Columbia student to compete in C2C Cybersecurity Competition


A Columbia computer science master’s student has qualified to compete in the Cambridge 2 Cambridge (C2C) Cybersecurity Challenge to be held July 24-26 in Cambridge, UK. Now in its second year, C2C has students compete in individual and team cyber challenges that include a “capture-the-flag” hackathon and exercises in binary exploitation, web security, reverse engineering, cryptography, and forensics.

The competition, which takes place over three days of social events and networking, is meant to be fun for all participants, with medals and cash prizes for the winners; but the purpose is serious: to foment US-UK cooperation in combating global cyberattacks while helping develop the cybersecurity talent of the future.

Photos from C2C 2016, where side events included lock-picking, cryptography, password cracking. and social engineering (getting people to reveal information they shouldn’t).


Last year’s inaugural C2C was a joint venture between MIT (in Cambridge, MA) and the University of Cambridge in the UK; this year, C2C was opened to US and UK college students who made it past a qualifying round held earlier this year.

The Columbia student who qualified will be identified by his alias Derrick. The use of aliases and avatars, especially in the fields of computer security and privacy, is gaining ground as people become more aware of what can happen to personal information on the web.

“Some people think using avatars or aliases is paranoia,” says Derrick. “But in the field of security, paranoia can be to your benefit.” Just starting his master’s program in computer science—it will be his second master’s—Derrick has worked as an industry researcher for the past several years, mostly on advanced hardware. But over time and after being exposed to different fields, his interest shifted to security and privacy. “I feel passionate about protecting people, especially those who are less aware of security risks.”

To make it to C2C, Derrick had to beat out other C2C hopefuls in an online Jeopardy-style qualifier made up of tasks with varying levels of difficulty in five categories: web security, binary exploit, forensics, cryptography, reverse engineering. The goal in each case was to find the security vulnerability.

Next week he will be one of 110 students competing at the live C2C event; 30 students are from the US and 80 are from the UK. Competitors will be assembled into teams carefully balanced according to their strengths and skillsets. While there will be a variety of exercises and side events, the highlight is the capture-the-flag hackathon, where twenty-two teams compete on a CyberNEXS platform.

Derrick would like to see other students consider competing in cyber competitions.

“A lot of what you learn in class is theory; a competition like C2C gives you the chance to take what you’ve learned and apply it in a real-world scenario. In class you might do something one or twice but to reinforce the lessons requires performing it many times, preferably under time constraints. And that’s one reason these hackathons and other activities are so important.”

Posted 7/20/2017
Linda Crane