I signed up for the National Cyber League mostly because my program at SANS required it.
I won't pretend I was itching to spend my weekends staring at packet captures and trying
to remember which hash type starts with $2y$. But I'd be lying if I said I
wasn't curious. After a year of theory-heavy coursework, I wanted to know if I could actually
do any of this under pressure.
The preparation phase was a mixed bag. I started with the NCL Gymnasium and a CTF debrief from SANS. That stuff sort of gave me a false sense of security. Everything in the guided tutorials made sense when someone was walking me through it. I also spent time on HackTheBox and TryHackMe (Appointment, Sequel, the OWASP Juice Shop, and a Wazuh room for logs). Those felt more practical, but looking back, they were still training wheels. The real thing hits different.
My laptop was a bit of a source of stress mostly because I just switched to a new Linux distribution. I ultimately spent more time than I'd like troubleshooting my environment instead of actually learning. I set up a Kali attack box with KVM, cloned some useful tools, and tried to automate whatever I could with some custom scripts and AI prompts. That part was actually fun. The rest of the prep felt like trying to drink from a fire hose.
The Practice Game arrived and immediately humbled me. The platform looks clean, but the clock is unforgiving. I realized I had spent all this time preparing for specific tool usage, but I hadn't prepared for the psychological pressure of knowing every minute I spent stuck was a minute I wasn't scoring. I also learned that my note-taking system was a mess. I'd find a useful command, jot it down somewhere, and then spend ten minutes trying to find it again. After the Practice Game, I spent a few days reorganizing everything and building out better cheat sheets. That revision period might have been the most valuable part of the entire experience.
I went into the Individual Game alone, thinking web application exploitation would be my strongest area, and that held true. It was the only category where I felt like I knew what I was doing. Everything else was a struggle. I second-guessed myself constantly. I'd look at a forensics challenge, recognize the file type, and then draw a complete blank on what to do next. I spent way too long on problems I should have abandoned earlier. Time management in a CTF is its own skill, and I do not have it yet.
By the end of the Individual Game, I was exhausted and a little embarrassed. My score was okay, but it wasn't where I wanted it to be. I kept thinking about all the easy points I left on the table because I panicked or overthought something simple. The NCL Scouting Report gave me a clear breakdown of where I stood, which felt good in some places and bad in others. Seeing "Web Application Exploitation" highlighted as a strength felt good. Seeing how far behind I was in forensics and log analysis was a reality check.
The Team Game was way more fun than I expected. I was worried about coordinating with people I'd never met, but it turned out to be the most enjoyable part of the whole competition. Having other brains in the room meant I could hand off something I was stuck on and pick up something else. We used a shared document and split work by category. I gravitated toward web app while teammates handled traffic analysis, scanning, and more. There were moments of pure chaos. I'd type out that I found something, get distracted by another challenge, and forget I never even hit send. Oops.
What hit me hardest about the team experience was how clearly it exposed my own gaps. I'd watch a teammate open a pcap in Wireshark and know exactly what filter to apply, while I was still Googling display filter syntax. I realized that my preparation had been too tool-focused and not enough fundamentals-focused. I knew how to run commands, but I didn't always understand what the output was telling me.
I have to admit, there were times during NCL where I thought maybe I don't belong here. There were moments during the Individual Game where I stared at a challenge for thirty minutes and genuinely had no idea what to do next. That's a terrible feeling when you know the clock is running. But there were also moments where something clicked, where a technique I learned in CTF 101 suddenly made sense in context, and I got a flag.
The biggest thing I gained from NCL wasn't technical knowledge. It was learning how I perform under pressure, and it wasn't great. The pattern is I get stuck on something, panic, and then either quit or keep banging my head against it for way too long. Also I often have too many note files and none of them are organized. Sometimes the answer is obvious and I'm just overthinking it.
I'm going to keep doing CTFs. Not because I loved every minute of NCL, because I didn't. But because I can see the improvement between where I started in March and where I ended in April. I also want to write up some of the non-NCL challenges I've done on HackTheBox and TryHackMe, since the course template actually works well for organizing my thoughts. Those write-ups will go on this portfolio eventually.
If you're reading this because you're thinking about doing NCL: do it, but go in with realistic expectations. The preparation takes longer than you think. The competition is harder than the Gymnasium suggests. And you're going to feel silly half the time, and that's the whole point.