Cyber Discovery Spotlight: Daniel Milnes

Our fantastic Cyber Discovery community is what makes our programme a success! In this series of blogs, we shine a spotlight on some of the incredible talents we have seen taking part this year.

This week, Daniel Milnes, a student participating in Cyber Discovery, guest blogged about his experience in the programme and what skills he has developed since taking part in CyberStart Assess back in November.

Daniel registered for the programme as an individual and has successfully qualified for the final stage of Cyber Discovery — CyberStart Elite!

My experience of cyber security prior to the programme was very limited. I knew I wanted to go into a computing related field, and for a long time I thought that would be systems administration. I can remember the particular situation that changed my mind, and it occurred during my time doing work experience at Cisco around a year ago. They had a member of their cyber security team come in and do some demos that, in retrospect, were very basic (WPA2 cracking and hashcat), but I was absolutely captured.

I’ve always enjoyed breaking things, cyber security allowed me to combine that with computing.

I was given a list of suggested activities by the instructor (things like looking at Kali and OverTheWire), but my first proper education on the topic came a couple of weeks later on a CyberFirst course that I had been recommended by a friend.

This helped me learn the fundamentals of cyber security and was actually where I was introduced to Cyber Discovery, as one of the staff did a talk advertising the programme. At the time it was just “oh, that looks interesting, guess I’ll pre-register”, but since then, Cyber Discovery (along with the community Discord server) has somewhat taken over my life.

I found CyberStart Assess to be a good way of measuring my progress. Whilst I can’t say I struggled with a lot of it, challenges like level 14 I spent quite a long time working on. You can see the horrific solution I created here, which takes bodge to a whole new level. It is a macro that automatically collected the strings, combined them in the search box of a chrome tab, which I then had to manually copy onto the end of the solution URL.

At the time, this was the best solution I could come up with but looking back now, with the skills that Cyber Discovery has taught me. This would be something that I could do with my eyes shut.

Whilst it was running, I pushed CyberStart Assess on to anyone I could get to listen, and the next stages made me very glad I had.

CyberStart Game is like nothing I’ve ever really seen before. It was an absolute god-send for someone new to the industry, and for it to be free was the icing on the cake.

To go from “can you spot the scam email” to “can you decompile and patch this binary to extract the flag” without too much of a jump is an incredible achievement and the Cyber Discovery team should be very proud.

The skills this stage taught me have been invaluable in what I have done since, I have no idea where else I would have gone to learn them to this standard and for free.

For the next stage, CyberStart Essentials, we were handed the kind of resource that most people would pay large sums of money for access to. It covered an even wider range of topics than Game. Essentials allowed me to flesh out my knowledge of skills like Metasploit and lateral movement.

I was genuinely disappointed when Essentials closed, because it meant I lost access to an amazing resource that went well beyond what I had learnt in both GCSE and A-Level classes.

Looking back, my highlight of the programme has to be the night that CyberStart Game launched. As we approached midnight, the suspense on the server was palpable. We had all been waiting for this for weeks, in some case months, and had been jumping on any kind of preview that was released. Just as we got to midnight, James Lyne came on the Discord server to watch the opening, and as Game actually opened we were all blown away by the scale. The team had done an excellent job of keeping a lot of information about the programme under wraps, so as we were set loose on the monolithic amount of challenges contained within, we had no real idea what we were getting ourselves into, and there was a noticeable drop in my level of productivity for the next few weeks as me and friends worked through the challenges.

Looking forward in the short term, I am extremely excited for CyberStart Elite (badges and robot arms and CTFs, oh my…), but in the long term, I’m actually most excited for the doors that Cyber Discovery has opened for me.

Before the course, I wouldn’t have even had the faintest idea where to start with any of the challenges released by Cyber Security Challenge, and now here I am having attended 2 face-to-face competitions and with a ticket for a masterclass later this year. One of the problems that I always found looking at the cyber security industry from the outside was the lack of any entry-level programmes.

Whilst there is an abundance of higher level resources, things like DEF CON talks, and ways of practising higher level skills that you already have (services like Hack The Box fill this niche quite well). I have never really come across anything that goes from the complete basics to the advanced levels like Cyber Discovery does, and the impact it has had on my life is massive.

In my opinion, programmes like Cyber Discovery are absolutely crucial for the youth of today. Computer Science classes provide nowhere near the level of technical literacy needed for modern life.

I think James Lyne put it best “whilst many people coming out of schools now are much more technology-savvy, they know how to use technology, fewer and fewer people are following the feeder subjects to know how that technology works under the covers.”

I regularly assist in lessons in the lower school, and the lack of computing knowledge is frankly alarming, and even those who are quite good with technology know very little about cyber security. For me, my cyber security education prior to what I’ve mentioned here consisted mostly of “don’t click dodgy looking emails”, and that simply isn’t good enough for the modern world.

Daniel Milnes, 17

If you are interested in taking part in our Cyber Discovery Spotlight series, please get in touch via email. We would love to hear about your experience as a student, club leader or school taking part in the programme!

Haven’t registered for Cyber Discovery yet? You can sign up for Year 2 of the programme! To learn more about Cyber Discovery and get involved, visit