Cybersecurity and managed security services provider Trustwave is developing cyber talent using gamification or capture the flag (CTF) challenges among its Trustwave SpiderLabs team and consultants in Australia and across the Pacific.
The initiative aims to elevate their skillsets, build camaraderie among cybersecurity teams, and attract new and diverse talent to the field.
CTF methods are implemented as a game simulation either in-person, online, or self-directed. In these scenarios, individuals or teams are directed to act as hackers and work through a specific set of cybersecurity puzzles. When completed, they are presented with the flag to prove they solved the challenges. The puzzles cover all levels of technical experience, encouraging skills growth across the cybersecurity field.
Trustwave has created CTF challenges to educate employees on complex subjects such as identifying typical attack paths seen in the real world and identifying and exploiting vulnerabilities. The results from these challenges are used to develop growth plans for employees and cross-skill employees in new teams to broaden skillsets. CTF challenges can also be used during the interview process, providing the potential candidate an opportunity to showcase their skills and troubleshooting process.
"It is important to focus on training tactics that help upskill people of all technical abilities, from entry-level to the most experienced specialists," says Nigel Hardy, state director, cyber advisory, Trustwave.
"For instance, beginner-level games should focus on participants ability to analyse systems they may not be familiar with, perform research, and find ways of identifying and exploiting vulnerabilities to achieve the defined goal.
"The games designed for more senior specialists may use exploitation of chained vulnerabilities, reverse engineering, programming, and cryptographic skills to test the participants advanced skill levels. The challenges encourage participants to build cross-skilled teams and drive collaboration."
Max Caminer, senior technical specialist, Trustwave and founder/president of DownUnderCTF (DUCTF), adds, "Cybersecurity specialist roles are ever-changing and require constant research to stay up to date.
"CTFs provide a practical, competitive, fun and gamified way to learn new technical skills or solidify new ones in a safe and legal environment," he says.
"The CTFs that the community provides, and that the industry supports, can help address the current skill gaps. Trustwave is trying to support the CTF community by supporting events and being involved."
Trustwave recently supported the largest CTF competition in the southern hemisphere, DUCTF , which ran on September 23 with more than 4,100 participants and 1,900 teams taking part. Trustwave is also involved in supporting the Western Australia Capture the Flag (WACTF), which will occur on December 4th. These events can be run over multiple days with challenges created from real-life examples sourced from industry research and input. Although the events are not explicitly designed for recruitment, they provide opportunities for players to showcase their cybersecurity skills and to engage and network with sponsors, possible future employers and the cyber security community.
Jason Whyte, general manager, for Pacific, Trustwave, says, "Trustwave supports university-led CTF events because these games also spark interest in cybersecurity as a career option.
"CTF competitions help with the skill shortages felt industry wide. Participants learn new skills, develop hands-on experience in the cybersecurity industry, and build teamwork skills, in a fun and relaxed setting," he says.
"As the players work in teams, a great cross-section of skills comes together, and team members learn from each other.
"Trustwave's goal in training the next generation of cybersecurity professionals using CTF challenges is to provide supportive and inclusive entry points, helping develop talent and to grow the community across the Pacific region."