Recent research has shown promising results in using gamified Capture the Flag (CTF) scenarios for cybersecurity education. This paper examines the effectiveness of a gamified CTF scenario among 83 university students. We analysed differences in effectiveness based on students' gender and field of study, including information security, computer science, engineering, and other study programs. The results show that participation in the CTF increased the knowledge related to the CTF content in all groups. Skills and self-efficacy also increased, except among information security students, for whom the difficulty level of the CTF was too low. The students perceived the CTF meaningful for learning and were satisfied with the experience. However, the findings suggest that gamified teaching may appeal more to men than women. Based on the study findings, we find that CTF is a suitable approach to offering practical cybersecurity exercises to students. With the appropriate difficulty level, it can be especially important for students in computer science programs to help them assess their cybersecurity skills more accurately. However, to increase the effectiveness of cybersecurity education, it is important to appropriately set the difficulty of CTF in relation to learning objectives and students' skill levels.
Schafeitel-Tähtinen et al. (Mon,) studied this question.