Developmental Challenges: Capture the Flag and the Professionalization of Cybersecurity

Abstract

Over the past two decades, Capture the Flag (CTF) style competitions have grown expansively from their origins at early hacker conferences into a persistent feature of the cybersecurity workforce worldwide (Gondree et al., 2016). Today CTFs operate as a gateway into the workforce, operating as a hands-on educational experience, recruitment mechanism for industry and government, and as a marker of legitimacy within the cybersecurity/hacker community. Individual CTF challenges (ideally) interweave often complex software-based puzzles that map contemporary cybersecurity skill sets with hacker and cybersecurity subcultural touchstones, conferring status upon both players who successfully complete the challenges and the developers themselves. Drawing on a genealogy of DEFCON CTF competitions, this paper traces the “growing pains” of cybersecurity as a professional field. Reading these challenges as engines of hacker culture, this analysis will examine the contested cultural values embedded within CTF challenges over time, providing insight into the intertwined and co-constituted elements of hacker culture and cybersecurity skill sets.