Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Government Withdraws Cash Prize From President’s Cup Cybersecurity Competition

The U.S. government has decided that at least some participants in the President’s Cup Cybersecurity Competition cannot be awarded cash prizes, and one participant says the entire contest has been poorly organized.

The U.S. government has decided that at least some participants in the President’s Cup Cybersecurity Competition cannot be awarded cash prizes, and one participant says the entire contest has been poorly organized.

The President’s Cup Cybersecurity Competition was announced earlier this year when President Donald Trump signed an executive order whose goal is to grow and strengthen the country’s cybersecurity workforce.

The competition aims to “identify, challenge, and reward the government’s best personnel supporting cybersecurity and cyber excellence.” The challenge is open to all federal employees, including DoD and uniformed service members, and it consists of a series of contests.

The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the first edition of the annual competition on September 16. Following two online qualification rounds, the final is taking place on December 10-12 at CISA facilities in Arlington, Virginia.President’s Cup Cybersecurity Competition

According to Federal News Network, over 1,000 federal employees representing more than 200 teams from 17 different government agencies took part in the qualification rounds.

When CISA announced the launch of the competition, it said winners would be eligible for a bonus of up to $50,000 from their agency. The second place team was promised $25,000 and the third place team $10,000. Cash awards were also mentioned in the executive order signed by President Trump.

However, one active-duty service member who is taking part in the final of the President’s Cup Cybersecurity Competition — he uses the online moniker sh0mbo and wishes to remain anonymous — revealed on Twitter that organizers informed participants roughly 26 hours before the start of the competition that service members are not eligible for a cash prize.

“We are aware the registration website indicated that all competitors were eligible to receive cash awards for the top 3 winners. After further analysis, it appears that service members are prohibited by law from receiving cash awards of this kind under these circumstances,” participants were told via email.

“We regret the confusion this has caused,” the email reads. “The Office of the Secretary of Defense will work the winners’ organizations on an appropriate form of recognition that complies with applicable law and is commensurate with your outstanding achievements.”

Advertisement. Scroll to continue reading.

It’s unclear if this rule applies to all participants. However, sh0mbo told SecurityWeek that a vast majority of those who made it to the final round of the competition are active-duty service members.

He said on Twitter that the finalists are “not very happy right now.” Sh0mbo also accused the government that it “baited underpaid US military personnel with this.”

A table containing the prize structure has been removed from the competition’s page on the CISA website and replaced with a message that says, “DHS is currently collaborating with the Department of Defense on awarding the winners of the competition.”

SecurityWeek has reached out to the Department of Defense and CISA and will update this article if they provide clarifications.

“The goal of this competition was to promote and recognize infosec personnel from the USG [United States Government]. This competition is having the opposite effect and everyone here is quite pissed off and wants to share a true narrative of this competition instead of the success that’s undoubtedly going to be perpetuated,” sh0mbo told SecurityWeek.

“It’s not about the money,” sh0mbo added, “it’s about the fact that we’re being used as a propaganda piece to demonstrate the successes in cybersecurity within the USG essentially for free as government property. This is completely metaphorical for the state of ‘cyber’ at large from the perspective of an insider.”

Poorly organized competition

Sh0mbo says the President’s Cup Cybersecurity Competition was poorly organized from the start. He says the platform had a vulnerability that could have been easily exploited by any of the competitors to obtain the name, email address and organization of all the other contestants. While this might not sound like a serious issue, the researcher has pointed out, “Surely many people would like a list of all of the top cybersecurity professionals in the government.”

Sh0mbo has described the competition as “one of the worst competitions in which I’ve ever participated from both a QA/QC and technological perspective.”

In addition to technical problems, there have been some logistics issues. Contestants were told that they would need to work with their units for travel to the competition final, but units did not plan for it, leaving many to pay out of pocket in hopes of getting reimbursed via prize money.

However, that prize money is now off the table and the announcement that service members are not eligible for cash prizes was made while some of the contestants were traveling to the event.

Contestants not happy with the way the President’s Cup Cybersecurity Competition was organised

Experts in the private sector believe this incident will not help the government attract skilled cybersecurity workers.

“I think the challenge is a great idea and the idea of up to $50,000 was a smart move,” Chris Morales, head of security analytics at Vectra, told SecurityWeek. “It is well known that the federal government struggles to attract top cybersecurity talent as they compete with the high salaries of private companies. Recognizing and rewarding that talent helps in keeping the skilled individuals around.”

“I don’t know what happened with the reward, but this is going to give bad optics and not help the problem. It is a shame that the award was pulled at the last minute after so much effort was put in by the contestants,” Morales added.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem