DOD Dominates CISA’s President’s Cup Cyber Competition

Leaders from the Defense Department dominated the winner’s list of the Cybersecurity and Infrastructure Security Agency (CISA)’s fifth annual President’s Cup Cybersecurity Competition April 19.

The contest, which began in January, tested federal employees’ cyber skills through offensive and defensive challenges following the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework and included real-world scenarios such as the LastPass major attack in 2022 when a hacker accessed user data through an exploit on a company engineer’s computer

“We wanted to test the defensive nature. … Did you mitigate ransomware properly? The challenge server can constantly check that you prevented reinfection from the ransomware,” said CISA Competitions Section Chief Michael Harpin in an interview with GovCIO Media & Research. “Sometimes it’s properly accessing backups. We built a challenge this year based off the LastPass incident.”

The President’s Cup consists of three separate contests: two for individuals and one for teams. After competing in the first two rounds, the top 10 participants from individual tracks and the top five teams advanced to the final rounds, which were held at CISA’s headquarters in Arlington, Virginia.

More than 1,400 individuals registered for the competition this year. Army Maj. Nolan Miles won Individuals Track A, which focused on defensive work roles and tasks. The runner-up, Marine Corps Staff Sgt. Michael Torres, won Individuals Track B, which dealt with offensive challenges. Torres also finished in second place in the Track A competition and is the first winner to repeat having won President’s Cup competitions.

The winners were able to harness “foundational skills” needed for stronger cybersecurity teams in government within even emerging technologies, Harpin noted.

“We also want to use some new technologies that are being used more in the environments our competitors are part of. We had some challenges this year about obtaining root access into a Kubernetes cluster,” Harpin said. “We’re seeing a lot more of that in cloud deployments of infrastructures. We incorporate those into our challenges as well, so that the participants are going to have to understand new technologies that are out there.”

A group known as Artificially Intelligent won the team competition, which featured both defensive and offensive challenges. The winning team, which competed against over 300 other groups, consisted of members of DOD, the Army and the Air Force.

“This competition is an exciting way to highlight the talents of cybersecurity professionals throughout the U.S. government and military, and these competitors showcased the depth of talent we have in this important field,” said CISA Director Jen Easterly in a statement.

The competition space gives individuals another outlet to prove their worth and to develop skills, said Harpin.

“We’re very proud of being able to give these really knowledgeable and highly skilled individuals the chance to be rewarded and highlighted for the expertise that they have,” he said.

The President’s Cup winners will be honored at an awards ceremony at the White House May 20.

Federal employees can visit CISA’s President’s Cup page to learn about the competition and play through previous challenges. Additionally, a workshop at the NICE Conference & Expo in Dallas June 3 will show how the challenges are constructed.