KENNESAW, Ga. | Nov 4, 2019

Cracking a bank’s security is not something students are typically encouraged to do. However, the Kennesaw State University Offensive Security Research Club (OffSec) recently competed in a regional cybersecurity competition that tasked them with doing just that.

The club finished third in the Southeast Regional Collegiate Penetration Testing Competition, held Oct. 11-13 at Augusta University. Eleven universities from across the region participated in the event, including five from Georgia. As the third-place team, Kennesaw State was the highest-ranking Georgia team.

Sponsored nationally by the Rochester Institute of Technology’s Department of Computing Security, the organization’s website describes the CPTC as “a vehicle for up and coming cybersecurity student teams to build and hone the skills required to effectively discover, triage, and mitigate critical security vulnerabilities.”

At the regional competition, the teams played the role of a bank’s in-house red team, which is a group of penetration testers whose job it is to identify network security issues and exploit them. Teams searched 50 different networks for vulnerabilities to compromise. They also drafted detailed reports of the flaws using language easily understood by bank leadership, day-to-day managers, and technical employees.

“Students are taught to think about these security-related risks in the context of the entire organization,” says Andy Green, the OffSec’s faculty adviser and a lecturer in the Michael J. Coles College of Business’s information security and assurance (ISA) degree program. “This is not just a technical competition. While students have great success in finding vulnerabilities and compromising them, the competition places a high value on students’ ability to explain the associated risk to an organization that stems from what they discover.”

The Offsec team – consisting of ISA students Emily Gilmer (team captain) and Zack Marotta; cybersecurity student Aaron Russell; and computer science majors MacKenzie Erikson, Arash Negahdar, Armaan Esfahani, and Major Taylor – spent two months training for the competition.

Gilmer says that the team met in person each Friday to prepare. They practiced breaking into networks using an online platform called Hack the Box, which operates virtual penetration testing labs and provides free educational resources to students. The OffSec team also trained with local cybersecurity professionals who volunteered their personal time..

In addition to the training sessions, Gilmer credits the strength of Kennesaw State’s ISA degree with providing the foundational understanding needed to excel in events like the CPTC.

“Ultimately, our entire collegiate careers went into preparing the team for this competition,” she says. “We used skills and knowledge learned in all of our major classes.”

Other Georgia universities to participate in the regional CPTC were Augusta University, Middle Georgia State University, Augusta Technical College, and Columbus State University. The winning team – the University of Central Florida – will travel to the national competition at Rochester Institute of Technology’s campus in New York on Nov. 22-24.

This was the first year the regional competition was held. Green says that he is proud of the team’s strong performance in their first appearance, and is confident they will return even more competitive next year.

“Students gain a lot from competitions like the CPTC,” he says. “They are given a challenge and expected to work collaboratively to address it and are given a chance to test existing skills while developing new ones.”

-Patrick Harbin