← Back to all posts
Competition

What I Learned Competing at National CCDC

Advancing to the national stage of the Collegiate Cyber Defense Competition was an unforgettable experience. Here are the lessons I brought home.

Maggie Trowbridge
Maggie Trowbridge
February 15, 2026 · 10 min read
CCDC GRC Compliance Team

In this article

  1. The Road to Nationals
  2. Pressure and Preparation
  3. GRC at Nationals
  4. Key Takeaways

Competing in the Collegiate Cyber Defense Competition at the national level was one of the most intense, rewarding experiences of my cybersecurity journey so far. Our team from Indiana Tech earned our spot by winning 1st place at MWCCDC 2025, and what followed was an incredible test of technical skill, teamwork, and composure under pressure.

The Road to Nationals

The journey to Nationals didn’t start on competition day — it started months earlier with weekly practice sessions, late-night lab work, and a team that was committed to improving every single week.

As the Governance, Risk, and Compliance Lead, my role was to ensure our team had the documentation, policies, and compliance artifacts ready to go. But beyond GRC, I also co-led our offensive security practice sessions, which gave me a unique perspective on both sides of the security equation.

Our preparation included:

  • Weekly team practices covering blue team defense, incident response, and GRC documentation
  • Offensive security drills to understand attacker methodologies and improve our defensive strategies
  • Mock competitions that simulated real CCDC scenarios
  • Policy template development so we could rapidly deploy compliance documentation during competition

Pressure and Preparation

Nothing quite prepares you for the adrenaline of competition day. The clock is ticking, the red team is probing your defenses, business injects are stacking up, and your team needs to maintain services while simultaneously hardening systems.

What I learned is that preparation beats talent under pressure. The teams that succeed aren’t necessarily the most technically gifted — they’re the ones who have practiced their processes until they’re second nature.

Communication was everything. We established clear roles, used structured communication channels, and had escalation procedures for when things went sideways. And things always go sideways.

GRC at Nationals

One thing that sets top-performing teams apart at CCDC is their GRC game. While many teams focus exclusively on technical defense, the scoring rubric includes significant points for:

  • Responding to business injects professionally and completely
  • Maintaining proper documentation of changes and incidents
  • Demonstrating that security decisions align with organizational policies
  • Communicating with “management” (the judges) effectively

My role involved rapidly drafting incident response reports, security policy documents, and compliance assessments — all while the rest of the team was in the trenches defending our network. It was challenging, exhilarating, and incredibly fulfilling.

Key Takeaways

If you’re considering competing in CCDC or any other cyber competition, here’s what I’d tell you:

  1. Start early and practice consistently — Skill is built over time, not overnight
  2. Don’t neglect GRC — It’s a differentiator that many teams overlook
  3. Communicate, communicate, communicate — Technical skills mean nothing if your team can’t coordinate
  4. Embrace the pressure — Competition environments teach you to perform when it matters most
  5. Build relationships — The connections you make through competition are invaluable

Our journey to Nationals wasn’t just about winning — it was about growing as professionals, learning to work as a team, and proving that we belong at the highest level of collegiate cybersecurity competition.

I’m incredibly proud of what we accomplished, and I can’t wait to see what comes next for the Indiana Tech Cyber Warriors. 🛡️

← Back to all posts Next: Why Every Cybersecurity Professional Needs... →