This page is a work in progress, PowerPoints will be uploaded as they are created for training sessions.
To better prepare our team for upcoming Collegiate Cyber Defense Competition (CCDC) seasons, I developed and implemented a refreshed 8-week training curriculum. The goal was to give each team member hands-on, role-specific experience while emphasizing the technical and collaborative skills essential for success during live-fire competitions.
8-Week Training Structure
Week 1: Introduction & Role Assignment
Kickoff session covering the format of CCDC, expectations, and assigning specific roles (e.g., Windows admin, Splunk lead, team captain).
Week 2: Users & Accounts
Managing user permissions, enforcing password policies, and securing group/user privileges through best practices.
Week 3: Networking Essentials
Deep dive into firewalls, port management, and configuring allow/deny lists to reinforce perimeter defenses.
Week 4: Team Building – Escape Room
A themed escape room exercise designed to challenge communication, problem-solving, and teamwork under pressure — simulating the fast-paced coordination needed during real-world incident response.
Week 5: Services & System Hardening
Identifying critical services, disabling unnecessary or malicious ones, and recognizing service-based persistence threats.
Week 6: Log Analysis
Training in event log interpretation, filtering techniques, and identifying indicators of compromise.
Week 7: Team Building 2 – Paintball
High-energy offsite event designed to simulate the chaos and coordination needed during live red team attacks.
Week 8: Live Test Environment
Full simulation of a CCDC-style event with injected threats and scoring loops to test retention and performance under pressure.
8-Week Training Structure
Week 1: Introduction & Role Assignment
Overview of CPTC structure, scoring categories, and deliverables. Roles assigned (e.g., Recon Lead, Web App Specialist, Report Writer, Client Liaison).
Week 2: Nmap & Network Mapping
Scanning methodology, identifying live hosts, open ports, services, and building network diagrams. Includes script usage and banner grabbing.
Week 3: Vulnerability Discovery
Training on using tools like Nikto, Nessus, Burp Suite, Bloodhound, or OpenVAS to identify vulnerabilities in services, web apps, and infrastructure.
Week 4: Team Building – Escape Room
A themed escape room exercise designed to challenge communication, problem-solving, and teamwork under pressure — simulating the fast-paced coordination needed during real-world incident response.
Week 5: Exploitation & Post-Exploitation
Practical exploitation of common vulnerabilities, basic shell access, privilege escalation techniques, and data exfiltration within scope.
Week 6: Report Writing
Focused session on writing professional, client-facing penetration test reports. Covers tone, formatting, evidence inclusion, and risk articulation.
Week 7: Team Building 2 – Paintball
High-energy offsite event designed to simulate the chaos and coordination needed during live red team attacks.
Week 8: Live Test Environment
End-to-end engagement in a mock enterprise environment, with real services, vulnerabilities, and a reporting deadline.