Comprehensive guidelines for cybersecurity experts serving as judges
Judges must have recognized experience in cybersecurity operations, threat intelligence, incident response, or academic instruction. Eligible judges may include CISOs, DFIR leads, SOC managers, academic faculty, or military instructors. Industry vendor representatives may also be considered with proven expertise.
Judges are expected to review anonymized team submissions and evaluate them based on a standardized scoring rubric. Participation in a 1-hour calibration session before scoring begins is mandatory to ensure fairness and consistency. All scoring must be completed within 48 hours after receiving materials.
Each team submission must be evaluated based on the following weighted criteria:
Judges must apply the rubric uniformly and provide brief comments to justify final scores.
Judges agree to maintain strict confidentiality about all challenge content and team performance data. No information may be shared outside of the judging process. Judges must securely delete all materials after scoring.
Judges must disclose any existing relationships with participating teams, employers, or individuals that may present a conflict of interest. Judges will recuse themselves from evaluating any submission where a conflict exists.
Judges are expected to act professionally, impartially, and respectfully at all times. Any judge found to be violating the integrity of the process may be removed from the panel and barred from future events.
Judges will be publicly recognized on the event website. They may also receive digital certification of participation and access to a private post-event briefing with organizers.
By accepting the invitation to judge, participants confirm that they have read, understood, and agreed to abide by the rules, responsibilities, and ethical standards outlined in this document.