College students from Maine to California traveled to Rochester Institute of Technology Nov. 4–6 to test their hacking skills in the annual Collegiate Penetration Testing Competition.
The competition allows students to learn about cybersecurity from a different vantage point—offense, as opposed to defense. Teams from 10 national universities faced-off at RIT as they broke into computer networks, evaluated their weak points and presented plans to better secure them.
University of Central Florida took home the top trophy in the competition, while University at Buffalo placed second and RIT placed third. The top teams were noted for their exemplary positive professional attitudes, excellence in organization and both written and verbal communication skills.
The competition allows students to experience a day in the life of a penetration tester—the security professionals hired to test and evaluate an organization’s computer systems and networks to make sure malicious hackers can’t get in.
“Cybersecurity issues are in the news every day,” said Bill Stackpole, professor of computing security at RIT and director of the competition. “It’s important to have collegiate competitions like these that prepare students for challenges they’ll face in the real world, while helping raise visibility for how important penetration testing really is to cybersecurity.”
For the competition, teams of three to six students interrogated a mock-company’s network. The following morning, they presented a report to the judges on their findings and offered their suggestions for mitigating risk.
Student teams from RIT, University of Central Florida, City College of San Francisco, University at Buffalo, Tennessee Technological University, University of New Haven, University of Maine, University of Texas at San Antonio, Pennsylvania State University and California State Polytechnic University, Pomona, participated in the weekend competition.
Judges and sponsors from the security industry got to see how participants perform under fire, while students had the opportunity to meet with experts and hand out résumés.
Lucas Morris, senior manager of Technology Risk Consulting at Crowe Horwath and a judge for the competition, noted that the most successful teams were able to bridge first class technical skills with the ability to effectively communicate the risks and issues they identified.
“To help secure the future, we’re going to need many different approaches to security,” said Morris. “The CPTC helps to provide students with a safe environment to practice offensive security skills, using a different approach than many other types of competitions.”
In computing security, the Collegiate Cyber Defense Competition—held annually in San Antonio—is seen as the premier defense-based event, requiring students to defend an infrastructure while performing typical business tasks. In the future, RIT sees its Collegiate Penetration Testing Competition becoming the premier offensive event, with regional competitions that feed to the championships at RIT.
The RIT student team is made up of Nick Piazza, a computing security graduate student and captain of the RIT team from Baldwinsville, N.Y.; Luke Christian, a third-year computing security student from Middletown, R.I.; Michael Terranova, a second-year computing security student from Lancaster, N.Y.; Michael Cosmadelis, a second-year computing security student from Southhold, N.Y.; Michael Milkovich, a second-year computing security student from Bradenton, Fla.; and Sam Merchant, a third-year computing security student from Ringoes, N.J.
The RIT team is coached by Robert Olson, a lecturer in RIT’s Department of Computing Security.
For more information on the Collegiate Penetration Testing Competition, go to nationalCPTC.org.