Re: Having to sign an NDA
Exams are hard to design, I’m sure CREST and the wider industry will appreciate you putting your money where your mouth is and helping come up with a new model.
Offsec which everyone seems to like, is based around a CTF model as well (all be it a longer exam). It’s not CRESTS fault that as the infosec industry we haven’t come up with anything better to test peoples skills.
Also not all CTL work is testing your local borough council for bargain basement rates, some CTL work is extremely high-end and specialist, but clearly the kind most don’t hear about. (a la central MOD)