Augusta University hosts inaugural Southeastern Regional Collegiate Penetration Testing Competition

College teams from across the Southeast will compete at the Georgia Cyber Center this weekend as Augusta University’s School of Computer and Cyber Sciences proudly hosts the 2019 Southeastern Regional Collegiate Penetration Testing Competition (CPTC).

“This competition is all centered around cybersecurity,” said Steven Weldon, an instructor of computer science at Augusta University’s School of Computer and Cyber Sciences. “This is an opportunity for cybersecurity teams to build and hone their skills in a simulated environment that mimics real-world networks. In this competition, a scenario is built around a fictitious organization and the competing teams are looking to identify and report on vulnerabilities that are really similar to what they would see in a real-world environment.”

The 10 college teams that will be competing in the CPTC’s Southeast region on Oct. 12-13 at the Georgia Cyber Center include Augusta University, University of Florida, College of Charleston, University of Central Florida, Florida Tech, University of South Alabama, Kennesaw State University, Columbus State University, Middle Georgia State University and Augusta Technical College.

In total, the CPTC has cybersecurity college teams from six regions competing across the globe on the same weekend for the opportunity to advance to the national competition held at the Rochester Institute of Technology (RIT) in New York on Nov. 22-24.

“This competition stretches all the way to the West Coast to the East Coast to the Northeast and Southeast,” Weldon said. “While Augusta University is hosting the inaugural Southeastern regional competition, the North region is hosted by the University of New Haven, the Northeast region is hosted by Penn State, the Central region is hosted by Tennessee Tech, the West region is hosted by Stanford University and, for the first time, there is an international region – a Middle East region – hosted by the Rochester Institute of Technology in Dubai.”

The CPTC, which was started by RIT in 2015, has grown tremendously over the past several years because it is a competition that is unlike other cybersecurity events, Weldon said.

“This competition is kind of an offensive side of cybersecurity,” Weldon said. “So, it’s not just protecting the network from people who are trying to penetrate the network. This is actually trying to penetrate the network of this fictitious organization. That’s why you’ll hear people use the term, hacking competition. But in the cybersecurity realm, it’s called a penetration test.”

Weldon explained there are three main focus areas of the competition: technology, communication and collaboration.

“Teams have to use technical knowledge and skills to be able to identify the weaknesses and penetrate into these simulated networks,” Weldon said. “But then, they also have to be able to communicate. And that means, communicate not only with someone with a technical background, but to anyone. Let’s say, they might be talking to the board of directors or the CEO of a company who may or may not be technical. So, they need to be able to communicate to both worlds.”

Finally, the colleges competing must also collaborate as a team to win, Weldon said.

“It’s a collaborative process because it is a team competition and there’s a very limited amount of time,” he said. “Teams don’t have three or four months to try to figure out how to get into this network. They have from 9 a.m. until 6 p.m. on Saturday to do what they can. So they have to work together as a team.”

Each of the college teams competing in all six regions will not be given the fictitious scenario until they are handed a packet at 9 a.m. on Saturday, Oct. 12, Weldon said.

“Every team is given a certain number of laptops and when they are handed that packet, they will find out, ‘Here is who we are working for. Here is what we are tasked to do,’” Weldon said. “And then they will work collaboratively to decide, ‘How do we approach this? What do we do? How do we scan the network to see where there might be vulnerabilities? When we find vulnerabilities, how do we exploit them? And then once we are in, what can we find? What do we need to tell our customer about their vulnerabilities?’”

The college teams – which consist of six members, two alternates and a coach – enjoy this particular cybersecurity competition because it is challenging to even the most experienced students, Weldon said.

“For us to be able to host the inaugural Southeastern regional competition is really incredible,” Weldon said, adding that IBM is the national and southeastern regional sponsor of the event and BSidesAugusta is the local sponsor. “And then for us to be able to hold it in the Georgia Cyber Center, a world-class facility, where we can host all these teams is simply wonderful. It’s just a win-win situation all the way around.”