HR4RS stamp
Raul Garcia Hemonnet
Although at first he faced the test with a bit of uncertainty, as it progressed, Ismael Gómez Esquilichi became more motivated, until he was the winner and presented the best vulnerability report to the IT and cybersecurity managers of the University. “I have found it a very interesting challenge, I have realized that I have been able to apply many of the things we have learned in class. It is attractive for self-learning. And besides, it never hurts to lend a cable and be able to help”. This third-year Cybersecurity Engineering student points out.
Indeed, helping the University to strengthen its computer system is one of the objectives of 'Bug Bounty'. Participants play the role of attackers and scan the system for vulnerabilities. On this occasion, 11 students have competed and 3 have reached the final phase, which consisted of presenting a vulnerability report.
As José Antonio Rubio, head of Cybersecurity at the URJC, points out, this test is “a 'quid pro quo.' Both parties win. The number of assets to be protected in universities is very large and we do not have specialized personnel like a bank has. By having students in technical careers, we look for that synergy”.
Students have had the university's computer system at their disposal, although in a controlled manner and under strict rules, such as the signing of confidentiality agreements, among others. The vulnerability reports submitted will be examined by those responsible for IT security at the URJC and, if they are satisfactory, they will be used as tools to locate those points that need to be protected the most.
Show the work to the industry
This edition of 'Bug Bounty' has had the participation of the international cybersecurity company, PaloAlto, one of the global leaders in the sector. In this way, the students have been able to demonstrate their capabilities in cybersecurity before one of the most important firms in the field, “being able to participate in a contest in which PaloAlto sets its eyes is something that cannot be missed. Being able to show your work to a company like this is something to take advantage of. In no other university is there a contest like Bug Bounty”, explains Ismael Gómez who, in addition to establishing this contact with the company, has taken a laptop as a prize.
Objective: to be a 'hacker'
Ismael is very clear about it, although he is still in his third year of Cybersecurity Engineering, a pioneer in the Spanish university system, "my goal is to dedicate myself to offensive cybersecurity, that is, to be a hacker, to help strengthen systems and detect their weaknesses”. This student is very happy with the grade he is doing, “we are dealing with many branches of cybersecurity because it is a broad subject. It is a degree for those people who are restless and curious about the new technologies that are used on a daily basis”.
The URJC 'Bug Bounty' is an exclusive initiative of the university that allows participants to operate in real environments very similar to those they will find in their professional lives. In addition, it gives the university the opportunity to have troops that put the system to the test, generating valuable information that will be used to strengthen it in the points where it is weakest. A contest in which everyone wins.