Everyone Can Play! Building CTFs To Teach Non-Security Folks

Presented at Blue Team Con 2022, Aug. 27, 2022, 4:40 p.m. (50 minutes).

Most security practitioners are aware of the learning and fun that comes from participating in Capture the Flag competitions. Racing against other teams, solving brain-twisting challenges and seeing new ways to compromise systems teaches and entertains.

CTFs are also a great tool to give non-security folks a hands-on understanding of how security vulnerabilities enable criminal activities, reduce user privacy and degrade system reliability.

In this session you will learn to build interesting, educational and easy to use Capture the Flag events targeted at developers and other technical, non-security, users.

We will cover specific considerations for each audience you target, how to create interesting (yet solvable) challenges, and how to make the overall experience friction free for the participants.

You will also learn tools and techniques to create easily repeatable, consistent events with minimal work. We will cover collaborative development, external system integration techniques, tooling and a fully automated deployment pipeline to make spinning up a new CTF as easy as pushing a button.


Presenters:

  • Joe Kuemerle - Product Security Lead, Salesforce
    Joe Kuemerle is an application security engineer, developer and speaker in the greater New York City area specializing in application security, development, database and application lifecycle topics. Joe is active in the technical community as well as a speaker at local, regional and national events. Joe blogs at www.kuemerle.com and is on Twitter as @jkuemerle.

Similar Presentations: