Behind the Screens: Training Austria’s Elite for the ECSC
Coach Marco Squarcina tells us about this year’s European Cybersecurity Challenge, Austria’s team, and how to be part of cybersecurity competitions.
It has truly earned it’s nickname “Eurovision of Cybersecurity” – Established in 2014 and gaining vast popularity ever since, the European Cyber Security Challenge (ECSC) is an annual event hosted by the European Union Agency for Cybersecurity (ENISA). It is featuring national teams of emerging talents competing in cybersecurity, including capture the flag (CTF) challenges and more. This year’s competition will take place from October 24 to 27 in Hamar, Norway.
What led you to coach “Team Austria” for the European Cyber Security Challenge 2023?
I have been involved in cybersecurity competitions for the last 14 years, and they are one of the best ways for participants to learn, grow, and network. I was coaching the Italian team in the past, and now I’m supporting the Austrian team. The ECSC is becoming more and more popular, counting 28 European participating countries this year and 7 international guests, including Canada, Singapore, and the US. This competition is a great opportunity for Europe, as it allows to identify and train young talents, and to create a network of future professionals in the field. At the same time, it gives the participants the chance to do what they like the most and to meet like-minded people from all over Europe. It’s an honor for me to be part of this process, and I’m doing my best to support it. That’s also the reason why I coordinated the competition during the last ECSC edition in Vienna and why now I’m taking part in this new adventure!
How does one earn a place on the team?
The European competition is only the culmination of a large-scale selection phase. Team members are chosen among the participants in the Austrian Cyber Security Challenge (ACSC), which is the cybersecurity national competition open to all Austrian residents aged from 14 to 25. Out of this pool of young talents, the coaches select the 10 players to form the Austrian team. The selection is based on the players’ skills, motivation, and commitment. The team this year is a mix of experienced players and newcomers, and the most senior members are heavily involved in the training of the new ones, preparing them for the ECSC. In 2022, nearly 20.000 young talents from all over Europe participated in their national finals, making ECSC one of the largest security competitions in the world.
Speaking of the team, who is participating this year?
Our team members come from all over Austria, but they all share a strong passion for cybersecurity and complex challenges. Some of them are still in high school, others are studying at university or working in the IT security field. At this level, it’s not so much about the formal education, but rather about the skills and the motivation that the players have, and the time they spend on personal research investigating new tools and techniques in their free time.
Four of our team members for this year are currently enrolled at TU Wien Informatics. Matthias Monschein has been involved with Team Austria for 3 years already and cybersecurity has been one of his longstanding hobbies. Georg Felber is a 2 times Team Austria member, he won the “recruit of the year” in 2022, participated twice in the Locked Shields NATO’s cybersecurity exercise, and he’s a regular CTF player with our team WE_0WN_Y0U. Clemens Holter is the team co-captain and has been in the national team for 4 years, won the International Cybersecurity Challenge (ICC) in 2022 and 2023 with the European Team, and he’s heavily involved in tutoring and student representative activities at TU Wien Informatics. Finally, Manuel Reinsperger, our team captain, brings a lot of experience to the table. He is our most senior member, having been in the team for 6 years and is captain for the third time. Part of our Juniors are also Fabian Gurtner, who graduated HTBLA Grieskirchen; Xenia Indra, who is attending the last year of HTBLuVA Spengergasse for Software Engineering; Sarah Nöbauer, who is studying Artificial Intelligence at JKU Linz; and Simon Thamer, who graduated at HTBLuVA Villach, and is now working as R&D engineer at KAI GmbH. Our Senior team also involves Hassan Mohammad, who graduated from St. Pölten University of Applied Sciences and is currently working as a team leader at Sec-Research GmbH; and Philipp Schweinzer, who is studying at the University of Applied Sciences St. Pölten.
Needless to say, they are all extremely dedicated, and it’s exciting for me to work with them!
Can you tell us about a typical training session for the team?
The best preparation is actually participating in competitions and facing complex security challenges. Competitions reflect the challenges participants will face in the real world, but in a controlled environment. They are a great way to learn new skills, to get to know other people in the field, and to have fun – if this kind of activity fits your definition of fun! They also provide the unique opportunity to develop out-of-the-box thinking and problem-solving skills, which are essential in the cybersecurity field. Also, they are a great way to get visibility and to be noticed by potential employers. Technical challenges in the style of Capture the Flag (CTF) competitions are also a common tool used by top companies to evaluate the skills of their candidates.
In addition, we are organizing training sessions where we discuss more advanced topics and then consolidate the knowledge with practical exercises. We also have a dedicated Discord server, where we share information and discuss the technical challenges we are facing individually.
What are the key skills the team needs to master?
The most important aspect is being willing to invest time to learn new things and to practice. The ECSC is a team competition, so it’s also fundamental to be able to work in a team and to communicate effectively. Finally, as the competition is very intense and the time is limited, the ability to work under stress, maintain focus, and prioritize tasks is a key factor for success.
For this year, we are trying to enhance the team’s performance by minimizing the time spent on the setup of the environment and the tools, and by improving the communication and coordination among the team members.
What advice would you give to someone aspiring to compete or make a career in this field?
Find a topic that you like, and start learning about it. There are plenty of resources available online, and you can also find a lot of people willing to help you. Once you have a basic understanding of the topic, try to solve some challenges and get in touch with other students to participate in international competitions as a team. Working together exposes you to different points of view, improves your soft skills, and reduces the frustration that can arise when you are stuck on a problem.
How can people get involved in the cybersecurity initiatives at TU Wien Informatics?
I’m strongly advocating for using CTF-like competitions as an educational tool at TU Wien Informatics. I discussed the benefits of this approach in a recent article, and I’m currently working on strengthening our offer. I’m particularly proud of our lecture “Attacks and Defenses in Computer Security”, which is part of the new cybersecurity bachelor specialization. Here, students are not just challenged to take part in ethical hacking competitions, but they are also tasked with organizing their own CTF! TU Wien is also taking a key role in the organization of the Austrian Cyber Security Challenge (ACSC), and in helping Vienna become a European hotspot for students who want to bootstrap their career in IT security. And let’s not forget our local CTF team WE_0WN_Y0U, now a joint collaboration between people from TU Wien, SBA Research, and Uni Wien, that is the natural continuation of the activities started in our lectures.
About Marco Squarcina
Marco Squarcina is a Senior Scientist at the Security and Privacy Research Unit at TU Wien Informatics, which he joined at the end of 2018 after receiving his Ph.D. in Computer Science at Ca’ Foscari University of Venice. His research interests mainly focus on web and mobile security, and his results are regularly published in top-tier security venues.
As a long-standing participant in international hacking competitions, he collaborates with the European Union Agency for Cybersecurity (ENISA) to provide advanced training for young talents. Marco is currently teaching several security-related courses at TU Wien. He is also among the coordinators of the local academic hacking team We_Own_You.