End User Licence Agreement and Terms of Service Summary

Last Updated: 9th February 2020

This document provides a readable summary of our licence agreement and terms of service. It is backed by our policy framework, including our privacy and cookies policy. This document will be updated as the site and services it provides access to are changed.

The Cyber FastTrack program is executed by the SANS Institute and Helical Levity Ltd who will hold, control and process your data. Cyber FastTrack is identified as the service provider.

Who can use our Services

Cyber FastTrack provides a multi stage program with selection based on capability and eligibility criteria. The program provides opportunities based on these criteria and rules of fair participation. The first stage of the program is a Capture the Flag (CTF), which while intended for students identifying as eligible, is open to all until capacity is met on a first come first served basis. Subsequent stages are based on invitation based on selection criteria of the competition and the service provider. Who can use our services and the terms you must abide by to participate are outlined below:

  • To participate in the first stage of the program, the CTF, you need not meet any specific eligibiliy criteria, though the program is intended for those studying a degree or recent graduates.
  • Participation in the competition is for individuals and you must participate without undue assistance from others that misrepresent your ability. This does not include research or tools which may be used to participate in the program.
  • Access to the program stages, such as the CTF, is at the disgresion of the service provider. By registering you request access to the program and platform which may be granted by the service provider based on capacity, time, eligibility or other criteria.
  • Cyber Fast-Track excercises a strict anti-cheating and anti-abuse policy. Violation of these terms and conditions, including cheating or abuse of the infrastructure of the program may result in termination of your access to the program, a permanent ban for the participant or their entire school, or in extreme scenarios referal to the relevant legal authorities.
  • After the first stage of the program, the CTF, top performers may be invited to apply for a scholarship or other prizes. There are eligibility criteria for this stage and the selection of participants remains at the disgresion of the service provider. To be eligible for the full scholarship application you must:

  • Be a US citizen or permanent resident.
  • Be 18 years or older by the close of the registration intake period, prior to the CTF.
  • Be among the identified top performers in the CTF.
  • Truthfully complete the information requirements and scholarship application provided by SANS Technology Institute.
  • If you are concerned with whether you are eligible to participate or have queries regarding the policies of participation outlined please contact support@cyber-fasttrack.org.

    Agreement

    By registering an account and agreeing to the End-User Licence Agreement you will be provided with access to one or more stages of the program. Your level of access will depend on your performance compared to other participants and the identified eligibility criteria. The service provider may provide you with access to a platform with content, training materials, challenges or games. By registering and using your account you agree:

  • To participate fairly, as an individual, such that your score reflects your ability. Identfied cheating may result in a ban of the participant or their school including all participants thereunder.
  • During the competition you will be provided with access to challenges and content for you to solve. You agree not to share solutions, post blogs, or otherwise share solutions until the competition is closed. After this period sharing solutions and write-ups is thoroughly encouraged and does not require express permission from the service provider, including linking to https://www.cyber-fasttrack.org.
  • To use tools, techniques or process only against the identified sanctioned targets where you will be given explicit permission. Use of the material or tools against the infrastructure of the program, or other services outside the scope identified may be a violation of (amonst others) the Computer Misuse Act 1990 of the United Kingdom or the Computer Fraud and Abuse Act of the United States.
  • Should evidence surface of violation the scope and sanctioned target list you may be ejected from the program and in severe cases your details referred to the relevant legal authorities.
  • That the service provider retains the right to analyse, collect and share information with the relevant legal authorities in the event of a suspected breach of the law.
  • You agree not to intentionally disrupt the service, the provided challenges or infrastructure such as through the use of Distributed Denial of Service attacks. Doing so may result in termination of your access, or sharing of your information with the relevant legal authorities.
  • Based on your participation in the program you may receive additional opportunities such as access to training products, material or scholarships. Each of these will be governed by their own terms and conditions and you may accept or decline these, though doing so may impede your progress in the program. This agreement does not default you to accepting further terms and conditions.

    Acceptable Use

    As part of this program, subject to eligibility criteria and your performance, you may be granted access to infrastructure providing security related puzzles or challenges. As part of these challenges you may be required to apply unusual tools or use patterns to services to uncover logic flaws or issues. With your licence you are provided permission to undertake the activities covered in each of the ‘briefings’ against the defined targets. As covered in the product specific licences and user guides it is not acceptable to attempt denial of service attacks, or to purposefully attempt to cause damage to the infrastructure or data. It is also deemed a violation of acceptable use to identify flaws and to purposefully attempt to damage or disrupt other platform users, or their data.

    Uncovering security flaws and learning about cyber security vulnerabilities will require use of certain tools that can only be used in a context where permission has been given by the target party, as is provided here. In severe circumstances where error cannot be blamed, violation of these terms could result in rejection from the program, or prosecution. If you are unsure of the activity you are undertaking at any time please contact support@cyber-fasttrack.org.

    Prizes and Scholarships

    This program and the associated tools, services and sites used within it are designed to identify your potential for the cyber security profession. Based on your eligibility and performance in the aforementioned tools and challenges you may be awarded a scholarship, or a prize.

    The program administrative staff use a number of criteria to identify winners and their announced rankings and awards are final. If you have any queries regarding the awards or your eligibility please contact support@cyber-fasttrack.org.

    The program reserves the right to withdraw a prize or opportunity at any time. The award of prizes, scholarships or other opportunities are contingent on adherence to the program terms of service, and ethical and legal conduct.

    How your data will be used

    An outline of what data we will collect and how we will use it is included in our privacy policy. The data will be held by SANS Institute and Helical Levity Ltd for the purposes of running the competition, training and talent identification outlined by the program site. To administer the prizes and scholarship opportunities your data will be selectively shared with named parties, and should other opportunities arise we will contact you to ask your permission to share your data.

    Contact information

    If you have any questions about this Agreement or any associated policy, please contact support@cyber-fasttrack.org.

    Privacy Policy

    Last Updated: 14 February 2019

    Who is holding my data?

    Your information is being collected by Cyber FastTrack to help run and deliver information security talent assessment and training programs. The program is delivered by Escal Institute of Advanced Technologies (SANS Institute) and Helical Levity Ltd. These parties respectively act as a processor and controller of your data, which means storing your provided data, analysing it or deleting it.

    This program and the prior mentioned parties will maintain information that you provide to us, and data collected during your interaction with the provided services. This is collected for the operational purposes of security and safeguarding, but primarily for the running of the talent identification, training and competitions outlined on the website.

    For the running of the competition, or for purposes of recognition, or further training & career opportunities very specific data on your performance and contact information may be passed to additional parties beyond those identified above. These parties are government organisations at the state or federal level. The information would be provided to government officials to allow them to recognise top performers and competition winners, which may in turn lead to them contacting you to invite you to a reception or for further related opportunities.

    Additionally, winners of the scholarships will be provided with the process to receive their award from Scholarship America (www.scholarshipamerica.org). We will provide information on winners to enable them to validate the eligibility and entitlement of winners.

    Other organisations, such as cyber security employers may offer prizes which you could be eligible for. In the event that these become available and applicable to you we will contact you to ask for your consent to provide your data for you to receive your prize or scholarship.

    We will always ask for your permission before sending your information to any other organisation, or for any use case other than what is outlined above. We may send you information related to our programs and further suitable opportunities for you, which you may terminate at your discretion.

    Consent

    We get your information from your registration form, from your use of the website and materials, and from details of your progress in the program. For us to process your data we need to get your consent or permission to use your information on behalf of all those involved. We can't enrol you in the program without your registration information, and we also need to monitor your progress.

    Whether you choose to join or leave the program is entirely up to you. The only effect of asking us to delete your information would be that you are no longer able to be a member of the program. You are entitled to do this at any point in support of your right to be forgotten.

    You must meet the program eligibility criteria in order to participate, including the criteria that you are of an age which can consent to provide your data. For this reason we may ask for your date of birth or other personal information to validate your eligibility at a suitable stage in the program.

    We've tried to make this notice easy to read, but you can always contact the Data Protection Officer via support@cyber-fasttrack.org who will help explain things further and will answer your questions.

    So what data do you have about me?

    We hold information which you provided on registration and information gathered as you progress through the program including:

    Your name, email address, access credentials, subscription preferences, your IP address and cookie data, gender, school, date of birth, whether you have any disability that we can assist you with when accessing the program, your ethnic group, the date of enrolment onto the program, details of how you have progressed on the program, the scores that you have achieved via the challenges and exams, and how you are using the web sites that make up the Cyber FastTrack program.

    We use your information to monitor progress and help you progress through the program and to report on the success of the program. We use cookies to allow you to sign in to the program websites, improve the site and to safeguard young people who are participating in the program.

    As outlined in the policy above, we will provide information to state and federal government departments in support of the program talent identification, competition and prizes. The information provided will predominantly be high level information, though if you are a prize winner your name, contact details and performance information may be shared.

    We also collect data to monitor the site and make sure it stays safe for everyone to use. For example, we may check for misuse of the platform or try to detect if abusive language is being used. This is against the program code of conduct.

    Leaving the program and removing your information

    If you change your mind about allowing us to use your information you simply need to tell us by emailing support@cyber-fasttrack.org. We will then take you through a couple of quick steps to confirm you want to delete your information and leave the program.

    We'll update you when this has been done or in exceptional circumstances if we can't do this.

    Why do you need my information anyway?

    We need it to run the program, training and competitions outlined on this site. SANS Institute, Helical Levity Ltd and associated state or federal bodies will need your data to run the competition, assess eligibility and to award prizes.

    If you don't want us to hold your information you will no longer be able to participate in the program, and we will delete your records from the system.

    What security measures are you taking?

    As cyber security experts we are very aware of the risks around data security. We carry out regular security assessments to make sure your information is secure. We follow all the standard industry practises to make sure we hold your information as securely as possible.

    How long will the information be held?

    We keep your information for five years or until you ask us to delete it if this is sooner and you wish to leave the program. If the circumstances arise where we need to keep the data longer we will tell you and explain why.

    What about my other rights?

    You have a right to have a copy of the information which we hold on you or to transfer your information. You can make a request for a copy of your data through the support channel and any data that is available to transfer will be made clear to you as you use the platform. You can action this through the platform.

    What if I want more information or I want to complain?

    If at any time you want further information, or you need help understanding what you can and cannot request, or if you want to make a complaint, the Data Protection Officer can help you with this.

    The Data Protection Office is Sharon Heys and she can be contacted via the support channel. Please email support@cyber-fasttrack.org and ask to be put in contact with the Data Protection Officer.

    If you still aren't happy with our response you can complain to the Information Commissioners Office.

    Cookies Policy

    Last Updated: 1 November 2019

    Cyber FastTrack uses cookies as part of the delivery of the service. By using the service you agree to the use of Essential Cookies that are a requirement for the platform to operate. Additional cookies may be used to optimise the site experience or improve delivery of the content, but this is undertaken only with your consent when you visit the site. You do not need to accept these optional cookies to use the service.

    Our Cookies Policy explains what cookies are, how we use cookies, how third-parties we may partner with might use cookies on the service, your choices regarding cookies and further information about cookies.

    What are cookies?

    Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the service or a third-party to recognise you, makes your next visit easier and renders the service more useful to you.

    Cookies can be either 'persistent' or 'session' cookies. Persistent cookies may remain on your hard drive until you erase them or they expire. Session cookies are temporary cookie files, which are erased when you close your browser.

    How Cyber FastTrack uses cookies

    When you register to use and access the service we will ask you to set your cookie preferences. In order to access Cyber FastTrack there are some cookies that are Essential and you will need to agree to their use if you wish to access Cyber FastTrack. We use these cookies to:

    • To enable certain functions of the service to operate
    • To provide analytics and store your preferences
    • Most crucially, cookies are used for authentication and to allow you access to the service and to prevent fraud of user accounts.

    We use both session and persistent cookies on the service and we use different types of cookies to provide these Essential cookies. Essential cookies are delivered from 'cyber-fasttrack.org' and you will be able to identify them from this reference. Blocking these cookies will prevent you using our service.

    You will be offered the option to manage your cookies and to opt into non-essential cookies if you wish to. Some of our non-essential cookies may be third-party cookies. These are cookies that belong to companies that Cyber FastTrack works with, and allow the program to understand how we are delivering our services to you.

    Non-essential cookies that we offer will allow us to monitor the program and make improvements to our site.

    What are your options regarding cookies?

    Cookies are managed through our cookie banner that will allow you to 'opt in' or 'opt out' of non-essential cookies. At present our non-essential cookies are limited to selected third parties that we work with to provide us with information about the use of our site and to help improve the program. Our non-essential cookies are used for conversion tracking for Twitter, LinkedIn, Facebook, Instagram and Snapchat.

    You do not have to agree to any non-essential cookies, and if you do not consent it will have no effect on your ability to use the program. If you previously opted in to non-essential cookies, and then later decide to opt-out of those non-essential cookies, you may need to manually remove those third-party cookies using your browser's cookie preferences and clearing settings; due to how third-party cookies work, we are not able to delete or remove these cookies for you from your browser after they have been previously set.

    Essential cookies are however necessary to use the site and if you do not allow them you will have difficulty using the site and the program. You will not be able to open or verify your account and in effect you cannot use the program.

    You can delete cookies or instruct your web browser to delete or refuse cookies to do this you should visit the help pages of your web browser. There are lots of tools and plug-ins available to manage or restrict cookie behaviour. As previously stated, if you choose to do this you may not be able to access the program.