This was my second year as a participant in the DOE’s Cyberforce Competition, but my first as a team captain for CCSO. Placing third the year before I felt as though there was a fairly large expectation to live up to, but I was excited nontheless. Cyberforce is fairly unique in its format and multifacted approach, requiring a significant amount of preparation before competition day, and different varieties of deliverables ranging from Executive Briefs to a day of CTF.
Our weakest components of this competition were incident response and our C-Suite Briefing. Although we’d implemented the Elastic Stack, the majority of our team lacked enough practice with the tool to be able to effectively used it. Cyberforce’s assumed breach model of Red Team assesments makes it fairly easy to identify attacks, but moving forward we’ll need to focus on recognizing TTP’s and constructing valid narratives with sufficient evidence.