By Elizabeth Howell
Photos by Chris Roussakis

More than 500 participants registered for iHack Ottawa at Carleton University on June 15 to 16, 2019, taking part in hours of cybersecurity sessions and an international “capture the flag” event where teams in different cities competed to solve cybersecurity challenges.

“For entrepreneurs to grow their companies early, rapidly, and securely – and for designers to produce more secure products and services – they need to know about cybersecurity,” said Steven Muegge, an Associate Professor at Carleton’s Technology Innovation Management (TIM) program

Demand for cybersecurity expertise is growing so quickly that there is already a global shortage of millions of positions, said Nadeem Douba, founder and Chief Technical Officer of Ottawa information security company Red Canari, and one of the iHack Ottawa organizers. iHack aims to address this gap by making cybersecurity accessible to everyone, said Douba, especially beginners, women, and people from ethnic minorities.

Carleton’s TIM program was a major backer of this year’s iHack Ottawa conference. TIM is a unique master’s program that teaches entrepreneurship and innovation to engineers, scientists, and business professionals.

Attendees listen as a presenter speaks at the podium during the iHack event.

“Cybersecurity is not purely a technical issue, although that is important, but it’s multidisciplinary,” said Dan Craigen, Carleton’s Global Cybersecurity Resource director, who spoke about TIM at the opening session of the conference. Companies initially incubated from TIM now generate more than $20 million annually from their ventures, he said, and the demand for cybersecurity continues to skyrocket because “everybody has a cybersecurity problem” in keeping their systems safe from hacking.

“I get a lot of people who ask me about my progress in the security field,” said Jean-Marc Le Blanc, an independent security researcher and one of the iHack Ottawa speakers, adding that skills development not only comes through practice, but from participating in events such as iHack to learn from experts and hone your skills in competition.

An competitor types on a laptop during the iHack event.

Learning to Think Like a Hacker

Other speakers at iHack Ottawa included Tanya Janca, a senior advocate for Microsoft, Ben Gardiner, founder and Director of Yellow Tag Security, Chris Pawlowicz, Director of Research and Development for TecInisghts, and Neal Kushwaha, CEO of Impendo.

Participants moved back and forth throughout the day between speaker sessions in a large central theatre, to the villages and workshops located in nearby rooms.

iHack Volunteers in blue T-shirts pose together in Richcraft Hall.

Volunteers assisting with iHack Ottawa 2019 included Abdirahman Ohmed Osman (a recent TIM graduate, with a company operating transnationally in both Canada and Somalia), Zixun Wang (an MBA intern working with the TIM program), Ali Nazari (a recent TIM graduate, now pursuing a PhD in Management), Ahmed Shaw (a recent TIM graduate, now Director of Security R&D for Red Canari), and Vishal Ramkrishna (a current TIM student, with a research project on machine learning and cybersecurity). Also in the photograph: Prof. Michael Weiss and Prof. Steven Muegge.

iHack Villages were interactive hands-on areas where participants worked directly with security technologies. An “Internet of Things” village demonstrated security weaknesses in consumer products commonly found in many homes, and invited participants to try out what they learned by hacking a set of off-the-shelf products with known vulnerabilities. A lock-picking village taught the operation of physical locks and circumvention techniques that exploited weaknesses in the lock designs – a skillset and mindset in physical security that is analogous to the skillset and mindset required for cybersecurity. An RFID village examined the Radio-Frequency Identification (RFID) cards and card-reader technology commonly used in access control and payment/ticketing systems. By examining the vulnerabilities in these systems, participants learned to “think like a hacker” – an essential perspective for developing more secure systems and to anticipate potential vulnerabilities before they are found and exploited by others.

iHack Workshops were instructor-led sessions on a particular technology or skill. A car-hacking workshop used open-source software tools to reverse-engineer the information exchanged between automotive systems within a vehicle. A “Gentle Introduction to Fuzzing” workshop introduced testing methods to discover vulnerabilities in systems.

Attendees listen as a presenter speaks at the podium during the iHack event.

Learning Cybersecurity Skills in a Practical Setting

In the evening, the action shifted to the hacking competition. Teams in Ottawa competed with teams in three other cities – Quebec City, Sherbrooke Quebec, and Cali Columbia – to “capture flags” and score points by solving more than 75 security challenges of widely varying complexity and point values. An entry-level “beginner” problem scored 2 points, while the most difficult problems scored 300 points. After 2 a.m. on Sunday when the competition ended, the top three teams had each scored more than four thousand points, and four Ottawa teams had placed in the top-ten.

“It was an exciting day, with things always happening,” said Muegge, pointing out that the day ran for more than 14 hours between opening speeches and the closing of the capture the flag competition early Sunday morning. “The workshops were full to capacity, and there were often people waiting outside the villages for chairs to open up,” he added.

Muegge cited several benefits for Carleton’s TIM Program in hosting the iHack event, which the organizers intend to grow in future years with more villages and more participants. Students and recent graduates learned cybersecurity skills in a practical setting, interacted with experienced professionals, and made connections that could lead to good jobs and business opportunities. Organizations recruiting at iHack included the Communication Security Establishment (CSE), one of Canada’s key security and intelligence organizations, and In-TAC, an organization matching talent with opportunities at Canadian companies.

For students and faculty in the TIM program, cybersecurity is an important aspect of an interdisciplinary entrepreneurship research program on growing companies early, rapidly, and securely.

Two competitors type on a laptop while laughing during the iHack event.