Call for Merit and Fairness in CCDC Positions

-
 

Trend in CCDC Roster Makeup

I’ve noticed a trend in CCDC roster positions. Most of the time on a team women fall into three positions:

1. Team Captain
2. Inject Manager/Policy Writer
3. Alternate

Team Size
0-1 women on a team

Why do I keep seeing this pattern over and over again? Where are the Firewall, Linux, Windows, Web, IoT, Network and Splunk Admins? Incident Responders? I don’t think every woman wants or asks to be in a leadership role. Are women encouraged into this structure by faculty coaches? Do all the guys on the team want admin positions and women get whatever is leftover? Do faculty coaches trust male ability in technical positions and assign the soft skill side to women on the team?

Why am I talking about this?


I’m hoping faculty coaches will see this post and rethink how they assign positions. Or they become aware that this is happening. I see the majority of teams meet the criteria up above.

How this happens


1. Grandfathering
"Since you were the Firewall Admin in 2018, you get to be the Firewall Admin in 2019, 2020, 2021, and 2022!"
Grandfathering is when someone on a team inherits a position from last year. Example: If I was Tri-C’s Web Admin in 2017, I could inherit the position again in 2018. I’m against year-by-year inheritance. Just because I’m the best Web Admin in 2017 doesn’t mean I’m the best Web Admin in 2018 that Tri-C had to offer. Schools should allow challengers and a student should defend their position. If they are truly the best, they have nothing to fear. Inheritance leads to complacency. Why should I study if I'm automatically the Web Admin next year?

2. Not a Merit-Based Team
The team is exclusive. Criteria to get on the team is vague.

Picking a team based on Merit and Fairness


Here are some ideas I have on picking a team:
1. Participation
2. Attendance in meetings
3. Work done and quality of Injects
4. Have a tryout for positions
5. People can lose their spot

Competition for Positions Layout


Team Captain
  • Participate in a Mock-Interview with a CEO
  • Complete Team Captain/Policy Injects beforehand
  • Turn in a Resume.
Web Admin
  • Make tools for the team
  • Code a PHP website with MySQL backend
  • Educate the team on web shells
  • Complete Web and Linux related Injects before the competition
Firewall Admin
  • Become an expert in Palo-Alto Command line
  • Get a PA Certification
  • Complete Firewall Injects beforehand
  • Make your FW table before the event
Network Admin
  • Attend Cisco 1-4 classes
  • Get your CCENT after Cisco 2
  • Make a booklet full of Cisco commands
  • Complete Networking injects
Everyone
  • Educate the Team on a certain topic every meeting
  • Make your own VMWare Environment from the ground-up. Important for FW and Network Admin esp.
  • Cross-Train. A Web Admin should know Linux Administration too. Everyone on an end device should know iptables or Windows FW

Team Tryouts


Students will sign up for a certain position. For example you can have eight challengers for the Firewall spot. You can host a tryout event in where the competitors are given only FW injects. Whoever scores the highest based on participation, inject quality, and competition ranking has earned the FW spot.
"Our 2nd ranked FW Admin is really good and we only had one person interested in the Network spot and they are not trying! What should I do?" - Kick them off if they are not trying and give the 2nd ranked FW person the spot.

Individuals Rejected/Alternate for 2+ Years


This advice goes for both men and women. If your rejected for 2+ years, have a bad gut feeling, and want to participate in CCDC, ABANDON SHIP. Drive to your nearest community college and start a team. In Ohio you can be part-time for Qualifiers. Full-time will cost you between $1,500-$3,000. Take 6 credits in the first half semester and 6 credits in the second half semester. I was rejected for 2 years and jumped ship. I spent $1,771 for full-time tuition at $15/hour in 2018. I spent $3,500 in 2019. I did this in cash. I paid a premium since I live out of county for both Tri-C and Lakeland. My partner and I paid for the Regional trip ourselves.

You can do this! If your in this situation and need help, I'm here for you. CCDC is priceless and momentary. The person who decides who can and cannot participate is not a faculty coach or department chair, its you. Your time isn't over yet unless you say it is.

Closing


Teams should follow a merit-based format and end year by year inheritance. This will lead to stronger, fairer, more prepared teams.

Devil Advocate Question/Comments


1. This sounds like A LOT of work. Hosting our own CCDC tryouts?

You don't have to go from 0 to 100. Maybe attendance, injects, and a resume is good enough. My ideas are for large, well-established, high demand teams. Teams where people are left out. I'm also publishing my ISE Manager website so that should help! I made the ISE Manager website specifically for inner-team tryouts.

2. We tried to recruit women and 0 joined!

I can relate. I tried at Tri-C and Lakeland too. If this is the case, its not your fault. At least your trying. Try asking some women in different majors like Software Engineering or Computer Science. I'm from Software myself.

Are you saying Team Captains don't do admin tasks! I did technical stuff!

The Team Captain position is pretty ambiguous. A traditional team captain is being a project manager, talking to the CEO, on the phone, handling business injects, time management, etc. I know of two Team Captains that were also the FW and Network admin. I've seen a Team Captain be the mastermind for the entire battle plan. If you have more than 1 job, say so somewhere. You should get credit for it.

Comments

  1. suspiciouslowApril 8, 2019 at 7:08 AM

    I think you make some valid points about how teams are structured and the inherent pitfalls of them. I'm not sure what the best way is to get more women involved in technical roles would be, but it's a problem for the whole industry not just a CCDC one. There are not a lot of women in security/technical roles in most companies (though it's growing). The "grandfathering" problem is a tough one as it related to CCDC. With any team based sport/competition, the way people interact with each other and their ability to communicate can be more important than their raw skill level. That's one reason grandfathering happens a lot in all team sports/competitions. However there is a CCDC specific reason as well, there are "tricks" and "gotchas" inherent to the CCDC competition (regionals more than qualifiers) that are hard to pass along to other newer CCDC competitors. When I was blue team, I still remember trying to explain to our new network admin that the environment "in the room" will be way different than all our practices. Nothing prepares you better than being "in the room". That said, if the gap in skills is significant, you should people the more skilled person on the team. If possible, it would also be a very good idea to try to "force" some kind of mix with 6 returning people and 2 new people. That way you always have some additional experience being passed along and don't get hit with a year with 8 new people due to the entire team graduating.

    ReplyDelete

Post a Comment

Popular posts from this blog

Palo Alto for GNS3 CCDC Tutorial

-
Image
Opening Hello fellow CCDC Competitors! Struggling to get a Palo-Alto VM? I know how you can get one! Email me at ASzampiasSWD@gmail.com. I'll tell you the steps to get a PA-VM for GNS3. Why am I giving this info to you? Wouldn't it make sense to hog the info to myself? Wouldn't my team have an advantage? There are have and have not universities when it comes to PaloAltos. I fell into the "have not" group. Our college didn't have access to PA-VMs and still doesn't. Even if PA Cybersecurity Academy is free, there is too much red tape. I can't change the outcome. I can only come up with this one solution. Another reason is Tri-C is a tryout team. I think its pretty unfair as a potential Firewall Admin I'm the only one with access. No one can challenge me unless they spend 2K for a PA-VM. It becomes a rich-person only position. I have a leftover PA-VM from 2018 I promised not to share. I couldn't share that with my challengers. But I f
Read more

Trace Labs Global Missing Persons CTF V

-
Image
Trace Labs CTF V TraceLabs hosted the Global Missing Persons CTF V event on July 11, 2020. My team //synergy got 64th place out of 190 teams. Introduction This was my first Trace Labs CTF. I captained a team. The good thing about being a captain is you can control who is on the team. My rules were: Must have sock puppet accounts ready. Must have a VPN. Writing out this is a competitive team where we work the entire 6 hours. I was worried about a future team member spamming submissions and disqualifying the team. I thought my requirements would eliminate people who weren't serious. The team hit 4 members Friday evening pretty quickly. Notes My laptop was too slow for this event. My virtual machine froze and I had to restart. Restarting means I have to login to my accounts again. I'll use my desktop next time. The team used Slack and Trello. Our strategy was to research a person and rotate every hour. This strategy broke after 1 rotation. Some missin
Read more

Release of CCDC ISE Manager Website

-
Image
I worked on the ISE (Inject Scoring Engine) website from 2017 to 2019. I made it to encourage teams to follow a merit-based, open admission tryout format. I identified a problem and made a solution for it. Problem: Call for Merit and Fairness on CCDC Rosters Solution: Github Project Solution: How to run a Team After Tri-C was finished with 2017 Midwest Wildcards I used httrack to grap the Inject PDF files. I didn't grap just the files, but the entire front-end code of the website. If you created the HTML and CSS of the original ISE website, tell me your name so I can give you credit! My goal was to make an almost-replica of the original. The database and back-end code is all guessing by me. I used a LAMP stack because I believe the original website is built on that. I did some fingerprinting and found the "ccdcadmin1" website was hosted on Apache and PHP. If you notice any bugs or errors let me know. If you want a feature added let me know. I will be working
Read more