"Attackers only have to be right once. You, as a defender, have to be right a hundred percent of the time."

-Cybersecurity Expert Jim Risler

It's a well-known modern trope in movies and TV shows. A lone figure, head covered, hunches over a keyboard in the darkness. Immediatelyyouknow you're looking at a hacker doing nefarious things.

But hacking isn't always fictional. Data breaches are on the rise, costing businesses millions. From 2021 to 2023, there was a 72% increase in data breaches, with email being the most common vector for malware. A data breach is projected to cost an average of$4.88 million in 2024. It's more important than ever for companies to upskill their networking teams-and it's an open job market for those looking to learn cybersecurity.

I spoke with the content creators of the new Capture the Flag challenges inside Cisco U.-Jim Risler, Cisco Learning Product Manager, overseeing security course development, and Paul Ostrowski, Cisco Technical Education Content Developer-to get insight into the competition and whyit'sso important for anyone interested in a cybersecurity career. 

What is a Capture the Flag cybersecurity challenge?|?YouTube

First, what does Capture the Flag (CTF) mean? Basically, it's a game in which there's a defensive and an offensive team competing to win a flag or flags. It could be a sporting event, for children or adults. In this context, Capture the Flag is a cybersecurity challenge.

Capture the Flag has long been used in the tech community for people to practice their cybersecurity skills. The world's biggest event is Def Con CTF, taking place in Las Vegas every year. Capture the Flag challenges are also used by big corporations and universities to train people in cybersecurity.

It's usually a contest between teams: the offense (red team) and the defense (blue team); or, if both sides are worked simultaneously, a purple team. It could be in person, online, on a multi-person team, or with individual competitors.

How can I participate in a Cisco U. Capture the Flag challenge?

Youcan be anywhere in the world to participate in the Cisco U. Capture the Flag online challenges. Participation is individual. Here's how to get started.

• Complete the free Cisco Networking Academy Ethical Hacker course (if you're more advanced, youcan sign up for it, then pass their exam).
• Sign up for either CTF inside Cisco U. Challenges. Each one earns you a badge and costs$100 (credit card only).
• You have 90 days to complete your challenge.

Passing one CTF challenge plus the Cisco Networking Academy course will earn you the Cisco Certificate in Ethical Hacking.

How does a Cisco U. Capture the Flag challenge work?

Every challenge will work a little differently. The first challenges (running through 2/11/2025) don't separate you into blue or red teams. "In Cisco U. the two CTFs we have now are more blue team because you're doing investigation response, and testing your abilities to detect attacks," notes Ostrowski. "You're functioning as an investigator in both missions."

Now that Cisco U. has a Challenges feature inside the platform, there will be new Capture the Flag online cybersecurity challenges every quarter. Expect a variety of CTFs, including red team-focused ones, where you infiltrate a network and expose its vulnerabilities.

Each challenge consists of a number of steps- currently 11 steps-you must complete one by one to pass. The first step guides you through setting up your lab environment, which you'll need for the remainder of the challenge.

What score do you need to pass a Cisco U. CTF challenge?

Is there a minimum score you need to pass? Not at all.

"The original idea was to make this score out of a hundred, but now it's justpass or fail," notes Ostrowski. "So if you get to Step 11 and correctly answer it, you've passed."

Hints are available throughout. You'll get points taken away if you use a hint, but it's structured so you'll pass regardless of whether you answer everything correctly.

"There's an old technology thing geeks like myself say," says Risler. "RTFM. Read the Friendly manual. It's all in there for you." His hints will tell you where to look if you missed a clue.

Do you need additional training prior to taking the Cisco Networking Academy course?

"Technically you don't need additional training, but you shouldunderstandnetworking," Risler advises. "Cisco Networking Academy has some fundamentals of networking courses to give you a good foundation."

Building a strong foundation in networking is a crucialHe notes that as an instructor at a university, he sees college students who lack this foundation leaping into more complex cybersecurity training anyway and then struggling to catch up."Their professorsaren'tgeeks like me,they...just tell thekids to study stuff in their book and the next thing you know...thestudents arelike, 'Why is IP addressing important?' If you don't understand that, you don'tunderstand networking."And you won'tbe successful in cybersecurity. 

Who should do Cisco U. Capture the Flag online?

Anyone interested in cybersecurity should hop onto the CTF challenge to both learn and test skills. "The objective of CTF is to bridge the gap between entry-level and pros in cybersecurity, providing hands-on learning with real-world knowledge, skills, and abilities," says Risler. "A lot of companies say they have this gap. They might have booked cybersecurity education, but the programs don't do labs or hands-on, or it's all on a Windows machine. In our CTF, they go through the ethical hacker course, and they're taught on a DNS (domain name system)/lab environment, and then that knowledge and skills are used in a near real-world setting."

What Cisco U. training should I take after Capture the Flag?

So you've done both CTF challenges in Cisco U. Congratulations! What do you do next, besides wait for our next challenge to do more?

There are only two paths to pursue in security, according to Risler. "I really think we overcomplicate it," he says. "There's an engineering mindset: building the architecture and securing the network. Or there's defending the network, which is somebody who looks for threats on the network."

If you're into defending the network, the next areas you can study are:

• Cisco U. Security Operations Analyst Level 1 (SOCAL) Learning Path
• Cisco U. Performing CyberOps Using Cisco Security Technologies (CBRCOR) Learning Path

Between Cisco U. and Cisco Networking Academy, you can get all the education you need for any security-related career. Cisco is a cybersecurity leader, with protective products like Cisco Umbrella and the intelligence center, Talos, which analyzes 4 TB of threat data every day. "At Cisco we're teaching you how cyberattacks are successful," says Risler. "You're learning how they're able to get a foothold in somewhere and then why did the target attack work? Why did the malware attack on the British healthcare system work? How could you defend against that?" Cisco is uniquely positioned to look at cyberattacks from a purple perspective, seeing what's coming next and stopping what's coming now-and pass all that knowledge onto learners.

Risler recommends:

The Sandworm by Andy Greenberg. The true story of the most devastating act of cyberwarfare in history and the desperate hunt to identify and track the elite Russian agents behind it. It's a great read for anyone interested in cybersecurity and also a fantastic book club choice.

Tell us what's exciting to you about Capture the Flag in the comments below. Thanks for reading!

Sign up for Cisco U. | Join the?Cisco Learning Network.| Join the?Cisco Learning Network.

Follow Cisco Learning & Certifications

X?|?Threads | Facebook?|?LinkedIn?|?Instagram|?Threads | Facebook?|?LinkedIn?|?Instagram?|?YouTube

Use #CiscoU and?#CiscoCert?to join the conversation.

Secure Organizations by Thinking Like a Hacker