Lessons from supporting 9,500 teams with CTFs | Issue #8

Welcome to issue #8 of the ThreatReady!?

ThreatReady is your source of actionable truth based on the latest industry news. It offers a people-centric perspective that connects deeply with the challenges and triumphs of leading security teams and strategy.

If the cybersecurity landscape were a chessboard, the ThreatReady newsletter would be your strategic guide to staying three moves ahead of bad actors.

Marketing CTF events 101 ??

We’ve supported more than 9,500 teams with CTF events. Most face two common problems:

1. Getting staff excited about and participating in upcoming CTF events.?
2. Ensuring the events are valuable for staff who aren’t just red teamers or pentesters, like blue teams or dev teams.

After talking to leaders from top-performing teams, like Toyota North America, we’ve spotted common patterns shared by teams with strong CTF participation records:

• Blocking out calendar time for the event. Usually, they send out a CTF invite three to two months in advance.?
• Sending persuasive internal emails and communication. Most follow-up invites by sharing emails detailing the CTF event benefits and how teams can get involved.?
• Using a CTF Slack (or workspace) channel for the CTF event. They create a space for employees to ask questions, share ideas, and create separate teams.?
• Having a post-CTF strategy. They take learnings from CTF results to benchmark skills and create a targeted development plan for staff.

Learn more about optimizing CTF event participation and results by reading the full article.

But conducting an internal CTF sounds like a lot of work, planning, and time (which security teams don’t have!)

Enter: HTB CTF marketplace .?

The HTB CTF marketplace has 100+ challenges and curated packs across both offensive and defensive content—like fundamentals for blue teams and web app security development —which you can tailor to your security objectives.?

Our Enhanced Event Management feature streamlines the setup and coordination of team CTF events with:?

• Member onboarding and organizational management.
• Automated invitations and role assignments.
• Challenge management for configurable events.
• Content categorization and filtering.

We also provide a live scoreboard, giving participants real-time updates and insights into performance.

Is it ok to Google answers during a security interview? ??

“I remember a time when I was asking candidates basic questions about Active Directory (AD), and I could just tell that they were pausing to Google the answers.?

We also got people with fantastic-looking resumes, but when we tried to dig into them, it became clear that they were bluffing or fluffing up their resume.”?

That was a hiring experience our Head of Information Security, Ben Rollin (mrb3n), had when he worked as a senior consultant responsible for hiring security professionals.??

Ben’s response to candidate’s Googling answers during interviews??

Building a solid technical assessment strategy into the hiring process.

Candidate assessments are an excellent tool to assess a potential hire's ability to:

1. Perform the duties required for a security role.
2. Be a good fit on your team.?

But security skills assessments need to be done right.?

They should be relevant to the security role, aligned with your hiring goals, and have the right “goldilocks” level of difficulty for the candidate.?

This requires a strategic approach and a strong understanding of the role you’re hiring for.?

Read Ben’s full guide on how to:

• Set candidate thresholds that are relevant to the role.
• Gauge their communication and client management skills.
• Test their methodology and likeliness to respect client infrastructure.

SOC tools & methodologies for your blue team to master ???

Blue teams rely on a range of tools to monitor domain security.?

However, simply relying on tools to get the job done, and failing to understand the fundamental processes and methodologies behind them, could be a costly mistake for any blue teamer to make.?

While SOC tools can help automate and lighten the workload for many defenders, we urge for a “techniques and methodologies over tools” mindset.?

Monitoring tools won’t be able to spot every case of suspicious activity. For example, with Windows event logs, regular changes to system audit policies may be normal in your organization but could be considered a threat in another.?

To apply critical thinking when using a tool, you need to know the methodology behind it.?

That’s why we’ve put together a list of important SOC tools and resources for your team to master the methodology behind them.

?? Share your win with the community

Your expertise and insights are invaluable. And we’re eager to share them with our vast audience of over 2.9 million members.

We’d be honored to feature your top "win" of the month related to your team, department, or security program in the next edition of ThreatReady.

A “win” could be:

• Achieving compliance or industry standards.
• Successfully onboarding new team members.
• Celebrating your team’s performance.

The top wins will be shared in the next month’s edition of ThreatReady (and if it’s really good, may get some additional love on social media).?

Want to share your win?

Drop a comment below telling us what it is??