Methods
The paper analyzes two actual live international CDX events that took place in 2018 and 2019. The exercises were created as hybrid events that included both reporting duties to fictitious legal authorities and real-time technical defense of operating systems. The participants, mostly junior cybersecurity experts from the military and critical infrastructure corporations, were split up into independent Blue Teams (BTs), which oversaw protecting their simulated enterprise infrastructures from Red Teams (RT). The management of attack reports, interactions with other teams, and internal communication flows were all observed by observers assigned to each team. Before and after the exercises, participants were given questionnaires to gauge their abilities, attitudes, and intended areas of development.[4]