RSA Conference was fortunate to have as one of its 2017 Security Scholars a then 19-year-old Parker Garrison. Based on his performance as a scholar, it’s no surprise that today we are celebrating Garrison’s achievements as he advances through the rounds of the 2021 US Cyber Games.

When we met him at only 19, Garrison had been interested in computer security for a long time, and he was both passionate and adept at playing the SANS NetWars. In recalling the countless hours he spent in the RSAC Sandbox, Garrison said, “I managed to take first in the one-hour CTF and the Core NetWars Tournament.” In fact, he knocked it out of the park. Garrison had far surpassed expectations to the point that it didn’t look like anyone else stood a chance of winning. “I officially got banned from the student version of the competition they were holding later that day,” he joked.

Though RSA Conference had been around for decades, the acronym RSA meant encryption to Garrison. “I knew about the RSA encryption algorithm and studied how that worked, so when my professor at school talked about RSA, I was thinking about encryption. That was before I even knew about the conference,” he laughed.

The Wonder Years

It was an online class taken in his early teens that introduced him to the wonders of gamification. “The final project was a digital forensics hunt,” Garrison explained. “We had to find nine rhinoceros images hidden across the network captures and on USB flash drives. We only had to find two, but I ended up finding all nine because I liked it so much.”

Garrison continued to take courses through Johns Hopkins University, which had an array of offerings that aren’t traditionally available to high school students. Taking these classes allowed Garrison to start developing his skills, which then led to his partaking in Capture the Flag (CTF) competitions.

“There actually weren’t too many around then,” Garrison said, but he managed to find some that not only were fun but also gave him the opportunity to develop his skills in areas beyond digital forensics and incident response (DFIR). Garrison also participated in several competitions hosted by the University of Texas at San Antonio’s Center for Infrastructure Assurance and Security (CIAS), such as CyberPatriot.

“Collegiate Cyber Defense Competition (CCDC) was the precursor to CyberPatriot, which was an event created for high school and, later, middle school students. The goal of these events is similar—to give students practice in defending a computer system or network, although CCDC has a red team throughout all rounds of the competition,” Garrison explained.

“I was also taking college classes and got to take classes through SANS because of the CyberCorps Scholarship for Service (SFS). Those were offensive and defensive courses that were somewhat complementary, so I got into some advanced and interesting stuff.”

It’s Game Time

As draft day for the US Cyber Games approaches, Garrison is feeling confident that he’ll be able to compete for the gold. Thus far, he’s made it through two rounds, including the qualification round, which started Memorial Day weekend.

“It was two weeks of solving challenges across six different disciplines: web exploitation, network traffic analysis, reconnaissance, binary exploitation & reverse engineering, forensics, and cryptography.” Those who scored high enough move on to round two. Not surprisingly, Garrison earned a qualifying score, making him one of the top 60 who moved into the US Cyber Combine. “There were a few weeks where we spent more than four hours on a particular CTF, and they observed how effectively we could divide up the tasks. They observed not just whether we could avoid getting in each other’s ways but how well we worked among each other to make sure we were using all of our skills to progress toward the overall goal.”