How Businesses can Change the Game in Cyber Recruitment and Upskilling

The global L&D market is approaching a value of $360 billion, however, $97 billion of these is wasted. That is 26%, a quarter of L&D budgets, making ineffective corporate training a big problem for businesses. And with the risks of a recession, businesses need to keep a very close eye on their budgets, making sure they are spent in the most efficient way possible. 

Of course, multiple reasons are given to explain this waste, from unengaging content and bored staff to time constraints and lack of opportunities for staff to apply the newly learned skills.  

One area that cannot afford to not engage and upskill its employees as it is business-critical is cybersecurity. Organisations and corporate leaders recognise that cybersecurity is a business priority. But they’re also very aware of the huge global cyber talent shortage (up to 3.5 million by some accounts) and how a lack of skills is leaving businesses vulnerable to cyber-attacks.  

For most business leaders upskilling their security specialists has become a priority. Ineffective training is not an option and businesses are increasingly looking for innovative ways to engage and adequately upskill their security teams and avoid the training waste trap. 

That’s where ‘Capture The Flag’ (CTF) games can be helpful. 

What are CTFs?

CTFs are online competitions where teams or individuals test their cyber skills in a race to solve challenges and capture the ‘flag’ – a secret code that unlocks points or rewards. These have been long played for bragging rights by the underground hacker community. 

From the world’s biggest and oldest CTF at DEF CON in Las Vegas with millions of dollars up for grabs in prize money to our very own annual event – which attracted 12,000+ players from 181 different countries earlier this summer and everything in between, CTFs are a big deal in the hacker world. They are now moving into the corporate world as an engaging and effective way of delivering cyber upskilling and training. 

Beyond the significant upskilling advantages, CTFs are a very effective tool for corporations to streamline the hiring of cyber talent. 

CTFs for recruitment  

For cyber talent recruiters, CTF challenges are a great way to test prospect applicants. They may be helpful throughout the whole process by helping to narrow down the pool of initial applicants and assessing the qualifications of your chosen prospects. 

How so? 

CTFs allow hiring managers to assess a candidate’s technical skills level and understand how they perform under time constraints in a hands-on situation. Good CTF challenges are simulations of real-life hacking scenarios and mirror the issues that security teams are likely to encounter on a daily basis.  

CTFs are not only a great resource for businesses but can also be used by candidates to strengthen their resumes. CTFs competitions are happening all the time in the non-professional cyber world and are open to players at all skill levels. Entering these competitions is a great way for security professionals on the hunt for a new role to demonstrate their proactivity and eagerness to develop their skillset.  

CTFs for upskilling  

A 2019 poll of UK employees for the City & Guilds Group found that 69% of respondents complained that training content was not always exciting or engaging. CTFs bypass this by allowing for collaboration, team building, and competitiveness. This makes them a more efficient way to learn all the while promoting a more collaborative workplace culture, essential to establishing a security culture company-wide. As an engaging learning tool, CTFs are the type of training that employees don’t skip or switch off from. 

A good example of CTF implementation is Toyota North America, where the team has integrated CTFs as part of the company’s internal training programme. The car manufacturer trialed a couple of CTF competitions with their security team and invited staff from other departments to take part too in an effort to improve the hands-on experience of their cybersecurity training. The levels of training involvement were significantly raised by these trials. The security team’s engagement in learning has increased by 150% since the initiative’s implementation. Participants said that within 11 months, the challenges had increased their knowledge and skill set. 

The big takeaway? 

The staff has learned new ways to apply the newly gained knowledge to real-world situations. Moreover, the CTFs proved to be so popular that they are now a permanent company-wide fixture and run every Friday for everyone to join. Toyota also discovered that its recruitment was boosted since candidates sought out cutting-edge training and development programmes like this one. 

The growing cybersecurity skills gap shows that there is an urgency for companies to revamp their training programs. As attacks get more sophisticated, security leaders need to ensure they constantly keep the skillset of their teams up to date and keep providing them with opportunities to learn the changing techniques of the cybercriminals. CTFs are a great way to gain real, relevant, and practical skills while also building up the teams through the best hires. 

By Haris Pylarinos, CEO at Hack The Box