Tryouts

Want to join our team? Here's how!

Click here to sign up for tryouts! Deadline is September 25th, 2025.

Click here for publicly released tryouts files (slides, pre-comp inject, etc.).

Details

Try out for BYU's CCDC team on September 27th, 2025 from 9am to 5pm in room W328 of the Tanner Building. Pizza and drinks will be provided. If this date does not work for you, reach out to Justin to arrange something else (justin_giboney@byu.edu).

Tryouts will take the form of a cyber defense competition. In this competition, you will have access to four virtual machines (VMs): one Linux system, one Windows system, a Splunk indexer, and a firewall. You will be scored on how long you keep the services up on the Linux and Windows VMs.

In addition, the week before the competition and in the middle of the competition you will be given injects (or assignments) from the Chief Information Officer (CIO) asking you to perform a business task. Points will be split evenly between the defense competition and the injects.

Schedule

September 27th, 2025

Time Activity
9:00 AM Setup
9:30 AM Opening remarks
10:00 AM Competition start
12:00 PM Lunch
4:00 PM Competition end
4:30 PM Scores and red team debrief

Info Sessions / Trainings

We will be holding three info sessions and trainings prior to tryouts on Thursdays at 5pm in TNRB W328.

Date Content
Thursday, September 11th Introduction to CCDC and Injects
Thursday, September 18th Linux, Windows, and Firewall Hardening
Thursday, September 25th Threat Hunting and Competition Briefing

During the final info session, you will receive your pre-competition inject assignment and the team packet for the competition environment.

FAQ

Q. Do I need to form a team for tryouts?
A. No. Tryouts will be an individual event. Each person will be assigned a "team" number, but that team consists of only 1 person.

Q. Do I need any cybersecurity experience?
A. No. It will certainly help, but it isn't a requirement. You will learn a lot by participating and trying.

Q. How many spots are available?
A. There are at least 3 alternate slots available this year.

Q. Do I have to be a cybersecurity major?
A. No. A great team member can come from anywhere. Historically we have had team members from multiple majors.

Q. I am new to cybersecurity. Where can I start?
A. Great places to start are with one of TryHackMe's introductory learning paths and by attending one of BYU's cybersecurity clubs (e.g. Cybersecurity Student Association)

Q. How can I prepare for the competition and the team? What kinds of skills are you looking for?
A. This list is not meant to be exhaustive, nor do we expect every team member to have all of these skills. Generally, picking 1-2 areas to focus on is best.

Windows Administration
  • Know how to configure and harden Windows machines on a domain
  • Know how to work with PowerShell, group policy, and Windows Firewall and secure common Windows services like IIS and RDP
  • Be familiar with common Windows attack vectors (e.g. EternalBlue, Golden Ticket attacks, etc.)

Linux Administration
  • Know how to navigate the Linux command line to perform tasks like creating users, changing passwords, and change various system settings
  • Know how to secure common Linux services like SSH, SMTP, and FTP
  • Be comfortable working with any Linux distro and understand the important differences between them

Website Administration
  • Know common security vulnerabilities (e.g. OWASP Top 10) and mitigation strategies for websites
  • Know how to set up and configure a web server in a variety of languages and software stacks (e.g. Apache, Nginx, IIS, Flask, various PHP CMSs)
  • Know how to find vulnerabilities using tools like nmap or OWASP ZAP

Incident Response/Threat Hunting
  • Know how to read logs from both Windows and Linux systems (Windows Event Log, Linux syslog and auth.log, etc.)
  • Know how to setup and maintain a SIEM (e.g. Splunk) for centralized logging
  • Know how to find indicators of compromise (IOCs) in log files to remediate security incidents

Firewalls and Networking
  • Know how to configure a network-level firewall from scratch, especially on a Cisco or Palo Alto device
  • Know how to configure rules to minimize network attack surface (e.g. ingress/egress filtering, network segmentation, etc.)
  • Be able to understand and synthesize a network topology to accurately diagnose what traffic should be allowed/disallowed on a corporate network

Policy, Framework, and Legal Skills
  • Business writing - Know how to write professionally and to a non-technical audience
  • Laws - Know laws such as FERPA, HIPPA, and GDPR and how business should apply them
  • Best practices - Know how companies apply current knowledge, such as privacy, personal device use, and user permissions
  • Frameworks - Know how to apply frameworks for organizations, such as NIST
  • Reports - Know how to write a report of an incident

If you have more questions, please email Justin Giboney - justin_giboney@byu.edu or reach out via Discord, either in the #team-tryouts channel or by DMing anyone with the @CCDC role.