InfoSec Consultant Struggles with CTF Challenges

The author has five years of experience as an information security consultant, primarily conducting vulnerability assessments for web and mobile apps using compliance checklists. They occasionally perform manual penetration testing but struggle significantly with Capture The Flag (CTF) challenges, finding even basic problems difficult to solve. The post expresses concern about whether their reliance on structured checklists has hindered their ability to adapt to CTF-style exploitation. The author also questions if their self-taught background and lack of formal education in computer science or security contribute to these difficulties.