From 16/07/2016 until 14/08/2016 I will be participating in the Palo Alto CTF. I doubt any money will be won by yours truly, but I do not doubt I will learn an absolute ton. Several colleagues are quite leet, and I’m sure they will sort most of this out themselves. Throughout the next month, I’ve scheduled weekly calls with them. This is the purpose of those calls and the way you should approach your own security development.

  1. We will work through as many assignments as we can solve. Anything I can solve, I will create a ppt and walk them through the solution. Inevitably, they will show me faster ways to achieve my goal.
  2. They will create ppts to walk me through things I could not solve. We have created our own CTF for internal training and they will take ideas from the Palo Alto CTF and apply them to our system. I will then practice solving a different problem using the same methods.
  3. We will work closely together throughout this event, not to make money or prove our skills, but instead of learn from each other and from the CTF event.

This is key. CTF are fun for people who want to prove themselves. But if you are new to security, or if you are new to the hacking part of security, you would consider CTF as training. This is training, and it doesn’t cost me or the company any money. The hours I spend over the next month will teach me more about security than a £1,000 CISSP course, I guarantee it.

Does that translate into money? Maybe. I can leverage the skills I’ve learned in the CTF towards bug bounty programmes. And you can too.

Updates to follow.