It has been said time and time again that if you can’t detect it, you can’t protect it, but what the heck does that really mean? Many organizational leaders’ gets their wires crossed on this matter by believing that they need to purchase the latest and greatest network defense software, appliance or tools that their vendor’s propose. In some cases, this is a complete waste of money because it gives a false sense of security that detection and merely a tool can fix prevention. Don’t get me wrong, buying a network security solution is not a problem. What is a problem is when companies never get around to configuring or using existing network devices before purchasing new technology; this proves to be useless if never used properly in the first place. Let’s be real, no one is attacking your network through the complex “what if” scenarios that you are sold by vendors. Your company’s network is vulnerable to attack due to misconfiguration, outdated network devices running unnecessary services, and so on. Knowing your company’s network, segments, traffic, etc. is key to preventing some attacks.
In an effort to better understand the needs of the company and be prepared for meetings with the vendor’s, organizations need to ensure that their IT security teams have the necessary skills or tools required to detect and protect their environment to maintain the security posture. The tools might be there and even configured properly, but can the team answer these questions: How are the security tools used? How do you determine and analyze regular traffic from malicious traffic? What does an attack look like? Most importantly, how do you stop an attack or just slow down the bleeding of an attack against your organization and protect its assets? Let’s be honest, a select few of IT Security professionals have this type of education and hands-on skills. This is why security professionals should employ additional training, such as Capture the Flag (CTF), to build their skills, which in turn bring value to organizations. This would also help the team or management better understand which network defense tools are necessary for the company.
Utilizing CTF events (i.e. NOT HALO, NOR CALL OF DUTY and so on) is a valuable tool for the safety of an organization’s network. What are CTF events? I thought you would never ask! CTF events are IT security occurrences when there is scenario-based, vulnerable environment that gives individuals the ability to ethically hack systems within a sandbox. These CTF environments are for educational purposes hosted online or locally. CTF events help security professionals with the essential task of tying in the theoretical with hands-on knowledge and experiences. Furthermore, CTFs teach how to use various methods and tools, and how to execute and prevent attacks within the sandbox environment. Most importantly, CTF events help aid in the understanding of type of breaches, investigation, identification, remediation and critical thinking during and after an attack. To learn more, participate in Security B Sides, a local CTF event in your area. Local conferences are very important and promote collaboration. In contrast, some CTF’s are competition based, such as: CTF365.com, HackTheBox and picoCTF, and are held online where teams of security professionals and/or students work together in groups to solve problems at all levels and win prizes in the end (i.e. scholarships, recruitment, etc.). Lastly, CTFs are fun activities to keep the mind sharp and aid to build confidence in your skills once you get started. Experience shows that once you start, there’s no stopping or turning back.
With that being said regarding the benefits of CTFs, how that might they help your organization you may ask? As you know, practice makes perfect and gaining new skills will only make you better at your job. Therefore, if security professionals practice their ethical hacking skills they will better understand the concepts and actions required in a specific situation. In addition, being able to recognize an attack against your organization early and respond effectively is key to protecting your organization’s network. Leaders of organizations should be seek candidates with these types of skills as it saves the organization money in today’s business economy and helps management teams make the right choices when purchasing from vendors. As security professionals, we should seek to learn something new daily and help others to learn as well. Any situation can be a teaching or learning opportunity. So again WHAT THE CTF? Get to it….
- Be active in the IT Security community with the use of social media and blogs
- Attend Security B Sides Conferences
- Participate in your Local IT Security Conferences
- Join Local/Online IT Security Groups (i.e. MEETUP, Discord, etc.)
- Local/Online hosted practice environment (i.e. HacktheBox or Lab Environment)