Niwot girls go the distance in cyber security competition

Courtesy Photo

Julia Curd, Davita Bird, and Caitlyn Fong competed for Niwot in the Girls Go CyberStart computer security competition and were the highest scoring team in Colorado. Not pictured is fourth teammate Mackenzie Demmel, who is having a very busy summer.

 

The Girls Go CyberStart security challenge is as much a test of strategic thinking as programming skills, and for the second straight year, a team from Niwot High has proved highly adept at both. In the three-day finals held last month, the talented quartet of Davita Bird, Julia Curd, MacKenzie Demmel, and Caitlyn Fong beat out more than 100 other teams to finish first in Colorado and ninth nationwide, a feat that garnered them each a cash prize and a newfound respect for the power of cooperation.

“When we worked together on challenges, and we all solved it, it was super rewarding,” Fong, the team’s youngest member, said. “It was super fun to all work together.” 

More than 10,000 students across 27 states took part in this year’s CyberStart program, an initiative launched in 2018 by the SANS Institute in Bethesda, Md. to encourage young women to learn more about the information security industry and reduce the digital skills gap. More than 6,600 girls from 16 states participated in the inaugural online competition, including the team from Niwot. 

At the behest of computer science teacher Teresa Ewing and GGCS veterans Bird and Curd, about 50 Niwot students participated in the initial stages of the 2019 contest, the second highest total in the state. That earned the school $750, which will go toward new equipment in Ewing’s classroom. 

Bird, Curd, Demmel, and Fong emerged from the second round as Niwot’s highest scorers,* making them eligible to compete as a team in the “Capture the Flag” round, held in early June. During an “intensive three-day stint,” the four worked in Curd’s bedroom to solve a series of increasingly complex security challenges that awarded points upon successful completion. 

“A Caesar cipher is an example of an easy question,” Curd said, explaining the simple method of shift-substitution cryptography devised by Julius Caesar to communicate with his generals.  “All of the letters are shifted, so if you had A equals B, then B equals C, and you can shift them a certain number down the alphabet. That would be really easy code.”

“For the harder ones, there was usually something extra you had to do, like web analysis” added Bird. “The hardest challenge we ended up solving was where we had to act like an email server, so we had to figure out the post request and a get request and everything to do with how you send an email message and put it all in the right order.”

The group kept a watchful eye on the real-time leader board during the contest, finding it a source of solace and motivation as the contest progressed and scores got tighter. When the results were finalized, Curd and her teammates were thrilled to see that Niwot had retained its state crown as well as finishing among the top teams in the country.

“It was crazy competitive this year,” she said. “The scores were so much closer this year than last year, but that just makes it a lot more fun. It was really exciting to learn more this year and work through challenges, and it was really cool to see Mackenzie and Caitlyn get interested in it throughout the process.”

Bird and Curd agreed that their status as veterans was helpful, but not necessarily the key to this year’s success, instead crediting non-technical skills such as collaboration and research. Fong was quick to agree, although her Python skills saved the day in at least one instance. “You really have to know how to look things up. A lot of the things they give you, you’re probably not going to know, but if you know how to Google things then you can find out how to fix it.”

While it hasn’t turned them into hackers, Bird, Curd, and Fong all said their new insights into information security has changed the way they interact on common forms of internet communication, especially social media.

“Security questions are useless,” Bird said, noting that we often unwittingly provide the answers to these authentication measures through Facebook or Instagram posts about our pets or hobbies. “Use fake answers for security questions, all the way.” 

 

We also provide enough information about our recent activities to allow potential scammers to impersonate banks or credit card providers, Curd added 

 “Just because somebody seems like they know you, doesn’t mean that they do. It seems like they have your credit card bill, so you should go to the website and put in your information, but you shouldn’t, because they just saw it on Facebook.”

The group is looking ahead to competing in the Lockheed Martin Cyberquest competition this fall, and plans to be back for the third year of the Girls Go challenge in 2020. For Curd, who plans to study biology in college, participating in such trail-blazing contests has “opened up another aspect of my life that I didn’t think I was interested in.” 

“Once I started competing, it’s just so much fun,” she said. “I think it’s an awesome program because of the girls element and especially this year when they tried to get as many girls as possible involved. Females are super underrepresented in cyber security.”

For Ewing, seeing these types of campaigns catch on both at Niwot and around the country has been particularly gratifying. However, watching her students conquer these challenges while having fun along the way has given her hope for the future.

“I didn’t have to do hardly anything,” she said. “These girls signed up, and I was as hands off as I could possibly be. They’re just so amazing, and motivated and dedicated. These girls can change the world.”

*Bird and Curd were each awarded $500 college scholarships for finishing among the top scoring juniors or seniors nationwide.