← Back to Articles
Competing at the UK Cyber Leaders Challenge
Network SecuritySolution DesignPresentation SkillsRisk ManagementIncident ResponseCritical InfrastructureTeam CollaborationCustomer-Focused

Competing at the UK Cyber Leaders Challenge

Competing at the UK Cyber Leaders Challenge

In February 2025, I participated in the UK Cyber Leaders Challenge in Cheltenham, a scenario-based competition that put my team in the role of cybersecurity advisers responding to a critical infrastructure cyberattack. The experience was both challenging and eye-opening, demonstrating the real-world complexity of cybersecurity incident response at a national level.

The Scenario

The challenge presented us with a fictional but realistic scenario: a cyberattack affecting two major UK ports—Port of Great Yarmouth and Port of Liverpool. The attack exploited a vulnerability in SHERPA, the ISO container management software used across the ports, allowing threat actors to manipulate vessel stowage plans and potentially disrupt critical maritime operations.

The scenario materials were comprehensive, including intelligence reports from MI5 about Volt Typhoon-style state-sponsored actors, INTERPOL assessments of organised crime groups targeting ports, incident response updates from BAE Systems, and email chains between port operations teams. This wasn't just a technical exercise; it required understanding the broader context: economic impact, supply chain disruption, national security implications, and the coordination needed across multiple stakeholders.

The Challenge

Our team was tasked with preparing a briefing for the Local Resilience Forum (LRF), a group of senior decision-makers from government and industry who needed to understand the situation and decide how to respond. We had to:

  1. Submit a Briefing Note: A two-page PDF document analysing the situation, implications, and recommendations
  2. Deliver a 10-minute Presentation: Present our assessment and recommendations to judges acting as port representatives and government officials
  3. Answer Questions: Respond to 10 minutes of direct questions from the judging panel

The briefing date was set as Monday 3rd February 2025, and we needed to balance multiple competing priorities: security, operational continuity, economic impact, and public safety.

My Role and Contribution

I was responsible for presenting the closing section of our briefing, focusing on our final conclusions and recommendations. This was the most critical part—where we had to clearly articulate what needed to be done and why.

My key recommendation was straightforward but essential: isolate the network first, then decide what to do with the malware. This approach prioritised containment while maintaining flexibility for the response. I explained that before making any decisions about remediation, we needed to prevent further spread and assess the full scope of the compromise.

During the question-and-answer session, the judges (acting as port representatives) asked probing questions about our recommendations. They wanted to understand the technical rationale, the operational impact, and how we balanced security with business continuity. It was challenging but incredibly valuable to defend our approach under pressure.

What Made It Special

What struck me most about this experience wasn't just the technical challenge, but the people involved. Seeing students from other universities brought different perspectives and approaches to the same problem. More importantly, meeting the judges—cybersecurity professionals who are actively shaping how the UK responds to cyber threats—was genuinely inspiring. These weren't just academics or competition organisers; they were people working on real-world cybersecurity challenges that affect national security.

The competition was more enjoyable than I expected. The scenario felt realistic, the materials were detailed and well-crafted, and the pressure of presenting to experienced professionals made it feel like a real briefing rather than just an academic exercise.

The Outcome

We didn't win the competition, but the feedback we received was encouraging. The judges commented that we had done more from a technical perspective than they expected, which was validating. More importantly, we were invited to participate in the next year's challenge and received invitations to other CLC events—recognition that our approach and analysis had value.

Key Learnings

The most valuable takeaway from this experience was simple but powerful: be ready, don't be afraid, and challenge yourself.

This competition pushed me out of my comfort zone. Presenting technical recommendations to experienced professionals, defending our approach under questioning, and working under time pressure—all of this built confidence in my ability to communicate complex cybersecurity concepts to diverse audiences.

I also learned the importance of thinking beyond just the technical aspects. A cybersecurity incident affecting critical infrastructure isn't just about malware and vulnerabilities; it's about economic impact, supply chain disruption, public safety, and national security. Understanding these broader implications is essential for anyone working in cybersecurity, especially in roles that require communicating with non-technical stakeholders.

Relevance to Fraud Prevention and Financial Crime Analysis

This experience directly demonstrates skills essential for fraud prevention and financial crime analysis:

Risk Assessment: We had to design a comprehensive response strategy that balanced multiple competing priorities—security, operational continuity, and economic impact. This required thinking like a risk analyst while understanding business constraints and regulatory requirements.

Presentation Skills: Presenting our recommendations to judges acting as port representatives required clear communication, confidence, and the ability to defend our approach under questioning. This mirrors exactly what fraud analysts do when presenting risk assessments and fraud findings to stakeholders.

Technical Depth: Understanding the attack vectors, the SHERPA software vulnerability, network isolation strategies, and incident response procedures demonstrated the technical knowledge needed to analyze complex fraud patterns and explain detection strategies.

Stakeholder Communication: The judges acted as our "stakeholders"—port representatives who needed to understand the situation and make decisions. Translating complex technical concepts into clear, actionable recommendations is exactly what fraud analysts do every day when presenting findings to compliance teams, business leaders, and regulatory bodies.

Conclusion

The UK Cyber Leaders Challenge was a formative experience that combined technical analysis, strategic thinking, and effective communication. It proved that I can think like a network security professional, design comprehensive solutions, and present them effectively to diverse stakeholders—whether they're technical IT teams or business decision-makers. More importantly, it reinforced the importance of being ready to step up, challenge yourself, and communicate clearly even under pressure.

This experience showed me that fraud prevention isn't just about detecting patterns or analyzing data; it's about understanding complex financial crime schemes, designing detection strategies that work in the real world, and communicating those findings effectively to help stakeholders make informed decisions. These are exactly the skills that make an effective fraud analyst.