Conor Hargen ‘20
On a recent Saturday, a group of about 300 people gathered at UVA’s Darden School of Business. Some were accomplished professionals with decades of experience; others came armed with only a keen interest to learn. Regardless, everyone had one thing in common: a passion for cybersecurity.
On October 20, students, government officials, private attorneys, and tech professionals convened to take part in Meta CTF, a cyber capture-the-flag competition addressing challenges in cybersecurity and data protection. Students met with leading attorneys, responded to simulated data breaches, and discussed cybersecurity issues with industry professionals.
Through this event, students learned about crisis response, legal exposure, and the tools companies utilize to counter malicious hackers. One problem involved a hypothetical ransomware attack in which hackers encrypted sensitive files from a corporation and demanded money in exchange for the decryption key. These problems required students to make business decisions, determine civil and criminal liability, comply with regulations, and recommend policy responses.
John Woods Jr. ’95 and David Lashway, Co-Global Heads of Cyber Security practice for Baker McKenzie, helped advise students during the event. Woods has spent years leading investigative and legal responses to some of the biggest data breaches in the country and advising clients on how to avoid them. Lashway counsels Fortune 100 companies on data security and network breaches, in addition to serving as lead counsel to the cyber investigation firm in the 2016 U.S. presidential election hack.
Over lunch, Woods and Lashway shared insights from their years at the forefront of cybersecurity law. They stressed the importance of giving clients a comprehensive approach to data security and investigating breaches. Students also learned about the shifting landscape of cybersecurity law and, in Woods’s experience, how it intersects with corporate governance, litigation exposure, and insurance liability.
Also in attendance were representatives from Sony, Capital One, Google, Raytheon, General Electric, CrowdStrike, and FireEye. The keynote address was delivered by NSA Deputy National Manager for National Security Systems Marianne Bailey.
Among the attendees was Grace Tang ’21. A 1L with a Bachelor’s degree from the University of Waterloo and a CPA certification, Grace was keen to learn more about data protection and the security issues of major corporations. After the event, Grace was surprised by the availability of industry professionals and the cutting-edge nature of their work.
“I came out of the event with a better understanding of the importance and scope of cybersecurity in the modern age through reading statutes, analyzing cases, and consulting secondary sources . . . CTF was an incredible opportunity to hear from some of the brightest minds in the field.”
LIST teamed up with members of the UVA Computer and Network Security Club to organize this year’s Meta CTF. The group has been running a purely technically focused event for years, but approached LIST last year to collaborate on an event that would include legal and business dimensions.
“We wanted to integrate legal and policy components into the CTF this year in order to create a more real-world environment and give students a more complete view of the entire cybersecurity field and possible career paths,” said Jake Smith ’20, who helped organize the event. “In addition, it's crucial that technical people understand the business aspects and vice versa to work together effectively.”
When asked about plans for next year’s events, LIST President Jeremy Gordon said, “The event was truly an incredible experience—not only were LIST members able to gain exposure to the technical side of cybersecurity, but they were able to do so in an integrated environment by working alongside people who will likely be their future clients. This experience, I think, was too valuable to be a one-off, and I look forward to working to grow and expand it in the future.”
Conor J. Hargen