Methods
The paper analyzes two actual live international CDX events that took
place in 2018 and 2019. The exercises were created as hybrid events that
included both reporting duties to fictitious legal authorities and
real-time technical defense of operating systems. The participants,
mostly junior cybersecurity experts from the military and critical
infrastructure corporations, were split up into independent Blue Teams
(BTs), which oversaw protecting their simulated enterprise
infrastructures from Red Teams (RT). The management of attack reports,
interactions with other teams, and internal communication flows were all
observed by observers assigned to each team. Before and after the
exercises, participants were given questionnaires to gauge their
abilities, attitudes, and intended areas of development.[4]