Our University of Arkansas CCDC team qualified for the SWCCDC regionals competiton
This was the second year our team competed in the CCDC (Collegiate Cyber Defense competition). Last year we had about half a team and no practice and got roasted. This year we have the opportunity to get compete again, but in Tulsa, OK at regionals!
Last year’s CCDC qualifier was used as a learning opportunity. We had never competed before and nobody at our university had knowledge of the types of challenges we would face. During the competition, we took notes over the types of challenges, tools we would need in the future, how the team communicated, and useful roles to recruit for next time.
This year we built several labs to get everyone familiar with Linux, networking, firewalls, VMWare ESXi (this was a big one), and common services like web and ftp servers. We divided our team into roles based on Linux, Windows, business injects, and one person to communicate between all of the teams. We also did a trial run, where we overloaded the team with injects and took notes over where everything broke down, and what people’s strengths and weaknesses were. Then we went to the whiteboard and came up with our roles, communication methods, steps to take when the competition starts, and how to pass tasks between teams.
We would use the white board to keep track of which VMs people were working on to prevent any conflicts and properly assign new technical injects. For business injects, one person on the business inject team would take ownership of the inject and do the majority of the work, then pass it off to a second person for a final review before submitting it. If the business person needed details from a technical person, they would ask the team lead and they would get the information whenever the technical people had some free time. The team lead was also responsible for writing reports follow-up reports after any of the technical people found a breach in systems, or when systems went down and when we could get them back up.