CTFs are about Learning

Capture the Flag (CTF) events are common competitions in the security field. Many CTFs use Jeopardy style challenges where you can pick and choose which ones you want to solve with varying point rewards. It is a ton of fun, but when I first started, I thought the goal of CTFs were to win. You get the most points, you win, and you get a prize! Of course that’s the point, right? Well, no, not really.

I learned from Live Overflow that you shouldn’t care about the points or about winning. They are about challenging yourself to solve problems that are just a little bit out of reach of your current knowledge. You can struggle with it and try to figure it out. But if you don’t, you can read someone else’s writeup for it and actually learn another way to approach the problem. You learn where you went wrong or what you did right.

The important piece of advice is to look for challenges that are just out of your range. If you stick to all of the easy problems, you don’t really learn anything new. It’s similar to parkour where you challenge yourself to achieve a certain movement. You look for something you haven’t done before, or something that is slightly out of your comfort zone. It grows you as an athlete. As such, doing challenging CTF problems grows you as a security professional.

This might have been obvious to some people, but it really opened my eyes to how easily I fell into avoiding CTFs because I found it stressful to get as many points as possible in the allotted time. Like with everything in life, you get what you put in. For me, CTFs are now about learning, not getting points. All it took for me to start growing more was changing how I see it.

P.S. If you want to get started with CTFs too, I recommend Carnegie Mellon’s picoCTF because it is available year round.