Colleges battle at national pentesting competition

Stanford, Cal-State Fullerton and Central Florida take top three spots in competition at RIT

The nation’s brightest cybersecurity college students tested their hacking skills at the annual National Collegiate Penetration Testing Competition (CPTC) this weekend in Rochester, N.Y.

The premier offensive-based competition, held Nov. 2–4, allowed students to learn about cybersecurity from a different vantage point—offense, as opposed to defense. Teams from nine national universities faced-off at Rochester Institute of Technology, breaking into fabricated computer networks, evaluating their weak points and presenting plans to better secure them.

The event is sponsored by several top tech companies, including IBM, Google, Palo Alto Networks and Eaton. The CPTC is one way that higher education is working with industry to combat the national shortage of qualified cybersecurity professionals.

Stanford University took home the top trophy in the 2018 competition, while Cal-State Fullerton placed second and University of Central Florida placed third. During the course of this year’s CPTC events, Stanford distinguished itself by discovering a “zero day vulnerability.”

Student teams from Baldwin Wallace University, California State Polytechnic University–Pomona, California State University–Fullerton, Dakota State University, Drexel University, Rochester Institute of Technology, Stanford University, Tennessee Tech University, University of Central Florida and University of New Haven participated in the weekend event.

During the weekend, students and cybersecurity experts were also invited to tour IBM’s new X-Force Command Tactical Operations Center (C-TOC), which made RIT its first university stop on the center’s world tour. Students got to interact with cyberattack simulations and discuss the tactics with professionals on the retrofitted tractor trailer.

The competition, which is in its fourth year, allows students to experience a day in the life of a penetration tester—the in-demand security professionals hired to test and evaluate an organization’s computer systems and networks to make sure malicious hackers can’t get in.

“Cybersecurity competitions are an important mechanism for training and evaluation; these competitions address broad and deep cybersecurity workforce development needs,” said Justin Pelletier, national director of CPTC and a lecturer in RIT’s computing security department.

For the competition, teams of three to six students interrogated a mock company’s network. The following morning, they presented a report to the judges on their findings and offered their suggestions for mitigating risk.

This year’s mock company was based on a ride sharing app that used autonomous vehicles.

Judges and sponsors from the security industry got to see how participants perform under fire, while students had the opportunity to meet with experts and hand out résumés.

The Collegiate Penetration Testing Competition is the premier offense-based college computing security event. Leading up to the national competition in Rochester, regional competitions were held across the country. CPTC is an effective counterpart to the Collegiate Cyber Defense Competition (CCDC)—with its national competition held annually in San Antonio—which is the premier defense-based event, requiring students to defend an infrastructure while performing typical business tasks.

For more information on the Collegiate Penetration Testing Competition, go to

Recommended News