Friday, April 2, 2010

Poke in the Eye to SANS and CISSPs in Defcon 18 CTF Announcement

From the Defcon 18 CTF contest announcement at

"This isn't CTF like your mama used to make. Level 1 questions make CISSPs turn red, Level 2 make SANS Fellows cry in frustration, Level 3 are typically only answerable by sheep of above average barnyard intelligence, you get the idea."


"Those with SANS certs need not apply. CISSPs are right out".

Two things spring to mind:

1). The organization putting on Defcon 18's CTF is "Defense Diutinus Technologies Corp (ddtek)". My understanding is that ddtek is really Chris Eagle's Naval Postgraduate School CTF team. The Naval Postgraduate School team are the ones that have dominated Defcon CTF the past few years by being extremely bright and capable, but also by sending 25+ person teams to help overwhelm the competition with their sheer numbers when other teams are sending around 8 people each.
2). Defcon is run by Black Hat. Those expensive pre-conference Black Hat training courses are for beginners just like SANS' courses. SANS training and certifications do have their place - for those new to security or wanting a introduction to a topic. There a lot of people who have CISSPs and SANS training and certifications maintaining and defending the same networks that "ddtek" employees and graduates work on.

So Naval Post Graduate/ddtek, please don't insult those folks. We need everyone from the elite people that you train down through the rank and file feeling respected, happy, and productive.

email: david @

No comments:

Post a Comment