Cybercompetitions are extremely valuable to test and sharpen hacking skills, but they are typically too difficult for security beginners. We have found helpful training tools to guide and encourage students including PicoCTF, EasyCTF, and CTFtime. We now have a strong competitive hacking team, CCSF_HACKERS, competing in more than ten contest per semester. We also have an enthusiastic hacking club, including security students and coders, which is growing rapidly.
Every website should offer bug bounties, or at least have a responsible discosure policy. This is easy to do, costs little or nothing, and greatly improves security. I'll explain how to do this and report the results of my own disclosure policy--students and other researchers have hacked me many times, getting into my email and Twitter accounts, rooting my servers, and adding harmless defacements to my Web sites. They all got my thanks and were placed on a Hall of Fame page. These people are heroes, helping me stay secure, not criminals or enemies.