Games as simple as tic-tac-toe can help technologists learn how to fight cyber attacks, and that’s just what “Capture the Flag” events aim to do: teach critical skills in everything from network sniffing and reverse engineering to cryptoanalysis.
Companies and universities around the world hold “CTF” competitions for people to gain experience solving cybersecurity problems. Whether you’re a security expert or not, games are an effective way to learn about cybersecurity techniques.
How a Walmart CTF event works
On March 28-29, Walmart will hold two internal CTF events. Associates from its Bentonville, Arkansas, headquarters—as well as other company locations, including Sunnyvale, California and India—will participate as individuals or on teams.
“It’ll be open to any Walmart associate who wants to attend,” said Tim MalcomVetter, director of the Red Team at Walmart. The Red Team simulates actions by bad actors against the company’s systems to prepare for possible attacks.
Walmart’s CTF event will include trivia competitions and puzzles to help associates learn more about security. “It’s a friendly, competitive environment for people to practice and get more experience with subjects they’re not as familiar with,” said Danny Chrastil, senior Red Team engineer at Walmart. Some associates who specialize in areas like application security can try their hand in something else, like forensics or cryptography.
Nikhil Phadke, information security technical expert at Walmart, is hosting an event that will use puzzles to teach associates how bad actors attack websites. The other CTF event, organized by MalcomVetter and Chrastil, will use puzzles to address network security problems by working with intentionally vulnerable machines. Associates will even get to participate in a tic-tac-toe challenge where they’ll attempt to beat a computer a certain number of times in 10 seconds.
Walmart will award $500 in prizes at the event, and the winners may not necessarily be experts in tech or cybersecurity. “The whole point is to try to cover a wide variety of security areas, topics and expertise to really have a broad challenge,” said Chrastil.
Applying practical insight
The CTF event isn’t just about games. CTF exercises also allow associates to identify software bugs, missing patches or operating system misconfigurations. Associates come away with a new set of skills and solutions to keep their code—and ultimately their customers—secure.
But, as MalcomVetter said, as long as associates learn something about security and have fun doing it, the event is successful: “What we hope is to deliver a little bit of security knowledge in a fun way and that associates can use that day to day.”
Interested in learning more about InfoSec at Walmart? Sp4rkCon, held Saturday, April 1, 2017, will feature free training and technical talks. Our goal is for budding hackers and seasoned technologists alike to come together as we share ideas and discuss the latest in InfoSec attack defense with some amazing thought leaders. Learn more about the event.