Software Engineering Institute

Capture-the-flag events remain one of the most popular ways to learn new skills in the information security field, but how do you securely deploy and monitor a competition that is designed to be hacked?

This talk will demonstrate how running CTF events are an exercise in applied DevSecOps practices. From threat modeling the attack surface to building hardened containers and monitoring resource utilization, we will cover how to approach running competitions that are meant to be hacked while maintaining the security of your core infrastructure and ensuring competitors enjoy the competition.