Cal State Fullerton is preparing and training — both inside and outside the classroom — the next generation of “penetration testers” that help a company counter external security threats before malicious hackers attack.
“Penetration testers are in demand. As cyberattacks are on the rise, so is the need for cybersecurity professionals who can discover security vulnerabilities before hackers do,” said Mikhail Gofman, associate professor of computer science.
To test their penetration skills, a six-member team of computer science majors — all members of the Offensive Security Society student organization — actually got to hack a corporate network — a fictitious self-driving car company. It was all part of the national Collegiate Penetration Testing Competition, where they posed as hackers.
After a rigorous and intense competition in early November at the Rochester Institute of Technology in New York, the team of undergraduates won second place, with Stanford University finishing in first place. The CSUF team members are undergraduates Ryan Shannon, Rojan Rijal, Brandon Nguyen, Christopher Mills-Bowling and Jose Urrutia, and graduate student Shripal Rawal.
“The win speaks to the enduring efforts of the computer science students who invested substantial time and displayed incredible resolve throughout the competition,” noted Susan Barua, dean of the College of Engineering and Computer Science.
Penetration testing is part of the broader security philosophy called offensive security, in which students learn methodologies to protect computer systems from cyberattacks, as well as how to respond, Gofman explained.
The students’ performance for the security auditing competition was ranked on how well they penetrated the company’s network with their hard technical skills, and also on the quality of their oral presentation and written report, said Gofman, the team’s adviser and director of the Center for Cybersecurity in the College of Engineering and Computer Science.
The students won third place in the regional competition held at Stanford University in early October, which advanced the team to the national contest to face-off with the top teams in the country.
“The project for the competition was as close to a real security assessment as you can get,” said Shannon, the team’s captain. “It entailed everything from the technical aspect of network security, the business side of meeting with prospective clients and hammering out contract details, to the end product of producing a report that can produce security improvements for the target company.”
Teamwork, creative solutions, communication and a game plan, with each student assigned a specific role, were key to the students’ win, Shannon said.
“Overall, team bond, plus strong preparation is what led to this win,” added Rijal.
The competition also helped students discover and define their areas of interest and expertise, and gave them the opportunity to meet peers from other universities across the country.
“We were not just competing, we were forming a network of like-minded individuals who we just might work with in the future,” said Rijal, a sophomore.
Shannon, who is on track to graduate in May, also relayed that the real-world skills the team learned and put to use will help them land internships and jobs.
“I hope to take what I learned and hit the ground running in my first position as a penetration tester,” he said.