Oct 3, 2018 2 min read

CTF FTW

CTF's are a great means to help one personally as well as an organization from a training perspective.

CTF FTW

At the beginning of September I took part in my first CTF (Capture The Flag). I've always been a bit hesitant about tackling a CTF due in some part to a lack of time, but a larger part of having an Impostor Syndrome. I was always worried about not finding any flags and as a result feeling like I have failed. How wrong could I have been!

Into the Unknown

One of the things that I found that the CTF does very well, is get you out of your comfort zone. I have essentially been doing the same role for just over 5.5 years now (boy do I feel old), and as a result I have become very accustomed to my current role. Don't get me wrong, I love my current job. But I have become so used to the systems which I am responsible for, that I'm often not actively trying to learn new skills or really push the bounds of my current skills. This helped me realize that there are a few areas which I could spend a bit more time learning new skills as well as completely new areas which I never paid any attention to.

Team Work

Depending on the format, most CTF's are a team based effort. This provides a fantastic means to build on team work and collaboration. It is also a great opportunity to share ideas and new skills with one another. It's a fantastic way for those who are just getting into the security field to see what is out there, and test the waters so to speak.

Security Awareness

CTF's are another fantastic tool to help create security awareness in an organization. Let's face it, would you rather actively try hack a system, getting points (and possibly even a prize), or would you rather sit in front of a computer having to read pages and pages of documents and/or slides? I know for certain which one I would prefer.

Summary

I've become a huge fan of CTF's on both a personal level (to better my current skills) as well as a tool which I can use to help train others. I would highly recommend having a look at some of the existing CTF's out there, take part in them, and even host your own.


Resources

Here are a list of resources which should hopefully help you on your way to your CTF journey:

Sean Wright
Sean Wright
Experienced application security engineer with an origin as a software developer. Primarily focused on web-based application security with a special interest in TLS and supply chain related subjects.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Sean Wright.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.