The most common form of competition is open, online Jeopardy-style, with a series of challenges available online. They operate with very few rules, no restrictions on who can compete, and no limit to team sizes. These competitions are the most popular, because anyone can join, at any skill level, without any restrictions or risks. Participants don't even need to risk humiliation, since they can compete with an anonymous account.
The most exclusive, expensive, and restricted competitions are the ones that require physical presence at a competition location, entrance fees, and sometimes proof of full-time enrollment in an appropriate college program. The most famous and advanced CTF of that type is the DEF CON CTF, which is far too difficult for any academic team I know of. The main college-oriented competions of that type are the Collegiate Cyberdefense Competition (CCDC) and the Collegiate Penetration Testing Competition (CPTC). Only college teams can participate in them, so they remain within reach for the skill levels of college students.
A major issue in cybersecurity is that the skill level required for top-level professional work far exceeds the level of college training programs. All undergraduate colleges currently do is teach students the fundamentals of computing, networking, and security, and a basic level of skills with a few popular tools. Students need to learn advanced topics on the job, or at expensive, specialized training programs such as SANS classes. Every leading college security program I know of is constantly struggling to keep up the progress in the field, and remains many years behind industry standards. This problem is very difficult to resolve. Colleges seem unable to adapt quickly enough to keep up. The fundamental problem is a culture clash between the ponderous, dignified, orderly, and bureaucratic college environment and the freewheeling, brilliant chaos of hackers.
We started doing online CTFs in 2013 or so. My most advanced student, @the_fire_dog, and I were often the only team members.
By 2015, we had an energetic hacking club and competed in several online CTFs, with encouraging results, as shown below.
We did not place in the top three teams, but we won a $600 prize and an award for "creative use of technology in the area of healthcare" sponsored by the IEEE.
In October, 2017, CCSF won second place in the CPTC Western Regional, second only to Stanford. We defeated UC Berkeley, CSU Dominguez Hills, San Jose State U, and other large colleges.
We competed in the CPTC finals in Rochester in November 2017, but we did not make it into the top three teams this time, either. The team was not discouraged, however, but remained focused on improving our performance next time.
In 2017-18, we competed for the second time. We hit our peak in the January, 2018, Invitational where we scored #1, defeating all the other teams, including Stanford!
However, we did not qualify in the January, 2018 qualifier held a few weeks later, so that ended our season this time. We are rapidly improving in all these competitions, but they are tough, and we cannot expect to get to the top without years of hard work.
In April, 2018, we competed in TORO.CTF, at CSU Dominguez Hills, and won 3rd place!
The competitions are very important, because they expose student to the latest topics, often going beyond our class offerings, and help them to meet employers and demononstrate their skills. Many students have gotten job offers from CTF event sponsors, and sometimes from company representatives we defeated.
Posted 4-9-18 by Sam Bowne
Jobs added 5:54 pm 4-9-18
Sam Bowne