I like competing in Capture the Flags (CTF) because it requires me to put my knowledge to the test in a real-world scenario against other competitors and then evaluates my skills based on my performance. I have competed in multiple competitions so far and enjoy seeing my skills progress as I move up the leaderboards and rankings each event. It was exciting to receive a medal for my last two National Cyber League (NCL) competitions and view my progression from a Top 500 overall competitor to the Top 200 overall and place in the Top 1% in multiple categories.
I enjoy practical hands-on and real-world scenario type of learning environment against actual competitors brain dumping crammed knowledge into multiple-choice tests that contain no real-world scenario and are usually memorization-based. Do not get me wrong and think I dislike all written tests, there are many tests with real-world examples I do like that are backed with great learning platforms too 
.
About National Cyber League
The NCL competition was a great experience for me that I highly recommend to anyone willing to participate. When you include the gym access, the competition lasts a total of four months and covers many domains of cybersecurity. The following list includes the phases of the competition and a brief explanation on them.
Phase One
Includes 4 months of Gym access to practice and grow your skills. The Gym helped me hone my skills, familiarize myself with different tools and programs I might need, and adjust my Kali Linux VM environments for the competition.
Phase Two
Includes a mandatory 7-day Pre-Season Qualifier. Here you compete against other competitors for placement in one of 4 brackets including Gold, Silver, Bronze, and Pewter. I was lucky enough to be placed in the Gold Bracket for every one of my NCL competitions. This bracket only includes the top scoring 15% of the NCL competitors.
Phase Three
Includes the Individual Game Competition. This part last 3 days or 56 straight hours and was the toughest but also the most gratifying part of the competition for me.
The NCL Domains
The NCL breaks the competition into multiple cybersecurity domains (categories) that require knowledge and an understanding from a variety of cyber security job roles. Next, I will break down each domain, briefly explain what I learned from them, and what values each one taught me.
Open-Source Intelligence
Taught me to utilize publicly available information such as search engines, public repositories, social media, custom bookmarklets & scripts to gain in-depth knowledge on a target. This helps me understand how advisories commonly use OSINT beginning with a reconnaissance phase for intelligence collection then use it to build a threat model and develop a plan of attack.
Password Cracking
Taught me to identify different techniques used by advisories to encrypt or obfuscate messages, leverage different tools and scripts, and then extract and decrypt the passwords or messages they encrypted. This helped me understand how easily user authentication databases get leaked or breached, identify the source of attacks, and how to improve security by implementing better cyber awareness and password creation practices.
Log Analysis
This taught me to utilize the proper tools and techniques, establish a baseline for normal operation, and identify malicious activities using log files and audit trails of various services. Making sense of the log process and analyzing log data can is a key factor in helping businesses comply with security policies, audits, regulations, and understanding malicious online behavior.
Network Traffic Analysis
Taught me to identify malicious network traffic, differentiate the benign network traffic, and demonstrate an understanding of the potential security breaches that occurred. This helped me quickly process intercepting, recording, and analyzing network traffic communication patterns to detect and respond to security threats with a higher degree of certainty.
Forensics
Taught me to utilize proper tools and techniques for analyzing, processing, recovering, and investigating digital evidence for response in cyber incidents. This helped me further understand different forensics techniques used to uncover important data that was lost or damaged in a breach, different tools to identify critical pieces of evidence, and unearthing or determining exactly what was stolen in the cyber incident from an adversary.
Scanning & Reconnaissance
Taught me to identify and use the current tools and scripts on hand to gain intelligence about targets including services and potential vulnerabilities on them. This helped me understand that a hacker just needs a single vulnerability to gain a foothold in a network and that any device with an IP address should be scanned routinely to identify and remediate vulnerabilities. Also, running a scan requires knowledge in networking, scanning tools, and understanding a variety of vulnerabilities and how to effectively exploit them.
Web Application Exploitation
Taught me to identify and execute actionable exploits and vulnerabilities used by advisories to bypass the security measures in online services. This would then be used to steal data, customer information, and distribute malicious content. This helped me understand that most vulnerabilities are exploited through automated methods, such as vulnerability scanners and botnets, and why understanding these types of weaknesses is a crucial step to defending websites.
Enumeration & Exploitation
Taught me to identify different vulnerabilities, exploits, the process of establishing an active connection to the target hosts, discovering potential attack vectors in a system then using them to bypass the security measures in code and compiled binaries. This helped me understand why gathering information including audit configurations, usernames, network sharing and services, host names, IP tables, routing tables, service settings, and application details are used by adversaries to directly exploit the system.
Ending Sentiments
My advice for anyone interested in participating, putting yourself out there and competing against others in a competition can be scary at first but if you can push past that initial fear and dive into one, you can gain a wealth of knowledge. Doing competitions will likely uncover weaknesses and skill gaps you possess, but this will help you understand what needs to be addressed to further your skillsets if you can push your ego aside and use it as a learning experience.
Click here to view my NCL Highlights, Certificate of Participations and Scouting Reports.