The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

New Cyber Security Competition to Test Software Developer’s Security Credentials

  • Software vulnerability has been identified as the number one online threat by information security professionals
  • Competitors in a new Challenge developed by (ISC)²  will tackle software vulnerabilities that allow attacks on businesses and critical infrastructure
  • 15 – 30 winners will progress to a  face-to-face QinetiQ competition
  •  All participants will be awarded a free Infosec Skills training module with the winner receiving a special prize
A new Cyber Security Challenge UK competition launches today to find the software and application developers with the security knowhow to keep business and our critical national infrastructure safe from the threat of online attacks. QinetiQ and (ISC)² are working together to test and instil security skills in the development of software which is not only used in everyday business systems but also in systems that manage critical physical operations such as those used by water and power companies.

The Cyber Security Challenge UK and its supporters from industry, government and academia run a series of competitions each year. They identify new talent that can meet the urgent need to attract more skilled professionals into the cyber security sector.  Its competitions look for the skills and aptitude that employers most require.

Last year, 73 percent of information security professionals surveyed as part of (ISC)² ‘s Global Information Security Workforce Study ranked software vulnerabilities as the number one online threat.  Software applications are increasingly being developed for very open, highly distributed environments, often through the co-ordination of many providers and outsourced services. As a result there is often insufficient understanding of the vulnerabilities that can be introduced. Traditionally, developers operate under tight time constraints to be the first to market with new functionality and security has not been a priority.

The impact of poor security is such that there is now an urgent need for this attitude to change. High-profile attacks like Stuxnet have highlighted how damaging the exploitation of any weaknesses within software can be and how the skills to develop applications securely have never been more important.

This new online competition is open to any software developers, including current professionals, students or those who are simply interested in the area. It will challenge competitor’s knowledge of security requirements, as well as their instincts for anticipating and eliminating vulnerabilities as they develop their own software. The best candidates will then be invited to QinetiQ at the start of next year for a hands-on experience of writing secure code to move physical devices and protect a top secret facility from real life cyber-attacks. 

Anyone interested in registering for a Challenge competition should visit the Challenge registration page – - where you will find all the details you need to take part. Other competitions coming up include a packet capture analysis competition run by the SANS Institute during which competitors are asked to identify and interpret various types of network and web application attacks, and a Sophos Linux Competition.


“Through this Challenge, we are working to raise awareness amongst software and systems developers at every level of the role they play in secure software development. Security instincts will be just as important as technical skills, as candidates prove they can effectively research and anticipate requirements for security at the same rapid rate at which software is developing,” says John Colley, CISSP, Managing Director, (ISC)² EMEA.

“For too long, software that underpins business and much of our most vital critical national infrastructure has been written without appreciation for the need for security. Those with the right instincts have a significant opportunity to demonstrate new skills that are incredibly relevant today. We hope this competition will attract, identify and nurture new talented individuals to work in this field.”

“Cyber criminals are increasingly developing the capabilities to manipulate the software used to control key security systems,” says Neil Cassidy, Practice Lead, Cyber Defence, Security Division, QinetiQ. “Attacks like Stuxnet highlight the fundamental impact which these attacks can have on national infrastructure, from power stations to military installations. At QinetiQ’s face-to-face stage of this competition, competitors will be responsible for securing the systems protecting a simulated top-secret facility. They must identify vulnerabilities in command software systems and work to anticipate security breaches to avoid attack. Through this Challenge we aim to provide the software developers of the future with experience of what it takes to secure software systems and the impact any failures can have.”

The competition opens for registration today, 18th July, and starts on 6 October.

It is open to individuals over the age of 16 with an interest in the topic area. Competitors won’t need to be an expert in a particular programming language, but will need to understand the fundamentals of programming in c, c++, objective c and java.

It is designed for individuals interested in or working or developing a career in software development, that seek to add to their competency base with security skills. It is not open to people actively working in security today, or with recognised credentials in secure software development such as the CSSLP. 

Winners will be invited to attend the QinetiQ face to face challenge which will be held on Saturday 9th of February 2013. Winners from this event will then be invited to attend the Masterclass Final and awards weekend to be held on the weekend of the 9th and 10th of March 2013.


(ISC)² is the largest not-for-profit membership body of certified information security professionals worldwide, with nearly 86,000 members in more than 135 countries, with more than 13,000 in EMEA. Globally recognised as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP), and Systems Security Certified Practitioner (SSCP) credentials. (ISC)² also offers education programmes and services based on its CBK®, a compendium of information security topics (ISC)2 , regularly conducts research into workforce trends and  delivers a range of initiatives to make the online world a safer place. More information is available at


A FTSE250 company, QinetiQ uses its domain knowledge to provide technical support and know-how to customers in the global aerospace, defence and security markets. QinetiQ's unique position enables it to be a trusted partner to government organisations, predominantly in the UK and the US, including defence departments, intelligence services and security agencies. For more information visit