UK team in training for ECSC 2019

While the UK team are busy undertaking tricky CTF challenges in preparation for the European Cyber Security Challenge (ECSC) in October, we chat to their Coach, Paul Harrington. As well as his detailed training plans for the team, we discuss the ever-changing world of penetration testing, the importance of programmes such as ECSC for young people in cyber, and his surreal encounter with Terry Pratchett.

NCC Group are one of Cyber Security Challenge’s training partners, and are providing the UK ECSC team with online and offline training resources in the run up to the 2019 competition. As a Principal Security Consultant at NCC Group with over 20 years of experience in the industry, Paul is the perfect cyber-pro to take the team to victory.


Tell us a bit about your background and why you’re well placed to mentor this year’s UK ECSC team.

My career in IT started when I took a job working for the first provider of home internet access (Demon Internet), before most people had even heard of the internet – and long before the World Wide Web! I then worked as a contractor in the banking industry, focusing on a number of security-related projects.

I’ve been working at NCC Group as a Principal Security Consultant for nearly 10 years and still enjoy the new challenges that working in penetration testing throw us on a daily basis. With over 20 years of experience across both offensive and defensive cyber security, I believe I’m in a good position to train and mentor Team UK in the 2019 European Cyber Security Challenge Competition.


What do you enjoy most about your day to day role?

Even after a number of years working in penetration testing, the role still presents new challenges and technologies. I particularly enjoy Red Team assessments where we get to simulate techniques used by real cyber criminals to target organisations in an attempt to circumvent their defences and gain access to their key IT systems.


How do you think programmes like ECSC help prepare students for a career in cyber security? Do you think it means students stand out when applying for jobs?

It’s good to see that a number of programmes are now available for school and university students to encourage an interest in cyber security, as well as helping to keep them safe online and  develop skills which could lead to a future cyber career. I have been very impressed with the skills shown by the UK ECSC team so far, and hope that many of them go on to consider a career in cyber.

NCC Group is always looking for new talent, both experienced consultants and people who are new to the industry. We run a large, detailed training programme and look for the best of the best to join our team. We even use our unique Ninja challenge to encourage applicants to solve a number of tasks and test their skills in a safe environment. Programmes like ECSC and CyberCenturion, run by Cyber Security Challenge, are great for potential applicants to learn useful cyber skills and test out whether they’d be interested in a career in the field.


We know you can’t reveal all your training secrets, but let us in on a couple! How are you preparing the team for Romania?

As the main training provider for TeamUK, NCC Group have made available a number of resources to help the team in their preparations for the competition in Romania later this year.  In my role as Team Coach I have set up a practice CTF server hosting a number of different challenges and provided g access to some of NCC’s other training systems.

As well as these online resources, we will also be running a couple of training weekends with the assistance of my colleagues who will be presenting and running training sessions on their specific areas of expertise. These weekends will give the team an opportunity to meet up, get to know each other in terms of their unique skills and abilities, and – importantly – start working together as a team.


What’s the biggest myth about working in cyber security that you’d like to dispel?

You don’t necessarily need a background in cyber security to succeed in the industry. A number of the best testers I work with have completely unrelated degrees and previous careers. At NCC Group, we have a large and very diverse group of testers. Our training programme is designed to teach people all of the required skills -you just need to have the passion, hacker mind-set and love of problem solving and taking things apart to see how they work! The saying goes “we know what it can do, but what can it do that it shouldn’t?”


What has been a particularly memorable highlight of your career to date?

In my early career working on an ISP helpdesk I was fortunate to talk to a number of our celebrity customers. One memorable call was when Terry Pratchett called up to say his Usenet news fan group was missing ( and I replied that it was strange and I couldn’t find my own fan group either 🙂