This year, as I’m finally on shore duty and headed towards that inevitable transition from the military life, I heard about the Cyber Fast Track offered by the SANS Institute. When I read about it, I was a complete n00b to VetSec (and by many metrics still am). Since then, I’ve discussed CTFs with quite a few people, and when I saw the opportunity to sign up for the SANS Cyber Fast Track CTF, I jumped at the opportunity.
This year, the competition happens in three phases – the first phase was a 48-hour Capture-the-Flag opportunity. The top placers in the CTF are invited to continue on.
The 48-hour CTF was a bit of a doozy for someone who doesn’t have much experience doing CTFs (READ: This was my first). I’d played around in Hack The Box before, and I have a Security+ certification, but nothing would’ve prepared me for this. There were around 45 challenges, covering some general topics like finding a flag in source code, but then delving into Web Exploits, Reverse Engineering, Forensics, Networking, Binary Exploitation, and Cryptography. I settled in with my caffeine supply of choice and proceeded to hammer as many challenges out as I could, while graciously my wife took over the parenting for the next 48 hours.
I slept about 8 hours in the 48 hours, stopping when I hit brick walls so I could let my subconscious do some work. I stayed persistent and taught myself a lot throughout the competition, but was a little bummed when, at the 48-hour mark, I had only completed 63% of all of the challenges. I didn’t think I had done nearly well enough to place to move on.
After the scores were tallied, I found out that, despite only completing 63% of the challenges, I placed 65th out of 3,498 players. Quite a few had signed up and only done a couple challenges, or didn’t play at all. I was stoked!
Just a week ago, I received my invitation email to Phase 2. Phase 2 consists of access to CyberStart Game, a CTF-style playground with 4 months of time in it, covering general topics, python topics, forensics, plus a new base of challenges that haven’t unlocked yet. Additionally, everyone invited to phase 2 gains access to Cyberstart Essentials, which is a course,
reinforcing key concepts with more than 45 in-browser interactive labs and 17 extended practical skill applications in virtual-machine based labs. You’ll establish a core understanding of technology component functions and apply that knowledge to security concepts such as reconstructing a crime from digital evidence or locating exploitable flaws in software and websites.
Plus, at the end of CyberStart Essentials, you will be able to take the GIAC Essentials Exam. Whatever your future cyber career path looks like, this accomplishment will look great on your résumé and support you on your journey.
As of this writing, I haven’t touched Essentials and I’m about 50% of the way done with Game. I plan on keeping up with the persistence, and hopefully finishing all of Game and Essentials. I’d love to get the $22,000 scholarship at the end of this to take the SANS courses, but we’ll see. No matter what, this has been a great learning experience!