Professional development is an important part of the culture of the Georgia Tech Research Institute (GTRI). As an organization committed to developing thought leaders, trainings and events allow GTRI employees to expand and deepen their capabilities. While some take advantage of the many programs GTRI provides, others seek to sharpen their skills outside of the organization and on their own time.

Craig Raslawski, who works as a research scientist in GTRI’s Cybersecurity, Information Protection, and Hardware Evaluation Research lab (CIPHER), uses hackathons like capture-the-flag events (CTFs) to hone in on his cyber skills. In 2019, he participated in the multi-phase SANS Institute Cyber FastTrack competition and was one of the 100 participants who won a scholarship to SANS Institute's Applied Cybersecurity Certificate program, which he completed in December 2020.

Raslawski competed against 6,000 participants in the worldwide competition. That number dwindled to 440 in the competition’s next phase and again to 250 participants, who took a cybersecurity class. Afterward, only 100 were chosen for the SANS scholarship. 

The competition ramped up in difficulty pretty quickly, according to Raslawski. He admits he struggled with several of the problems.

“Even if you were a wizard at this kind of stuff, at some point, you would find a stopping point just because it definitely increased in difficulty,” he said.

However, he was motivated to learn as much as he could.

“I tried so hard on this because I really wanted to see what happens when you put everything you’ve got into it, and it was really rewarding,” he said.

A couple of months after the competition, Raslawski was hired full-time at GTRI and worked on his cybersecurity certificate during his nights and weekends. Afterward, he was invited to be a panelist at the SANS Institute Industrial Control Systems Security Summit in early March 2021. There, he and two others won the Assante Scholar Award.

“It was nice to have a formal introduction to the community of industrial control system cyber professionals,” he said.

Raslawski joined other Assante scholars and was able to network with professionals in the industry. The industrial control systems cybersecurity field covers sectors like manufacturing, automation, and energy systems — anything involving programmable physical systems.

“That’s where I’m starting to specialize, so it’s good to have someone from SANS present all of the hard work that a couple of the other Assante scholars and I have completed [and] show that, hey, we’re serious about getting involved in this field,” Raslawski said.

Hacking for the Navy

As he continues in his career, Raslawski plans to participate in more hackathons and CTF events.

“Anyone will tell you that it’s pretty impossible to keep up with all the new stuff that’s coming out every single day, and capture-the-flag events provide a way to try and catch up and learn as much as you can about all these new emerging technologies in a very short, competitive timeframe,” Raslawski explained.

He recently participated in the US Navy’s HACKtheMACHINE event with others from CIPHER, and his team won a $10,000 prize for second place in one of the competition’s tracks.

“[These events are] a very cost-effective way to keep in touch with the state of the art,” Raslawski added.

Working with Senior Research Engineer Chris Roberts, who leads the Embedded Cyber Techniques branch at CIPHER, Raslawski hopes to get his coworkers more involved in hackathons and CTF events. In addition to the personal professional development benefits these events provide, Roberts sees them as opportunities to improve team collaboration.

“We go through a big event — a big challenge together — [and] we come out stronger on the other end, not only individually but as a whole,” Roberts explained.

Hacking the Talent Gap

Another reason that motivated Raslawski to pursue the SANS Institute scholarship in particular was to address the skills shortage in the cybersecurity fields.

A 2016 report by the Center for Strategic & International Studies found that 82% of employers surveyed in eight countries (including the U.S.) reported a shortage in cybersecurity skills. In 2020, a CEO of a cloud computing company wrote in Forbes.com about the need for cybersecurity talent as more employees transition to remote work.

“This scholarship pipeline and the Assante scholar awards show that progress is being made to address [the shortage],” Raslawski said.

By participating in this competition and others like it, cybersecurity professionals like Raslawski can distinguish themselves in their field and build skills to help make the world a better place. Raslawski has already distinguished himself at GTRI, and his story of success may inspire others to follow in his footsteps.

“Mr. Raslawski is a prime example of the talent we have at GTRI,” said Alexa Harter, who leads CIPHER. “We in the CIPHER lab are happy to have him on our team and are excited to see his talent applied to our diverse array of challenging research problems in cybersecurity in the coming years.”