.Hosting our first AWS Security GameDay - Secure Legends

AWS describes the GameDay concept as followed:

A GameDay is a collaborative learning exercise that tests skills in implementing AWS solutions to solve real-world problems in a gamified, risk-free environment. This is a completely hands-on opportunity for technical professionals to explore AWS services, architecture patterns, best practices, and group cooperation.

This sums up the general concept quite well, but does it reflect the actual experiences made during GameDay itself? Probably not! It does not reflect the feeling when you finally reach the Top 3 of the Scoreboard after 2 hours of coding and bug fixing, the disappointment of moving out of the Top 5 last minute, the intensity, learning, and fun during the 3 hours of solving real-world problems or the ambition to finish the remaining tasks which couldn't be solved in time.

Our team participated already in several GameDays and honestly even though I haven’t been participating in one of them myself, just following my teammates moving up the scoreboard, landing in the Top 5, just jumping out of it within the last second was more exciting and heartbreaking then following the World Cup final. As this time we also hosted our first Game Day ourselves we wanted to share some insights from behind the scenes and encourage everyone to take part in these kinds of events or even host them yourself. So let’s goooo!

Organization:

Technical Specialisation

There are multiple formats, so we had to make the first decision. We decided to host the AWS Security GameDay - Secure Legends. That means of course it was all about security and therefore highly focused on solving real-world security incidents and vulnerability-related tasks in the areas of:

• Credentials Management
• Data Classification and Protection
• Forensics Analysis
• Infrastructure Protection
• Vulnerability Management

Level 200 vs. Level 400

Of course you also need to decide on the difficulty level of the GameDay. Choosing Level 200 might be too easy, Level 400 might be to challenging. Best practice is a small pre-run within the organization team. In our case, our AWS Solutions Architect David and Rainer from AWS played through the GameDay themselves a few weeks prior. First of all to get an understanding of the tasks and difficulty level, but especially also to be ideally prepared to support on the event day itself. Based on this dry run we decided to go with Level 400, rather having the participants sweating a bit more and not finishing all the tasks in time, than being bored and finishing everything after 1.5 hours.

Team registration vs. individual registration

Next thing you need to decide on is whether you allow registrations as a full team or only allow individual registration, so the teams will be randomly formed on the event day. Participating as a team can be a great opportunity for team-building. Random selection of teams can lead to more diverse teams, with a mix of backgrounds, skills, and perspectives. Furthermore, it can encourage to network and meet new people, potentially leading to new connections. Both offer their benefits.

There are also mixed possibilities, i.e. to sign up for a GameDay as a team that is from the same company but maybe not always working that closely together, because you are working in different departments or projects. In our company, we have GameDays implemented within our Training Program, as this offers a great opportunity to challenge your skills against other teams. All of these variations mentioned above have one thing in common, and that's teamwork. It is important to decide on one path because it might be not totally fair to compete as a random team just getting to know each other while playing against a team, which is working together for 3 years. This time we decided to have the event more community focused and therefore went with the individual registration.

Remote vs Onsite vs Hybrid

Hosting the GameDay fully remotely gives you as an organizer and also the participants a lot of flexibility. A GameDay is usually a half-day event. Hosting the event virtually gives participants the possibility to integrate that GameDay into their workday without the need to take a full day off, especially when they are not living in this city. On the other hand, the vibe and atmosphere you have when being onsite, are hard to replace, so I highly recommend visiting at least some of those events onsite. In our case, we found the best solution to be a Hybrid model. This might especially be a good idea if you have people from different cities or even countries, or if your office might not have the capacity to host 24 people respectively 6 teams.

Who is Participating?

The last major decision you need to make is, how you get the participants on board. You can go on different paths, invite talents individually, share the event on specialized channels, or even promote it publicly. All options are valid, but in our case, as we decided to have random teams, we also decided to go with private invitations and specialized channels. One of the greatest aspects of this setup is that you connect with new people and share ideas and experiences. I love that you can learn from more experienced people, complement each other perfectly because of different technical strengths, or also mentor less experienced people. Also, I am a big fan of challenging yourself. But it's also important that the teams are balanced, that the experiences are matching, and that every team member can contribute a valuable part to the team effort. So, therefore, a more individual selection reduces the risk of having participants with too much different experience levels. As a Best Practice, I would say, the more specialized and advanced your event is, the more individualized the invitation process should be. In our case, we invited talents from the community with a Golden Ticket.

Secure Legends

Team Setup

We ended up with more than 30 people registering for the GameDay remotely or onsite. As usual, sometimes you have an urgent appointment or short notice meeting or you get sick on the day of the event. So you should always plan with more registrations than you can actually host because not everyone will attend. That means we ended up with 22 people participating, which resulted in 6 Teams. 4 people joined on-site, which was quite cool to have one team working directly from our office.

Some people not showing up make the team selection preparation not easier. But a bit of preparation and improvisation helps a lot.

The most important decision of your life

Let's get ready to rumble! The event started with a rundown of the rules and objectives of the game. Once everyone had their hands on the keys to their temporary AWS Accounts, the game was officially a go! But first, every Team had to make a tough decision.

"Naming things is hard. You know what’s harder? Not naming things." - Rob Pike, computer programmer and co-creator of the Go programming language.

Eventually, we solved this struggle, and every team came up with a nice name.

The technical challenges & final outcome

With the game underway, each team put on their best hacker hats to uncover and fix security loopholes within a pre-set environment. These challenges spanned from debugging code and reconfiguring firewalls to executing security forensics.

As we did this GameDay in cooperation with AWS we also had great event support for each team, to assist with technical challenges, hints, or blockers. Therefore we had two AWS experts supporting remotely and 2 AWS experts + our AWS Solutions Architect David on site for additional support.

Time flies, when fixing security issues while seeing other teams climbing the scoreboard. But the beauty about GameDays is, it can change quite quickly. You can be in last place after 1 hour and still finish first. So in our case, it was a tough race, with ongoing ups and downs. Especially some positions were highly competitive. But in the final phase, one team secured the top spot and emerged as the final winner. Congratulations Guitar Heroes! It's always nice to have some sort of souvenir for such events, so besides a Certificate of attendance which every attendee received, we also prepared this 3D-printed Trojan horse as a small prize for the winning team.

Key Takeaways from hosting a GameDay

Participating in a GameDay is more than winning

We knew that already before but it got proven once more. Attending a GameDay is not about winning only. Of course, it always feels nice to win and it brings some intensity to it. But being part of a GameDay means, challenging your current skills, learning something new, exploring new perspectives, getting out of your comfort zone and in touch with other talents from the community, and most importantly having fun!

The Beauty of Onsite Events

We often attend events online and the possibility of attending conferences, meetups, or GameDays independent from where you are located is amazing. But the vibe of onsite events is unique. The moment all 4 team members + 1 AWS expert, standing in front of one little laptop screen, scratching their heads and wondering what's missing or the happiness when you solve one task and see live on the screen how you move up the ladder is incomparable. But one additional major difference is the time after the event. In our set up we had ordered lunch for the whole team and had some fun conversations. Some were off-topic and some still centered around the GameDay and how the remaining tasks could have been finished. Our participants even had the chance to have a small ask-an-expert session for their own architecture with one of our AWS experts, which ended up drawing architecture diagrams on our glass walls.

I don't want to say virtual events are less valuable, but we should definitely keep the spirit of organizing and visiting on-site events, to experience these unique moments.

Not everything needs to be perfectly organized

Keep in mind, not everything can always go as planned. Some unexpected things or small slip-ups can always happen. That can be a disconnected microphone or streaming camera, more time needed for team separation than expected, or an unexpected google meet setting making the jump from AWS experts between break-out rooms unnecessarily complicated. As long as they don't contradict the GameDay performance of each team, and you can somehow solve them, it's fine. And it makes the whole event authentic.

It was a lot of fun to organize the event and also to see the engagement from talents during this GameDay. We will definitely be back in future GameDays, both as participants and organizers! Cheers!