Gamification used to train cybersecurity professionals

Cybersecurity and managed security services provider Trustwave is developing cyber talent using gamification or capture the flag (CTF) challenges among its Trustwave SpiderLabs team and consultants in Australia, and across the Pacific, to elevate their skillsets, build camaraderie among cybersecurity teams, and attract new and diverse talent to the field.

CTF methods are implemented as a game simulation either in-person, online, or self-directed. In these scenarios, individuals or teams are directed to act as hackers and work through a specific set of cybersecurity puzzles. When completed, they are presented with the ‘flag’ to prove they solved the challenges. The puzzles cover all levels of technical experience, encouraging skills growth across the cybersecurity field.

Trustwave has created CTF challenges to educate employees on complex subjects such as identifying typical attack paths seen in the real world and identifying and exploiting vulnerabilities. The results from these challenges are used to develop growth plans for employees and to cross-skill employees in new teams to broaden skillsets. CTF challenges can also be used during the interview process, providing the potential candidate with an opportunity to showcase their skills and troubleshooting process.

“It is important to focus on training tactics that help upskill people of all technical abilities, from entry-level to the most experienced specialists,” said Nigel Hardy, state director, cyber advisory, Trustwave.

“For instance, beginner-level games should focus on participants’ ability to analyse systems they may not be familiar with, perform research, and find ways of identifying and exploiting vulnerabilities to achieve the defined goal. The games designed for more senior specialists may use exploitation of chained vulnerabilities, reverse engineering, programming, and cryptographic skills to test the participant’s advanced skill levels. The challenges encourage participants to build cross-skilled teams and drive collaboration,” he said.

Max Caminer, senior technical specialist, Trustwave and founder/president of DownUnderCTF (DUCTF), says the program will address skills gaps.

“Cybersecurity specialist roles are ever-changing and require constant research to stay up-to-date. CTFs provide a practical, competitive, fun and gamified way to learn new technical skills or solidify new ones in a safe and legal environment. The CTFs that the community provides, and that the industry supports, can help address the current skill gaps. Trustwave is trying to support the CTF community by supporting events and being involved.”

Trustwave recently supported the largest CTF competition in the southern hemisphere, DUCTF, which ran on 23 September with more than 4100 participants and 1900 teams taking part. Trustwave is also involved in supporting the Western Australia Capture the Flag challenge (WACTF), which will occur on 4 December. These events can be run over multiple days with challenges created from real-life examples sourced from industry research and input. Although the events are not explicitly designed for recruitment, they provide opportunities for players to showcase their cybersecurity skills and to engage and network with sponsors, possible future employers and the cybersecurity community.

Image credit: iStock.com/jennyhorne