How CTFs shape cybersecurity talent development

Capture The Flag (CTF) events are a fun, gamified, and engaging way to test your team’s mettle against technical cybersecurity challenges. 

But they also offer huge strategic benefits for team leaders looking to supercharge their team’s performance. 

And the value doesn’t stop after the event ends either. 

What are CTFs and why should business leaders care?

CTFs offer security teams more than just some gamified fun and team building. They provide insights into your team’s strengths and weaknesses, enabling you to benchmark performance and create effective cyber workforce assessments that protect business-critical operations. 

A CTF event involves a series of gamified cybersecurity challenges that have teams competing against each other to be the first to, you guessed it, capture the flag. 

Think of it as a virtual cybersecurity escape room, with real-world scenarios that test employees' technical and soft skills. 

The value that CTFs bring to businesses 

In our Business CTF webinar, Beyond the Competition: How CTFs shape cybersecurity talent development, we shared the power of CTFs for organizations, the value they bring, and how to leverage the results post-event. 

Discover some of the key points discussed below: 

1. Prepare for real-world scenarios 

Example: People are attacking thermostats and industrial control systems, those are very addressable and transferable skills you could take to the marketplace, which are covered in CTFs. 

 

Nine months ago I was doing some bug bounty hunting and I ended up working on a government site and found a SQL injection. I learned so much from these CTF events outside of a classroom setting, which is what led me to discover the vulnerability.

 

Marshall Livingston, Global Director of Solutions Engineering at Hack The Box

CTFs challenge the technical skills of your team concerning real-world scenarios. For example, the HTB Business CTF features challenges from critically relevant areas of recent security including cloud, crypto, blockchain, and more. 

These challenges are then mapped to key cybersecurity frameworks, including MITRE ATT&CK. 

This prepares your team for real-world challenges and ensures your organization complies with some of the most important frameworks in security. 

2. Encourage a purple team mindset

The communication between red and blue teams is where we see a lot of weak points. 

 

One of the most valuable things from when I was conducting a lot of pentests was sitting down with sys and network admins and discussing a lot of the vulnerabilities I was finding. 

 

There was a massive gap in their understanding of some of the security concepts, which is why these discussions are important. 

 

Enabling a network admin to sit down and engage in PCAP analysis and Wireshark, with an incident responder sat next to him on the same CTF, facilities collaboration and learning.

 

Marshall Livingston, Global Director of Solutions Engineering at Hack The Box 

Offensive and defensive security teams don’t just benefit separately from CTFs but also have opportunities to collaborate on certain challenges. Building the bridge between red and blue teams will encourage further communication and learning from one another. 

For example, during a CTF, a blue teamer might provide insights on how the red team can evade detection during an Active Directory (AD) web attack. 

After the event, both teams can debrief, sharing their challenges and new techniques learned along the way. 

Not only does this improve overall security posture with a better understanding of both sides of the coin, but it also boosts engagement, with 30.8% of blue teamers interested in pursuing an offensive career, according to our report on developing modern SOC analysts.

3. Elevate soft skills 

You have time limitations, competitors, and you need to coordinate. Let’s say you are a red teamer and conducting a physical assessment, you don’t have months, you have specified time limits from beginning to execution. 

 

The same applies to defenders. You need to communicate and assess a situation with your team. You also must compete against attackers. These soft skills are in the very nature of a CTF.

 

To begin with I couldn’t solve anything! But the one skill I still utilize is approaching challenges alongside my colleagues.

 

Pavlos Kolios, Product Manager of Events at Hack The Box 

Participating in CTFs doesn’t only level up your team’s technical skills. The soft skills gained can be just as beneficial, especially in security roles where certain functions can feel siloed from one another. 

Working closely with colleagues to solve problems and approach challenges can work wonders for building bridges between teams. This collaborative problem-solving can then be brought into their daily roles. 

4. Prevents burnout in security staff

Cybersecurity has a significant human element that can often be overlooked. Your security posture is only as good as the people protecting it. Taking the time to provide engaging learning opportunities can help combat the onset of burnout in security teams. 

Our 2023 Cyber Attack Readiness Report found that more than 70% of managers view team events like CTFs as a viable way to boost employee engagement. 

The engaging gamification paired with the camaraderie of competing for a win can work wonders for your security team’s mindset. It allows teams to put their skills to the test, breaking up the monotony of being “always-on” at work. 

Recommended read: Teaching security teams to think outside the box

One of the biggest ROIs for security team leaders regarding CTFs is the ability to benchmark skills. At Hack The Box, we provide security teams with a post-CTF report, showing the areas they performed best and worst. 

A sneak peek of some results from our Business CTF, highlighting just some of the key performance insights data you’ll receive. 

This enables managers to develop performance programs based on real-life insights, personalizing plans to your security team.

Actionable skills development provides endless opportunities to improve your team, with CTFs acting as a great motivator to improve performance. 

“Benchmarking and skills assessments are the biggest ROIs for me when conducting CTFs. As I run a team and need to report on the results from the tools that I pay for." says, Marshall. 

Beyond the competition: How to make the most out of CTFs post-event 

The power of CTFs doesn’t stop once the final flag is captured and the winner's podium is announced. The real benefits for team leaders come post-event. 

Study the results 

It’s crucial to leverage the results of your team’s CTF performance. Even if you win the event, there will still be areas of weakness to improve upon. 

Maybe your team is confident in forensics but fell short on cloud-based challenges? This insight tells you where to focus your budget and performance programs. 

Create targeted skill development plans 

Take the learnings from your CTF results to create a targeted cyber workforce development plan for your team. This could be on an individual or team level.

Patching up these areas of weakness will improve your security posture, ensure compliance, and keep your team engaged. 

💡Fun fact: 68% of security team members rated “opportunities to learn skills” as the most successful way of staying engaged at work.

Use as an ongoing assessment tool 

CTFs mark the beginning of a continuous learning journey for your cybersecurity team. They are an easy way to assess and benchmark skills, plan learning opportunities, and benchmark once again.

The process should look something like this:

1. Conduct a team CTF.

2. Analyze results.

3. Create a targeted workforce development plan based on the results. 

4. Upskill your team in their targeted areas with a training plan. 

5. Conduct after CTF after an agreed period of upskilling. 

6. Repeat! 

Let us do the heavy lifting: HTB CTF marketplace 

🗣️But conducting an internal CTF sounds like a lot of work, planning, and time (which security teams don’t have!)

Enter: HTB CTF marketplace. 

At HTB, we have more than 100+ 55 challenges and curated packs across both offensive and defensive content, which you can tailor to your business objectives. 

Our Enhanced Event Management feature streamlines the setup and coordination of team CTF events with: 

• Member onboarding and organizational management.

• Automated invitations and role assignments.

• Challenge management for configurable events.

• Content categorization and filtering.

We also provide a live scoreboard, providing participants with real-time updates and insights into performance. 

Once the CTF ends, we’ll share detailed team and player reports, benchmarking performance, and areas of improvement for your skill development programs. 

Missed our annual Business CTF?

Not to fear, our talented HTB team can create personalized CTFs for your team at any time of the year.

Explore the CTF marketplace today