A CCDC Blue Team Interview: David Vidal
Hey all! Recently I got the chance to ask some burning questions to a set of CCDC blue team finalists. These students have all played multiple years of CCDC and won at least a regional. They all have leadership experience within their team, and I believe represent a passionate member of the CCDC community. My questions echo my own philosophies, that the gamification of this information security competition has made it more fun, evolve the practice, and ultimately builds important and lasting memories. So without further ado, a post-CCDC blue team interview (conducted by a red teamer):
DB: Hey David Vidal, let's start with more about you. How long have you been involved in Information Security? What are your areas of interest / expertise within Info Sec?
DV: I have been involved in Information Security for almost three years now. I started as a transfer student from a community college in Orange County. I then transferred to Cal Poly Pomona in 2014 to major in Computer Information Systems. What really got me interested in Cyber Security was I really wanted to dive into a career that was constantly evolving and changing every day. As my day-to-day job involved system admin duties, I felt like that void was not being filled. When I discovered that Cal Poly had a Cyber Defense team that was competing in national competitions and had such passionate individuals involved, I immediately became interested. Throughout my journey, I quickly became interested in Incident Response, Windows Security, Network Security and Business tasks (incident report writing, documentation etc.); These are skills I focused on heavily and I then started to dabble in Forensics, Web Exploitation and Pen testing through Capture the Flag style competitions like CSAW and USCC.
DB: How long have you been involved with CCDC? How many red / blue style events have you been involved with? How long have you been playing Info Sec games??
DV: I have been involved with CCDC since 2014 (2 years). With my first year playing CCDC, I immediately became hooked on it. Even though we placed 2nd at WRCCDC my first year, we made a commitment as a team to do better the next year and eventually win regionals. In terms of CTFs, I have been involved with at least 3 – 4 throughout the past 2 years this included CTF’s like CSAW, NCL, and USCC.
DB: Do you think CCDC has had an impact on your skills as a practitioner?
DV: Honestly, CCDC has taught me so many skills that I can apply in a real enterprise environment. For example, one thing that is a cornerstone of CCDC is trying to defend a real-world network that contains various vulnerabilities and gaping security holes that are open to exploitation. For me, CCDC has taught me to be skilled in various Operating Systems, knowing how to secure various services and secure network hardware and security appliances quickly. In addition, when you are in an enterprise environment you have to have all these devices working in tandem which is why its important to know how they work with each other. Also its important to consider the security implications that go with them and most importantly the effect on the business.
DB: Do you think CCDC has an impact on one's teamwork or ability to work with a team?
DV: CCDC has really allowed me to focus on my teamwork skills and security skills with others. More specifically, imagine you are in the trenches of being hammered by red team at the start of competition. There is mass confusion on what services need to be scored, their is zero visibility of the network, user management is a mess, and finally you have a wave of injects coming in. How do you coordinate all these tasks? Who is delegating all these tasks? Most importantly how can your team work together to secure your environment and fulfill the business requirements? For us it required tons of practice, dedication, passion, time management and most importantly allowing us to struggle through adversity to complete a common goal. The connections I have made through CCDC are life lasting and my team members are people I would definitely work with again. What really makes CCDC great is the passion you share with each other, the challenges you face and most importantly, you do not give up. I believe this type of teamwork is so important in not only an academic environment but also in an work environment where if you are up against a nation-state attacker you can be sure they are working together to get into your systems.
DB: Do you think CCDC has an impact on ones ability to work under pressor?
DV: CCDC definitely has had a huge impact on how you have to work under pressure. With the mass amount of systems to secure, services to keep up and business tasks to complete, you need to be able to identify what is a priority and what is not. But more importantly the decisions you make in the moment could determine could put you in the lead to win or loose. Really, the best thing you can do to prepare for this type of pressure is to try to simulate CCDC in your own environment. That way you are not in total mass confusion once the competition starts. For me being able to secure systems and complete business tasks was done with proper time management and prioritization of tasks. With everything said, once you get into the competition you are accustomed to the pressure and you just have to worry about executing the tasks and working with your team.
DB: Do you think the competitive environment of CCDC cause people to innovate?
DV: CCDC really has you thinking on how you can quickly secure your systems and services while fulfilling the business objectives. This has really taught me to be creative in what type of scripts/one liners I can run that will be the most effective. Really, this has taught me on what will keep out red-team (sometimes temporarily) and allow us to start implementing security measures to identify and eradicate their persistence. This has also taught me to really think about what I could automate to identify quick IOC’s in systems. For example, What type of logging solutions could I implement that allows me to quickly filter and search through? At Cal Poly, we are currently in the process of starting a new project that will combine the best of CCDC and CTF’s into a singular virtual platform that will hopefully prepare students for CCDC and give the students the necessary skills they need to succeed in cyber security.
DB: What are some of the core values you think CCDC promotes?
DV: The values I believe CCDC promotes are: strong teamwork, commitment, leadership, and most importantly seeking passionate individuals who care about security.
DB: Does training for CCDC make information security training in general more enjoyable than vs a more traditional context?
DV: I definitely agree that CCDC makes things a lot more fun and interesting to learn about Info Sec than in a traditional classroom setting. Most importantly because many of the times, academic institutions teach outdated material that does not always line up with today’s real world environments. Although, institutions are changing their curriculum because they are seeing the value of competitions like CCDC and CTF’s. In addition part the reason that makes CCDC so much fun is learning what your other colleagues have learned, whether it may be latest APT’s, exploits, new technologies etc. To have an environment where you can share information and get help really makes CCDC a very engaging environment. When you are in the classroom, you are at the liberty of the instructor, which of course won’t have all the answers. However, being able to collaborate with other individuals is really, what allowed myself and others to really learn about Info Sec outside the traditional classroom environment.
DB: Do you know anyone who's gotten a job from CCDC?
DV: Pretty much most of my friends and colleagues who have either been on the team or just even evolved in CCDC has received jobs from places like FireEye, SpaceX, Raytheon, Facebook, Mandiant, CISCO, CrowdStrike, WorkDay, Cylance, and many more. From what I have seen, CCDC has provided many exciting job opportunities for students and even if they did not get a job through CCDC they got the reference from someone in the competition.
DB: This year potentially being the last competing on the blue side of the house, whats your most lasting impression of CCDC?
DV: The most ever lasting impression of CCDC will be the awesome people I got to work with. Throughout these past several years I have learned so much and we wouldn’t have been as successful without everyone working together. With all the fun times and struggles we made learning about security, it was really a tremendous journey and it will definitely be something memorable that I won’t ever forget.
DB: Final thoughts?
DV: Overall, CCDC aims to provide you a realistic environment that you could encounter in the real world. With lots of practice and the skills that you learn from setting up environments, CTF’s, books, mentorships, and pen-testing, CCDC is like the final delivery where you can prove your skills after months of training.
DB: Hey David Vidal, let's start with more about you. How long have you been involved in Information Security? What are your areas of interest / expertise within Info Sec?
DV: I have been involved in Information Security for almost three years now. I started as a transfer student from a community college in Orange County. I then transferred to Cal Poly Pomona in 2014 to major in Computer Information Systems. What really got me interested in Cyber Security was I really wanted to dive into a career that was constantly evolving and changing every day. As my day-to-day job involved system admin duties, I felt like that void was not being filled. When I discovered that Cal Poly had a Cyber Defense team that was competing in national competitions and had such passionate individuals involved, I immediately became interested. Throughout my journey, I quickly became interested in Incident Response, Windows Security, Network Security and Business tasks (incident report writing, documentation etc.); These are skills I focused on heavily and I then started to dabble in Forensics, Web Exploitation and Pen testing through Capture the Flag style competitions like CSAW and USCC.
DB: How long have you been involved with CCDC? How many red / blue style events have you been involved with? How long have you been playing Info Sec games??
DV: I have been involved with CCDC since 2014 (2 years). With my first year playing CCDC, I immediately became hooked on it. Even though we placed 2nd at WRCCDC my first year, we made a commitment as a team to do better the next year and eventually win regionals. In terms of CTFs, I have been involved with at least 3 – 4 throughout the past 2 years this included CTF’s like CSAW, NCL, and USCC.
DB: Do you think CCDC has had an impact on your skills as a practitioner?
DV: Honestly, CCDC has taught me so many skills that I can apply in a real enterprise environment. For example, one thing that is a cornerstone of CCDC is trying to defend a real-world network that contains various vulnerabilities and gaping security holes that are open to exploitation. For me, CCDC has taught me to be skilled in various Operating Systems, knowing how to secure various services and secure network hardware and security appliances quickly. In addition, when you are in an enterprise environment you have to have all these devices working in tandem which is why its important to know how they work with each other. Also its important to consider the security implications that go with them and most importantly the effect on the business.
DB: Do you think CCDC has an impact on one's teamwork or ability to work with a team?
DV: CCDC has really allowed me to focus on my teamwork skills and security skills with others. More specifically, imagine you are in the trenches of being hammered by red team at the start of competition. There is mass confusion on what services need to be scored, their is zero visibility of the network, user management is a mess, and finally you have a wave of injects coming in. How do you coordinate all these tasks? Who is delegating all these tasks? Most importantly how can your team work together to secure your environment and fulfill the business requirements? For us it required tons of practice, dedication, passion, time management and most importantly allowing us to struggle through adversity to complete a common goal. The connections I have made through CCDC are life lasting and my team members are people I would definitely work with again. What really makes CCDC great is the passion you share with each other, the challenges you face and most importantly, you do not give up. I believe this type of teamwork is so important in not only an academic environment but also in an work environment where if you are up against a nation-state attacker you can be sure they are working together to get into your systems.
DB: Do you think CCDC has an impact on ones ability to work under pressor?
DV: CCDC definitely has had a huge impact on how you have to work under pressure. With the mass amount of systems to secure, services to keep up and business tasks to complete, you need to be able to identify what is a priority and what is not. But more importantly the decisions you make in the moment could determine could put you in the lead to win or loose. Really, the best thing you can do to prepare for this type of pressure is to try to simulate CCDC in your own environment. That way you are not in total mass confusion once the competition starts. For me being able to secure systems and complete business tasks was done with proper time management and prioritization of tasks. With everything said, once you get into the competition you are accustomed to the pressure and you just have to worry about executing the tasks and working with your team.
DB: Do you think the competitive environment of CCDC cause people to innovate?
DV: CCDC really has you thinking on how you can quickly secure your systems and services while fulfilling the business objectives. This has really taught me to be creative in what type of scripts/one liners I can run that will be the most effective. Really, this has taught me on what will keep out red-team (sometimes temporarily) and allow us to start implementing security measures to identify and eradicate their persistence. This has also taught me to really think about what I could automate to identify quick IOC’s in systems. For example, What type of logging solutions could I implement that allows me to quickly filter and search through? At Cal Poly, we are currently in the process of starting a new project that will combine the best of CCDC and CTF’s into a singular virtual platform that will hopefully prepare students for CCDC and give the students the necessary skills they need to succeed in cyber security.
DB: What are some of the core values you think CCDC promotes?
DV: The values I believe CCDC promotes are: strong teamwork, commitment, leadership, and most importantly seeking passionate individuals who care about security.
DB: Does training for CCDC make information security training in general more enjoyable than vs a more traditional context?
DV: I definitely agree that CCDC makes things a lot more fun and interesting to learn about Info Sec than in a traditional classroom setting. Most importantly because many of the times, academic institutions teach outdated material that does not always line up with today’s real world environments. Although, institutions are changing their curriculum because they are seeing the value of competitions like CCDC and CTF’s. In addition part the reason that makes CCDC so much fun is learning what your other colleagues have learned, whether it may be latest APT’s, exploits, new technologies etc. To have an environment where you can share information and get help really makes CCDC a very engaging environment. When you are in the classroom, you are at the liberty of the instructor, which of course won’t have all the answers. However, being able to collaborate with other individuals is really, what allowed myself and others to really learn about Info Sec outside the traditional classroom environment.
DB: Do you know anyone who's gotten a job from CCDC?
DV: Pretty much most of my friends and colleagues who have either been on the team or just even evolved in CCDC has received jobs from places like FireEye, SpaceX, Raytheon, Facebook, Mandiant, CISCO, CrowdStrike, WorkDay, Cylance, and many more. From what I have seen, CCDC has provided many exciting job opportunities for students and even if they did not get a job through CCDC they got the reference from someone in the competition.
DB: This year potentially being the last competing on the blue side of the house, whats your most lasting impression of CCDC?
DV: The most ever lasting impression of CCDC will be the awesome people I got to work with. Throughout these past several years I have learned so much and we wouldn’t have been as successful without everyone working together. With all the fun times and struggles we made learning about security, it was really a tremendous journey and it will definitely be something memorable that I won’t ever forget.
DB: Final thoughts?
DV: Overall, CCDC aims to provide you a realistic environment that you could encounter in the real world. With lots of practice and the skills that you learn from setting up environments, CTF’s, books, mentorships, and pen-testing, CCDC is like the final delivery where you can prove your skills after months of training.
Pictured is the Cal Poly 2016 CCDC Team, after winning WRCCDC |