Cyber Teams
reannm,
Aug 13
2024
Capture The Flag (CTF) events are the perfect opportunity for teams to engage in real-life cybersecurity scenarios and learn together. It enables red and blue teams to collaborate, breaking down barriers and improving overall security performance.
Toyota found Hack The Box CTFs to be a game-changer for their team.
They’ve been hosting CTF Fridays for over a year and enjoy learning through each other–they have even set up a buddy system for team members to continue collaboration outside of the live event.
“We use the Dedicated Labs instances for CTFs we host every Friday afternoon. It’s a fun and casual way for the team to gather and work together to solve challenges - and our favorite way to end the work week!”
Gabe Lawrence, VP of Information Security Cyber Protection, Toyota.
But how can you reap all the benefits if your team isn’t engaging in the event?
We dive into the best ways to market a CTF to your organization, so you can maximize performance.
Marketing a CTF to your cybersecurity team doesn’t have to be a difficult task. CTFs provide staff with better experience and skills to take them further in their careers.
After analyzing the actions of some of our customer’s most successful CTF events, we shared what they do to ensure maximum engagement.
We advise that you start advertising your CTF three to two months before the event, after all, cybersecurity professionals are extremely busy with calendars that can fill up months in advance.
Speaking of calendars, we’d recommend sending out a CTF invite to block out time in your team’s calendars.
Next, it’s time to get your marketing hats on and do an internal email advertising campaign, to showcase the benefits of CTFs and how your employees can get involved. This campaign can feature shoutouts to the first people who have signed up and help promote healthy competition among teams.
Why not also create a dedicated CTF Slack channel? Here people can:
Ask questions.
Share ideas.
Create teams.
Get links to resources (we recommend HTB articles such as CTF Registration & Teams and Introduction to CTFs).
Lastly, gain leadership support on the CTF and have them drop into meetings with engineering, dev, and security teams to promote the event.
As part of your internal marketing efforts, you should make the incentives for joining well-known, in emails and other communications.
CTF participation incentives may include:
HTB swag bundles.
Company bonuses.
A cash prize.
Career advancement opportunities.
Bragging rights (a certificate of completion they can add to their LinkedIn or resumes).
💡Top tip: Cybersecurity professionals care most about career advancement and bragging rights over cash prizes. They want to know “what’s in it for me”, so be sure to include this in your incentives.
You can communicate these incentives via your email campaign, in meetings, and from leadership themselves.
For newbies, the biggest barrier to entry can be not understanding what a CTF is or feeling as though they lack the skills to participate.
At Hack The Box, we address this problem with a CTF “try-out” that mimics a mock CTF. This will enable your team to familiarize themselves and gain confidence before participating.
💡Bonus tip: We recommend watching Ippsec’s CTF playlist on YouTube for helpful walkthroughs.
Want to go a step further?
You can even create an Academy space to prepare your team for the CTF.
At HTB, we provide module recommendations for your team, so you can select topics that will be covered in the CTF, helping your team learn the theory before participating in one.
Hosting a successful CTF requires the right planning and team participation. But what about post-CTF?
These events can provide valuable insights into your team’s strengths and weaknesses, enabling you to benchmark current performance and test against future events.
Take the learnings from your CTF results to create a targeted cyber workforce development plan for your team. This could be on an individual or team level.
Patching up these areas of weakness will improve your security posture, ensure compliance, and keep your team engaged.
CTFs mark the beginning of a continuous learning journey for your cybersecurity team. They are an easy way to assess and benchmark skills, plan learning opportunities, and benchmark once again.
💡Recommended read for planning your next CTF: Unlock seamless CTF coordination and execution with Enhanced Event Management
HTB CTF Marketplace At HTB, we have more than 100 challenges and curated packs across both offensive and defensive content, which you can tailor to your business objectives. For example, our web application packs are great for teams that need to be more mindful of secure coding practices and spotting app vulnerabilities. We also provide a live scoreboard, providing participants with real-time updates and insights into performance. Once the CTF ends, we’ll share detailed team and player reports, benchmarking performance, and areas of improvement for your skill development programs. |
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024