Who are the budding French cyber talents?
Although difficult to approach and not very fond of media exposure, young ethical hackers lent themselves to the game of questions and answers during the European Cyber Cup (EC2), organised as part of the International Cybersecurity Forum (FIC).
While a light rain washes the business district of Lille at the beginning of June, young minds are silently bubbling for the 2nd edition of the EC2, the first ethical hacking competition using eSports codes. For two days, 18 teams of 10 players must compete against each other. Three quarters of the teams are students, and the rest are experts representing the companies and schools that are partners in this new generation tournament—from Capgemini to Sopra Steria, and from EFREI and the Université de technologie de Troyes (UTT).
Eight events follow one another. For each one, time is of the essence. You must be the best and the fastest to have a chance to win the overall ranking. The programme includes a rescue and crisis management operation after a simulated nuclear power plant attack (the OT challenge); digital evidence gathering (forensic); an online open source investigation (OSINT); a “Capture the Flag” (CTF) challenge; solving technological riddles in an Escape game format; an Artificial Intelligence (AI) challenge, a Bug Bounty competition, and gaming events. “All of them are configured to be as stimulating for the participants as they are fun for the spectators,” stresses Clémence Burette, head of EC2.
But the stakes go beyond mere competition. Recruiters in the sector also benefit from the competition by being able to identify future talent.
“I have made contact with several companies interested in my career. I’ll be the one to choose where I want to go,” says “Papy” with a smile. Behind this pseudonym hides an apprentice engineer from ESNA, a block release training course created three years ago in Rennes that he joined after a ‘DUG’ in computer science in Nantes. At 27, he is one of the oldest students in the challenge, but he has a solid reputation. He is the captain of the team that won the trophy last year. This year’s team also includes “Worty” and “Kaznno,” both 21. Worty is one of the best on the stage at detecting network vulnerabilities, say his peers. Kaznno excels in open source intelligence. With the association of young enthusiasts that he founded, he trains throughout the year by exploiting, among other things, the information that the FBI discloses about missing persons across the Atlantic. In the United States, official investigators’ recourse to ethical hackers is institutionalised, whereas this type of informal partnership is still in its infancy in France, he points out.
What do they want to do later? Silence in the ranks. “It’s normal, half of the graduates want to work for the state,” explains Guillaume Chouquet, director of ESNA. These young people dream of working for the DGSE, the DGSI, the DRM, the DRSD, but also the DGA or the armed forces, and they have one requirement in mind: to keep a low profile. A few tables away, Joël and Ryan, both 18 years old, are not yet asking themselves all these questions. They are savouring the moment, measuring their chance to take part in this event and to enjoy this hectic ecosystem. Joël is starting his first year at ESGI, a school in Paris. Ryan is self-taught. He has just landed a work-study job. After his baccalaureate in maths, he trained himself on online platforms, then joined a team of digital track game enthusiasts. Highly motivated, he started selling his talents as a self-employed entrepreneur. As for 22-year-old Alexis, he has the typical background of young people who join cyber schools. After a professional baccalaureate in electrical and digital systems, he went on to complete a BTS and a professional degree. Having discovered the “challenging” side of cyber activities during an internship with a major luxury brand, he decided to go further and entered the ‘2600’ school located in the Yvelines. This institution offers a three-year course that is “stimulating and fun“, sums up this ace in coding and encryption.
When looking hard enough, we end up spotting two young women in the teams. Aude, 28, is doing a block release training course in the Vaucluse. When this cook was looking for a new career, she remembered that she was “not too bad at maths in high school” and tried her luck “in this field that is hiring.” Her dream: “to make a living without being bored.” Challenge completed: she easily found a “small structure” to hire her. Dorine, 24 years old, joined the sector after a BTS in computer science: “I wanted to learn to do what you see on TV.” She has just signed her first contract with a well-known consultancy in Aix-en-Provence, where she will work as a “SOC” analyst, in charge of supervising the security of a client’s networks.
These young people include genuine “nuggets,” identified by the entire cyber ecosystem. This is the case of “Ihuggsy.” At 22 years of age, the young man is said to be one of the top 50 experts in artificial intelligence. He is acclaimed by his peers for his ability to create algorithms with very high success rates— in the order of 95%. In other words, “the level reached by the state of the art in specialised research labs.” Under these conditions, it is understandable that another gifted person, 30-year-old ‘Waner’, was able to accumulate 10 job offers in two days. For them, the starting salary will exceed the average gross annual amount offered to these young people, i.e. €40k. The shortage of skills is such that most students at school have contacts with the business world. This is starting to become known. For the course created three years ago by ESNA, Guillaume Chouquet receives 250 applications although he has only 50 places available. “When they join us, they know that they are going to evolve in an incredible ecosystem, where there are only passionate people. Many of my students outperform their teachers.”
- Digital transition
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty