National Cybersecurity Awareness month at Walmart Labs, India
October is the National Cybersecurity Awareness Month (NCSAM). At Walmart IDC (India Development Centre), the Information Security or InfoSec team decided to dedicate this month to spreading awareness among its associates that security is everyone’s responsibility. With that goal in mind, InfoSec founded an initiative called CtrlAltDel.
CtrlAltDel hosted various events throughout October, kicking the month off with roadshows conducted by the team on every floor of the offices in IDC during the first week. The roadshows helped the team introduce the new initiative and engage with all the associates on a personal level to set the stage for the cybersecurity awareness campaigns. On each floor, the team entered with catchy music to draw attention and build excitement, did a brief Q&A session on cybersecurity, spoke about the latest breaches and widespread cyber threats in the online world with tips to stay safe, played games like rapid-fires and gave away lots of goodies. It also announced the schedule for the events lined up for the entire month.
Next up was the tech talk #NotTheUsualSecurityGyaan by Himanshu Sharma, founder of BugsBounty.com, and a lucky draw, attended by over 170 associates. Himanshu shared his professional insights on finding security loopholes in the industry from his experiences at hacking; describing interesting business logic bypasses, bland server misconfiguration case studies, network pivoting, escalation attacks, SQL data exfiltration and many other techniques that led his team to identify vulnerabilities in the applications of famous companies.
The third week started with an InfoSec Leaders Townhall where associates got a chance to interact with the leaders from InfoSec and get all their questions answered, followed by the much-awaited Mahabharata Capture the Flag (CTF) contest. About 80 teams with 150 participants in total from all global offices participated in the CTF and write-ups contest which extended into the fourth week. The CTF was a jeopardy style contest hosted on the FBCTF platform where participants had to exploit vulnerable applications to solve the challenges in various domains of cybersecurity like cryptography and steganography, reverse engineering, web apps, networking, forensics, and OSINT (Open-source intelligence). It gained positive reviews from all the leaders and participants and had the largest ever participation in Walmart for such an event. Top 3 highest-scoring teams from InfoSec and top 4 from non-InfoSec domains were declared the winners of the CTF contest. The write-ups contest that succeeded the CTF had the top 5 best write-ups selected as winners. Winners received their prizes in the closing ceremony of the campaigns for this year, on the 26th of October.
By the end of the month, over seventy percent of the participants expressed that they would like to be part of the initiative in the future and about thirty percent of them showed an interest in joining InfoSec. The CtrlAltDel team looks forward to conducting more such events next year to reach out to a much larger audience and is already brimming with new and creative ideas. All-in-all, the team’s hard work, dedication, enthusiasm, and massive publicity on different media like WorkPlace, Slack, and emails paid off to make this event an overall success. Not only did it manage to generate lots of buzz with an element of fun but also promoted the message of the importance of cybersecurity. Cheers to the CtrlAltDel team!
