SlideShare a Scribd company logo

Emotional Support for "48 hours of failure"

Download as PPTX, PDF
GDSC UofT Mississauga
GDSC UofT Mississauga

Emotional Support for "48 hours of failure" Slides from Alex's talk at the CTF, hosted by U of T CTF Team, GDSC UTM, GDSC UTSG, and MCSS. Join us in-person or online for our multi-club CTF (Capture-The-Flag) competition, taking place this January 14th and 15th. All beginner, intermediate, and skilled U of T students are welcome to participate in our security-oriented challenges and talks!

Technology
1 of 17
EMOTIONAL SUPPORT FOR “48 HOURS OF FAILURE” (Dr?) Alex Dean Cybulski Research Security Specialist University of Toronto
ABOUT ME Security research specialist University of Toronto’s Information Security Division Design strategy & policy for securing high performance computing clusters Also: Sociologist studying: information security, hacker culture and games Former prof @ the University of Toronto Mississauga: Hacker Culture CTF Team: the 212s Documentarian: Cyberwar on Viceland (2016) alexander.cybulski@utoronto.ca @adcybulski on infosec.exchange the and the evil bird platform 20XX PRESENTATION TITLE 2
MY RESEARCH 3 In-Person CTF Competitions U.S. & Canada 200 hours of observation 100 hours of interviews w/ CTF Designers & Players 230-page research report Sim Cyberpunk: Serious Play, Hackers and Capture the Flag 20XX PRESENTATION TITLE 3
WHY DO PEOPLE PLAY IN CTFS? 20XX PRESENTATION TITLE 4
20XX PRESENTATION TITLE 5 I DIDN’T LEARN ANYTHING NEW I DON’T THINK CTFS ARE FUN I SPENT 8 HOURS SETTING UP A #@$ LINUX ENVIRONMENT ON MY LAPTOP AND DIDN’T MEET ANYONE HIRING I PLACED LAST IN THE DEFCON CTF QUALIFIER
20XX PRESENTATION TITLE 6
20XX PRESENTATION TITLE 7 • I love CTF • But it’s easy to quit when your first competition goes poorly. • CTF is so frustrating one of my interview subjects, Pawel, referred to playing in one as “48 hours of failure.” • My goal with this talk is: 1. To teach you the stories that the cybersecurity / hacking community tells itself about CTF 2. To help you push through failure & frustration & keep playing CTF
20XX PRESENTATION TITLE 8 • Learning, having fun and networking are stories we tell ourselves about games. In sociology we often say that play is “rationalized” we do it for a reason – we have stories for why, how and to what end we do certain things. • CTF is “serious play” which means that we have often rationalized doing something (hacking, coding, cybersecurity) that is laborious (like work), but for a specific reason (leisure, socializing, professionalization) • When those stories we tell ourselves about doing something don’t line up with our experiences doing that thing AND when play is so much like doing work, we usually stop • Why bother?
“FUNDAMENTALLY, YOU'RE WASTING YOUR TIME WHEN YOU COULD BE READING PAPERS [LAUGHS HARD]. AND THAT'S A THAT'S A FINE WAY OF APPROACHING IT TOO. -Tony (plays in 2-3 CTFs a month) 20XX PRESENTATION TITLE 9
WHY ARE CTFS ARE A POOR LEARNING ENVIRONMENT 2023 CTF101 10 • CTFs are fundamentally competitions • Winning is inherently rivalrous • No hints • Time-limited • The expectation is that most players will come with the knowledge they need to win • “[CTF] organizers seldom offer to prepare competitors for the event… it’s incumbent upon them [players] to acquire the skills necessary to compete well” (p. 69) – Chris Eagle • A survey of 15 “vulnerability discovery” exercises (CTFs) found that almost none satisfied basic pedagogical goals (Votipka, Zhang & Mazurek, 2021) • Challenges are heuristic • They require us to know, or figure out something for ourselves
CTF HISTORY 2023 CTF101 11 • The term CTF was coined in 1996 at the hacker conference Defcon • But Hackers have always been making games out of breaking security controls • CTF emerges out of a culture known as the computer underground – pirates, hackers & phreakers (phone hackers) • The original CTF was more like a skateboarding contest than a game (no points, no rules, no scoreboard) • Started out as a sideshow for a LAN party • CTF was created to let hackers show off their skills 1. To impress their peers 2. And not get arrested in the process • CTF was created a time when there weren’t a lot of jobs (1990s) in information security • So CTF isn’t necessary about work and/or learning • It’s about impressing people
CTF CHALLENGES ARE DISCURSIVE 20XX PRESENTATION TITLE 12 • CTF challenges are created by subject matter experts • These experts think that the problem at the heart of the challenge: the method/methodology for vulnerability identification is interesting or meaningful • For the most part CTFs use ‘constructed’ vulnerabilities that do not exist in the real-world • If the problems were identical to real-world ones there would be a lot of tools to automate their exploitation (Metasploit, for example) • So solving a CTF challenge involves analyzing problems using real- world methods, methodologies and software
CTF CHALLENGES AS COMMUNICATION 2023 CTF101 13 • “CTF is really good to get you to learn about problems that need solving” – Tim • CTF challenges are about applying & demonstrating problem solving skills & techniques • Demonstrating the intellectual capital of players • To the things that other people think are meaningful (social capital) • In playing, winners demonstrate expertise, they demonstrate cultural capital – their ability to navigate knowledge • So playing in a CTF is about translating knowledge through meaningful problems to create recognition
CTFS AS NAVIGATION & PRACTICE 2023 CTF101 14 • CTFs are a check on your knowledge of contemporaneous problems • Essentially your ability to navigate all of the knowledge that is freely produced and circulated through hacker communities • CTFs are a bad place to acquire new knowledge • But they are great for refining existing skills: • “It's just learning, getting better, getting better at all those exploitation [and] reversing tasks.” – Holden • It’s a “style of thinking” where” the tools and skills you use to solve the problem tend to be the same ones you would use to solve a real-world problem.” - Jonah
TAKEAWAYS CTF is a game about cybersecurity, sure, but really it’s a form of communication, which translates local knowledge (intellectual capital) into recognition (cultural capital) and expertise (social capital) CTFs aren’t great for traditional learning (developing new skills) But they are good at refining skills (practice), understanding contemporaneous skills and building a culture of cybersecurity for learners. • This doesn’t mean if you want to learn you should quit and go home! • Just don’t be discouraged if/when you struggle! That’s normal. 20XX PRESENTATION TITLE 15
THANKS & HAPPY HUNTING Alex Dean Cybulski alexander.cybulski@utoronto.ca @adcybulski www.adcybulski.com 2023 CTF 16
WHO THIS TALK IS FOR 20XX CTF 101 17 • This talk assumes you know nothing, or a bit about CTF • But want to know more • You want to develop cybersecurity / hacking skills • I provide some critiques of CTF • But I do that to help you understand what you’ll get out of participating • My arguments are made based on observation & other people’s experiences • Blended with a little teaching theory • But it’s worth saying: your experience may vary! • The talk is largely non-technical • But CTF is mostly non-technical • Sociologists define things, they help us create meaning and understand patterns • Terms from economics, psychology and even gaming are the product of ideas sociologists created

Recommended

Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...Anthony Lai
 
DIY Education in Cyber Security
DIY Education in Cyber SecurityDIY Education in Cyber Security
DIY Education in Cyber SecurityKelly Shortridge
 
LKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLean Kanban Central Europe
 
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange LandDr. Kim (Kyllesbech Larsen)
 
Emerging practices 2019 week 2
Emerging practices 2019 week 2Emerging practices 2019 week 2
Emerging practices 2019 week 2R. Sosa
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital AgeThe Metropolitan Museum of Art
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 

Recommended

Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...Anthony Lai
 
DIY Education in Cyber Security
DIY Education in Cyber SecurityDIY Education in Cyber Security
DIY Education in Cyber SecurityKelly Shortridge
 
LKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLean Kanban Central Europe
 
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange LandDr. Kim (Kyllesbech Larsen)
 
Emerging practices 2019 week 2
Emerging practices 2019 week 2Emerging practices 2019 week 2
Emerging practices 2019 week 2R. Sosa
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital AgeThe Metropolitan Museum of Art
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
Presentation
PresentationPresentation
PresentationColin McLean
 
Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Andy Fawkes
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Deep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapDeep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapColin McLean
 
Computational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyComputational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyPaul Herring
 
Why schools must lead maker movement
Why schools must lead maker movementWhy schools must lead maker movement
Why schools must lead maker movementSusan S. Wells
 
Mind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceMind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceStewart Kowalski
 
Let's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designLet's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designNikita Lukianets
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)Christopher Bishop
 
Tech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoTech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoFred Lee
 
A Survival Guide for Complex UX
A Survival Guide for Complex UXA Survival Guide for Complex UX
A Survival Guide for Complex UXJennifer Cham
 
Bells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistBells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistCaroline Cerveny
 
ChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessDion Hinchcliffe
 
Creating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeCreating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeOzgur Pala
 
Emerging practices 2019 week 1
Emerging practices 2019 week 1Emerging practices 2019 week 1
Emerging practices 2019 week 1R. Sosa
 
Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Eric Reiss
 
Cyber securityeducation may2015
Cyber securityeducation may2015Cyber securityeducation may2015
Cyber securityeducation may2015Mark Guzdial
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella ConsultingTessella
 
CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML WorkshopGDSC UofT Mississauga
 
ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaGDSC UofT Mississauga
 

More Related Content

Similar to Emotional Support for "48 hours of failure"

Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Andy Fawkes
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Deep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapDeep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapColin McLean
 
Computational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyComputational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyPaul Herring
 
Why schools must lead maker movement
Why schools must lead maker movementWhy schools must lead maker movement
Why schools must lead maker movementSusan S. Wells
 
Mind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceMind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceStewart Kowalski
 
Let's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designLet's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designNikita Lukianets
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)Christopher Bishop
 
Tech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoTech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoFred Lee
 
A Survival Guide for Complex UX
A Survival Guide for Complex UXA Survival Guide for Complex UX
A Survival Guide for Complex UXJennifer Cham
 
Bells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistBells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistCaroline Cerveny
 
ChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessDion Hinchcliffe
 
Creating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeCreating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeOzgur Pala
 
Emerging practices 2019 week 1
Emerging practices 2019 week 1Emerging practices 2019 week 1
Emerging practices 2019 week 1R. Sosa
 
Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Eric Reiss
 
Cyber securityeducation may2015
Cyber securityeducation may2015Cyber securityeducation may2015
Cyber securityeducation may2015Mark Guzdial
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella ConsultingTessella
 

Similar to Emotional Support for "48 hours of failure" (20)

Presentation
PresentationPresentation
Presentation
 
Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
Deep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapDeep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gap
 
Computational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyComputational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogy
 
Why schools must lead maker movement
Why schools must lead maker movementWhy schools must lead maker movement
Why schools must lead maker movement
 
Mind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceMind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber Space
 
Let's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designLet's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational design
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGC
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
 
Tech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoTech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp Chicago
 
A Survival Guide for Complex UX
A Survival Guide for Complex UXA Survival Guide for Complex UX
A Survival Guide for Complex UX
 
Bells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistBells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century Catechist
 
ChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for Business
 
Creating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeCreating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You Tube
 
Emerging practices 2019 week 1
Emerging practices 2019 week 1Emerging practices 2019 week 1
Emerging practices 2019 week 1
 
Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)
 
Cyber securityeducation may2015
Cyber securityeducation may2015Cyber securityeducation may2015
Cyber securityeducation may2015
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella Consulting
 

More from GDSC UofT Mississauga

ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaGDSC UofT Mississauga
 
Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023GDSC UofT Mississauga
 
MCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity WorkshopMCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity WorkshopGDSC UofT Mississauga
 
Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]GDSC UofT Mississauga
 

More from GDSC UofT Mississauga (20)

CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML Workshop
 
ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and Figma
 
Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023
 
GDSC x Deerhacks - Origami Workshop
GDSC x Deerhacks - Origami WorkshopGDSC x Deerhacks - Origami Workshop
GDSC x Deerhacks - Origami Workshop
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
Michael's OWASP Juice Shop Workshop
Michael's OWASP Juice Shop WorkshopMichael's OWASP Juice Shop Workshop
Michael's OWASP Juice Shop Workshop
 
MCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity WorkshopMCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity Workshop
 
Basics of C
Basics of CBasics of C
Basics of C
 
Discord Bot Workshop Slides
Discord Bot Workshop SlidesDiscord Bot Workshop Slides
Discord Bot Workshop Slides
 
Web Scraping Workshop
Web Scraping WorkshopWeb Scraping Workshop
Web Scraping Workshop
 
Devops Workshop
Devops WorkshopDevops Workshop
Devops Workshop
 
Express
ExpressExpress
Express
 
HTML_CSS_JS Workshop
HTML_CSS_JS WorkshopHTML_CSS_JS Workshop
HTML_CSS_JS Workshop
 
DevOps Workshop Part 1
DevOps Workshop Part 1DevOps Workshop Part 1
DevOps Workshop Part 1
 
Docker workshop GDSC_CSSC
Docker workshop GDSC_CSSCDocker workshop GDSC_CSSC
Docker workshop GDSC_CSSC
 
Back-end (Flask_AWS)
Back-end (Flask_AWS)Back-end (Flask_AWS)
Back-end (Flask_AWS)
 
Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]
 
Git Init (Introduction to Git)
Git Init (Introduction to Git)Git Init (Introduction to Git)
Git Init (Introduction to Git)
 
Database Workshop Slides
Database Workshop SlidesDatabase Workshop Slides
Database Workshop Slides
 
ChatGPT General Meeting
ChatGPT General MeetingChatGPT General Meeting
ChatGPT General Meeting
 

Recently uploaded

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

Emotional Support for "48 hours of failure"

  • 1. EMOTIONAL SUPPORT FOR “48 HOURS OF FAILURE” (Dr?) Alex Dean Cybulski Research Security Specialist University of Toronto
  • 2. ABOUT ME Security research specialist University of Toronto’s Information Security Division Design strategy & policy for securing high performance computing clusters Also: Sociologist studying: information security, hacker culture and games Former prof @ the University of Toronto Mississauga: Hacker Culture CTF Team: the 212s Documentarian: Cyberwar on Viceland (2016) alexander.cybulski@utoronto.ca @adcybulski on infosec.exchange the and the evil bird platform 20XX PRESENTATION TITLE 2
  • 3. MY RESEARCH 3 In-Person CTF Competitions U.S. & Canada 200 hours of observation 100 hours of interviews w/ CTF Designers & Players 230-page research report Sim Cyberpunk: Serious Play, Hackers and Capture the Flag 20XX PRESENTATION TITLE 3
  • 4. WHY DO PEOPLE PLAY IN CTFS? 20XX PRESENTATION TITLE 4
  • 5. 20XX PRESENTATION TITLE 5 I DIDN’T LEARN ANYTHING NEW I DON’T THINK CTFS ARE FUN I SPENT 8 HOURS SETTING UP A #@$ LINUX ENVIRONMENT ON MY LAPTOP AND DIDN’T MEET ANYONE HIRING I PLACED LAST IN THE DEFCON CTF QUALIFIER
  • 7. 20XX PRESENTATION TITLE 7 • I love CTF • But it’s easy to quit when your first competition goes poorly. • CTF is so frustrating one of my interview subjects, Pawel, referred to playing in one as “48 hours of failure.” • My goal with this talk is: 1. To teach you the stories that the cybersecurity / hacking community tells itself about CTF 2. To help you push through failure & frustration & keep playing CTF
  • 8. 20XX PRESENTATION TITLE 8 • Learning, having fun and networking are stories we tell ourselves about games. In sociology we often say that play is “rationalized” we do it for a reason – we have stories for why, how and to what end we do certain things. • CTF is “serious play” which means that we have often rationalized doing something (hacking, coding, cybersecurity) that is laborious (like work), but for a specific reason (leisure, socializing, professionalization) • When those stories we tell ourselves about doing something don’t line up with our experiences doing that thing AND when play is so much like doing work, we usually stop • Why bother?
  • 9. “FUNDAMENTALLY, YOU'RE WASTING YOUR TIME WHEN YOU COULD BE READING PAPERS [LAUGHS HARD]. AND THAT'S A THAT'S A FINE WAY OF APPROACHING IT TOO. -Tony (plays in 2-3 CTFs a month) 20XX PRESENTATION TITLE 9
  • 10. WHY ARE CTFS ARE A POOR LEARNING ENVIRONMENT 2023 CTF101 10 • CTFs are fundamentally competitions • Winning is inherently rivalrous • No hints • Time-limited • The expectation is that most players will come with the knowledge they need to win • “[CTF] organizers seldom offer to prepare competitors for the event… it’s incumbent upon them [players] to acquire the skills necessary to compete well” (p. 69) – Chris Eagle • A survey of 15 “vulnerability discovery” exercises (CTFs) found that almost none satisfied basic pedagogical goals (Votipka, Zhang & Mazurek, 2021) • Challenges are heuristic • They require us to know, or figure out something for ourselves
  • 11. CTF HISTORY 2023 CTF101 11 • The term CTF was coined in 1996 at the hacker conference Defcon • But Hackers have always been making games out of breaking security controls • CTF emerges out of a culture known as the computer underground – pirates, hackers & phreakers (phone hackers) • The original CTF was more like a skateboarding contest than a game (no points, no rules, no scoreboard) • Started out as a sideshow for a LAN party • CTF was created to let hackers show off their skills 1. To impress their peers 2. And not get arrested in the process • CTF was created a time when there weren’t a lot of jobs (1990s) in information security • So CTF isn’t necessary about work and/or learning • It’s about impressing people
  • 12. CTF CHALLENGES ARE DISCURSIVE 20XX PRESENTATION TITLE 12 • CTF challenges are created by subject matter experts • These experts think that the problem at the heart of the challenge: the method/methodology for vulnerability identification is interesting or meaningful • For the most part CTFs use ‘constructed’ vulnerabilities that do not exist in the real-world • If the problems were identical to real-world ones there would be a lot of tools to automate their exploitation (Metasploit, for example) • So solving a CTF challenge involves analyzing problems using real- world methods, methodologies and software
  • 13. CTF CHALLENGES AS COMMUNICATION 2023 CTF101 13 • “CTF is really good to get you to learn about problems that need solving” – Tim • CTF challenges are about applying & demonstrating problem solving skills & techniques • Demonstrating the intellectual capital of players • To the things that other people think are meaningful (social capital) • In playing, winners demonstrate expertise, they demonstrate cultural capital – their ability to navigate knowledge • So playing in a CTF is about translating knowledge through meaningful problems to create recognition
  • 14. CTFS AS NAVIGATION & PRACTICE 2023 CTF101 14 • CTFs are a check on your knowledge of contemporaneous problems • Essentially your ability to navigate all of the knowledge that is freely produced and circulated through hacker communities • CTFs are a bad place to acquire new knowledge • But they are great for refining existing skills: • “It's just learning, getting better, getting better at all those exploitation [and] reversing tasks.” – Holden • It’s a “style of thinking” where” the tools and skills you use to solve the problem tend to be the same ones you would use to solve a real-world problem.” - Jonah
  • 15. TAKEAWAYS CTF is a game about cybersecurity, sure, but really it’s a form of communication, which translates local knowledge (intellectual capital) into recognition (cultural capital) and expertise (social capital) CTFs aren’t great for traditional learning (developing new skills) But they are good at refining skills (practice), understanding contemporaneous skills and building a culture of cybersecurity for learners. • This doesn’t mean if you want to learn you should quit and go home! • Just don’t be discouraged if/when you struggle! That’s normal. 20XX PRESENTATION TITLE 15
  • 16. THANKS & HAPPY HUNTING Alex Dean Cybulski alexander.cybulski@utoronto.ca @adcybulski www.adcybulski.com 2023 CTF 16
  • 17. WHO THIS TALK IS FOR 20XX CTF 101 17 • This talk assumes you know nothing, or a bit about CTF • But want to know more • You want to develop cybersecurity / hacking skills • I provide some critiques of CTF • But I do that to help you understand what you’ll get out of participating • My arguments are made based on observation & other people’s experiences • Blended with a little teaching theory • But it’s worth saying: your experience may vary! • The talk is largely non-technical • But CTF is mostly non-technical • Sociologists define things, they help us create meaning and understand patterns • Terms from economics, psychology and even gaming are the product of ideas sociologists created