This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red teams pretending to be bad actors.

Every year the students’ mission is to mitigate the risk of the red team attacks and ensure their business successfully transforms, all while continuing operations. This competition is unique as it lets the students get a feel for the chaos and stress that ensues when an organization is compromised, undergoing major transitions all while continuing to provide value to customers and report progress to their leadership team.

I’m lucky enough to have founded the National CCDC red team with my good friend Dave Cowen during the competition’s second year. Having participated as a core red team member for almost 20 years I’ve worked with many students and seen massive shifts in the technology, both offensive and defensive. Interestingly enough, while technology has changed dramatically, and exploits and vulnerabilities come and go, many of the core lessons remain the same. These are some key lessons that underpin the successful teams year after year.

Communication is key

The reality is, compromise happens, things break, mistakes are made, systems do not always operate as intended. The best way to navigate through these problems is clear, concise communication. Ensure your team knows the next steps to take, who is responsible for taking those actions, and that your leadership chain knows what to expect next. Having incident and crisis response plans baked and tested in advance can help in this effort.

Understand what is exposed

Put simply, you can’t defend what you don’t know about. On the red team, we are always looking for systems that are not supposed to be exposed, administration interfaces that should be locked down, that one user account with the default or an easily guessable password. The good news is, you can do the same thing. With the ever-changing and growing complexity of today’s networks, it is critical to look at your network the way the attackers do. Build a list of exposed infrastructure, keep that list up to date and audit those systems regularly to ensure they are working as intended.

Plan for failure

Be ready for something to break. Being able to detect, adapt and deal with those failures is a major differentiator. Review your plans with an eye for corner cases or assumptions to prepare for what could go wrong.

For instance, you have a punch-down list of steps to harden your Linux system. Great. Will you still have access to that list if your internet connection goes down? What happens if the Linux system has an apk based package manager instead of yum? Do you know how to fix the package manager if it is broken? While you can’t plan for every possibility, make sure your plan is robust enough to enable you to jump over hurdles as they are put in front of you.

Overall, NCCDC is a unique and respected competition format, enabling student teams to experience the chaos of realistic compromises while managing the pressures of running day-to-day business operations. All of this prepares them for what to expect as they graduate and move on to careers in cybersecurity.

Congratulations to this year’s winning team UCF and to the nearly 1,800 students competing in the qualifying and regional competitions which represented 198 colleges and universities. We’re excited to welcome the next generation of cybersecurity professionals and look forward to continuing to learn from you in the coming years.

More from Incident Response

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today