Although my diploma education in Infocomm Security Management laid a good foundation to get me started in infosec, I really only hit the ground running after I participated in Capture the Flag (CTF) competitions – specifically, SyScan Singapore 2007 and Hack-in-the-Box (HITB) Malaysia 2008.
CTF is becoming more common nowadays. It is almost a must-have at conferences, and companies are also adopting it as part of their recruitment drives. Recounting the last 3 conferences I’ve been to: HITB Singapore had the Facebook CTF, 44CON had at least 3 CTFs (by the Ministry of Justice, NCC Group and Amazon), and GovWare had the Cyber Conquest.
It’s always fun to sit in conversations with my mates talking about their CTF experiences. It’s especially so when you have amon (a CTF fanatic, and founder of DEFCON DC65) around.
Just a couple of months back, amon also shared his wealth of CTF experience, his view about CTFs and his experience in organising the X-CTF 2016
Recently, I came across a very interesting USENIX paper – Learning Obstacles in the Capture the Flag Model – where Kevin Chung and Julian Cohen from the NYU Tandon School of Engineering (formerly NYU Polytechnic School of Engineering) presented their insights and lessons learned from organising Cyber Security Awareness Week (CSAW) CTF.
The Abstract reads:
Capture the Flag (CTF) competitions have been used in the computer security community for education and evaluation objectives for over a decade. These competitions are often regarded as excellent approaches to learn deeply technical concepts in a fun, non-traditional learning environment, but there are many difficulties associated with developing and competing in a CTF event that are rarely discussed that counteract these benefits. CTF competitions often have issues related to participation, quality assurance, and confusing challenges. These problems affect the overall quality of a CTF competition and describe how effective they are at catalyzing learning and assessing skill. In this paper, we present insights and lessons learned from organizing CSAW CTF, one of the largest and most successful CTFs.
It’s an excellent read, regardless who you are – aspiring CTF organiser, veteran or beginner CTF player. It’s just 6 pages long, I’m sure you’ll time for that. Don’t miss out!
Or, if you rather watch their presentation: