💡[Inspiration] We did an internal Security Quest - check out how!

Last week, we set sail on an adventure that blended fun, camaraderie, and, of course, a healthy dose of cyber intrigue. The event aimed to boost our cybersecurity awareness in a fun and engaging way to complement the more “theoretical” training we have on an ongoing basis.

The format: reality meets pixels

As a hybrid company, with people working from the office and remotely in other cities and countries, we tried to be as flexible as possible in most activities so everyone could be part of the event.

We had a main online room (Google Meet) connected throughout most of the event and to our office’s main room television and camera so people joining remotely could see the office. For some specific activities, we created private online rooms where each team could strategize and scheme privately.

To diversify the skill sets within each team, we intentionally included members from different departments. It was a valuable opportunity for people who may not typically collaborate to engage in meaningful interaction.

The Quests

We tried to blend an array of challenges that tested different skills and helped teams collaborate throughout an afternoon of exciting quests!

🚩Catch the flag (CTF)

This was the main quest of the event. It ran throughout the afternoon with 23 challenges.

The collaborative energy was palpable, especially during this challenge. Teams collaborated across locations, combining their unique skills to conquer various cybersecurity challenges.

👾 Side Quest 1: Arcade game, shooting vulnerabilities

Our office echoed with the sounds of an arcade as teams took on the mission of blasting vulnerabilities off the face of the earth. It turns out, there's nothing more therapeutic than ridding the digital world of pesky vulnerabilities, one pixelated bullet at a time.

🙋 Quiz

We spiced up our monthly quiz to tease the cybersecurity brain circuits. Questions ranged from past security incidents, definitions and other trivia. As always, it sparked a fierce competition to show up on the podium. We did this by using Kahoot!

🎣 Side Quest 2: Phishing poetry

Lastly, a little wicked challenge: we asked our teams to put their creativity hat on and craft the most convincing phishing email. We then let everyone vote for the most deceiving dark art piece.

Outcome and learnings

In the upcoming edition, we will carry forward the following insights:

• Foster real-time collaboration: to enhance collaboration, next time we want to unveil the CTF challenges incrementally at scheduled intervals. In this edition, teams tended to tackle challenges individually based on their specific skills, contributing to some level of collaboration. However, our goal is to promote real-time, interactive collaboration.
• Scoring system: challenges with a more technical focus received higher rewards. Despite maintaining balanced teams, this emphasis may have influenced the overall scores. A reassessment of the points allocation could provide a fairer reflection of diverse skills and contributions.
• Timing of the event: this year's event coincided with the Christmas holiday, a month filled with various activities. For future planning, we aim to schedule the event during a less hectic as it is an excellent team-building opportunity.

Do you dare?

To fellow adventurers out there, we dare you to infuse your cybersecurity training with a splash of excitement. It's not just about defence; it's about making cybersecurity a shared adventure, a cosmic journey into the unknown. If you would like more in-depth details, like the instructions for the CTF, quiz questions, etc, feel free to message us here or in private. We are happy to share the learnings and process more in detail!