Christopher Haller beat out more than 6,000 competitors to earn the #1 individual player ranking in the Spring 2022 National Cyber League competition. He was also a member of the #1 ranked SANS.edu Sentinel’s team.
Discover how this student in the SANS Technology Institute’s graduate certificate program in Penetration Testing & Ethical Hacking prepared for the big competition — and learn about his career path from Information Systems Technician for the US Navy to his current role as Offensive Security Lead at Strong Crypto Innovations.
Q. How did you get interested in computer technology and, more specifically, cybersecurity?
A. I’ve always been interested in computers from a young age and knew that I wanted to work in technology. I wanted to learn how computers communicate with each other, as far as I knew it was simply magic. Cybersecurity was interesting to me as well but wasn’t a direct career intention for me until after I had a few years as a sysadmin.
Q. Prior to attending the SANS Technology Institute, what was your career background?
A. I started my career with the US Navy as an Information Systems Technician, where I was a sysadmin for four years. I was transferred to the Navy Cyber Defense Operations Command for the next four years where I had my first taste of cyber and loved it — I couldn’t get enough! I left Active Duty after eight years and started at Centripetal Networks up here in Portsmouth, NH where I’ve learned about how to apply Cyber Threat Intelligence (CTI) to the wire to defend networks.
Q. What’s your current job title and your role within the company?
A: I am the Offensive Security Lead at Strong Crypto Innovations, a security consulting firm whose clients include the U.S. Department of Homeland Security, NASA, the Social Security Administration, and many other Federal and corporate entities.
Q. Why did you choose to apply to the SANS Technology Institute? From your research, how did SANS.edu differ from other programs?
A: I took the GNFA course when I was Active Duty and loved how technical and detailed the training was. I always knew I wanted to have more SANS training, and I was excited when I found out I could use the GI Bill for my Graduate Certificate. There is a clear difference in technical excellence between SANS.edu and any other program offered anywhere else.
Q. What have you found most valuable about the graduate certificate program in Penetration Testing & Ethical Hacking?
A: The most valuable item from my graduate certificate has been the teamwork and camaraderie with my fellow students. I knew when I started this program to expect exciting technical knowledge, but I did not expect to have the chance to work with some of the best and brightest students around. I still can’t believe that we’ve been on the team together and have been so successful.
Q. How has your SANS training and experience impacted your career trajectory?
A: My time at SANS.edu has completely elevated my capabilities in both a business and technical sense. The skills I’ve learned and have been able to apply drive a clear value to my company. Additionally, I’m able to take these skills and continue to build on them to create open-source projects and research.
Q. You recently participated in the Spring 2022 National Cyber League cybersecurity competition and took home the championship for both the individual and team games — an unprecedented feat. How did you prepare to participate in the NCL competition?
A: Thanks! I’m still humbled and will be riding that wave until the next season. The secret is that there is no secret — I read a lot of books and take notes on what I’ve read. Some of my favorite recent books are Automate the Boring Stuff with Python by Al Sweigart and the classic Web Application Hacker’s Handbook by Dafydd Stuttard and Marcus Pinto. Constantly learning new things and re-learning the basics is how I keep myself fresh and relevant.
Q. You had to beat out over 6,000 competitors in the Individual Game to win the #1 prize. Give our readers 4 or 5 tips for winning — or at least improving their performance in — a CTF like the National Cyber League competition?
A: First and foremost, read the question carefully. A lot of detail can be gathered from the way words are presented in the question. Identify and hypothesize what objective/attack flow would fit best for the challenge. Refer to notes and know how to google for questions! Finally, start with and always continue to build on the basics.
Q. Cybersecurity is truly a team sport. What advice can you offer for building a strong and effective CTF team?
A: Small training evolutions within the team provide significant benefits to the overall effectiveness. Focus on the basics and present to others and explain how/why a certain attack flow works. Learn how to troubleshoot and work together to solve problems in a debugging environment. Don’t forget to have fun!
Q. What’s next for you?
A: My next immediate goal is the GSE. I passed the first portion last month and will hopefully be testing for the second half soon. Beyond that, I’m working on a book that will hopefully be published next year!
Secure Your Future
Ready to apply? We look forward to learning about you and your cybersecurity career goals.