Using role-playing and gaming to train cybersecurity experts
![Image [Roads of surveillance]. 6– Policies, Laws and Responses: Who Regulates Surveillance?](https://incyber.org//wp-content/uploads/2026/02/media-episode-5-885x690.png)
What is Capture The Flag?
CTF is a well-known challenge in the cybersecurity field. Instead of searching for a golden chalice, participants hunt for “flags” that signify success in overcoming challenges, such as penetrating a simulated system or solving cryptographic puzzles. These exercises allow students to explore real-world scenarios, honing their detection skills and preparing them to confront the vulnerabilities of modern software systems.
Some educational institutions even use CTF challenges as part of their recruitment processes. For instance, OTERIA Cyber School evaluates prospective students not by their academic qualifications but by their technical skills. “Our selection process focuses on expertise rather than diplomas,” explains Hugues Spriet, General Director. “CTF challenges allow us to assess the level of knowledge within a diverse applicant pool.” For enthusiasts, platforms like TryHackMe and HackTheBox provide accessible environments to practice these skills.
“Not Just for Geeks”
Contrary to popular belief, “cybersecurity isn’t only for geeks,” says Clément Chauffert, Educational Director of Ecole 2600. According to the 2023 Observatory of Cybersecurity Professions by France’s National Cybersecurity Agency (ANSSI), 65% of professionals believe that the field isn’t limited to highly specialized individuals. With diverse professional realities requiring various skill sets, the industry faces a growing demand for experts. To meet this need, 27 new cybersecurity training programs were certified by ANSSI in 2022, as reported by AEF Info.
A necessary foundation in theory
While practical exercises like CTFs and digital artifact searches—such as analyzing erased hard drives in judicial investigations—form the core of training programs at undergraduate and graduate levels, theory still plays an essential role. “It’s hard to go below 20 to 30% theoretical coursework,” says Clément Chauffert. “In a seven-hour day, students usually spend two hours on theory.”
Popular roles such as penetration testers require a solid foundation in network security, cryptography, coding, and auditing. “Understanding the architecture behind an IT system is indispensable,” adds Hugues Spriet. “Even in a new field like cybersecurity, the 10,000-hour rule for mastery still applies.”
Fortunately, theory is directly tied to industry needs. “We built our programs based on employer requirements,” Spriet notes. For example, their new specialization in “Research and Vulnerability” was co-developed with Synacktiv and RandoriSec, leading companies in cybersecurity. Peer-learning techniques, where advanced students assist their peers, further help digest theoretical concepts.
Simulating Real-World environments
Another key challenge for training institutions lies in creating realistic work environments that mimic the modern corporate world and its cybersecurity challenges. Equipped with powerful computers, students practice securing systems such as Active Directory in simulated environments. “Our labs include hardware like oscilloscopes and radio-frequency devices,” says Spriet. “To meet our educational goals, we design these platforms internally, leveraging our greatest resource: our teachers and staff.”
The combination of hands-on training, theoretical grounding, and cutting-edge resources ensures that students are well-prepared for the ever-evolving challenges of cybersecurity. By bridging the gap between education and industry, these innovative training methods promise to cultivate the next generation of cybersecurity experts.