Colleges face-off at national pentesting competition

Students from the nation’s best colleges will use their hacking skills for good in the largest offensive-based collegiate cybersecurity competition, held Nov. 2–4 at Rochester Institute of Technology.

Ten collegiate teams will face off in the National Collegiate Penetration Testing Competition (CPTC), the premier offense-based collegiate computing security event. CPTC is an effective counterpart to the Collegiate Cyber Defense Competition (CCDC), which is the premier defense-based event, requiring students to defend an infrastructure while performing typical business tasks.

Student competitors will attempt to break into computer networks created for the competition, evaluate their weak points and offer plans to better secure them. The competition allows students to experience a day in the life of a penetration tester—the security professionals hired to test and evaluate an organization’s computer systems and networks to ensure that malicious hackers can’t get in.

After making their way through the East, Central and West regional competitions in October, teams participating at nationals include:

  • Baldwin Wallace University
  • California State Polytechnic University, Pomona
  • California State University, Fullerton
  • Dakota State University
  • Drexel University
  • Rochester Institute of Technology
  • Stanford University
  • Tennessee Tech University
  • University of Central Florida
  • University of New Haven

In this year’s scenario, teams will need to pentest a network that supports a ride sharing app and autonomous vehicles.

“Cybersecurity competitions are an important mechanism for training and evaluation; these competitions address broad and deep cybersecurity workforce development needs,” said Justin Pelletier, national director of CPTC and a lecturer in RIT’s computing security department. “Our industry is working hard to address a severe shortage in qualified cybersecurity professionals and offering fun, challenging competitions is one way to do that.”

Pelletier also noted that the competitions provide repositories of data that researchers can use to engineer superior cybersecurity technology. RIT researchers are already combining past data with criminology theories and machine learning to create simulations and models that predict when and how computer systems might be attacked. 

During the competition, teams of up to six students will interrogate a mock-company’s network. The following morning, they will present a report to the judges on their findings and offer their suggestions for mitigating risk. The whole event is set up to mimic how penetration testing consulting happens in the real world.

Judges and sponsors from the security industry will evaluate the performance of the competitors while under fire. Students will have the opportunity to meet experts and hand out résumés. Sponsors include IBM Security, Google, Palo Alto Networks, Eaton, Uber, Crow Horwath, Uber and Hurricane Labs.

Throughout the competition, the university will hold a RIT Computing Weekend, which includes a visit from IBM’s new X-Force Command Tactical Operation Center (C-TOC), speakers and computing demonstrations. The competition will be held in RIT’s Golisano College of Computing and Information Sciences. For more information on the Collegiate Penetration Testing Competition, go to

Recommended News