I've written in the past about how I think CTF-style events, mock incident response scenarios and similar training is good for security teams. For me, participating in DefCon CTF for the past three years has been an incredible learning experience. The teamwork and friendship that develops from working until such intense pressure is invaluable. It helps build trust in each other which is important in IT security teams knowing you can count on one another.
Technically, the experience gained from these events helps teams realize where their strengths and weaknesses lie. Making attackers defend and defenders attack is good to see how well your cross-training efforts are working (provided that's a requirement, which it usually is in smaller teams). Incident response scenarios help pinpoint procedures that may have sounded good on paper but don't actually work as planned.
Training is only really good if you get to put what is taught into practice to prove you learned it. That's the other area where I think CTF events and mock exercises can help corporate security teams. Make sure your training money is being well spent and your team members are actually learning something.
I'm looking forward to seeing what this new group has in store for DefCon CTF this year. Their proposal does have some interesting ideas and the fact that Jeff chose them over some of the other submissions, which were done by some amazing folks, says a lot. Time will tell. Keep an eye on the DefCon site for more info.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.