How did you hear about CCDC and what made you want to compete?
I heard about CCDC when I went to one of the open houses at UNC Charlotte. I was looking for a school that would enhance my interested in cyber security. When I heard about the defense competition CCDC, I had no idea there were competitions for this kind of skills and I got really excited and determined to make sure I got on the team.
What year(s) did you participate in CCDC?
2009, 2010, 2011, 2012 (All my spring breaks where given to CCDC, no regrets at all :-) )
UNC Charlotte all 5 years, part of the team was picked from our security club, the 49th Security Division years 2011 and 2012.
Did you participate in a state/qualifier? Regional? Did your team make it to Nationals?
Each year I was on the team we had to do SECCDC as our Regional, at the time there wasn’t a qualifying round.
We made it to Nationals in 2009 and 2012.
When did you start preparing for the competition each year and how often did your team meet?
Most years we started preparing about 2 months ahead of time, when I took a leadership role we in 2011 and 2012 I made sure we had 4 months lead time and met weekly. In 2012 we met every Sunday for 2 months for practices that lasted up to 8 hours, included conference calls with Alumni, white boarding, and bringing dividing students up to practice skillsets.
What was your experience while competing in CCDC? Tell your story.
The first year I went I was the new guy on the team, almost all the others had competed before, but I didn’t care, I was just excited I was chosen by one of our advisers to be on the team. As the years progressed I would be a more solid member of the team, and after 3 years competing I was helping pick who was on the team and had certain defined roles. One of the things that also changed a lot was instead of having professors pick members we would self-organize more. Finally in 2011 I was co-captain with one of my other really good friends Zack Mayo. We had a solid team of students that hung out and worked together on a weekly basis not just including CCDC. This caused a lot better team dynamic, however no matter how we prepared we still got stuck with technologies that we hadn’t seen before such as a StoneSoft firewall.
Finally in 2012, I decided I would take over as team captain and after consulting with a few of the other senior members I got their support to move forward with this. I knew if we were going to have any chance at Nationals we had to train and practice what was going to happen. We had to run recon on everyone that we could find in connection with the competition as well as prepare for hidden twists and turns by trying to find out if certain venders may be in play. We also had many years of previous memories of what memos looked like and we brain dumped those and drilled the newer members so they would know exactly what to do when they came in. We would take apart the lab on weekends and set up everything from hidden keylogger USBs to a complete CEO office just like SECCDC included in their setup. Finally we created a playbook and checklists to keep everyone on task and when over post what worked well and what didn’t from our practices so we would have contingency plans in the heat of competition.
In the end we went to SECCDC and did really well, winning 2 performance trophies as well as the 1st place spot and the chance to go to Nationals again. I couldn’t have been more happy and proud of my team. I see it as one of the highlights of my college career. The key things that I see that helped us during the competition was the fact that we all knew each other’s strengths and weaknesses and made sure communication and organization went forward without friction. We kept it fun… even at one point drawing a dinosaur on the white board. Finally, we reinvented our strategy as we went along, things like copying mail files to a USB drive instead of using the broken network to get communications out and mastering the business side of the change controls allowed us to get the lead on other teams.
How does CCDC compare to other competitions that you have participated in?
So CCDC is different from the other competitions I have done because it isn’t a technology competition so much as it is a business competition. Also the other ones our school does such as iCTF USBC, CSAW, enoWars, OWASP AppSec, TF2 Hackers at ShmooCon, and Ghost in the ShellCode are more offense verse the fact of CCDC which is more defense and business oriented.
What did you learn from your participation in CCDC?
The key thing I learned from CCDC was how to build a good team. It’s not just having the smartest person on your team that counts, but you need a group of people that know each other, can fess up when they are wrong, learn to move forward and communicate well. As a leader one of the hardest things to do is call the shots, know when to get input and when it’s time to act or change action. That moment when you have to decide something quickly and not knowing what is the best decision, but the least bad decision can be really tough.
What did you learn from CCDC that you use in your current job?
The biggest thing that I learned from CCDC that I use in my current job is how to keep the business moving forward through bureaucracy and how to use it to your advantage. For example we found that change controls are a wonderful and awful thing, but if you tell your boss (or judge) I have to wait for a change control to compete that task. Used properly, it buys you time and shifts your insurance policy for the processes you are going to complete. Now if you implement something and the higher ups approve it with a roll back plan you are in responsive mode instead of reactive mode and you can say “so and so signed off on me to do this because of X”
Would you encourage other students to participate?
Absolutely, if they don’t they are missing out and have a high chance of losing a job to someone that has done CCDC.
Did you put your CCDC involvement on your resume? Why or why not?
Yes I did, I put it on there because even though my manager didn’t know what it was, it allowed me to have a talking point of saying hey I competed with someone on your team that did this competition.
Did you accept a job offered to you at a CCDC event or as a result of your involvement in CCDC? If not, did CCDC have any influence on your current job either from your point of view or your employers?
It helped me meet students that would later help me get a job, and I firmly believe that it helped me get my internship at the Air Force in Lackland, TX.
If you had it to do all over again what would you have done different in preparing for CCDC knowing what you know now?
In earlier years I would have prepared the same way we did in 2012 when I was captain. I would not have waited to be captain to run the training sessions I would have taken more initiative and tried to get the captain to see the need to spend that time to practice.
What advice would you give to future CCDC participants?
Get your team early on, do tryouts, have fun and spend a lot of time practicing, white boarding and building your playbook with your team. Practice is what sports teams do to win their games, why should cyber security teams be any different?
We are now seeking sponsors for the 2014 NCCDC. Why sponsor the NCCDC? CCDC events are an excellent opportunity for students to gain practical, hands-on experience in information security and technology that allows them to expand their educations beyond the traditional classroom environment. CCDC fosters development of technical, leadership, and teamwork skills that are highlyContinue Reading