Gamified scenarios¶

Competitions, challenges, and CTF events make learning engaging through achievement, progression, and friendly competition.

Capture the flag (CTF) events¶

Jeopardy-style CTF¶

Format: Categories of challenges (web, crypto, forensics, reverse engineering, pwn). Teams solve challenges for points.

Duration: Hours to days (commonly 24-48 hours).

Skills tested: Technical problem-solving, research abilities, tool proficiency, teamwork.

Best for: Building specific technical skills, competitive learning, recruiting and assessment.

Attack-defence CTF¶

Format: Teams attack opponents’ systems while defending own systems. Points for successful attacks and successful defence.

Duration: Hours (commonly 4-8 hours).

Skills tested: Offensive and defensive capabilities, operational security, patching under pressure, monitoring.

Best for: Purple team skills, realistic operations, time-pressure decision-making.

King of the hill¶

Format: Teams compete to control specific system or resource. Points for maintaining control over time.

Duration: Hours.

Skills tested: Persistence, defence, aggressive tactics, resource management.

Best for: Competitive environment, maintaining access under opposition.

Internal competitions¶

Monthly mini-challenges¶

Format: 2-hour lunch-time competitions. Rotating categories (forensics, web exploitation, detection engineering, etc.).

Logistics: Internal hosting, realistic scenarios based on organisation’s technology, voluntary participation, small prizes or recognition.

Benefits: Regular practice, skill variety, team bonding, identifies high performers.

Quarterly team events¶

Format: Half-day or full-day team competition. Mix of technical and collaborative challenges.

Logistics: Dedicated time, management support, external facilitation if budget permits, celebration after event.

Benefits: Team building, cross-training opportunity, organisational visibility for security team, demonstrates capabilities to leadership.

Achievement systems¶

Skill badges¶

Concept: Earn badges for demonstrating specific capabilities (completed challenges, certifications, training courses, contributions).

Implementation: Simple badge system (physical or digital), display on team wiki or Slack profiles, recognition in team meetings.

Benefits: Visible skill documentation, motivation for learning, helps identify expertise distribution.

Progressive challenges¶

Concept: Series of increasingly difficult challenges in specific domain (web exploitation: basic XSS → advanced SSRF → prototype pollution).

Implementation: Self-paced learning paths, clear progression, unlock advanced challenges by completing basics.

Benefits: Structured skill building, sense of progression, accommodates different skill levels.

Leaderboards¶

Concept: Track points from challenges, CTFs, contributions. Display rankings publicly.

Implementation: Internal platform or spreadsheet, regular updates, reset periodically to give everyone chances.

Benefits: Friendly competition, visible recognition, motivation.

Caution: Can create unhealthy competition or demoralise lower performers. Balance with collaboration and learning focus.

Scenario-based learning¶

Red vs. Blue exercises¶

Format: Teams compete in realistic scenarios. Red team achieves objectives, blue team prevents or detects them.

Scoring: Points for red team objectives achieved, points for blue team detections and containment, bonus points for speed and completeness.

Learning: Real-world application, cross-training through competition, immediate feedback on capabilities.

Incident response simulations¶

Format: Teams respond to realistic incidents. Judged on speed, accuracy, communication, and recovery.

Scoring: Time to containment, completeness of eradication, recovery success, quality of documentation.

Learning: Response procedures under pressure, team coordination, decision-making skills.