An insight into "Capture the Flag" competitions

Many people have asked me how I started my information security career.

It didn't start when I started my degree - it only really started when I immersed myself into the cyber security culture.

When I started my undergraduate, I didn't know how to install Kali - let alone banner grab or SQL Inject. University can only teach you so much, I needed something else and I was craving to learn more outside lecture hours. That's when I came across these things called "Capture the Flag" events.

I'm pretty sure "Capture the Flag" was an outdoor physical activity that required individuals to steal actual enemy flags. Well, I wasn't too far off - just minus the physical exercise and incorporate virtual flags and cyber security "CTFs" are pretty much the same. I was intrigued. I didn't know anything about them, how to compete in them and if I even had a chance in winning - but if you don't try, you won't know right?

Now I sit just under a year later from my first "Capture the Flag" win, and I’ve never looked back since. The atmosphere is less than exciting for non-technical folk, imagine 50 odd people sat in a room ferociously tapping at their keyboards with faint sighs and the occasional "GOT IT!" and "[explicit]" circulating throughout the room as they try to hack all the things. However, add a massive scoreboard, the usual countdown timer and a handful of special effects for every time someone scores a point (i.e. captures a flag) and you've got yourself an e-sports like vibe - a culture celebrated by millions across the globe. It's great. The angst as you manically try to find as many flags for you team as you can, to the panic of the last 10 minutes of the competition - it's a brilliant test of cyber security skills and knowledge alike, in a friendlier "game-like" environment.

These ethical hacking competitions have taught me just as much, if not more than I have learnt in the year and a half I have been at university, it's why I now push the members of my cyber security society to get involved with as many of these events they can. Not only is it a learning experience, but it's also an opportunity to expand your professional network and meet like-minded people. So, the occasional severe frustration from a directory traversal "flag" challenge that took you 3/4 hours to solve (bad flashbacks, don't ask), is very much a small price to pay.

Special mention to Cyber Security Challenge UK, who run fantastic ethical hacking competitions throughout the year... I don't know where I would be without you guys! Bring on the 2018 competitions!