The New England regional of the Collegiate Penetration Testing Competition, hosted by the University’s Connecticut Institute of Technology, is part of an international program considered one of the “premier collegiate ethical hacking competitions,” attracting groups of cybersecurity students from some of the most prestigious programs across the globe.
January 6, 2022
A team of seven University of New Haven students is going for gold – in the international finals of the Collegiate Penetration Testing Competition, set to take place January 6 through 9. The group recently captured second place in the New England Regional Competition, hosted by the University’s Connecticut Institute of Technology (CIT).
The competition takes a deep dive into real-life cybersecurity problem solving, such as uncovering vulnerabilities of mock networks connected to real companies, determining the financial impact of those vulnerabilities, and writing an executive-level report detailing what they found.
The annual regional and global competitions bring together students with top marks from some of the most prestigious cybersecurity programs across the nation and around the world. In 2020, the New England regional competition was hosted virtually by CIT, and the Chargers captured third place. In 2019, the competition was held on campus and in-person.
Ibrahim Baggili, Ph.D., Elder Family Chair and director of the University's Connecticut Institute of Technology, highlighted the stiff competitive nature of the event, while also recognizing the effort the team puts in every year.
"Cybersecurity involves attacks and defenses, thus, it is competitive by nature,” he explains. “Competitiveness is part of what we instill in our students. Our cyber teams always compete and work hard in order to beat teams from universities four and even eight times our size. Our progress in placing among the top teams constantly shows how hard our students work and their deep knowledge of the domain."
‘It is completely different to be able to apply those skills in a live environment’
The University’s team is led by captain Samuel Zurowski ’21 and co-captain Charles Barone ’22, and includes Nicholas Dubois ’24, Mathew Piscitelli ’22 M.S, Robert Serafin ’22 M.S., Alex Sitterer ’24, and Tyler Thomas ’22 M.S., and is advised by Mohamed Nassar, Ph.D., an assistant professor.
“Since I started coaching the hacking club team last spring, I noticed how skilled, determined, and autonomous the team members are,” said Dr. Nassar. “They are strongly motivated and want to make a difference. They showed excellent discipline, organization, and time management skills during the regional competition.
“Just looking at their report, completely written in Latex, your impression would be that this is not a report written by students. One would expect it had been written by a major security advisory and consulting firm,” he continued.
Zurowski, a computer science major, explains the process.
“Students act as security consultants for a mock company where we attempt to find as many vulnerabilities as possible,” he says, adding that the team is under a strict deadline. “This year, the theme was a manufacturing company that produces croissants called Le BonBon Croissant.”
"We look at what we did well, what we can improve, and what was sufficient."Samuel Zurowski ’21
The University of New Haven’s team then tests the network of the company after a cyberattack. As the team members discover vulnerabilities, they detail the impact, what would be done to fix them, and, of course, how to fix and comply with cybersecurity efforts.
“This report is meant for technical, C-suite level executives, and other management in a company,” adds Zurowski. “This competition is meant to be as realistic as possible to provide students real-world experience in penetration testing.”
These tests are incredibly important in this current digital age, Zurowski points out, as “approximately 50 new vulnerabilities are reported each day,” making staying on top of network vulnerabilities an extremely difficult task for a company.
“By regularly undertaking assessments it can help an organization understand its weaknesses, and help protect important assets, including customer data,” he said.
Meanwhile, the team’s co-captain, Barone, says the competition helps transition students interested in cybersecurity from the classroom setting to taking part in real-world applications with the skills they learned.
“It is one thing for a professor to tell you that a vulnerability exists in an application or platform,” he said. “But it is completely different to be able to apply those skills in a live environment.”
‘Having exceptional teammates is what makes it possible for us to place so well’
As the team prepares for the international finals, which will take place at Rochester Institute of Technology, the group is putting their hard work under the microscope. First up, is the report. Zurowski explains the report is the biggest part of the competition, and he and his teammates are reviewing the one they put together for regionals.
“We look at what we did well, what we can improve, and what was sufficient,” he said.
They then dig into researching major security issues happening right now, as well as familiarizing themselves with different cybersecurity platforms so they can “break into” those mock networks.
Co-captain Barone reflected on the strengths of this year’s team and how they have been learning from mistakes and successes over the last three years of competitions.
“Although there is a shared skillset that is common among all the team members, each member of the team also brings their unique knowledge and experiences to the table,” he said. “It is that combined shared experience that has allowed us to build team chemistry and communication.”
“This competition requires immense organization, technical knowledge, and time management,” added Zurowski. “Having exceptional teammates is what makes it possible for us to place so well.”
As part of the international competition, the team will be competing against top schools such as Carnegie Mellon, Stanford, the Rochester Institute of Technology, and Drexel.
“I am very excited to accompany three team members who will be physically participating in the competition in Rochester,” adds Dr. Nassar. “Other team members will be participating remotely. As a coach, I can’t be more proud of their performance, and I wish them all luck competing with teams from top universities in the United States and abroad.”