From Games to Guarding: A Cybersecurity Journey

Pallavi SainiPallavi Saini
4 min read

When I first entered the world of cybersecurity, I was motivated by curiosity and the excitement of solving problems. Like many others, I began by participating in Capture the Flag (CTF) competitions, where I tackled scenarios inspired by real-world situations to exploit systems and find hidden flags.

However, what really changed my perspective on cybersecurity wasn't just solving challenges—it was creating them.

Beyond Solving: The Hidden Power of Creating CTFs

During my time at EC-Council, I had the opportunity to contribute to the development of CTF challenges for global learners and professionals. At first, I thought it would be similar to solving them — just from the other side.

I was wrong. Designing CTFs was much deeper. It wasn’t just about vulnerabilities or exploits. It was about thinking like an attacker while also teaching like a mentor.

Each challenge required a structured story, technical soundness and a realistic attack path. That forced me to move beyond the “how” and into the “why” — why this vulnerability matters, how it fits into a broader attack chain and what lessons it offers the learner.

My Role in CTF Development

I wasn’t writing exploits from scratch every day, but my role included:

  • Researching real-world vulnerabilities to inspire challenge ideas

  • Building exploitation paths that mirrored actual attacker behavior

  • Designing scenarios that aligned with industry frameworks like MITRE ATT&CK

  • Testing and refining challenges to ensure they were balanced, educational and realistic

One challenge I helped develop was based on a vulnerable WordPress plugin. I studied the CVE, mapped the initial access point, planned out the privilege escalation route and ensured the journey would make sense for players — whether they were beginners or professionals sharpening their skills.

What Designing CTFs Taught Me

1. The Attacker Mindset:
To create a challenge, I had to think like an attacker — where would I enter? What mistake would I exploit? This mindset now helps me analyze systems from both offensive and defensive angles.

2. Real-World Context Matters:
I learned that vulnerabilities don’t exist in isolation. The risk depends on the environment, user behavior and the organization’s ability to detect and respond.

3. Communication is Key:
Translating technical attacks into structured learning paths taught me how to communicate complex concepts clearly — a skill every consultant needs.

4. Gamification is Powerful:
People learn best when they're engaged. CTFs gamify learning in a way that sticks, which is why they’re such a valuable tool in cybersecurity training and awareness.

From CTF to Clients: Connecting the Dots

My experience designing CTFs has done more than sharpen my technical skills — it has shaped the mindset I’m building as I work towards becoming a cybersecurity consultant.

Every challenge I created required me to think beyond individual exploits, considering the bigger picture: how an attacker would chain vulnerabilities, how defenders might spot them and how businesses could mitigate the risks.

These lessons continue to guide me as I focus on the next step of my career — bridging the gap between technical depth and business needs.

As I move towards consultancy, I’m applying:

  • The ability to see vulnerabilities in their real-world context, not just as isolated issues

  • The skill to translate technical findings into actionable, business-relevant insights

  • A passion for educating and empowering teams, just as I aimed to educate players through CTFs

  • A mindset that constantly asks: What’s the attacker thinking? How can we stay one step ahead?

I’m excited to continue this journey — where technical experience meets strategic advice — and I look forward to contributing my skills to help organisations build safer systems.

Final Thoughts

CTFs gave me the technical toolkit. Designing them gave me the mindset. Together, they’ve shaped the cybersecurity professional I am becoming.

This journey from "CTF to Client" is ongoing — and it’s teaching me that whether you’re solving challenges or helping organizations secure their systems, the core of cybersecurity remains the same: understand the risks, think like the adversary, and help build safer, stronger environments.

As I continue developing my skills and moving towards a consulting role, I’m focused on turning technical insights into business value, bridging the gap between technical depth and strategic advice.

If you’re looking to connect with someone who understands both the code and the bigger picture — the root shell and the boardroom — I’d love to connect and share ideas.

1
Subscribe to my newsletter

Read articles from Pallavi Saini directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecuritycybersecurityCyberSeccybervulnerabilityconsultingCTFinfosecethicalhackingCareer#career in techLearning Journeywomen in tech

Written by

Pallavi Saini
Pallavi Saini