# CAPTAIN PLAYBOOK ## CCDC Team Leadership Guide --- ## ROLE OVERVIEW The Captain is the **nerve center** of the team. You don't fix systems—you ensure the RIGHT person fixes the RIGHT problem at the RIGHT time. ### Your Core Responsibilities - Maintain situational awareness across all systems - Coordinate team responses to threats and injects - Make rapid decisions under pressure - Communicate with White Team - Track scoring and prioritize actions --- ## STATUS BOARD TEMPLATE Maintain this board VISIBLY at all times. Update every 5 minutes. ``` ┌─────────────────────────────────────────────────────────────┐ │ CCDC STATUS BOARD Time: ___________ │ ├─────────────────────────────────────────────────────────────┤ │ SERVICES │ │ ┌──────────┬────────┬─────────┬──────────┬───────────────┐ │ │ │ Service │ Status │ Owner │ Last Chk │ Issues │ │ │ ├──────────┼────────┼─────────┼──────────┼───────────────┤ │ │ │ Web HTTP │ ✓ / ✗ │ _______ │ ________ │ _____________ │ │ │ │ Web HTTPS│ ✓ / ✗ │ _______ │ ________ │ _____________ │ │ │ │ DNS │ ✓ / ✗ │ _______ │ ________ │ _____________ │ │ │ │ Email │ ✓ / ✗ │ _______ │ ________ │ _____________ │ │ │ │ Database │ ✓ / ✗ │ _______ │ ________ │ _____________ │ │ │ │ AD/DC │ ✓ / ✗ │ _______ │ ________ │ _____________ │ │ │ │ FTP │ ✓ / ✗ │ _______ │ ________ │ _____________ │ │ │ └──────────┴────────┴─────────┴──────────┴───────────────┘ │ ├─────────────────────────────────────────────────────────────┤ │ TEAM STATUS │ │ Windows: _____________ working on _____________________ │ │ Linux: _____________ working on _____________________ │ │ Network: _____________ working on _____________________ │ │ Inject: _____________ working on _____________________ │ ├─────────────────────────────────────────────────────────────┤ │ ACTIVE INCIDENTS │ │ 1. ________________________________________________ │ │ 2. ________________________________________________ │ ├─────────────────────────────────────────────────────────────┤ │ PENDING INJECTS │ │ 1. _________________ Due: ________ Status: ___________ │ │ 2. _________________ Due: ________ Status: ___________ │ └─────────────────────────────────────────────────────────────┘ ``` --- ## DECISION FRAMEWORK ### Priority Order (ALWAYS) 1. **Scored Services** - If it affects scoring, fix it FIRST 2. **Active Incidents** - Contain threats before they spread 3. **Inject Deadlines** - Never miss a deadline 4. **Hardening** - Only when above are stable ### Rapid Decision Matrix | Situation | Action | Who | |-----------|--------|-----| | Service down | Restore immediately | Service owner | | Active attacker | Contain (block IP, disable account) | Network + affected owner | | Inject received | Assign to Inject person, set timer | Inject lead | | Unknown process | Document, isolate if suspicious | System owner | | Team conflict | Captain decides, move on | Captain | --- ## COMMUNICATION PROTOCOL ### Status Check (Every 5 Minutes) ``` Captain: "STATUS CHECK" Windows: "[Name], Windows stable / issue with [X]" Linux: "[Name], Linux stable / working on [X]" Network: "[Name], Network stable / blocked [X]" Inject: "[Name], Inject [X] at [Y]% / need help with [Z]" ``` ### Change Announcement (Before ANY Change) ``` Member: "CHANGE: [What] on [System] for [Why]" Captain: "ACKNOWLEDGED, proceed" Member: (makes change) Member: "CHANGE COMPLETE: [Result]" ``` ### Incident Alert ``` Member: "INCIDENT: [Type] on [System]" Captain: "ACKNOWLEDGED. [Name] contain, [Name] assist" "Network: block [IP/account]" ``` --- ## FIRST 15 MINUTES CHECKLIST As Captain, ensure these happen in order: ``` □ 00:00 - Receive competition packet from White Team □ 00:02 - Distribute network topology to team □ 00:03 - Assign systems to owners (have backup assignments ready) □ 00:05 - Confirm everyone can access their systems □ 00:07 - Status board initialized with all services □ 00:10 - Verify scored services are functional □ 00:12 - Confirm password changes are starting □ 00:15 - First full status check complete ``` --- ## INJECT MANAGEMENT ### When Inject Arrives 1. Read it completely (30 seconds) 2. Identify: Who can do this? What's needed? 3. Assign to Inject person OR split if complex 4. Set visible timer for deadline 5. Check in at 50% time remaining ### Inject Priority - **15 min deadline**: Drop everything - **30 min deadline**: Start immediately - **60+ min deadline**: Can queue, but assign now ### Quality Standards - Answer ALL parts of the inject - Professional formatting - Proofread before submit - Submit 2-3 minutes early (buffer) --- ## INCIDENT ESCALATION ### Level 1: Single System Issue - Owner handles - Inform Captain - Document in change log ### Level 2: Multi-System / Spreading - Captain coordinates response - Pull additional resources - Consider network isolation ### Level 3: Critical Infrastructure (DC, all services) - ALL hands on deck - Injects pause if necessary - Contact White Team if rules unclear --- ## TEAM MORALE ### Under Pressure - Stay calm—your tone sets the team's tone - Clear, short commands - "Good work" when things go right - "Next task" when things go wrong ### When Things Break - "We expected this. Execute the plan." - Assign specific actions to specific people - Don't blame—fix and move on --- ## END OF COMPETITION CHECKLIST ``` □ All services verified running □ Final inject submitted □ IR reports submitted □ Change log complete □ Thank White Team ``` --- ## CAPTAIN'S MANTRA > "I don't need to know everything. > I need to know WHO knows everything. > And I need to keep them focused." --- *CCDC.x1000.ai - Championship Training*