CCDC 2015 Debrief: Red Team Identity

Welcome back folks! It’s been almost a year since I updated this, but given that the Collegiate Cyber Defense Competition (CCDC) has wrapped up for this year, a new post is needed.

This was an important year for the competition. It was the 10th anniversary and Dwayne, Kevin, and Jessica put forth the best competition I’ve experienced yet. They’ve refined their craft over the years and the final product has become the pinnacle information security competition event in the country in my opinion.

For me, it marks my 11th CCDC event and 8th time red teaming. The last four years, I’ve red teamed both the Western Regionals and National competitions. As those hours have added up, I’ve thought a lot about the dynamics of the red team. We have a rather complex relationship with the whole event that I think should be better understood. A few of the hats we wear while at the event are:

Simulated Adversaries

The competition couldn’t claim to be a test of defenses without an offense to face off against it. The red team must effectively hold a realistic adversarial position against the competitors. We are comprised mostly of experienced information security professionals who use their skills and knowledge to emulate a top skill attacker on the network.

The best red team members not only bring technical knowledge to the table, but a metaphorical mask by which they become this digital assassin, executing attacks with precision and ingenuity. When you sit down, you are the bad guy. You are the adversary. A speaker during the closing ceremony today described the red team at Nationals as a “Motley Crew” of mad hackers. It’s true. We have different backgrounds and mindsets, but when you put us in a room together we become the enemy in fierce pursuit of the blue teams.

For me, that passion is fueled by a desire to demonstrate a world class threat. It’s rare you get to experience an attacker first hand outside of a real breach. As a former competitor, I can tell you that’s a huge selling point of the event to blue team members.  No longer are you inside of a lab at school or messing around with virtual machines at home. A real person who’s job is to infiltrate your systems is sitting on the other end of a wire and if you don’t act, it will have consequences.

Which brings me to my next job of red team:

Human Scoring Engines

Our impact on competitors has direct consequences to the competition. A successful breach will cause a competitor to loose points. That means we have to take our job every bit as seriously as the white team. Our Motley Crew might appear to be a band of trolls to an outsider, but we fully understand our ethical responsibility in fairly and accurately scoring the competition. Underneath the fun, there is stone cold dedication to the success of the competition.

While often the term “RED VS BLUE” is used to describe the competition, I find it to be inaccurate. This competition is about BLUE VS BLUE. The red team is no more competing than the white or the black team is. While we wear the mask of the hackers, we are there as a learning simulation with scoring implications. Period.

But maybe the most important role we take on is as…

Mentors

A large part of the reason the concept of RED VS BLUE continues to persist is the camaraderie weaved throughout the event. Those of us who have previously been blue team, have come through the program and become friends and co-workers with the red team. I don’t believe that kinship would exist without the fun and humor of the back and forth between the blue teams and the red team. Every year we see pictures in debriefs of funny hacks and situations that we can all laugh about for years to come.

That builds just the sort of relationships that blue teams need. In the end, we’re there to help you learn and develop your skills that will ultimately define your career. It’s no secret that we exist in a small industry and building connections to the red team has incredible benefits, regardless of the outcome of the event.

When I blue team’d at Nationals, we didn’t even place, yet the connections I made there are now directly responsible for my employment with Lares. I encourage every competitor to engage with the red team.We are there to support you, your career, and share in the memories of the competition with you. Next time you see us hanging around a table in the hotel late at night after the competition ends, come hang out and lets talk about the entire experience.

Which at the end of the day is what this competition is all about.We might be rebels, loud and opinionated, but we’re there to fill the void that no one else can and volunteer an experience that competitors year after year will find no where else.

Conclusion

Thanks again to EVERYONE involved – white, black, red, blue, orange, gold teams – this competition wouldn’t be what it is without it. Congratulations to the University of Central Florida for their 2nd win in a row! Now my work begins planning and building new stuff for next year.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s