10-23, 14:30–15:00 (Europe/Luxembourg), Europe - Main Room
In the dynamic landscape of cybersecurity, continuous skill development is paramount. This presentation, titled "Empowering Cybersecurity Outreach and Learning through Collaborative Challenge Building, Sharing, and Execution," delves into innovative approaches to enhance outreach and learning in the field.
Focused on the creation, sharing, and execution of challenges, particularly through platforms like Capture The Flag (CTF), the session aims to illustrate the transformative impact of hands-on experiences with the FIRST.org challenges.
The discussion will also outline how it has grown, offering a wide variety of knowledge fields and strong collaboration between the volunteers and their supporting organisation.
Outline
- Why a CTF at FIRST and Its Specificities?
- How Gamification Supports Spreading Knowledge?
- Are CTFs the Sole Approach?
- Pitfalls and Points of Attention
- Statistics and Figures
- Conclusion
Why Have a CTF at FIRST and Its Specificities?
The FIRST.org CTF is designed to reinforce the FIRST community, spread knowledge, and foster trust and collaboration. The focus is placed on defensive and constructive aspects rather than offensive ones. Players are strongly encouraged to participate in teams. Tools are provided to help find potential teammates, resulting in teams composed of players who have not previously worked together. An interesting example was observed at the latest FIRST annual conference, where the team holding the 1st position for most of the week was formed in this manner.
This section will, therefore, cover how a CTF, using the FIRST event as an example, is an effective way to contribute to establishing vibrant communities.
How Gamification Supports Spreading Knowledge?
Through challenges, players encounter intellectual hurdles designed for learning. Each challenge is built to ensure that the player learns by doing. Participation motivates players to strive and solve as many puzzles as possible. Working in teams encourages players to contribute to the collective effort and collaborate to maximize their results. A CTF combines rewards for collaborative efforts with a learn-by-doing approach. The CTF team itself demonstrates how organizations that might not typically collaborate can unite efforts toward a common goal.
Are Only CTFs Useful for Gamification of Training?
While CTFs are perhaps the most obvious technique, we will discuss an alternative option that could be offered to communities: hackathons.
As previously stated, the FIRST CTF is built with a constructive approach: players defend and are not rewarded for breaking things. Hackathons extend this concept further. A group of people collaborates on a dedicated task during a limited time, producing something that yields actual results. This might range from contributing to an existing tool to creating a proof of concept for a new tool.
Pitfalls and Points of Attention
In this section, we will discuss the challenges we encountered and the lessons learned. These encompass various aspects such as addressing cheating, providing on-site assistance, and aligning diverse expectations...
Statistics and Figures
In this section, we will revisit a decade of CTF at FIRST and compile notable statistics.
It is particularly significant to highlight the considerable effort required to construct a high-quality CTF and illustrate how this effort is rewarded by robust participation at the conference.
Enjoy when human are using machines in unexpected ways. I break stuff and I do stuff.
David Durvaux is active in the incident response field for more than a decade. He has work on many IT security incidents and especially on computer forensics aspects. Since 2015 he is actively preparing the FIRST CTF. David presented in numerous conferences including hack.lu.