Learning by hacking at pentesting competition
RIT places second among nine colleges in first annual computing security competition
Rochester Institute of Technology is already planning its second Collegiate Pentesting Competition after the success of its first annual event held Nov. 7–8 in Rochester, N.Y.
“You bet we’ll be doing this again next year,” said Bill Stackpole, associate professor of computing security at RIT and director of the competition. “Along with the advisory board, sponsors and teams, we look forward to building the next generation of security professionals so they can meet and exceed the challenges of the future.”
The first-of-its-kind competition allows students to learn about cybersecurity from a different vantage point—offense, as opposed to defense. Teams from nine regional universities faced-off at RIT as they broke into computer networks, evaluated their weak points and presented plans to better secure them.
University at Buffalo took home the top trophy in the competition, while RIT placed second and Syracuse University placed third. The top teams were noted for their exemplary positive professional attitudes, excellence in organization and both written and verbal communication skills.
The competition allows students to experience a day in the life of a penetration tester—the security professionals hired to test and evaluate an organization’s computer systems and networks to make sure malicious hackers can’t get in.
“I like being a part of cybersecurity competitions because it gives me a chance to test my skills and have fun,” said Nick Piazza, a fourth-year computing security major and captain of the RIT team. “When I approach a network to penetration test, I see it as a puzzle or a maze with many different ways to tackle it.”
For the competition, teams of three to six students interrogated a mock-company’s network. The following morning, they presented a report to the judges on their findings and offered their suggestions for mitigating risk.
Student teams from RIT, Alfred State College, Indiana University of Pennsylvania, Penn State, Syracuse University, Tompkins Cortland Community College, University of New Hampshire, University at Buffalo and the United States Naval Academy, participated in the weekend competition.
Judges and sponsors from the security industry got to see how participants perform under fire, while students met with experts and handed out résumés.
“Coming to the Pentesting Competition is a great way for us to recruit the students who will someday be driving the future of our products,” said Joaquin Madruga, Director of Engineering at Vectra Networks, which is based in San Jose, Calif. “It’s great to see the dynamics within the teams and excitement from the students.”
Sponsors included Vectra Networks, Logical Operations and IBM. Judges included sponsors, faculty and members of the Pentest Advisory Board who work as pentesters at companies, including Crowe Horwath, Uber and Facebook.
In computing security, the Collegiate Cyber Defense Competition—held annually in San Antonio—is seen as the premier defense-based event, requiring students to defend an infrastructure while performing typical business tasks. In the future, RIT sees its Collegiate Pentesting Competition becoming the premier offensive event.
The RIT student team is made up of Piazza, who is from Baldwinsville, N.Y.; Vlad Ionescu, a fourth-year computing security student from Stamford, Conn.; Luke Christian, a second-year computing security student from Middletown, R.I.; Ryan Whittier, a third-year computing security student from Rochester, N.Y.; Dave Kukfa, a third-year computing security student from Penfield, N.Y.; Yogeesh Seralathan, a computer science graduate student from India; alternate Susan Heilman, a fourth-year computing security student Jenkintown, Pa.; and alternate Michael Milkovich, a first-year computing security student from Bradenton, Fla.
The RIT team is coached by Jonathan S. Weissman, a lecturer in RIT’s Department of Computing Security.
For more information on the Collegiate Pentesting Competition, go to cptc.csec.rit.edu.