Q: How do I start a CCDC team?

A: There is no “one way” to start a CCDC team. To compete in CCDC events you will need a team of full-time students and a coach – a faculty or staff member from the college or university you represent. Some schools sponsor their CCDC teams as part of computer security clubs, student ISSA chapters, or other student organizations.

Q: I have a team that wants to compete, where do I sign up?

A: The CCDC is organized into regional events. Your team must sign up to compete in the geographic region where your college/university is located. Registration deadlines will be published on our registration page as they become available. You can find your region and the POC for your region on our map here. When you are ready to sign up, email/call the regional POC to get started.

Q: Can I modify my roster after the season starts?

A: No. Once your team has competed in your first event of the season (usually a qualifier) then your roster is locked. You can’t add or swap out people once your roster is locked. You can select different team members to compete in different events, but they all have to be listed on your submitted roster.

Q: What if someone on our roster gets sick, becomes ineligible, or can’t compete after the season has started and the roster is locked?

A: This is why you have 12 spots on the roster. Select another team member from the locked roster and keep playing.

Q: Can the Red Team delete files, stop services, or do things that would break our systems and scored services?

A: Yes. Red Teams use different tactics throughout CCDC events, but their primary goals are always to get into your systems, steal sensitive data, and then disrupt your operations. Your goal is to keep them out of your systems. If they do get into your systems, your goal is to kick them out and keep them out.

Q: I’m going to graduate a few days before the qualifier this season – am I still eligible to compete?

A: Unfortunately, no. If you graduate (i.e. receive your degree) before you compete in the first CCDC event that season, then you’re no longer eligible to compete in CCDC events.

Q: When do the “full-time” eligibility requirements apply? When our team registers or when we compete in our first event?

A: The full-time student requirement applies throughout the CCDC season (with the noted exceptions for those in their final semester and those that graduate mid-season). You must maintain all eligibility requirements to compete in any CCDC event.

Q: Why do CCDC events limit the tools we can use and filter Internet access?

A: Put simply, to create as level a playing field as possible. We want every team to have access to the same tools and to compete under the same conditions.

Q: Why do team repos get “frozen” so far ahead of competition events?

A: To give competition officials a chance to review the repo contents and ensure adherence to competition rules regarding team developed content.

Q: Are there any official training materials for CCDC?

A: No. The idea behind CCDC was to allow colleges and universities to develop their own training programs and classes. There are two older CCDC preparation guides available.

Q: How are CCDC events scored?

A: In the qualifiers, teams accumulate points by solving challenges, removing malware, addressing misconfigurations, and so on.

In the regional events, teams can earn points in two major categories – service points and inject points. Service points are awarded for operating and maintaining identified critical network services such as an e-commerce site or DNS server. Inject points are awarded for completion of business tasks delivered throughout the competition. Service points and inject points are each roughly half of the possible points available during a CCDC event. Teams can lose points for violating Service Level Agreements on critical services and for allowing the Red Team to penetrate their networks.