1

Table of Contents
Welcome and Overview ...................................................................................................................................... 3
What is the SECCDC? .......................................................................................................................................... 4
SECCDC Structure ................................................................................................................................................ 6
History of the SECCDC ......................................................................................................................................... 7
The SECCDC Schedule ......................................................................................................................................... 7
SECCDC Fees and Expenses ................................................................................................................................. 8
Competition Scoring ........................................................................................................................................... 9
SECCDQC (Prelim) Overview ............................................................................................................................. 10
SECCDC (On-site Regional) Overview................................................................................................................ 12
Preparation for the SECCDC .............................................................................................................................. 13
2

Thank you for your interest in the volunteering Southeast Collegiate Cyber Defense Competition (SECCDC). The SECCDC is a regional competition in the National Collegiate Cyber Defense Competition (CCDC) – see www.nationalccdc.org
for more information. It is hosted by faculty from the Kennesaw State University (KSU) Coles College of Business Center for
Information Security Education (CISE), a DHS/NSA National Center of Academic Excellence since 2004.
This document provides institutions with an interest in the CCDC in general, and the SECCDC in particular with additional information on becoming involved with the event. We have found that institutions that engage in events like the CCDC have more energized and engaged students, and derive a benefit far beyond that originally anticipated.
The SECCDC and the CCDC have grown greatly from humble beginnings in 2005, and now enjoys a level of involvement and competition far beyond what was foreseen. The great news is that there is room for many, many, more institutions to become involved. With the structure described in the following document, the SECCDC will be able to handle dozens of teams in the preliminary (Prelim) competition, even though only the top eight teams are able to advance to the onsite regional (Regional).
Please note that once the competition season is underway only the Primary Institutional Representatives (Reps) are emailed instructions, as many institutions have an administrator listed as a secondary and only the primary is actively involved in working with the student teams. Please confirm the names listed as your institution’s primary and secondary at the beginning of each season.
For more information on the event, or to become involved in the event, please email infosec@kennesaw.edu
. If you would like to be added to the low-volume SECCDC list server, just include a request to be added. All upcoming events, activities and requirements are emailed to that list at the start of each CCDC season.
Thanks and good luck!
Mike Whitman
On behalf of the Gold Team:
Herb Mattord
Andy Green
3

The Southeast Collegiate Cyber Defense Competition (SECCDC) provides an opportunity for qualified educational institutions in the Southeast to compete as part of the national CCDC organization (see www.nationalccdc.org
). This structure allows a unified approach across nine regions of the country. Qualified educational institutions include those post-secondary institutions that possess information security, information assurance or computer security curricula. The
SECCDC is designed to provide a controlled competitive environment that will permit each participating institution to assess their students’ depth of understanding and operational competency in managing the challenges inherent in protecting an enterprise network infrastructure and business information systems.
In the SECCDC, teams of students from institutions of higher education from throughout the Southeast – Alabama,
Florida, Georgia, Mississippi, North Carolina, South Carolina and Tennessee are assigned a computer network segment.
These network segments include several computer servers deploying a variety of operating systems, configurations, and hosting standard business services. The student teams attempt to defend those network segments from attackers – portrayed by a group of professional penetration testers, while maintain those business services and responding to work requests from their “corporate headquarters”.
The SECCDC consists of two events: a preliminary qualification event: the SECCDQC (a.k.a. the Prelim), and an on-site regional competition (a.k.a. the Regional). The winner of the SECCDC Regional earns the right to represent the region at the National CCDC event, usually held in late-April. The SECCDC “season” runs from January to April each year. The
Prelim is a one-day, eight-hour online event, usually held on a Saturday in March. The Regional is a multi-day event
(currently 2 days) held in late March/early April during Kennesaw State University’s (KSU) spring break. Whereas the
Prelim is held online and thus teams compete from their home institution, the Regional is physical and held at KSU.
These are described in greater detail in later sections.
The objective of both the Prelim and the Regional is to measure a team’s ability to maintain secure computer network operations in a simulated business environment. This is not just a technical competition, but also one built upon the foundation of business operations, policy, and procedures. A technical success that adversely impacts the business operation will result in a lower score as will a business success which results in security weaknesses.
Both the Prelim and the Regional are designed to test each student team’s ability to secure a networked computer system while maintaining standard business functionality. The scenario involves team members simulating a group of employees from an IT service company that will initiate administration of an IT infrastructure. The teams are expected to manage the computer network, keep it operational, and prevent unauthorized access. Each team will be expected to maintain and provide public services: a web site, a secure web site, an email server, a database server, an online curriculum server, and workstations used by simulated sales, marketing, and research staff as per company policy and mission. Each team will start the competition with a set of identically configured systems.
Student teams are be scored on the basis of their ability to detect and respond to outside threats and network-based attacks, while maintaining availability of existing network services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security against varying business needs.
It is the business aspects of the competition as well as the lack of offensive attributes that make the CCDC unique. This is NOT a capture-the-flag hacking competition, but a simulation of traditional business operations, at a much faster pace.
It has been estimated that teams that participate in this competition experience the same work-load and level of threat a business experiences in several weeks, but over 1-2 days.
4

SECCDC Rules
The Rules for the SECCDC events are very detailed and, to be fully understood, will require a good deal of familiarity with the event. They are provided on the SECCDC web site at: www.seccdc.org/rules.html
. The rules are reviewed annually with a representative of each region serving on the National CCDC rules committee.
SECCDC Institutional Representatives
Each institution participating in the SECCDC, should appoint a primary and secondary representative to act as a liaison between the institution and the SECCDC organizers. This “Institutional Representative” or “Rep” must be an employee of the institution for legal/liability reasons. It is the Rep who responds to the call for teams each year and indicates the institution’s intent to compete.
It should be emphasized that only the institution’s representative should interact with SECCDC Hosts, rather than allowing student team members to contact us directly. There are literally hundreds of students involved in the event and it would quickly become unmanageable to expect the organizers to interact with them directly.
Again, once the competition season is underway only the Primary Reps are emailed instructions, as many institutions have an administrator listed as a secondary and only the primary is actively involved in working with the student teams.
Please confirm the names listed as your institution’s primary and secondary at the beginning of each season.
5

While similar to other computer security competitions in many aspects, the SECCDC, as part of the CCDC, is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. While other exercises examine the abilities of a group of students to design, configure, and protect a network over the course of an entire semester, this competition is focused on the more operational task of assuming administrative and protective duties for an existing “commercial” network. Teams will be scored based on their ability to 1) detect and respond to outside threats, 2) maintain availability of existing services such as mail servers and web servers, and 3) respond to business requests such as the addition or removal of additional services. The competition provides a challenge to balance security needs against business needs.
Groups involved in this competition include:
• Blue teams – (student team/competition team) student teams consisting of graduate and undergraduate students from regional institutions who will compete in the SECCDC. Each institution forms a “Roster” of up to 12 students, from which eight “Active” team members are selected to participate in any given CCDC event. Once the Roster has been finalized (usually a week prior to the Prelim), it cannot be changed, however, the Active team members may be substituted as needed outside of an active competition. Once a competition begins, no changes to the Active list of competitors may be made. If someone gets sick once the competition has begun, it is up to the Operations staff
(Gold Team) to determine if a substitute may be allowed. We refer to the non-active team members as alternates, although a given team member may be Active during the Prelim, but an Alternate during the Regional (or vice versa).
• Red team – (pen test team or attackers) a group of information security professionals from volunteer commercial organizations who have offered their skills to assess the abilities of the teams to defend their networks and systems.
The Red team will conduct periodic probes, scans and attempted penetrations of the academic teams.
• White team – (judges) a group of information technology and information security academics and professionals who will serve as judges and referees. Each academic team will be assigned a White team judge who will assess the academic teams’ ability to secure their network segment and systems, and who will periodically query the team as to their actions and provide “injections” designed to challenge the teams’ implementation. Academic teams are advised not to argue or question the White team, only answer when queried. The White teams also include individuals who assess the readiness of team services.
• Gold team – (operations) the administrative faculty and professionals who will conduct the exercise, control the flow and timing of the events and injections, and who will serve as mediators for disputes and challenges. Academic teams are advised not to interact with the Gold team except during challenges and mediations. White team judges will handle these interactions on behalf of the teams.
• Black team – (support) competition support team, volunteers who handle technical and administrative support for the event.
To create a fair and even playing field:
• Each team will begin with a functionally equivalent set of hardware and software provided by the competition. Each team will be given a small, pre-configured, operational network with 5 to 8 servers (physical or virtual) and 4 to 8 workstations/laptops they must configure, secure and maintain. In the Prelim, the local systems used to access the competition network is outside the scope of the competition.
• Each team will be located on a dedicated network. Each team’s network will be connected to a competition network allowing equal bandwidth and access for scoring and red team operations. This also allows tight control over competition traffic.
• Each team will be provided with the same objectives and tasks. Each team will be given the same set of business objectives and tasks at the same time during the course of the competition.
• Only the assigned Blue team members, and White and Gold team members will be allowed inside their competition
6

areas. Each team will be assigned their own workspace during the competition and only the members of the academic student team will be allowed in this area during the competition. This eliminates the potential influence of coaches or mentors during the competition.
• A non-biased red team will be used: An impartial, volunteer, commercially-experienced red team will be used during the competition.
On February 27 and 28, 2004, a group of educators, students, government and industry representatives gathered in San
Antonio, Texas, to discuss the feasibility and desirability of establishing regular cyber security exercises with a uniform structure for post-secondary level students. During their discussions this group suggested the goals of creating a uniform structure for cyber security exercises might include the following:
1.
Providing a template from which any educational institution can build a cybersecurity exercise
2.
3.
Providing enough structure to allow for competition among schools, regardless of size or resources
Motivating more educational institutions to offer students an opportunity to gain practical experience in information assurance
The group also identified concerns related to limiting participation to post-secondary students, creating a level playing field to eliminate possible advantages due to hardware and bandwidth differences, having a clear set of rules, implementing a fair and impartial scoring system, and addressing possible legal concerns.
In an effort to help facilitate the development of a regular, national level cyber security exercise, the Center for
Infrastructure Assurance and Security at the University of Texas at San Antonio hosted the first Collegiate Cyber Defense
Competition (CCDC) for the Southwestern region in May 2005. In June 2005, they presented their experiences at the
Colloquium for Information System Security Education (CISSE) (http://www.cisse.info). Members of the KSU Center for
Information Security Education attended their presentation and recognized the insight and foresight of the UTSA faculty.
They immediately volunteered to create a CCDC at KSU in 2006, to provide a regional competition to recognize the best team in the Southeast to compete at the National Competition developed by UTSA from its regional experiences. Since the first SECCDC in 2006, KSU has hosted every SECCDC, with the exception of 2007, where KSU representatives served as subject matter experts.
For a list of past participants and winners, please visit the SECCDC web site (www.seccdc.org).
The SECCDC season starts in January with a call for teams from the SECCDC competition coordinators (a.k.a. Hosts). To ensure your institution receives this call, please email us at infosec@kennesaw.edu
and ask to be added to the SECCDC email list server. This list server has an extremely low volume, and is used exclusively as an “announcement” system, meaning only the SECCDC organizers can post to it.
The schedule for the event usually looks like this:
Jan 1:
Jan 31:
Call for Teams by SECCDC Host
“Intent to Compete” email due to infosec@kennesaw.edu
Feb 15: Registration fees due
One week prior to competition: Team rosters due to SECCDC Host
Mid-March: SECCDQC competition held – one day
One day after last Prelim held: Top eight teams announced/invited to Regional
7

Late-March/ Early April:
Mid-to-Late April:
SECCDC on-site regional held.
National CCDC held – San Antonio Texas.
While not overly expensive, the SECCDC is not free. Based on the amount of support provided through National CCDC, and regional sponsors, much of the cost of the equipment and supplies of the event are paid for. Other expenses that must be covered by the team institutions are described here.
Registration Fees
There is a registration fee to compete in the SECCDC. While the SECCDC receives some financial support through
Nationals (currently from the Department of Homeland Security and various businesses and agencies), most of this money is restricted in its use. As such, to ensure there are sufficient funds to provide the necessary logistics support for the entire event, a nominal registration fee is charged to participating institutions. Considering the amount of equipment, technology, supplies, and catering used during the event, this is considered a modest fee. Effective 2015, first time competing institutions pay a reduced rate for their first competition.
This fee covers the institution’s participation in the SECCDQC, and if their team makes the on-site regional, for the
SECCDC as well. If the team does not make the on-site regional, they do not receive a refund. Visit the SECCDC Website for current registration fee amounts and refund policy.
Travel Expenses
There is no travel required for the Prelim, as all teams compete from their home institution. For teams that make the
Regional, there are travel expenses that must be covered by the teams’ institution. While there may be some expenses covered or subsidized by the SECCDC, institutions should not expect this support, and should plan to cover all of the costs themselves unless told otherwise. This typically translates into a drive to/from Kennesaw, Georgia (located about
20 miles north of Central Atlanta), two to three nights in a local hotel for the eight team members, and the institutional rep(s) that must accompany them, and meals outside the competition hours.
Meals occurring during the Prelim are usually provided by the teams’ home institution. Meals occurring during the
Regional hours of competition are generally provided by the SECCDC. This usually consists of snacks and lunch, with dinner provided if the event goes past 6pm. Meals that occur outside the active competition hours must be covered by the team’s home institution.
As hotel accommodations (averaging around $100/room/night) are the largest single travel expense associated with the competition, whenever sponsorships permit, a set number of rooms will be paid for by the event and provided to the teams. Institutional Reps should plan to provide a credit-card at check-in to cover incidentals. It helps to mentally prepare the team to expect to share hotel rooms. If we get to where we can cover hotel expenses, that’s what we’ll be expecting.
Travel expenses for the National CCDC (travel and lodging to San Antonio) are usually provided by the National CCDC, and result in no direct financial cost to the host institution, with the exception of meals outside the active competition hours (subject to change). Ideally we hope to have sponsors to allow us to do the same, and maybe one day we will.
Until then, we’ll do what we can to minimize the costs.
8

Services
As stated previously, teams are scored on their ability to maintain traditional business on-line services.
Certain services are expected to be operational at all times or as specified throughout the competition. In addition to being up and accepting connections, the services must be functional and serve the intended business purpose. At random intervals, certain services are tested for function and content where appropriate.
These include: Web & Ecommerce (HTTP/HTTPS), Email (SMTP/POP/IMAP), DNS, FTP and Database (SQL). Scores are based on the team’s “up-time” of all services as determined by a scoring engine that automatically checks the availability of the services.
Business Tasks
Throughout the competition, each team is emailed identical business tasks (a.k.a. injects, injections, or taskings). Points are awarded based upon successful completion of each business task. Tasks vary in nature and points are weighted based upon the difficulty and time sensitivity of the assignment. Tasks may contain multiple parts with point values assigned to each specific part of the tasking. Each business task has a specific time period in which the assignment must be completed. Business tasks may involve modification or addition of services. Room judges may ask for verification of task completion.
Teams respond to business tasks by attaching memorandums or reports to a reply email. Room judges are automatically copied on all team emails and perform an audit of the assignment. Operations then assigns a points value based on the judges’ audit.
Red Team Attacks
Periodically the Red Team, a group of well-trained penetration testers will penetrate the teams’ networks - (not if, when). They will attempt to conduct a variety of malicious activities, including stealing database files, corrupting local data or applications, and generally causing havoc. They will submit reports of their level of success, which are turned into penalties against the teams. If teams are able to detect, react and recovery from these attacks, and submit properly formatted incident response (IR) reports, they will be able to mitigate the penalties assessed.
General Scoring
In general the scoring for both the Prelim and the Regional involve Adding points earned for successful completion of work assignments, plus a points value determined based on the “up-time” the team was able to maintain their services, minus penalties assessed by the red team (less IR mitigation).
9

The SECCDQC is a 100% online virtual competition, coordinated by the KSU Coles CISE, and operated using infrastructure and resources provided by the Center for Systems Security and Information Assurance (CSSIA) at Moraine Valley
Community College. The SECCDQC serves as a qualification competition for the on-site regional SECCDC, with the top eight teams invited to participate in the on-site SECCDC at Kennesaw State University.
Depending on the number of teams competing in a given year, the number of teams that compete on a given day varies, but is usually split between one to three Saturdays. Reps may request a specific day, if such an option is provided, to avoid local conflicts. Each team only competes on one day.
Requirements of the Team’s Home Institution
What does the home institution need to do to support their team’s participation in the Prelim? There are two main requirements each institution should plan for:
1) Competition room and systems - The home institution should provide a location from which the team can compete, as well as sufficient systems to serve as clients for the team. The room must be isolated from the traditional noise and distractions of campus life, and must be available for the entire day of competition – usually a Saturday.
The systems needed are simply eight computers (plus optionally one for the room judge) that the team can use to access the competition systems. The entire set of competition systems are housed inside a virtual lab, and thus no activity occurs within the confines of the host institution network. Only a java-enabled web browser is needed to access the competition systems. These systems should be configured to the local institution standard. Team member’s personal computers are not allowed, as they may have been configured with specialized software providing an unfair competitive advantage. Only the Web browser, a PDF reader and some form of Office application are needed (to draft memo responses to work requests).
Most institutions use a small computer lab that can be reserved for the day.
2) Local room judge – as the team is competing from its home institution, in order to enforce the rules of the competition, and provide some level of audit of completion of competition work tasks, each institution is expected to solicit a volunteer IT professional to work as a room judge. This individual must not be a current employee of the institution, but may be an alumni or “friend of the program”. The local room judge will receive a separate set of instructions and training on evaluating team performance and enforcing competition rules.
Most institutions solicit at least two local room judges as the competition takes approximately nine hours, and by splitting up the shift, it’s both easier to find volunteers and easier on the volunteers. All participants must meet the same criteria and receive training.
10

Competition Network & Team Site Description
The competition networks are housed in a virtual lab environment supported by NetLab appliances and hosted by CSSIA.
All teams access them via Web browsers, and all system configuration and attacks occur completely within that sandbox.
Work assignments are provided by an outside email system, also accessed by a standard web browser.

Each competition network will be located remotely from the competition site and will be logically isolated from all other competing Blue Teams. All Teams will access the competition network via a browser connection.

Each competition network will therefore be physically and logically isolated from the hosting organization’s network.

For the SECCDQC the Blue Teams will compete from their own institution, in which case their institution must provide workstations in conformance with aforementioned requirements. Blue Teams competing from their own institution must do so from a dedicated, secure location where all team members are co-located together
with the local site judge. Classrooms, conference rooms or small computer labs are considered ideal locations.
The location is to have restricted access to only active Blue Team members, remote site judges, local administrators and technical support – institutional reps and alternate team members are restricted from the room during competition hours. Competition workstations and servers are able to access the internet.

The White Team and each respective Blue Team will communicate via email ( operations@seccdc.org
) for “outof-game” questions and via the corporate CIO’s account ( hal.cio@seccdc.org
) for “in-game” competition questions.

Red Team activity may be either externally or internally sourced with respect to the remote competition network. At no time will the Red Team have access outside the remote NETLAB+™ environment.

Each Blue Team network will be monitored by a scoring system operating within the remote network. An indication of services, as viewed by the indigenous scoring engine, will be made available to each Blue Team via the ISE/Team Portal.

A logical diagram of the team logical network is contained within this Team Packet. However, it is subject to change and/or modification as decided by the Competition Director.
Typical SECCDQC Schedule – All times are EST)
The following is a sample schedule for the conduct of the Prelim:
9:00am Team judges review competition systems to ensure within rules.
Once judges are finished, teams allowed to access remote system; Teams and Judges send a “ready” email to operations@seccdc.org
and receive competition system account information, as needed.
Team access the ISE/Team Portal and respond to any information requests 9:30am
10:00am
6:00pm
Start of Competition; scoring begins
Competition ends/Scoring ends
Teams are responsible for coordinating meals and rotating out of the competition for breaks. Institutional reps and noncompetition team members must leave the competition room once the competition begins.
Sunday following the last Prelim:
NLT 5pm Announcement of Top 8. Details on team performance will be provided as soon as possible for the teams participating in the Regional, and after the season has concluded for the remaining teams.
11

The SECCDC Regional is a physical competition, coordinated and operated by the KSU Coles CISE. The Regional serves as the final Southeast competition, with the winner invited to participate in the National CCDC in San Antonio in late April.
Only eight teams are invited to the Regional, dates are non-negotiable, as the event must occur during KSU’s spring break in order to have classrooms available for use. The event assigns each team to a room, and set of physical computers comprising the team’s network. This network is installed specifically for the competition and only connects to the Internet through a competition proxy server.
The structure of the Regional competition is similar in nature to the Prelim, except that in addition to having the responsibility of managing virtual systems, teams must also manage physical systems (desktops and laptops) and the proximity of the competition organizers. At the Regional, the event hosts assume roles simulating members of the corporate headquarters (CEO, CIO, CISO, CCO (Change Officer)). These roles interact with the students on a direct basis.
There is also a recruiting reception at Regionals, where sponsors may interact with participants, collect resumes and promote their organizations.
Requirements of the Team’s Home Institution
What does the home institution need to do to support their team’s participation in the Regional?
The primary responsibility falls under travel support, which has been described in a previous section of this document.
At least one institution representative must accompany the team to KSU for legal reasons. Once the competition starts, there is a room where Reps can relax, work on papers, read, or use the local wi-fi. Reps must remain contactable by competition officials, checking in and out if they depart KSU’s campus, leaving a phone number where they may be reached in an emergency.
Please refer to the rules for items the team can and cannot bring to the competition. Typically teams bring two business-sized boxes of print materials (no electronic items) into the competition rooms. There is a place for students to leave their cell phones, but these may not be used during the competition.
The best support an institution can provide their team is support for preparation, discussed in the next major section.
Typical Schedule for the Regional
Under the new model, teams travel to KSU the night before the competition starts and go two days; rather than travelling the morning of Day 1, starting at noon, and going three days.
Day 1:
9:00am:
9:30am:
Teams sign in
Team in-briefing
Teams report to competition rooms, Competition begins (lunch, snack and dinner provided)
End competition day 1
10:00am:
8:00pm:
Day 2:
9:30am:
10:00am:
3:00pm :
4:30pm:
Team in-briefing
Teams report to competition rooms, Competition begins (lunch provided)
End competition day 2, teams report to the recruiting reception, where sponsors meet the participants.
Teams meet the red team for a presentation of competition observations
5:15pm: Awards Ceremony (usually lasts about 1 hour, video recorded to share with teams afterwards).
12

What can you do to prepare a team to compete in the SECCDC? If you are serious about forming a team at your institution, or you have a team and you want them to do better in the event, here are some recommendations.
Volunteer at the event as a room judge.
If your institution doesn’t have a team, or your team didn’t make the Regionals, you may want to see what goes on during the on-site, since Institutional Reps are prohibited from being in the rooms for the competition. If you decided to volunteer as a room judge at the Regional, you will get to see firsthand what’s involved in the competition, and bring lessons learned back to your institution to better prepare a team to compete.
Organize a team
If your institution doesn’t have a team, start at the beginning of Fall term, and look for students who are interested in events like the CCDC. Many institutions have student IT or Information Security clubs or chapters, like ACM, ISSA, AIS, etc. that are a good place to start recruiting. Just because a student isn’t an InfoSec, CS, IS or IT major shouldn’t disqualify them from trying out for the team. Both graduate and undergraduate students can apply, but there are restrictions on the number of graduate students on the Active team (no more than two). Getting the team together early is the first major step. The most successful institutions have teams that organize and practice year round.
Give them resources to practice
The biggest resource a team needs is a location to practice. Many student teams use their personal computers to practice, but if the institution can provide them with a smaller computer lab that is underutilized at night or on weekends, these can easily improve the team’s preparation. Getting access to a location on a regular basis is the next step.
Next teams need access to server and firewall operating systems. Linux variants are usually available for free, but
Windows versions require licensing. We recommend considering the Microsoft Academic program – DreamSpark. For a small annual fee the institution can get access to every major Microsoft operating system as long as they are used for strictly academic purposes and not institutional support. There are similar programs for VMWare – a major virtual infrastructure program used in the CCDC at multiple levels.
Obtaining access to major firewall operating systems is not free, but can be done relatively inexpensively. Many firewalls have a SOHO version for around $500. Rather than spending $2000 or more on a CISCO ASA 5510, the ASA
5505 has the same operating system but retails for significantly less. There are also open source VM-based firewalls that operate similarly to the major brands. It take a little money and a lot of imagination, but the needed resources are obtainable. Don’t discount old hardware as a platform for server and client OS’s. Accepting one- and two-generation old equipment destined for the surplus bin can provide the team with physical resources that aren’t dedicated to the existing computer labs and thus can be reconfigured independently of institution IT department mandates.
Another valuable set of resource are alumni and friends of the program that can serve as coaches and mentors. These individuals can provide additional time and effort beyond your schedule and personal expertise to work with the team members to build their skills and comfort with the competition environment.
Practice
Motivate the team to meet regularly and practice. The skills needed for the competition are straight-forward. Teams must be able to update, patch, configure and harden most modern operating systems running traditional services. Have team members create application challenges for each other – creating known issues or vulnerabilities in established systems. Creating a system from scratch is good practice, debugging a functioning (or not) system is even better.
13

Have the team practice under simulated competition conditions. Using the volunteers described above, create your own mini-CCDC, complete with injections, services and red teams. The application Nagios works well as a service assessment tool – many teams use it in practice, and it has been used in the competition as a backup for the official scoring engine.
Communicate with SECCDC Hosts
As you get serious about competing in the SECCDC, contact us. We’ll add you to the low volume SECCDC email list server, where we post major announcements about the competition. It’s a broadcast only server, so only we can send messages. It’s what we use to announce the annual calls for teams, volunteers, etc. for the competition. Once you get the season’s schedule, keep current with the deliverable due, described in earlier sections. We have tried-and-true methods for the competition, so you can expect virtually the same information requested each year (Email of Intent,
Registration Fee, Team Rosters, Local IT Pro for Prelim Room Judge). Feel free to put this information into your calendar and anticipate our information requests.
Prepare Resources needed for the Prelim and the Regional
Start early preparing and requesting resources for the competition. Letting your department chair and/or dean know you plan to compete and approximately how much it will cost at each stage will grease the wheels for funds when you actually get ready to compete. To start, it’s relatively inexpensive – less than the average cost to send one faculty member to a conference. The return on investment, however, is huge.
Shoot for Nationals
Unless teams and institutions take the competition seriously, you won’t make very far. Teams have to expect the competition to be stressful, with constant information requests from “Corporate” and difficulty resolving the technical challenges set before them. Don’t even get me started on the Red Team. Every year teams show up confident they can
“beat” the red team. These are some of our nation’s finest penetration testers – a mixture of professional commercial, military and federal government information security specialists. When they “go live”, teams know it. Servers, services and networks just stop working. “It’s not whether you get knocked down, it’s whether you get up” (Vince Lombardi).
14