STRATIS Engineers Play Capture the Flag to Strengthen Security Measures
by Chandler Reid and Yuzuka Akasaka
4 minute read
With building a platform that is installed in 315,000 apartment units, training a security-oriented team is critical to data privacy and the security of our users. STRATIS continuously strives to improve security measures through both external and internal means, such as by being the first and only MultiFamily IoT platform to successfully complete a SOC 2 audit and also having undergone rigorous security penetration testing by third parties. This is why a few weeks ago, the STRATIS security team performed its semiannual cybersecurity Capture the Flag (CTF) exercise with the entire engineering team.
This two-part exercise included an initial security training and then the all-day CTF event a week later. Since the training introduced new material, there was a week between the training and competition to allow engineers to ask the Security Team questions and to research on their own.
The event was set up to make hacking more tangible than if only explained through a 2-hour lecture. As the training and CTF were relatively short, they reinforced the idea that if these engineers could discover and exploit vulnerabilities in this short period of time, imagine what a hacker with infinite time could do.
One of the motivations for CTF was to mix up the engineers in terms of both teams and skill level to encourage collaboration between people who typically do not work side-by-side. This gave newer engineers the opportunity to shine and more senior developers the chance to mentor and coach.
The teams used Google Gruyere as a training tool, and a variation of OWASP Juice Shop, a purposefully vulnerable web application. CTF became competitive very quickly. The winning team, named Old Town Code, ordered shirts to celebrate their victory the following day.
(On the left, Adelaide prepares Nima for competition. Above, the winning team, Old Town Code, proudly poses with their shirts commemorating their victory.)
As STRATIS is a small (and mighty!) team, it’s challenging for the security team to be able to catch every security-related issue. Training all engineers to have more of a security-first mindset is important in ensuring everyone’s awareness of best security practices while developing new and impactful features for our clients.
STRATIS’ CTF was an incredibly successful initiative in educating the engineers about cybersecurity in an engaging and hands-on way. Future Capture the Flag exercises will include identifying and resolving different types of security risks, as well as adding in different activities to better serve various learning styles.
STRATIS is an Inc. 5000 “Fastest Growing Company in America” and an Entrepreneur 360 “Best Company in America.” STRATIS enables smart apartments and intelligent buildings and is the only platform of its kind built for the complexities of multifamily and student housing. Since launch, STRATIS has installed in 300,000 apartments across the U.S. and more than 15,000 internationally. To get more information visit: STRATISIoT.com.