Opinions on Cyberpatriot

Alright, so I decided to do Cyberpatriots last year and it was actually the most boring thing I have ever done in my life. It was basically 6 hours of configuring settings on these Ubuntu and Windows virtual machines and I really didn't feel like I learned that much. It pretty much involved downloading anti-viruses to clean up your computer, deleting Games, configuring password strengths, ect…

I might be missing something though, so I'd like to ask you guys on your experiences and whether Cyberpatriots a good way to learn Cybersecurity essentials.

I enjoyed doing it when I first started getting into all of this. I think the forensics questions were the fun part of it for me.

Yeah I agree, the forensics were certainly the most enjoyable part.

I think CyberPatriot caters to a different class of "hackers" than those who generally would frequent a site like this. In my mind, there are (at least) two fundamentally different paths you can take with a career in security. You can be either the person using metasploit, or the person creating the metasploit modules. CyberPatriot looks to create and train more of the former class- using the tools, preventing the tools from being used against you, and doing everything in a realistic environment. However, what it doesn't teach you, is how the breaking-in works under-the-hood. You can learn how to recognize sqlmap from wireshark logs, or you can learn how sqlmap does what it does so you don't have to use it.

I guess what I'm saying is this: CyberPatriot is either a very good way to learn about a specific corner of security, or a very good way to turn people away from all things security-related because it bills itself as something that it's not. If it didn't interest you, it didn't interest you. Those aren't necessarily the only essentials to learn.

This was meandering and probably not very helpful. Let me know if you've got any other questions.

• futility

Totally Agree. I felt like Cyberpatriots was definitely more like a "system administrator simulator". You learn good security practices that are important for anyone managing a network but you don't actually understand what a malicious hacker would do if you don't cover up the vulnerabilities. I guess some people could find that kind of stuff really appealing though but it's really not my kind of stuff.

I would call it more of a securing competition unless you get to the pcdc level when you do offense

julabarton wrote: I would call it more of a securing competition unless you get to the pcdc level when you do offense But still, at least from my perspective, that "offense" translates more directly to "how well can you use metasploit" or "how quietly can you move around in a system once you've been white-carded in". Again, useful and interesting to some, just don't get the idea that that's the end-all goal for security-related learning. If you want more practice with near-real-world exploitation, check out some of the many CTF exercises that run over the course of the year. Lots of cool things to learn.

• futitliy