// Training Architecture

Four-Week Battle Plan

Transform from CTF players to enterprise defenders. This intensive program has been refined through championship-winning teams.

“From knowing how to do things, to knowing how to fight.”

CCDC is not CTF. CTF trains problem-solving; CCDC trains enterprise operations under fire—team coordination, business continuity, documentation, and rapid decision-making.

// Training Dimensions

Four-Dimensional Framework

Comprehensive training that covers all aspects of CCDC competition.

Platform

Windows, Linux, AD, Network, Web, DB

Operations

Monitoring, IR, Forensics, Recovery

Business

Injects, Policies, Reports, Briefings

Team

Roles, Rhythm, Handoffs, Retrospectives

// Week by Week

Training Schedule

Detailed breakdown of the four-week intensive program.

Foundation Week

From CTF mindset to enterprise defense

Focus: Asset inventory

Day 1-2

Asset & Service Mapping

Complete asset inventory in 15 min
Service priority classification
Network topology documentation

Day 3-4

Role Assignment

Define 8-person team structure
Practice role handoffs
Communication protocols

Day 5-6

Template Training

Inject response templates
IR report format
Captain status board

Day 7

Week 1 Retrospective

Role assignment finalization
Template refinement
Gap analysis

Week Deliverables

Finalized team rosterAsset inventory templateService priority frameworkInitial inject templates

Detection & Response

Building detection capabilities

Focus: Log analysis

Day 1-2

Identity Anomaly Detection

Brute force simulation
Credential theft indicators
Privilege escalation signs

Day 3-4

Lateral Movement Detection

PsExec/WMI patterns
SSH tunneling indicators
Cross-host correlation

Day 5-6

Configuration Change Detection

Account creation monitoring
Scheduled task alerts
Service modification tracking

Day 7

Week 2 Retrospective

Detection playbook creation
Triage process refinement
Tool optimization

Week Deliverables

Event classification guideIncident response checklistTimeline templateDetection scripts

Full Team Operations

Parallel operations under pressure

Focus: Multi-tasking

Day 1-2

Service + Inject Parallel Ops

Maintain scored services
Handle business injects
Document all changes

Day 3-4

Red Team Simulation

Live attack simulation
Detection and response
IR report generation

Day 5-6

Pressure Testing

Multi-incident handling
Captain-only coordination
Decision under uncertainty

Day 7

Week 3 Retrospective

Rhythm optimization
Communication refinement
Stress management

Week Deliverables

Operational rhythm SOPEnhanced role handoffsInformation dashboardPressure management guide

Competition Readiness

Final preparation and polish

Focus: Full simulation

Day 1-2

Full Competition Simulation

4-8 hour mock competition
External evaluators
Complete scoring

Day 3-4

Weakness Remediation

Address identified gaps
Skill-specific drills
Template optimization

Day 5-6

Materials & Prep

Print all materials
Equipment check
Final walkthrough

Day 7

Rest & Mental Prep

Light review only
Early sleep
Team bonding

Week Deliverables

Competition materials packFinal team assignmentsEmergency contactsMental readiness

// Team Organization

Recommended 8-Person Structure

Optimal role distribution for CCDC competition.

Captain

Coordination, decisions, external comms

Windows/AD Lead

AD, GPO, authentication

Linux Lead

Services, web, databases

Network Lead

Firewall, monitoring, IDS

IR Lead

Incident response, forensics

Inject Lead

Business tasks, documentation

Support 1

Windows/Linux backup

Support 2

Network/IR backup

Ready for Game Day?

Download the complete Game Day Playbook with checklists, templates, and quick reference guides.