This year, a team of eight Penn State students managed to take home the award of “most creative hack” by generating what the team captain, Cole Daubenspeck, estimated to be $20 quadrillion in the simulation.
The Collegiate Penetration Testing Competition (CPTC) is an annual event which challenges cybersecurity student teams to unveil and resolve a network’s critical security vulnerabilities within a simulated environment.
This year, Penn State students were able to make it through regionals and onto the nationals phase, becoming one of the top-scoring teams in the nation.
Daubenspeck (junior- cybersecurity analytics and operations) described the way in which he used his former experience in the competition to lead a more effective and prepared team into the competition.
“It doesn’t matter how good you are breaking into these systems if you can’t communicate it effectively,” Daubenspeck said of holding tryouts and finding members for his team.
Throughout their yearlong and weekly three-hour practice regimen, Daubenspeck and co-captain Sarah Hume held a student-led preparation process in Penetration Testing Labs to collectively learn technical skills not formally taught in their information sciences and technology classes.
Throughout their tryouts and preparation process, they specifically focused on reinforcing members’ diverse abilities relating to both business-focused roles and more nuanced penetration testing skills.
This year’s competition specifically focused on DinoBank, a mock financial services and cryptocurrency company. The competition immersed students in an eight-hour process of identifying the system’s key security vulnerabilities.
In the second phase of the competition, students were required to present their findings and solutions with official reports and a final presentation by 3 a.m. the same night.
“The Team did fantastic and I’m really proud of my team,” Daubenspeck said. “I think most of what we could improve upon is the organization. At nationals, we had a hard time keeping up with all of the tasks that we were being assigned, as well as completing the work so we worked in total to the last few seconds of the deadline.”
When describing the benefits of participating in CPTC, Hume (senior-cybersecurity analytics and operations) compared her experience to that of an internship in which she served as a penetration test consultant.
“[CPTC is] actually a simulation of a Pen-Test, which you really can’t get anywhere else,” Hume said. “There’s nothing like it that exists that I know of.”
For Hume and other members of the team, the ability to work with DinoBank presented a rare opportunity to interact with a carefully and realistically constructed fake corporate network.
Many members on the team stressed that being able to take on the role of attacker rather than being limited to the perspective of a defender was especially helpful.
The increased importance of cybersecurity in the labor force is especially critical in the foundation of CPTC, as well as the field in general, according to team member Walter Bain.
“I think this is really important because obviously as more objects in our daily lives become interconnected to the internet, we’re only going to see more and more hacks…I believe,” Bain (senior- security and risk analysis) said. “So having something like this to help students learn about the industry and how they can find a job… I think that’s really important for this generation moving forward.”