Students from the nation’s top colleges will use their offensive hacking skills for good in a cybersecurity competition held Nov. 4–6 at Rochester Institute of Technology.
Ten collegiate teams will face off in the second annual Collegiate Penetration Testing Competition, as they attempt to break into computer networks, evaluate their weak points and offer plans to better secure them. The competition allows students to experience a day in the life of a penetration tester—the security professionals hired to test and evaluate an organization’s computer systems and networks to ensure that malicious hackers can’t get in.
“Penetration testing is crucial for proving to an organization that they have cybersecurity vulnerabilities,” said Bill Stackpole, professor of computing security at RIT and director of the competition. “Student competitors will learn how to add value to a business, by helping the company better understand its computing infrastructure and improve its security posture.”
During the competition, teams of up to six students will interrogate a mock-company’s network. The following morning, they will present a report to the judges on their findings and offer their suggestions for mitigating risk. The whole event is set up to mimic how penetration testing consulting happens in the real world.
“This mock company holds confidential data that would have a significant impact if breached,” said Stackpole. “But this isn’t just happening in a simulation. Real companies are facing cybersecurity threats every day and our students need to learn how to combat that.”
Participants in the weekend competition include:
• Rochester Institute of Technology
• University of Central Florida
• City College of San Francisco
• University at Buffalo
• Tennessee Technological University
• University of New Haven
• University of Maine
• University of Texas at San Antonio
• Pennsylvania State University
• California State Polytechnic University, Pomona
Judges and sponsors from the security industry will see how participants perform under fire. Students will have the opportunity to meet experts and hand out résumés. Sponsors include the National Security Agency, IBM, Amazon, Google and Facebook.
In computing security, the National Collegiate Cyber Defense Competition (NCCDC)—held annually in San Antonio—is seen as the premier defense-based event, requiring students to defend an infrastructure while performing typical business tasks. In the future, RIT sees its Collegiate Penetration Testing Competition becoming the premier offensive event.
“We had a lot more than 10 teams that wanted to participate in the competition this year,” said Stackpole. “We would like to see this grow from a single event into a national tournament, with four or five regional competitions feeding to the championships at RIT.”
In 2012, RIT broke the mold of traditional cybersecurity education by creating the Department of Computing Security, the first academic department devoted solely to computing security. Today, RIT is helping to fill a national need for qualified computing security professionals as a one of National Centers of Academic Excellence in Information Assurance/Cybersecurity Education designated by National Security Agency and Department of Homeland Security.
For more information on the Collegiate Penetration Testing Competition, go to nationalCPTC.org.