UNIVERSITY PARK, Pa. — Tensions were high as members from the Penn State Competitive Cyber Security Organization (CCSO) recently participated in the Eastern Regional Collegiate Penetration Testing Competition (CPTC). But those emotions quickly turned to excitement when the team learned that they had received an at-large bid to participate in the national CPTC finals.
The regional competition, hosted by the College of Information Sciences and Technology (IST) in October, welcomed teams from all over the country for the weekend-long event. The competition provided a unique opportunity for students to perform penetration testing, also known as pen tests, which are a vital aspect of cybersecurity.
Penetration tests are authorized by an organization for individuals to make their best efforts to infiltrate a secure network. Charged with discovering security flaws and vulnerabilities, it is a critical skill for cybersecurity analysts and a muscle the students are able to flex in this tournament.
Greg Bernatowicz, Penn State’s team captain, who is also employed as part-time pen tester with Boeing, was confident he had assembled a strong team of students for the regional competition. Other team members included Adam Bernatowicz, Luke Gleba, Kevin Houk, Evan Perotti and Jared Trigili.
While the team breathed a sigh of relief when they found out they advanced, their sights soon turned to the next round — a national event that pitted the cohort against other top universities from all over the country.
And while the team didn’t place at the national tournament held in December, the competition proved to be an invaluable experience.
The regional competition begins
On the first day of the regional competition, the six team members split into pairs and worked away at the challenge provided. Communication was critical, especially with a problem set as large as the one provided. Splitting into teams helped to keep fresh ideas and perspectives flowing.
This year’s scenario focused on a fictional organization that provides voting services for government elections.
“In light of recent events regarding election systems, this scenario challenged teams from top universities across the nation to improve the security posture of an organization that provides voting services,” Bernatowicz said.
Then, after discovering and mitigating security vulnerabilities within the voting machine software, they reported them to key stakeholders, just as professional cybersecurity firms do.
Nick Giacobe, CCSO’s adviser and the eastern regional coordinator for this year’s CPTC, had similar ideas about the simulation.
“In the current political climate, with lots of discussion about foreign intervention into our election processes, it’s really timely,” Giacobe said.
Starting at 9 a.m. on Saturday, the teams were sent to their respective rooms to run tests and complete the challenge. Each team had until 6 p.m. to finish their security scans, and then compile a final report due at 8 a.m. on Sunday.
After the grueling competition, Russ Housknecht, lecturer of IST and the team’s faculty coach, was proud of the team’s performance.
“The report they wrote was excellent, and they looked for every possible hole into the system,” said Houseknecht. “They seemed to have done it very systematically and thoroughly.”
Looking ahead to the future
At the national level, Penn State faced even fiercer competition. And though they didn’t place in nationals, the club has big plans for the future.
“There are some great schools with strong backgrounds in these kinds of competitions, and we’re just getting started,” Giacobe said.
“As a club, CCSO is in a rebuilding year. We’re getting more focused on the types of competitions that match our skillsets,” Giacobe added. “We’re advancing our training and processes and we’re excited to have students participating in several competitions this year.”
Bernatowicz encourages students interested in cybersecurity to join CCSO to challenge themselves to gain experience.
“The club participates in numerous competitions both defensively and offensively throughout the year,” Bernatowicz said. “As our knowledge base and experience grows, so will our successes.”
Houseknecht is optimistic about the future of the club and believes they will continue to grow and succeed.
“I would love to see this group continue to go to competitions, train, and get some placements that will give the University recognition on how strong our Cybersecurity Analytics and Operations program is and will continue to be,” Houseknecht said. “I think if we continue to do well and compete, it will give us that recognition.”