Ethical hackers: How attacking can lead to protecting




Follow Scott Bureau on Twitter
Follow RITNEWS on Twitter
201510/hackers.jpg

A. Sue Weisler

Scott Vincent, left, president of RC3, discusses offensive hacking strategy with another club member at a recent Competitive Cybersecurity Club meeting.

A new competition hosted by RIT is challenging computing security students to use their offensive hacking skills for good.

In the first Collegiate Pentesting Competition, to be held Nov. 7–8 at RIT, nine teams from regional universities will face off as they attempt to break into computer networks, evaluate the strength of the network’s security and offer ways to improve it.

The first-of-its-kind competition allows students to experience a day in the life of a penetration tester—security professionals who are hired to test and evaluate an organization’s computer systems and networks to make sure malicious hackers can’t get in.

“Penetration testing is crucial to any organization that relies on the Internet—which is pretty much all of them,” said Bill Stackpole, professor of computing security at RIT and director of the competition. “In fact, some companies, including many in the financial industries, are required to conduct penetration tests every year.”

During the competition, teams of three to six students will interrogate a mock-company’s network. The following morning, they will present a report to the judges on their findings and suggestions for mitigating risk.

“The competition includes a request for proposal from the company and a set of rules and standards for what the attackers are allowed to do,” Stackpole said. “The whole thing is set up to mimic how penetration testing consulting happens in the real world.”

Judges and sponsors from the security industry will get to see how participants perform under fire, while students can meet experts and hand out résumés.

“I enjoy cybersecurity competitions because you get to apply your skill sets to real problems,” said Scott Vincent, a fourth-year computing security student from Albany, N.Y., and president of the RIT Competitive Cybersecurity Club (RC3), an extracurricular club. “It’s very exciting that we are on the cutting edge of offensive security competitions like this.”

In computing security, the Collegiate Cyber Defense Competition—held annually in San Antonio—is seen as the premier defense-based event, requiring students to defend an infrastructure while performing typical business tasks. In the future, RIT sees its Collegiate Pentesting Competition becoming the premier offensive event.

“I would like this to grow from the first regional event into a national event, with four or five regional competitions feeding to the championships at RIT,” said Stackpole. “This will help raise visibility for how important penetration testing really is to cybersecurity.”

201510/hackers.jpg

A. Sue Weisler

Scott Vincent, left, president of RC3, discusses offensive hacking strategy with another club member at a recent Competitive Cybersecurity Club meeting.