'Nerd-speak' and thwarting hacks: Top youth cyber-security competition comes to Baltimore

Students combated a simulated cyber attack during the CyberPatriot X National Finals Competition at the Hyatt Regency Inner Harbor. (Karl Merton Ferron / Baltimore Sun)

A Loyola Blakefield student squinted at his laptop screen and scrolled slowly through rows of computer code. One classmate typed deliberately beside him; another clicked between a few open windows. Over the loudspeaker, someone issued a warning: Remember to use your library voices.

"It's about as exciting as watching paint dry," joked Bernie Skoch, the commissioner of the Air Force Association's National High School Cyber Defense Competition.


By all outside appearances, the scene inside the Hyatt Regency Baltimore Inner Harbor ballroom Tuesday morning was calm. But in reality, dozens of students were locked in to one of the country's premiere youth cyber-security competitions. The Loyola Blakefield team — the only Maryland school to make it to the final round of the national CyberPatriot contest — spent hours in quiet concentration trying to earn points by defeating hackers and securing the computer servers of a fictional company.

"It's very intense," said Loyola senior Chris Ptak.


High-profile cyber attacks have grown increasingly common. Hackers gained access last year to the personal information of as many as 145 million Equifax consumers. Target reported its customers' credit card data stolen, and about 3 billion Yahoo user accounts were exposed, among other breaches.

It's difficult for cities like Baltimore to manage cybersecurity risks. And it's only going to get tougher.

As stories of attacks emerge, interest in the CyberPatriot competition has spiked. Now in its 10th year, the competition drew more than 5,500 student teams fighting to earn one of the 28 spots at the national competition.

A decade ago, just eight teams participated.

That level of interest is encouraging, organizers say. Analysts predict there will be 3.5 million unfilled cybersecurity positions by 2021.

"We're desperately in need of things that will inspire students to study the tech fields," said Steve Morrill, the Loyola coach. "This type of competition has the capacity to bring kids into the mix."

The CyberPatriot competition faces some of the same challenges as the broader STEM fields, particularly in female representation. Roughly three-quarters of the participants are boys, Skoch said.

Researchers have found that many girls lose interest in the STEM (Science, Technology, Engineering and Math) fields as they get older. Some blame gender stereotypes and a shortage of female role models.

"We quickly learned that by the time many young women reach high school, they say, 'STEM isn't for me,' " Skoch said.

CyberPatriot responded by adding a middle school division to the competition, in the hope of engaging female students in cybersecurity when they're younger.

Lyna Kim, a junior at North Hollywood High School in California, said this is her second time competing on the national stage. The 16-year-old said the male-to-female ratio has improved since last year.

The attack on Baltimore’s 911 dispatch system over the weekend was a ransomware attack, city officials said on Wednesday. 

The organization "tries to open this up for everyone," she said.

CyberPatriot has taken other steps to bolster female enrollment: Waiving entrance fees for all-girls teams and highlighting the achievements of women in promotional materials.


For the first time this year, there are two all-girls teams at nationals.

"You're not supposed to have favorites," Skoch said. "But it would thrill me if an all-girls team won."

The winners were to be announced Wednesday evening. CyberPatriot champions walk away with scholarship money. Sponsors such as Northrop Grumman and Cisco send job recruiters. In past years, some students have walked away with job offers.

After the morning contest, the Loyola Blakefield team went over the details of the round in what the students called "nerd-speak," tossing around acronyms like FQDA and RPC.

The red team, whose job it was to hack into their servers and disrupt their work, was particularly aggressive, the boys agreed.

"We're going to have to talk about some new defensive strategies," said Morrill, the coach.

The team representing Loyola at CyberPatriot is part of a broader cyber club that Morrill runs at the Towson school. About 150 students at the all-boys Catholic school participate in some capacity. Some students devote 15 hours a week toward the extracurricular activity.

For Ptak, 18, being involved in the club has translated into two summer internships and valuable experience in the field. He recalls reading about the Equifax breach — in which the company failed to change default usernames and passwords — and doing a face-palm.

"That's the kind of thing we cover with freshmen coming into our program," Ptak said. "That's like not closing your front door."

The team didn't expect to win, but seemed cautiously optimistic about placing near the top.

"You guys definitely held your own," Morrill told his team. "It was supposed to be hard."

Recommended on Baltimore Sun