By Yetnaleci Maya, Mar. 22, 2022
Cal Poly Pomona’s cybersecurity team ranked first out of 15 teams in the 2021 Collegiate Penetration Testing Competition, a contest intended to mimic a real-world environment in which students carry out penetration tests based on a client’s network with the goal of a hands-on interactive experience in the cybersecurity field.
In its seventh annual season, the CPTC’s theme was Food Manufacturing and Retail and the company the teams were tasked on working with was the bakery and candy manufacturer, Le BonBon Croissant. The teams were tasked with hacking into the company’s warehouse to detect any gaps or weaknesses within their business and discuss the different ways in which they would be able to prevent future breaches.
The Students With an Interest in the Future of Technology, or SWIFT, organization on campus makes up the CPTC team every year and their process of preparation before each competition occupies most of the team’s time.
“It’s a very long process and it’s very involved,” explained last year’s team captain, Alex Tselevich. “Actually, for many of us, the whole process of studying and getting ready for this is way longer than just even that window from the start of the boot camp to the competition itself.”
The SWIFT team begins by holding tryouts in August for anyone interested in information security, cyber security and information technology. During the process of tryouts, the team holds Saturday meetings giving people interested in joining SWIFT a chance to pick up on skills through lecturing, homework and having alumni that come back to speak on their experiences. SWIFT then holds formal tryouts where the team has an anonymous grading system for student projects and work that they submit. The team’s roster, made up of 6 competitors and 2 alternates, is then assembled in September and all that time up until November it focuses on the regional round of the competition.
Robinson Tran, one of last year’s team alumni, discussed how his process of trying out for the team meant he had to sacrifice his graduation year but how it benefited him in the end.
“I was set to graduate this past spring, but I thought about it for a while, and I came to the decision of extending my graduation for the opportunity,” said Tran. “So, I would have one more semester to be a full-time student and participate in this competition, and that is how much this competition meant to me personally, and it was well worth it because of all the opportunities that came out of it.”
As a part of its game plan, the team strategically worked on an inherited pentesting tool from previous years called Jvision. With years in the making, they continued to expand the usage of this collaborative scanner, which works by scanning networks for public-facing services that are being exposed on a network. This aided the team’s process by allowing them to able to view the services on the Jvision tool.
The team also focused on delivering a cohesive and unified report in which they discussed their findings.
“We spent a lot of our practices going, ‘Hey, what do we want in our report — which is our deliverable that we get graded on — to look like?’ I would say we spent well over 200 hours between all of us working on that report and getting it formatted exactly how we wanted,” said the team’s incoming captain for next year, Justin Covairt.
As the team prepares for next year’s competition, members collectively agreed their focus would be on the more technical side of the competition due to that criterium being the one they were graded the lowest on.
While the competition is the team’s No. 1 project, the team does not steer away from sharing their knowledge with their surrounding communities. They host an ongoing project called “Red vs. Blue” in which they work on community outreach and focus on the offensive side of security. The blue team consist of CPP students, neighboring high schools and middle schools who are given a network of machines that they have to secure and maintain, while the red team, composed of mainly CPTC team members, attacks their systems and gives them the experience of being in a cyberactive incident.
Ron Pike, an associate professor in the Computer Information Systems Department and the team’s advisor, discussed that the reason why the team succeeded this year was not just skill-based, but could also be attributed to their collaborative spirit.
“I think they all have good skills and talents and what not, and I think that’s huge, but I would say what really set this team apart has been their cohesiveness,” said Pike. “To the extent in which they work well with each other and the way they support each other.”