I have been asked “Why do you focus so hard on InfoSec Challenges?”
I started looking into how to get better technical skills in Information Technology and Information Security. As a child of the gaming generation, I ended up looking at Gamification of Learning, or learning through playing a game. When kids learn to type, they play Mavis Beacon Teaches Typing or something similar. That type of game convinces you to want to learn to type properly. The reason games are used is winning and competition drives and motivates people. InfoSec folks tend to be gamers as much as small children; We love challenging ourselves.
UC Berkeley ran a Starcraft class to link the game thinking to Finance
Many Professional Starcraft players end up working in Finance and excelling
SANS utilizes NetWars environment to supplement their classes
SAIC created the CyberNexs environment
iSight Partners created the ThreatSpace environment
InfoSec Challenges motivate us because at our hearts, we are games, but additionally they challenge us and give us the ability to be competitive with our peers. After most of the challenges, participants do write-ups on the questions. These write-ups allow others to learn how to solve the challenges and/or different ways to solve the same problem. The best challenges have multiple paths to find the correct answer, and sharing the pathways allows others to get insight into a teams techniques and thoughts.
I targeted InfoSec Challenges as my vehicle for learning, because it motivates me to learn and research. As I played, I realized that each challenge has difficulty describing how their challenge functions. Additionally when attempting to start players these challenges, it is very difficult to understand. To help new players to these challenges, I started a wiki to help detail the competitions, share the research I did on different challenges, and share write-ups in one location. I also started a meetup at Unallocated Space to discuss and work through challenges and eventually as a testing ground for my own challenges.
Gamification is the future of learning Information Security. It takes more time, creativity, and generally money to create, but it gives the participants a better understanding of what they are trying to learn. It always comes down to the player to make the most of the experience.