Profile of Hacker Guild - The Undercroft
It’s no surprise there is a massive cybersecurity skills gap that has left technical teams searching for any experienced talent they can find. Unfortunately, many curious minds trying to break into the field are often surprised by the shortage of training programs and junior level opportunities that could help close the skills gap in the long term. For example, a recent survey identified that 81% of ethical hackers are self-taught – a staggering number that shows the relative lack of formal educational opportunities available to future talent.
This reliance on self-taught talent also highlights the difficulties faced by educating the cybersecurity workforce as a whole. Without clear guidance, freely available resources, and solid communities, the cybersecurity field loses swaths of potential team members well before they even explore their abilities. While the highly motivated top-minds still make the cut, those that could thrive with just a bit of guidance fall through the cracks at an alarming rate.
Communities like OWASP and ISSA have done an outstanding job of grassroots education however, they can still only solve a fraction of the problem. There is still a significant need for groups that will help train and encourage the next generation of cybersecurity minds.
Naturally, the Security Innovation team is always thrilled to discover organizations that are driving cybersecurity education forward. One such group is The Undercroft in Tampa, Florida, which has resurrected the structure of Medieval guilds to foster the growth of talent. We have been so impressed by their first year’s progress that we sat down with Creative Director Chris Machowski and asked for his guidance for others trying to address this skills gap.
Q: Can you tell us a little bit about the Undercroft, why it was launched, and who it aims to serve?
Chris: The Undercroft is a cybersecurity guild, development center, and incubator for growing InfoSec companies in both Tampa Bay and nationally. We launched in late 2018 as a place where individuals could work, collaborate and grow as security practitioners. In just over a year our guild has become known as a spot that serves all aspects of our industry – from the student looking for practical experience to SMEs giving back to the community by guiding and mentoring the next generation of cyber talent. We also help traditionally underserved communities including encouraging children to consider cybersecurity as a viable career path and guiding small business owners on how to keep their business and information safe.
Q: How did you find out about Security Innovation’s Cyber Ranges?
Chris: Two of our Guild Masters head up the Tampa chapter of OWASP. They were looking for a space to host a Security Innovation meetup to help train their community using the Shadow Bank Cyber Range. Naturally, we were happy to open our space to them and the event was a huge success. Our members could not stop talking about it and asking when the next one was going to happen. Cyber Ranges are an excellent way to bring people together, develop skills, and build teamwork. We were so impressed by the event that we even created a recap video!
We hosted the Shadow Bank CTF sponsored by @owasp Tampa & @SecInnovation . Players got to hack into a mock banking system to create fake accounts, transfer funds, buy and sell stocks, and other nefarious acts. 40+ players came out!@SunnyWear @jonathansinger #hacking #infosec pic.twitter.com/zi68DeFhdC
— The Undercroft (@UndercroftHQ) August 2, 2019
Q: How has your community received live events like the Cyber Range at The Undercroft?
Chris: Live events have been one of our biggest draws. Whether it’s an hour training session or a 72 hour CTF it’s not a problem – our open team areas and individual workspaces meet all of our community needs. And since we have full control of the space there is no fear of tech issues or being kicked out mid-event. The Tampa Cybersecurity community is thirsty for more live events and we want to be the ones who can deliver them.
Q: What would you recommend to those who are interested in learning how to think like an attacker but don’t know where to start?
Chris: The best way to start is to immerse yourself in the community where success can help breed more success. If you interact with people who have deep knowledge and experience you are going to absorb more information and learn much faster. Organizations and guilds like The Undercroft are the perfect places – the Cybersecurity community has a reputation for being intimidating, but our dynamic and diverse membership helps to avoid that dynamic and embrace new members.
Q: How do you help ease the nervousness or uncertainty that may come with being a first-timer at a cybersecurity event?
Chris: First, remember that you are exactly what the industry needs right now – fresh ideas, new perspectives, and more diversity. The best thing you can do is take the risk of putting yourself out there. If you make it known that this is your first event, you will be pleasantly surprised at the warm welcome and guidance that you receive.
Also, the outside perception of the cybersecurity community can be a cold one, and it can be very uncomfortable being the new person. If you can remember the common theme we all have is to make the future as secure as possible, then you’ll find the community quite welcoming.
We hope the guidance provided by The Undercroft team helps others organize groups, host events and build guilds to grow their local cybersecurity talent base.