fictitious organisation respond to a cyber incident, they had to use common incident response tooling to undertake analysis on malicious files, to build a picture of what had occurred on the victim network. They had to prepare media statements, brief senior executives, and consider the privacy and legal implications of the incident. The scenario was designed to be as comprehensive as possible, to challenge the teams, and to reflect what a real incident feels like.
To help the teams out, we provided them with some experienced and generous mentors, who were available for the teams to call upon when they got stuck. Teams also had access to Cydarm, a case management platform that helped them track their tasks and progress, as well as coordinate their efforts (essential to any incident response operation!).
Teams had to complete a number of tasks and submit a number of different artefacts to a panel of judges, who then assessed their performance against some key criteria. The judges for the competition were all people who are experts in their field. Kevin O'Sullivan (from Kinetic IT) evaluated the teams' ability to produce an effective executive briefing, Karen Croughan (privacy legend) looked at what legal and compliance considerations each team made, Shanna Daly (Incident Response guru at Cosive) examined each team's forensic skills, and Christine Eikenhout (from the Australian Cyber Security Centre) assessed teams on the effectiveness of their media statements and ability to communicate. Massive thank you to our judges who gave their time and expertise in supporting the competition.
All teams did us proud. We were impressed to see how dedicated every single team was, how much perseverance they displayed, and their desire to learn and improve. But it is a competition. And there has to be a winning team! And apart from the glory of being crowned the winning team, everyone was competing not only to test their incident response skills, and to get hands-on experience at responding to a malicious incident, but for prizes that go above and beyond the norm for events like these.
Our winning team (Simone Van Nieuwenhuizen, Imogen Turner, Amy Nightingale) received the title of best Incident Responders, plus the opportunity to meet security leaders at either the Australian Signals Directorate or Commonwealth Bank, the choice between a SANS training vouchers or Cyber Leadership Institute training voucher, as well as some much sought-after competition merchandise.
Our second placed team (Nidhi Singla, Kristy Reid, Rebecca Barnett, Della Susan Jose) received and the opportunity to meet security leaders at either the Australian Signals Directorate or Commonwealth Bank, the choice between a Retrospect Labs Ransomware Live Fire training voucher, Cyber Leadership Institute training voucher or a DDLS training voucher, and competition merchandise.
And our third placed team (Samira Shaikh, Vannessa Van Beek, Qianyi Li) received AWSN Membership and competition merchandise. A HUGE THANK YOU to the SANS Institute, Cyber Leadership Insitute, DDLS, Australian Signals Directorate, and Commonwealth Bank of Australia for their generous donation of these incredible prizes.
Of course, none of this could have been possible without the support and sponsorship from the Australian Signals Directorate, and the Commonwealth Bank of Australia. Their support for events like these is crucial in ensuring that women get the ability to try out incident response, and hands-on experience. They help to build confidence and demystify some of the technical parts of cyber security. We couldn't have done it without either organisation, so thank you from us all!
We are very proud to be able to partner with organisations like AWSN and to enable events like these, to create more diversity in cyber. It's the second time we've run this competition, and we're looking forward to running it again in 2023!