L.O.C.K. S.T.A.R. Rules and Guidelines

Application Process: Step-by-Step

Step 1: Prepare Your Proposal

Before you submit, ensure you can answer these questions with concrete specificity:

Required Elements:

• What threat actor, campaign, or security challenge will you investigate?
  • “Ransomware groups”
  • “LockBit 3.0's infrastructure evolution between Q3 2024 and Q1 2025”
• What specifically will you track, analyse, or investigate?
  • “Infrastructure”
  • “C2 server patterns, domain registration timelines, and hosting provider pivots”
• How will you conduct this research? What tools and methodologies?
  • “OSINT techniques”
  • “Passive DNS analysis using SecurityTrails, WHOIS correlation, SSL certificate tracking via Censys, and TTP mapping against MITRE ATT&CK”
• Why does this matter? What's the defensive impact?
  • “To understand threats better”
  • “To enable defenders to proactively block emerging infrastructure and identify early warning indicators before deployment”
• What format will your contribution take?
  • Technical blog post with step-by-step methodology
  • Conference workshop with hands-on exercises
  • Training module with reproducible techniques

Step 2: Submit Your Proposal

Email [email protected] with:

1. Brief introduction (2-3 sentences) + LinkedIn profile
2. Your area(s) of expertise (be specific about your background)
3. Detailed research proposal addressing all required elements above
4. Intended contribution format and estimated timeline

Quality expectations:

• Minimal AI-generated content (we can tell)
• Clear, professional writing
• Demonstrable subject matter expertise
• Realistic scope and timeline

Step 3: Review Process

We evaluate proposals based on:

• Originality — unique perspective or methodology, not rehashing existing content
• Educational value — practical takeaways others can apply
• Ethical practices — lawful, responsible research methods
• Depth — training-level detail, not surface-level overview
• Community impact — advances collective resilience

The bar is exceptionally high. Most proposals will not be accepted. This is by design—LOCK STAR recognition is earned, not given.

Step 4: Create & Deliver

If accepted, you will:

• Develop content to training material standards (comprehensive, reproducible, step-by-step)
• Collaborate with Ransom-ISAC on hosting and publication
• Receive recognition as a LOCK STAR contributor
• Co-own the content (shared between you and Ransom-ISAC)

What NOT to Do: Common Mistakes

Vague Proposals Will Be Rejected

• “I want to research ransomware infrastructure”
• “I'll analyse threat actors using OSINT”
• “I plan to study cryptocurrency in cybercrime”
• “I'll present on incident response best practices”

Surface-Level Content Is Not Eligible

• High-level overviews or summaries
• “Top 10 tips” style content
• Conference talks that don't provide reproducible methods
• Blog posts that showcase results without explaining methodology

Prohibited Activities

• Publishing details of ongoing investigations
• Unlawful scanning, exploitation, or unauthorised access
• Content obtained through illicit means
• Political commentary or biased analysis
• Offensive, discriminatory, or harmful language
• Sensationalism or fear-mongering

Insufficient Depth

• “I used Shodan to find exposed systems” (everyone knows this)
• “I correlated Shodan data with certificate transparency logs and BGP routing changes to map adversary infrastructure migration patterns, revealing a 14-day average setup-to-deployment timeline”

Candidate Responsibility & Representation

• Self-driven contributions: You are responsible for proposing, developing, and delivering your own content
• Content co-ownership: Full content hosted on Ransom-ISAC; ownership shared between Ransom-ISAC and contributor
• Independence: LOCK STAR recognition does not imply endorsement or liability by Ransom-ISAC for any activities
• Employer alignment: Ensure compliance with your employer's policies and obtain necessary permissions

Acceptable Contribution Types

• Technical Write-ups: In-depth, training-level documentation with reproducible methodologies
• Conference Workshops: Structured learning sessions with hands-on components
• Presentations: Deep-dive talks that go beyond overview slides
• Training Modules: Educational content others can use to develop skills
• Community Engagement: Active, substantive contribution to the infosec community via Ransom-ISAC

Standards for LOCK STAR Content

• Training-level detail: Readers should be able to follow step-by-step and replicate your approach
• Originality required: Unique perspective, methodology, or finding—not repetition of existing work
• Content engineering: Clarity, reproducibility, and transparent methodology
• Applied learning: Practical takeaways for defenders to use in their own work
• Comprehensive documentation: Tools used, commands run, decision points explained, findings contextualised

Rules of Conduct

• Political neutrality required
• No details of active investigations
• Lawful and ethical practice only
• Legitimate research methods exclusively
• Respectful, professional communication
• Objective, unbiased presentation
• Community-first educational approach

Recognition

Recognition as a LOCK STAR is awarded based on:

• Quality of research and presentation
• Originality and innovation
• Depth and educational value
• Community impact and practical applicability

Both individual and collaborative efforts are eligible, provided they align with these guidelines.

Questions?

Contact: [email protected]

More information: https://www.credly.com/org/ransom-isac/badge/lock-star-2025-26

Remember: This is not a participation award. LOCK STAR recognition represents the highest standard of cybersecurity research and education. Come prepared with exceptional work.