Capture The Flag (CTF): What to expect and how to get involved in an event

15 March 2022

by Christopher McDermott, Robert Gordon University

On Tuesday 1st March, we ran our SICSA sponsored workshop during Cyber Scotland Week 2022. The purpose of the workshop was to increase student interest, and ultimately, participation in CTF events. Evidence has shown that introducing technical concepts to students with little or no technical background can be a challenging task for any teacher. However, research has also shown that CTF style competitions can be a successful way to introduce students to a variety of technical concepts within the standard computer science curriculum and have proven to be a popular means of engaging students with the world of cybersecurity. In addition, CTF events can provide cybersecurity students with an opportunity to test the knowledge and skills they have acquired on their course against a series of challenges in a safe environment.

Despite the obvious benefits of CTFs many students do not engage in such events due to the fear of the unknown. Specifically, many students feel they lack the necessary skills or knowledge to take part. The aim of the workshop was to remove the ‘fear factor’ and provide students with a clear understanding of what to expect when attending a CTF for the first time.

The workshop began with a warm welcome and introduction from Christopher McDermott. This was followed by a well received talk by Kieran Roberts – head of Penetration testing at Bulletproof. Kieran spoke about imposter syndrome within the industry and how in a highly technical field it is commonplace for people to feel they do not belong or are not good enough to work in the industry. He went on to explain that despite these feelings most people do indeed belong and go on to have very successful careers within Cybersecurity. Kieran also offered insightful tips and advice for graduates entering the market and how to get ahead.

The next speaker was Paul Ritchie from Pentest Ltd. Paul’s talk complimented Kieran’s talk nicely and further put the participants fears at ease. He went on to provide some excellent tips and strategies for getting involved with, and being successful at, capture the flag events.

Following the two excellent talks we engaged in a period of question and answers. Both speakers had clearly sparked interest amongst the participants, evidenced by the depth and breadth of questions offered. The session proved to be very fruitful and left all participants more confident of their ability to join in a CTF event.

The last agenda item was a demonstration of a mini CTF competition, created by students on our BSc (Hons) Cybersecurity course. Robert Paisley and Laura McKell walked participants through a live CTF, explaining the type of tasks someone could face, and how best to prepare for them. They both demonstrated excellent perseverance when faced with a few technical difficulties. Although not planned, the technical hitches actually galvanised the participants, with many offering help and advice for our two students. In a strange way it perfectly demonstrated how everyone works together in CTFs to overcome problems and capture the necessary flags.

Finally, the workshop was closed by Christopher McDermott who thanked everyone for attending and challenged participants to take part in a soon to go live CTF.

The workshop was well attended with over 75 participants from not only SICSA institutions, but universities and the general public. We are grateful to both SICSA and Cyber Scotland Week for their sponsorship and support for this event.

This entry was posted in Blog.