Embedding a security mindset without teaching it
It’s just a matter of IT, isn’t it?
I believe everybody agrees on the importance of security. But, have you thought about security today? Have you thought about security in the previous week? And if so, how often do you think about it? Most people tend to ignore this topic not only during their daily work but also in life. Or have you ever thought about the security of the mall during your last shopping trip or about the security of a payment service you just used as you bought the tickets for your favorite band concert?
It is common that people do not think about security all day long – and it is good that they do not do so. But when it comes to your professional environment, you must always think about security to protect yourself, your colleagues, your employer and also customers against the Cybercrime’s $6 Trillion Price Tag.
“Cyber-Security is much more than a matter of IT.”
It is crucial for being successful in regards to cybersecurity to understand that cybersecurity, or IT security, is much more than a matter of the IT department. It is a matter for everyone.
Employees should play more
Many companies like Google and Facebook are using CTF competitions as a way to strengthen the relationship with security researchers, white hat hackers and the security community as a whole. While we consider this relationship to be essential, we believe CTF has the potential to play an even more important role within any company. We see CTF as an instrument to bring security awareness and security knowledge to our employees; and to show them that security is more than a topic they have to care about because of compliance regulations.
To make the SAP ecosystem more secure, we strongly believe that you and your colleagues should play more. Sounds like a silly proposition, but it is exactly what we are proposing to our employees at SAP with our unique Capture the Flag approach. Our intention is to demonstrate that security is a topic for everyone and that every employee has a stake in keeping our company and our customers secure. And with this our first challenge is to show everyone that everyone can succeed in security.
“Unmanaged frustration is the biggest risk while playing CTF”
A CTF Mentor
One of the main barriers for learning about security is the flat learning curve. In this sense, it is essential to keep everybody within an adequate frustration level. In order to make everybody feel successful while learning security some people need a very high frustration level in order to be motivated to keep on playing, others need a moderate or low level of frustration. The key to CTF’s success is to cope with different expectations and to manage the frustration level of every participant. This is one of the biggest responsibilities of our CTF Mentors.
Playing CTF can go much further than any traditional security training as a tool to build a security culture within a company. Our experience with running CTF shows that with every single challenge participants play and manage to solve, they not only acquire new knowledge, but also foster a positive emotion towards the security topic itself. And by challenging our employees, we at SAP embed a security mindset in our employees without actually teaching it.
It is also important to highlight that even if competition plays an important role in a CTF event, this is not the only key aspect. Even if participants can play by themselves, the social aspects built in the game favors the formation of teams and the exchange of knowledge. Therefore, more than a competition, SAP’s CTF is an opportunity to meet people and talk about different security topics and practices.
A Radically Different SAP TechEd 2018
After years of experience with playing CTF and thousands of participants inside of SAP, we are happy to share our vision of a experiential yet collaborative learning approach with our customers and partners during this year’s SAP TechEd Las Vegas, a radically different SAP TechEd. Our Capture the Flag will be available for all participants of SAP TechEd Las Vegas from September 21st until October 5th.
To register to our CTF platform please follow this link: Click here!
Note: Please use the same email address you have used to register for SAP TechEd Las Vegas. If you are not able to register or experience any issue, please contact your Camp Counselors Elton Mathias and Philip Engelmartin.
Besides of the online platform, we will also provide onsite guidance between October 2nd and October 5th during SAP TechEd Las Vegas. You will have the opportunity to talk with our CTF Mentors, named Camp Counselors, to get further support and guidance, exchange impressions or have a quick chat about security topics. Just pass by our booth at the Developers Garage area and look for staff members wearing a black shirt with our Capture the Flag icon on the front:
For those coming to see us, you will also enjoy onsite challenges – so stay tuned!