SlideShare a Scribd company logo

Emotional Support for "48 hours of failure"

Download as PPTX, PDF
GDSC UofT Mississauga
GDSC UofT Mississauga

Emotional Support for "48 hours of failure" Slides from Alex's talk at the CTF, hosted by U of T CTF Team, GDSC UTM, GDSC UTSG, and MCSS. Join us in-person or online for our multi-club CTF (Capture-The-Flag) competition, taking place this January 14th and 15th. All beginner, intermediate, and skilled U of T students are welcome to participate in our security-oriented challenges and talks!

Technology
1 of 17
EMOTIONAL SUPPORT FOR “48 HOURS OF FAILURE” (Dr?) Alex Dean Cybulski Research Security Specialist University of Toronto
ABOUT ME Security research specialist University of Toronto’s Information Security Division Design strategy & policy for securing high performance computing clusters Also: Sociologist studying: information security, hacker culture and games Former prof @ the University of Toronto Mississauga: Hacker Culture CTF Team: the 212s Documentarian: Cyberwar on Viceland (2016) alexander.cybulski@utoronto.ca @adcybulski on infosec.exchange the and the evil bird platform 20XX PRESENTATION TITLE 2
MY RESEARCH 3 In-Person CTF Competitions U.S. & Canada 200 hours of observation 100 hours of interviews w/ CTF Designers & Players 230-page research report Sim Cyberpunk: Serious Play, Hackers and Capture the Flag 20XX PRESENTATION TITLE 3
WHY DO PEOPLE PLAY IN CTFS? 20XX PRESENTATION TITLE 4
20XX PRESENTATION TITLE 5 I DIDN’T LEARN ANYTHING NEW I DON’T THINK CTFS ARE FUN I SPENT 8 HOURS SETTING UP A #@$ LINUX ENVIRONMENT ON MY LAPTOP AND DIDN’T MEET ANYONE HIRING I PLACED LAST IN THE DEFCON CTF QUALIFIER
20XX PRESENTATION TITLE 6
20XX PRESENTATION TITLE 7 • I love CTF • But it’s easy to quit when your first competition goes poorly. • CTF is so frustrating one of my interview subjects, Pawel, referred to playing in one as “48 hours of failure.” • My goal with this talk is: 1. To teach you the stories that the cybersecurity / hacking community tells itself about CTF 2. To help you push through failure & frustration & keep playing CTF
20XX PRESENTATION TITLE 8 • Learning, having fun and networking are stories we tell ourselves about games. In sociology we often say that play is “rationalized” we do it for a reason – we have stories for why, how and to what end we do certain things. • CTF is “serious play” which means that we have often rationalized doing something (hacking, coding, cybersecurity) that is laborious (like work), but for a specific reason (leisure, socializing, professionalization) • When those stories we tell ourselves about doing something don’t line up with our experiences doing that thing AND when play is so much like doing work, we usually stop • Why bother?
“FUNDAMENTALLY, YOU'RE WASTING YOUR TIME WHEN YOU COULD BE READING PAPERS [LAUGHS HARD]. AND THAT'S A THAT'S A FINE WAY OF APPROACHING IT TOO. -Tony (plays in 2-3 CTFs a month) 20XX PRESENTATION TITLE 9
WHY ARE CTFS ARE A POOR LEARNING ENVIRONMENT 2023 CTF101 10 • CTFs are fundamentally competitions • Winning is inherently rivalrous • No hints • Time-limited • The expectation is that most players will come with the knowledge they need to win • “[CTF] organizers seldom offer to prepare competitors for the event… it’s incumbent upon them [players] to acquire the skills necessary to compete well” (p. 69) – Chris Eagle • A survey of 15 “vulnerability discovery” exercises (CTFs) found that almost none satisfied basic pedagogical goals (Votipka, Zhang & Mazurek, 2021) • Challenges are heuristic • They require us to know, or figure out something for ourselves
CTF HISTORY 2023 CTF101 11 • The term CTF was coined in 1996 at the hacker conference Defcon • But Hackers have always been making games out of breaking security controls • CTF emerges out of a culture known as the computer underground – pirates, hackers & phreakers (phone hackers) • The original CTF was more like a skateboarding contest than a game (no points, no rules, no scoreboard) • Started out as a sideshow for a LAN party • CTF was created to let hackers show off their skills 1. To impress their peers 2. And not get arrested in the process • CTF was created a time when there weren’t a lot of jobs (1990s) in information security • So CTF isn’t necessary about work and/or learning • It’s about impressing people
CTF CHALLENGES ARE DISCURSIVE 20XX PRESENTATION TITLE 12 • CTF challenges are created by subject matter experts • These experts think that the problem at the heart of the challenge: the method/methodology for vulnerability identification is interesting or meaningful • For the most part CTFs use ‘constructed’ vulnerabilities that do not exist in the real-world • If the problems were identical to real-world ones there would be a lot of tools to automate their exploitation (Metasploit, for example) • So solving a CTF challenge involves analyzing problems using real- world methods, methodologies and software
CTF CHALLENGES AS COMMUNICATION 2023 CTF101 13 • “CTF is really good to get you to learn about problems that need solving” – Tim • CTF challenges are about applying & demonstrating problem solving skills & techniques • Demonstrating the intellectual capital of players • To the things that other people think are meaningful (social capital) • In playing, winners demonstrate expertise, they demonstrate cultural capital – their ability to navigate knowledge • So playing in a CTF is about translating knowledge through meaningful problems to create recognition
CTFS AS NAVIGATION & PRACTICE 2023 CTF101 14 • CTFs are a check on your knowledge of contemporaneous problems • Essentially your ability to navigate all of the knowledge that is freely produced and circulated through hacker communities • CTFs are a bad place to acquire new knowledge • But they are great for refining existing skills: • “It's just learning, getting better, getting better at all those exploitation [and] reversing tasks.” – Holden • It’s a “style of thinking” where” the tools and skills you use to solve the problem tend to be the same ones you would use to solve a real-world problem.” - Jonah
TAKEAWAYS CTF is a game about cybersecurity, sure, but really it’s a form of communication, which translates local knowledge (intellectual capital) into recognition (cultural capital) and expertise (social capital) CTFs aren’t great for traditional learning (developing new skills) But they are good at refining skills (practice), understanding contemporaneous skills and building a culture of cybersecurity for learners. • This doesn’t mean if you want to learn you should quit and go home! • Just don’t be discouraged if/when you struggle! That’s normal. 20XX PRESENTATION TITLE 15
THANKS & HAPPY HUNTING Alex Dean Cybulski alexander.cybulski@utoronto.ca @adcybulski www.adcybulski.com 2023 CTF 16
WHO THIS TALK IS FOR 20XX CTF 101 17 • This talk assumes you know nothing, or a bit about CTF • But want to know more • You want to develop cybersecurity / hacking skills • I provide some critiques of CTF • But I do that to help you understand what you’ll get out of participating • My arguments are made based on observation & other people’s experiences • Blended with a little teaching theory • But it’s worth saying: your experience may vary! • The talk is largely non-technical • But CTF is mostly non-technical • Sociologists define things, they help us create meaning and understand patterns • Terms from economics, psychology and even gaming are the product of ideas sociologists created

Recommended

Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...Anthony Lai
 
DIY Education in Cyber Security
DIY Education in Cyber SecurityDIY Education in Cyber Security
DIY Education in Cyber SecurityKelly Shortridge
 
LKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLean Kanban Central Europe
 
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange LandDr. Kim (Kyllesbech Larsen)
 
Emerging practices 2019 week 2
Emerging practices 2019 week 2Emerging practices 2019 week 2
Emerging practices 2019 week 2R. Sosa
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital AgeThe Metropolitan Museum of Art
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 

Recommended

Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...
HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...Anthony Lai
 
DIY Education in Cyber Security
DIY Education in Cyber SecurityDIY Education in Cyber Security
DIY Education in Cyber SecurityKelly Shortridge
 
LKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLKCE18 Dimitar Bakardziev - Kanban Policy Game
LKCE18 Dimitar Bakardziev - Kanban Policy GameLean Kanban Central Europe
 
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange LandDr. Kim (Kyllesbech Larsen)
 
Emerging practices 2019 week 2
Emerging practices 2019 week 2Emerging practices 2019 week 2
Emerging practices 2019 week 2R. Sosa
 
2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital Age2015 Arts Midwest Workshop: Embracing the Digital Age
2015 Arts Midwest Workshop: Embracing the Digital AgeThe Metropolitan Museum of Art
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
Presentation
PresentationPresentation
PresentationColin McLean
 
Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Andy Fawkes
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Deep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapDeep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapColin McLean
 
Computational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyComputational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyPaul Herring
 
Why schools must lead maker movement
Why schools must lead maker movementWhy schools must lead maker movement
Why schools must lead maker movementSusan S. Wells
 
Mind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceMind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceStewart Kowalski
 
Let's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designLet's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designNikita Lukianets
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)Christopher Bishop
 
Tech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoTech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoFred Lee
 
A Survival Guide for Complex UX
A Survival Guide for Complex UXA Survival Guide for Complex UX
A Survival Guide for Complex UXJennifer Cham
 
Bells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistBells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistCaroline Cerveny
 
ChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessDion Hinchcliffe
 
Creating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeCreating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeOzgur Pala
 
Emerging practices 2019 week 1
Emerging practices 2019 week 1Emerging practices 2019 week 1
Emerging practices 2019 week 1R. Sosa
 
Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Eric Reiss
 
Cyber securityeducation may2015
Cyber securityeducation may2015Cyber securityeducation may2015
Cyber securityeducation may2015Mark Guzdial
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella ConsultingTessella
 
CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML WorkshopGDSC UofT Mississauga
 
ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaGDSC UofT Mississauga
 

More Related Content

Similar to Emotional Support for "48 hours of failure"

Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Andy Fawkes
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Deep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapDeep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapColin McLean
 
Computational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyComputational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyPaul Herring
 
Why schools must lead maker movement
Why schools must lead maker movementWhy schools must lead maker movement
Why schools must lead maker movementSusan S. Wells
 
Mind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceMind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceStewart Kowalski
 
Let's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designLet's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designNikita Lukianets
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)Christopher Bishop
 
Tech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoTech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoFred Lee
 
A Survival Guide for Complex UX
A Survival Guide for Complex UXA Survival Guide for Complex UX
A Survival Guide for Complex UXJennifer Cham
 
Bells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistBells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistCaroline Cerveny
 
ChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessDion Hinchcliffe
 
Creating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeCreating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeOzgur Pala
 
Emerging practices 2019 week 1
Emerging practices 2019 week 1Emerging practices 2019 week 1
Emerging practices 2019 week 1R. Sosa
 
Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Eric Reiss
 
Cyber securityeducation may2015
Cyber securityeducation may2015Cyber securityeducation may2015
Cyber securityeducation may2015Mark Guzdial
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella ConsultingTessella
 

Similar to Emotional Support for "48 hours of failure" (20)

Presentation
PresentationPresentation
Presentation
 
Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?Military Flight Training - Digital Technology Disruption Ahead?
Military Flight Training - Digital Technology Disruption Ahead?
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
Deep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gapDeep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gap
 
Computational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogyComputational Thinking - a 4 step approach and a new pedagogy
Computational Thinking - a 4 step approach and a new pedagogy
 
Why schools must lead maker movement
Why schools must lead maker movementWhy schools must lead maker movement
Why schools must lead maker movement
 
Mind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber SpaceMind the gap : Is Norway Security Enough in Cyber Space
Mind the gap : Is Norway Security Enough in Cyber Space
 
Let's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational designLet's Talk: fundamentals of conversational design
Let's Talk: fundamentals of conversational design
 
Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGC
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
How to Succeed at Jobs That Don't Exist Yet (Workshop at Queens College-9/26/18)
 
Tech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp ChicagoTech Talk @ Dev Bootcamp Chicago
Tech Talk @ Dev Bootcamp Chicago
 
A Survival Guide for Complex UX
A Survival Guide for Complex UXA Survival Guide for Complex UX
A Survival Guide for Complex UX
 
Bells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century CatechistBells, Whistles and Digital Tools for the 21st Century Catechist
Bells, Whistles and Digital Tools for the 21st Century Catechist
 
ChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for BusinessChatGPT OpenAI Primer for Business
ChatGPT OpenAI Primer for Business
 
Creating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You TubeCreating Dynamic Critical Thinkers You Tube
Creating Dynamic Critical Thinkers You Tube
 
Emerging practices 2019 week 1
Emerging practices 2019 week 1Emerging practices 2019 week 1
Emerging practices 2019 week 1
 
Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)Content Strategists (CS Forum, London, UK)
Content Strategists (CS Forum, London, UK)
 
Cyber securityeducation may2015
Cyber securityeducation may2015Cyber securityeducation may2015
Cyber securityeducation may2015
 
Tessella Consulting
Tessella ConsultingTessella Consulting
Tessella Consulting
 

More from GDSC UofT Mississauga

ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaGDSC UofT Mississauga
 
Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023GDSC UofT Mississauga
 
MCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity WorkshopMCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity WorkshopGDSC UofT Mississauga
 
Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]GDSC UofT Mississauga
 

More from GDSC UofT Mississauga (20)

CSSC ML Workshop
CSSC ML WorkshopCSSC ML Workshop
CSSC ML Workshop
 
ICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and FigmaICCIT Council × GDSC: UX / UI and Figma
ICCIT Council × GDSC: UX / UI and Figma
 
Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023Community Projects Info Session Fall 2023
Community Projects Info Session Fall 2023
 
GDSC x Deerhacks - Origami Workshop
GDSC x Deerhacks - Origami WorkshopGDSC x Deerhacks - Origami Workshop
GDSC x Deerhacks - Origami Workshop
 
Reverse Engineering 101
Reverse Engineering 101Reverse Engineering 101
Reverse Engineering 101
 
Michael's OWASP Juice Shop Workshop
Michael's OWASP Juice Shop WorkshopMichael's OWASP Juice Shop Workshop
Michael's OWASP Juice Shop Workshop
 
MCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity WorkshopMCSS × GDSC: Intro to Cybersecurity Workshop
MCSS × GDSC: Intro to Cybersecurity Workshop
 
Basics of C
Basics of CBasics of C
Basics of C
 
Discord Bot Workshop Slides
Discord Bot Workshop SlidesDiscord Bot Workshop Slides
Discord Bot Workshop Slides
 
Web Scraping Workshop
Web Scraping WorkshopWeb Scraping Workshop
Web Scraping Workshop
 
Devops Workshop
Devops WorkshopDevops Workshop
Devops Workshop
 
Express
ExpressExpress
Express
 
HTML_CSS_JS Workshop
HTML_CSS_JS WorkshopHTML_CSS_JS Workshop
HTML_CSS_JS Workshop
 
DevOps Workshop Part 1
DevOps Workshop Part 1DevOps Workshop Part 1
DevOps Workshop Part 1
 
Docker workshop GDSC_CSSC
Docker workshop GDSC_CSSCDocker workshop GDSC_CSSC
Docker workshop GDSC_CSSC
 
Back-end (Flask_AWS)
Back-end (Flask_AWS)Back-end (Flask_AWS)
Back-end (Flask_AWS)
 
Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]Full Stack React Workshop [CSSC x GDSC]
Full Stack React Workshop [CSSC x GDSC]
 
Git Init (Introduction to Git)
Git Init (Introduction to Git)Git Init (Introduction to Git)
Git Init (Introduction to Git)
 
Database Workshop Slides
Database Workshop SlidesDatabase Workshop Slides
Database Workshop Slides
 
ChatGPT General Meeting
ChatGPT General MeetingChatGPT General Meeting
ChatGPT General Meeting
 

Recently uploaded

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Emotional Support for "48 hours of failure"

  • 1. EMOTIONAL SUPPORT FOR “48 HOURS OF FAILURE” (Dr?) Alex Dean Cybulski Research Security Specialist University of Toronto
  • 2. ABOUT ME Security research specialist University of Toronto’s Information Security Division Design strategy & policy for securing high performance computing clusters Also: Sociologist studying: information security, hacker culture and games Former prof @ the University of Toronto Mississauga: Hacker Culture CTF Team: the 212s Documentarian: Cyberwar on Viceland (2016) alexander.cybulski@utoronto.ca @adcybulski on infosec.exchange the and the evil bird platform 20XX PRESENTATION TITLE 2
  • 3. MY RESEARCH 3 In-Person CTF Competitions U.S. & Canada 200 hours of observation 100 hours of interviews w/ CTF Designers & Players 230-page research report Sim Cyberpunk: Serious Play, Hackers and Capture the Flag 20XX PRESENTATION TITLE 3
  • 4. WHY DO PEOPLE PLAY IN CTFS? 20XX PRESENTATION TITLE 4
  • 5. 20XX PRESENTATION TITLE 5 I DIDN’T LEARN ANYTHING NEW I DON’T THINK CTFS ARE FUN I SPENT 8 HOURS SETTING UP A #@$ LINUX ENVIRONMENT ON MY LAPTOP AND DIDN’T MEET ANYONE HIRING I PLACED LAST IN THE DEFCON CTF QUALIFIER
  • 7. 20XX PRESENTATION TITLE 7 • I love CTF • But it’s easy to quit when your first competition goes poorly. • CTF is so frustrating one of my interview subjects, Pawel, referred to playing in one as “48 hours of failure.” • My goal with this talk is: 1. To teach you the stories that the cybersecurity / hacking community tells itself about CTF 2. To help you push through failure & frustration & keep playing CTF
  • 8. 20XX PRESENTATION TITLE 8 • Learning, having fun and networking are stories we tell ourselves about games. In sociology we often say that play is “rationalized” we do it for a reason – we have stories for why, how and to what end we do certain things. • CTF is “serious play” which means that we have often rationalized doing something (hacking, coding, cybersecurity) that is laborious (like work), but for a specific reason (leisure, socializing, professionalization) • When those stories we tell ourselves about doing something don’t line up with our experiences doing that thing AND when play is so much like doing work, we usually stop • Why bother?
  • 9. “FUNDAMENTALLY, YOU'RE WASTING YOUR TIME WHEN YOU COULD BE READING PAPERS [LAUGHS HARD]. AND THAT'S A THAT'S A FINE WAY OF APPROACHING IT TOO. -Tony (plays in 2-3 CTFs a month) 20XX PRESENTATION TITLE 9
  • 10. WHY ARE CTFS ARE A POOR LEARNING ENVIRONMENT 2023 CTF101 10 • CTFs are fundamentally competitions • Winning is inherently rivalrous • No hints • Time-limited • The expectation is that most players will come with the knowledge they need to win • “[CTF] organizers seldom offer to prepare competitors for the event… it’s incumbent upon them [players] to acquire the skills necessary to compete well” (p. 69) – Chris Eagle • A survey of 15 “vulnerability discovery” exercises (CTFs) found that almost none satisfied basic pedagogical goals (Votipka, Zhang & Mazurek, 2021) • Challenges are heuristic • They require us to know, or figure out something for ourselves
  • 11. CTF HISTORY 2023 CTF101 11 • The term CTF was coined in 1996 at the hacker conference Defcon • But Hackers have always been making games out of breaking security controls • CTF emerges out of a culture known as the computer underground – pirates, hackers & phreakers (phone hackers) • The original CTF was more like a skateboarding contest than a game (no points, no rules, no scoreboard) • Started out as a sideshow for a LAN party • CTF was created to let hackers show off their skills 1. To impress their peers 2. And not get arrested in the process • CTF was created a time when there weren’t a lot of jobs (1990s) in information security • So CTF isn’t necessary about work and/or learning • It’s about impressing people
  • 12. CTF CHALLENGES ARE DISCURSIVE 20XX PRESENTATION TITLE 12 • CTF challenges are created by subject matter experts • These experts think that the problem at the heart of the challenge: the method/methodology for vulnerability identification is interesting or meaningful • For the most part CTFs use ‘constructed’ vulnerabilities that do not exist in the real-world • If the problems were identical to real-world ones there would be a lot of tools to automate their exploitation (Metasploit, for example) • So solving a CTF challenge involves analyzing problems using real- world methods, methodologies and software
  • 13. CTF CHALLENGES AS COMMUNICATION 2023 CTF101 13 • “CTF is really good to get you to learn about problems that need solving” – Tim • CTF challenges are about applying & demonstrating problem solving skills & techniques • Demonstrating the intellectual capital of players • To the things that other people think are meaningful (social capital) • In playing, winners demonstrate expertise, they demonstrate cultural capital – their ability to navigate knowledge • So playing in a CTF is about translating knowledge through meaningful problems to create recognition
  • 14. CTFS AS NAVIGATION & PRACTICE 2023 CTF101 14 • CTFs are a check on your knowledge of contemporaneous problems • Essentially your ability to navigate all of the knowledge that is freely produced and circulated through hacker communities • CTFs are a bad place to acquire new knowledge • But they are great for refining existing skills: • “It's just learning, getting better, getting better at all those exploitation [and] reversing tasks.” – Holden • It’s a “style of thinking” where” the tools and skills you use to solve the problem tend to be the same ones you would use to solve a real-world problem.” - Jonah
  • 15. TAKEAWAYS CTF is a game about cybersecurity, sure, but really it’s a form of communication, which translates local knowledge (intellectual capital) into recognition (cultural capital) and expertise (social capital) CTFs aren’t great for traditional learning (developing new skills) But they are good at refining skills (practice), understanding contemporaneous skills and building a culture of cybersecurity for learners. • This doesn’t mean if you want to learn you should quit and go home! • Just don’t be discouraged if/when you struggle! That’s normal. 20XX PRESENTATION TITLE 15
  • 16. THANKS & HAPPY HUNTING Alex Dean Cybulski alexander.cybulski@utoronto.ca @adcybulski www.adcybulski.com 2023 CTF 16
  • 17. WHO THIS TALK IS FOR 20XX CTF 101 17 • This talk assumes you know nothing, or a bit about CTF • But want to know more • You want to develop cybersecurity / hacking skills • I provide some critiques of CTF • But I do that to help you understand what you’ll get out of participating • My arguments are made based on observation & other people’s experiences • Blended with a little teaching theory • But it’s worth saying: your experience may vary! • The talk is largely non-technical • But CTF is mostly non-technical • Sociologists define things, they help us create meaning and understand patterns • Terms from economics, psychology and even gaming are the product of ideas sociologists created