President's Cup Cyber Competition: Finding the Best Cyber Talent in the US Government
Conference: BlackHat USA 2021
2021-08-05
Summary
The presentation discusses the development and execution of the President's Cup Cybersecurity Competition, highlighting the importance of time management and challenge development principles.
- Successful teams knew when to cut and run from a challenge to avoid wasting time
- Limited time affected challenge development principles
- Competitors found new and novel ways to solve challenges despite extensive QA testing
- The finals included individual and team competitions with unique challenges and a cyber escape room
- The development of a platform using TopoMojo and Gameboard allowed for fast deployment of challenges with multiple variants
Abstract
In 2019, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) held the first cybersecurity competition for the Federal workforce. Dubbed the President's Cup Cybersecurity Competition, its purpose is "to identify, challenge, and reward the United States Government's best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines". With just a few months between the creation of the concept and its execution, time was short to prepare a competition that would meet this tall order.This talk gives the behind-the-scenes story of the first two President's Cup competitions from two members of the team that built it. In year one, the multi-round event came together in record time and included over 1,000 participants from 25+ top-level departments and agencies within the United States government. In year two, the team improved the competition while adapting to the new realities of the pandemic and held the entire competition remotely.
Materials:
Tags: