CybersecurityPenn State cybersecurity club gets competitive

Published 11 October 2016

The members of the Penn State Competitive Cyber Security Organization (CCSO) are embroiled in a game of capture-the-flag. They’re in hot pursuit of the pennant, hoping to find it before their competitors. But instead of dashing across fields and through the woods, they’re gathered in a conference room sharing pizza. And instead of searching for a brightly colored flag, they use their cybersecurity skills to find a “flag” that is actually a special computer file.

The members of the Penn State Competitive Cyber Security Organization (CCSO) are embroiled in a game of capture-the-flag. They’re in hot pursuit of the pennant, hoping to find it before their competitors.

But instead of dashing across fields and through the woods, they’re gathered in a conference room sharing pizza. And instead of searching for a brightly colored flag, they use their cybersecurity skills to find a “flag” that is actually a special computer file.

Penn State says that this twist on capture-the-flag (called CTFs in the competitive cybersecurity world) is just one of the activities that members of CCSO engage in. The club, founded in 2013, focuses on all things cybersecurity: Members have the chance to attend conferences, listen to speakers and participate in cybersecurity competitions.

“The club is really an opportunity for us all to learn and expand our skill sets,” said George Beatty, CCSO member and a double major in information science design and development and security risk analysis. “The College of Information Sciences and Technology (IST) does a good job of preparing its students for careers in computer science, but the field is so large that sometimes there’s a gap between what you’re learning and what you want to do. The club helps round out our education.”

Gearing up for competition
When Michael Morelli, now the club’s vice president and a senior majoring in security risk analysis, first attended a club meeting, he wasn’t yet familiar with what a cybersecurity competition looked like. But fueled by a passion for security and a strong competitive streak, he joined and started attending meetings and competitions.

He soon learned that CTFs aren’t the only type of cybersecurity competition. In some, a fake network is created and participants are instructed to break in. In others, they’re charged with protecting the network instead of trying to hack in. Sometimes participants compete remotely and other times they travel to the institution hosting the event.

“A big part of these competitions is being put outside of your comfort zone,” said Kevin Houk, president of the club and a security risk analysis major. “You’re supposed to do research and try using different tools to solve the problem, even if you go down the wrong path at first. It’s all about developing your skills.”