leveraging cyber competitions
TRANSCRIPT
Leveraging Cyber Competitions to Build
Your Resume
Cyber Competitions
Types of Competitions:● Challenge/Puzzle● Defensive● Offensive● CTF (Capture the Flag)● Hybrid (this is most of them)
Challenge Competitions
Involve a process of solving multiple challenges in a wide variety of topic areas:● National Cyber League● US Cyber Challenge● Hacky Easter
Defensive Competitions
Competitors are defending their boxes or networks from attackers (usually seen in hybrid format):● CyberPatriot● CCDC
Offensive Competitions
Competitors are attacking other boxes (usually seen in hybrid format):● Maryland Cyber Challenge● Various hackathons, e.g. Altamira SCRAM● SploitNet
Hybrid Competitions
These competitions encompass a variety of cyber arenas and usually involve a sophisticated platform:● SANS NetWars
Conference Competitions
These competitions are associated with a security conference and can represent a wide arena of challenges, including specialty areas: ● Wireless hacking● SOHO hacking● Capture the flag
Who Can Play?
Short answer - anyone!Target audiences:● Students● Professionals● Noobs
In a Team or Alone?
● It depends on the competition● Recommend team competitions for sharing
of knowledge● Do them on your own for practice
What Do I Need to Know?
● Everything● Nothing
It’s a learning experience, don’t be distracted by a perceived lack of skills/knowledge
Public Service Announcement
Only hack for good. Not for evil.
Build Your Own Competition Environment?
● Yes!● Build an intentionally vulnerable virtual
machine. Or a few.● Plant flags.● Hack away.
Is This Going to Get Me a Job?
Maybe. You’ve already shown initiative by participating in a competition. Put it on your resume. You might be surprised at the results...
How Do I Put it on my Resume?
COMPETITION EXPERIENCE
● Maryland Cyber Challenge (MDC3) 2013, 2014 (competed at finals with first all-female team)
● Collegiate Cyber Defense Competition (CCDC) 2013 (1st in community colleges, 6th overall in region)
● Defense Cyber Crime Center (DC3) Digital Forensics Challenge 2012 (1st in community colleges, 23rd overall internationally)
● Maryland Digital Forensics Investigation Challenge 2012 (2nd place in community colleges, 4th overall)
● Various CTF and other competitions, 2012 – present
How Else Can Competitions Help You?
● Be able to answer technical interview questions● Be able to discuss “experience” - it doesn’t have
to be real world, just show your mastery of concepts
● Be able to expand upon your competition roles, e.g leader, linux guru, DB expert...
How Else Can Competitions Help You?
● Discover your passion! ● LEARN!● Meet like-minded
people!● Gain mad street cred! ● Something to talk
about at parties?
And then I ssh’d into the box with the creds I discovered...
Recruiting...
Savvy recruiters are onto this…★ Build a competition★ Open it to the public★ Recruit the winnersFor example:● Kaizen CTF by BAH● CCDC recruitment fair
Competition Examples
● Password cracking● Wireless key hacking● Exploiting remote hosts● Hardening boxes● Hash cracking● Steganography● Network traffic analysis
Password Cracking
Wireless Key Hacking
Exploiting Remote Hosts
Hardening Boxes
Hash Cracking
Steganography
Network Traffic Analysis
@marcelle_fsg www.linkedin.com/in/marcellelee