This paper proposes a novel taxonomy for cyber competitions that mirrors these behavioral shifts. We connect structured competitions with recreational gaming patterns, using academic literature and practitioner insights. By analysing parallels in improvisation, boundary-testing, and decision-making between gaming and cyber operations, we came up with the seven different themes and each theme explains the various dimensions of hackers’ mindset, behaviour, and skills. We argue that both gaming and cyber competitions can effectively evaluate cyber work-readiness when categorised by aptitude domain, not just technical outcomes. Building on prior research, we propose a multi-domain competition model extending beyond Capture-the-Flag (CTF) to include real-world incident simulation, adversary emulation, innovation challenges, and behavioral testing. This re-frames cyber education towards measuring capability over knowledge, suggesting a convergence between gaming and talent discovery to better identify and prepare future cyber defenders. Finally, in this paper, we take these seven distinct categories of cyber competitions and mapped them to the Cyber Security Body of Knowledge (CyBOK) to identify how they align with broader aspects of the UK’s cybersecurity education framework.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

From Capture-the-Flag to Cyber Aptitude: Mapping Competency Through Gaming and Competition

  • John Madelin,
  • Lata Nautiyal

摘要

This paper proposes a novel taxonomy for cyber competitions that mirrors these behavioral shifts. We connect structured competitions with recreational gaming patterns, using academic literature and practitioner insights. By analysing parallels in improvisation, boundary-testing, and decision-making between gaming and cyber operations, we came up with the seven different themes and each theme explains the various dimensions of hackers’ mindset, behaviour, and skills. We argue that both gaming and cyber competitions can effectively evaluate cyber work-readiness when categorised by aptitude domain, not just technical outcomes. Building on prior research, we propose a multi-domain competition model extending beyond Capture-the-Flag (CTF) to include real-world incident simulation, adversary emulation, innovation challenges, and behavioral testing. This re-frames cyber education towards measuring capability over knowledge, suggesting a convergence between gaming and talent discovery to better identify and prepare future cyber defenders. Finally, in this paper, we take these seven distinct categories of cyber competitions and mapped them to the Cyber Security Body of Knowledge (CyBOK) to identify how they align with broader aspects of the UK’s cybersecurity education framework.