I think there is a huge, and I mean huge, amount of value to pentester here.
It’s just that it is a broad career and a good pentester isn’t always the same thing as a good CTF player.
Some examples - almost every professional pentester will need to know how to bypass enterprise controls in a Windows environment. That is fairly uncommon here where 60% of the boxes tend to be *nix anyway. Obviously, there are exceptions with some very good AD boxes but thats about 10% of the total boxes.
Pentests rarely involve any CTF aspects. There isn’t a pre-determined path and its not common to find loot as easily as you will in a CTF - where the goal is, after all, for people to succeed. Yes people do make mistakes and accidents happen but it is rare (for example) for someone to upload a single email with clues to a production web server.
Fundamentally pentesting is not about single box exploitation (except in those horrific environments where a server in the DMZ has DA creds in memory…). Pentesters nearly always have to move laterally within an organisation and again, this is rare in a CTF. Reddish was a good example of trying to do that if you want to look at it.
Last point - pentesting is all about the report. Without producing a report the customer can use, the pentest is pointless.
Now - putting that rant aside, a pentest is made up of lots of little steps which are perfectly practiced in a CTF. If you want to get better at restricted shell escapes, a CTF is 100% a great way to do it. If you want to practice Bloodhound - again, go for it. CTFs are awesome.
CTFs really do have a place in every security person’s educational plans. I suspect I’d even go as far as saying security people who’ve never done a CTF are probably missing some key skills.
I just dont think being good at CTFs, or rank on HTB etc is the same as being a good security person.