Hacking to Learn, How Canada Is Building Its Cybersecurity Workforce From the Ground Up

In a world where cyber threats now rival traditional national security risks, Canada’s most effective defence may not be a new law, platform, or procurement strategy. It may be a room full of students, laptops open, racing against the clock to break into systems they are explicitly allowed to attack.

That belief sits at the heart of CyberSci, the national university level cybersecurity competition founded by Tom Levasseur, a retired penetration testing lead from the Bank of Canada. After decades defending critical systems, Levasseur is now focused on something harder and arguably more important, defending Canada’s future talent pipeline.

From rogue hackers to national impact

Levasseur’s journey into cybersecurity began before the discipline had a formal name. While managing electrical engineering systems at McGill University, he found himself tracking down a student hacker operating under the alias White Fox. The investigation drew the attention of the RCMP Computer Crimes division and eventually saw Levasseur serving as an expert witness.

That moment set the direction for a career spanning Nortel, CGI, and ultimately the Bank of Canada, where he led penetration testing until retiring two years ago. His formative years, he says, were defined not by textbooks but by collaboration.

Back then, cybersecurity was learned the hard way, solving real problems alongside people who already knew what they were doing. That apprenticeship model would later become the blueprint for CyberSci.

A competition designed to hire, not just to win

CyberSci was built to solve a problem Canada has struggled with for years, the cybersecurity talent gap. Levasseur’s response was practical rather than theoretical. Create environments that look like real security work. Put students under pressure. Then connect them directly with employers who need their skills.

Each CyberSci event follows the same relentless rhythm. Teams compete on realistic hacking challenges in the morning. Top performers interview with sponsor companies in the afternoon. By evening, job offers are often already being made.

The model has expanded to six cities, Montreal, Ottawa, Toronto, Calgary, Vancouver, and Halifax, with participation from nearly every Canadian university and college. Alumni routinely return as mentors, judges, and organisers, turning the competition into a self sustaining ecosystem rather than a one off event.

Punching above Canada’s weight

CyberSci also feeds Canada’s national team for the European Cyber Security Challenge, where more than 40 countries compete. Despite limited funding, Canada has consistently outperformed expectations.

Levasseur points to one stat with particular pride. Canada has beaten the United States three years in a row.

The results are not accidental. They are the product of early exposure, relentless practice, and peer driven learning that mirrors how real security teams operate under pressure.

Why early exposure changes everything

While CyberSci garners national attention, Levasseur is clear that the real game changer starts earlier. Programs like Cyber Titan, which introduce high school students to cybersecurity through competition, shape career decisions years before university.

By the time these students arrive in post secondary programs, many already have years of hands on experience. Student run cyber clubs then amplify that advantage, often transforming entire academic programs from the inside.

A handful of motivated students meeting weekly can elevate a school from last place to national contender in just a few years. That kind of transformation rarely happens through curriculum reform alone.

AI is not the enemy, but it changes the rules

No discussion of modern cybersecurity is complete without addressing artificial intelligence. Competitive hacking is already grappling with how to integrate AI fairly, and rumours of AI powered teams at international finals have sparked anxiety across the community.

Levasseur expects a middle path. Human only divisions alongside AI assisted ones, reflecting the reality of the modern workforce. The real contest, he argues, is not students versus students, but challenge designers versus increasingly capable AI systems.

The skills that matter most will not disappear. Critical thinking, creativity, teamwork, and judgment remain irreplaceable.

The next frontier, hardware and critical infrastructure

CyberSci is now expanding beyond traditional software challenges into industrial control systems, SCADA, and operational technology. These systems underpin water, energy, transport, and manufacturing infrastructure, and they are increasingly targeted.

Levasseur is actively seeking partners to help design hardware based challenges, supply equipment, and run workshops that give students hands on exposure to environments most professionals only encounter years into their careers.

The message is clear. If we wait until these systems are under attack to train defenders, we have already lost.

Why this matters beyond competition

Canada’s cybersecurity workforce shortage is not just an employment issue. It is a national resilience problem. Every unfilled role increases exposure across government, healthcare, finance, and critical infrastructure.

Levasseur’s grassroots model offers an alternative to slow moving policy responses. Build skills early. Reward curiosity. Connect learners directly to real world work. Measure success not in white papers, but in people who can actually secure systems.

Every student who competes, interviews, and shakes a sponsor’s hand strengthens the ecosystem.

Learn more, go deeper, and get involved

If this story resonates, whether you are a student, educator, sponsor, or aspiring security professional, the next step is to keep learning.

Platforms like The Hack Academy exist to bridge exactly this gap, turning curiosity into capability and interest into applied skill. From foundational concepts to advanced offensive and defensive techniques, the path into cybersecurity is no longer locked behind closed doors.

👉 Learn more and start building real world cyber skills at www.thehackacademy.com

The future of cybersecurity will not be secured by policy alone. It will be secured by people who learned by doing, failed safely, and kept going.