A Communal Learning Approach,
Amplified By COVID
Quickbase sought to train their development teams on security but also wanted to build comradery given their remote office structure and further isolation due to COVID-19. They previously used training videos, but that didn’t get teams engaged – so they decided to give CMD+CTRL cyber range a try.What follows is their experience in the words of Software Engineering Manager Kunjan Kshetri:
24 hours of
hacking, friendly
competition, and
learning
We have teams in three time zones:
Salt Lake City, UT, Cambridge, MA, and Sofia, Bulgaria. To avoid scheduling conflicts, we ran a 24-hour event. We told teams they’d be hacking a real Web application built on similar technology to what they used every day. We didn’t have to twist arms to get people to
participate because that setup immediately resonated. They squeezed in as much learning and hacking as they could, some all night long. The cyber range experience made security real, enabling the following benefits:
Team play enhanced engagement
Security Innovation suggested that we play in team mode and I’m glad we did. It encouraged
collaboration and friendly rivalry. It also reduced the apprehension from junior software developers and allowed them to be mentored by tech leads.
Real-time elements increased stickiness
Automated scoring, the live scoreboard, and remote support kept the pace going. We used the built-in reports to monitor the challenges that weren’t getting attention and provided hints. Engineers learned from their teammates and kept a close watch on other teams, which really pushed them to keep trying and learning.
Hands-on activities motivated continued learning
When we disabled the platform we got a lot of requests to keep it going. Engineers were hacking to learn, not to win prizes. Even after the event, the players were exchanging tips on what they did, continuing their own education.