Högskolan i Skövde

The growing demand for skilled cybersecurity professionals has highlighted critical gaps in traditional recruitment methods, which often fail to e!ectively assess handson technical competencies. Capture the Flag (CTF) challenges have emerged as a promising solution, offering a dynamic, performance-based evaluation of candidates’ problem-solving abilities under realistic scenarios. However, existing CTF platforms are primarily designed for education or competition, lacking features essential for recruitment, such as reusability, scalability, and seamless integration with hiring workflows. This thesis addresses these limitations by proposing a reusable CTF framework specifically optimised for cybersecurity recruitment, which combines automated challenge deployment with adaptive difficulty to ensure fair and efficient candidate assessments. The platform leverages Infrastructure-as-Code (IaC) principles to streamline setup and administration, thus achieving a deployment time of less than 30 minutes compared to manual configurations. A modular design enables challenges to be customised for different roles (e.g., penetration testers, incident responders) and skill levels, thereby mitigating the biases inherent in conventional testing methods. To validate the framework, a prototype was tested with HR administrators and CTF participants, demonstrating significant improvements in both usability and assessment accuracy. Survey results indicated that 85% of participants found the platform intuitive, while administrators reported enhanced efficiency in candidate evaluation. Beyond technical contributions, this research explores ethical considerations, such as data privacy and bias reduction, ensuring the platform aligns with industry hiring standards. By bridging the gap between CTF-based skill assessment and recruitment needs, this work provides organisations with a scalable, cost-effective tool for identifyingtop cybersecurity talent. Future research directions include AI-driven challenge generation and deeper integration with applicant tracking systems to further optimise the hiring pipeline’s efficacy.