Currently, technology has increased exponentially and is accelerating the ability of companies

to be more productive with proper management of resources and obtaining better results. New
technological trends include the internet of things and cloud computing. Artificial intelligence and
data mining handle large amounts of information in real time about the needs and preferences of
customers, which allows companies to make decisions when creating new products and services [1].
However, the exponential increase in the use of these technologies and the amount of information
they generate has led to more computer attacks, which threaten the confidentiality, integrity, and
availability of companies around the world. According to a Deloitte study, four out of ten
organizations in Ecuador, the country where this work is carried out, have suffered security
incidents, and 70% of the organizations state that they are not certain about the effectiveness of
their response process to cybersecurity incidents [2].
This is because even though many companies have the necessary capital to invest in
cybersecurity, there is a great shortage of professionals in it. According to a report published by
(ISC)² in 2019, the demand for cybersecurity specialists increased to 4.07 million worldwide [3].
Likewise, the COVID-19 pandemic has reflected a large increase in the number of cyberattacks,
which no longer only target people and small companies, but have also been carried out against
large companies, governments, and critical infrastructure. An INTERPOL study revealed that in the
first four months of 2020, the private sector had approximately 907,000 spam messages, 737
incidents, and 48,000 malicious URLs related to COVID-19. One solution to protect information
systems is to have professionals trained in the area. To train them, one method is the use of
gamification, interactive activities, and simulations, which allows for improving the performance of
the students, the commitment, and the motivation of learning [4,5]. In the area of computer security,
a common hands-on learning method is Capture the Flag (CTF) competitions, which consist of
teams competing to see who can solve the most security problems within a certain time limit [ 6].
These types of competitions are held around the world and many platforms are used for this
purpose.
This work proposes the development and implementation of a CTF platform that contributes to
learning cybersecurity, using theoretical–practical teaching simply and understandably, without the
need for prior knowledge. This platform is adjusted to the needs of the population that participates in
this study, since most of these tools, being international, imply certain criteria that bias their use, for
example, the language, difficulty of the challenges, difficulty understanding the documentation, and
paid subscriptions, among others. This problem occurs mainly in those who are beginning to be
interested in the subject and would like to acquire a basic knowledge of it. The CTF platform is
designed for the improvement of information security skills with practice and challenge; by facing
complex and realistic challenges, participants can develop technical and strategic skills that are
relevant to the field of information security [7]. In addition, by training the participant in the process of
discovering vulnerabilities in different environments, the participants can help identify possible
security gaps in real systems. Similarly, the challenges in a CTF platform have often been found to
be too difficult for a single participant to solve. As a result, the participants can work as a team to
solve the challenges.
This work proposes the design of a training and competition tool in which the participants must
solve a series of challenges related to computer security. The novelty in this work focuses on its
design and functionalities adapted to the needs of an organization. As innovative features, the CTF
platform has a user interface that is easy to use and navigate, which significantly improves the user
experience and facilitates the participation of people with different levels of knowledge in computer
security. Furthermore, it allows organizers to customize challenges and create new ones in real time,
making the competition more interesting and challenging. Another innovative aspect is that the
platform can integrate emerging technologies such as blockchain, artificial intelligence, and virtual
reality, among others, and offers a unique and attractive experience for participants and organizers.
Finally, the available discussion forums, online chats, and collaboration tools help create an active
and participatory community [8].
This article is organized as follows: Section 2 reviews the works similar to this proposal, as well
as the concepts used, and describes the proposed method; Section 3 presents the results of the
investigation and comments on the results obtained; Section 4 makes a comparison between the
results obtained in this proposal and the methods proposed in other works; and, finally, Section
5 presents the conclusions.