KENNESAW, Ga. | Apr 2, 2021

When 56 students from seven universities participated in the recent Southeastern Collegiate Cyber Defense Competition hosted by Kennesaw State University, they found some key changes to the event this year designed to prepare them for the kinds of business-related challenges cybersecurity professionals face every day.

Kennesaw State has hosted the SECCDC for 15 of the previous 16 years. Participants assume the role of a company’s information security team responding to cyberattacks from professional penetration testers. More than 25 faculty members, students, and partners volunteered to make the virtual event a success.

Students collaborated via the Zoom web conferencing platform, while event sponsors such as Raytheon and Palo Alto Networks used it to host a job fair. The competition also hosted private discussions and a virtual help desk on the Slack online communications tool.

One of the key changes for this year’s event was that students no longer defended servers located on campus, but instead cloud-based servers hosted by Amazon Web Services (AWS). As more businesses move to the cloud, the competition organizers felt the change was necessary.

“This is the way the world is moving,” said Nicolas Kammerdiener, an alumnus of Kennesaw State’s Information Security and Assurance program who volunteered to set up the AWS servers. “Companies are beginning to utilize the cloud and run things in a more elastic fashion. We are seeing [on-premises servers] become a thing of the past.”

Students enjoyed having the chance to interact with computer systems like the ones they will encounter in the workplace.

“It mimics the atmosphere we live in today, where security and IT teams are solely dependent on remote access to carry out their administrative duties,” said cybersecurity major Bowen Aguero, who competed on Kennesaw State’s cyber defense team, which placed third. “Finding ways to work around the cumbersome nature of remote administration provided a nice touch of practical realism to the competition.”

The other major change to the SECCDC was that teams lost twice as many points compared to previous years when their API server – which is responsible for fulfilling customer orders – was down.

According to ISA professor Andy Green, the SECCDC’s competition manager, this was done to remind students that information security impacts the entire enterprise and directly affects the bottom line.

“The whole idea is to show students how security functions within a business,” Green said. “Too many students think that security is all there is. But, they need to understand that security is only one of many aspects that business leaders have to address along with profitability, research and development, human resources, customer relations, and everything else. In the case of the API server, lost orders equals lost revenue, so we put an emphasis on that one system to drive the point home that all businesses live and die based on their revenue.”

While switching to the cloud and placing greater emphasis on order fulfillment are new innovations, the core of the competition remains the same. Students must defend computer networks from coordinated attacks by the red team, a group of professional penetration testers comprising real security professionals.

Bren Briggs, the director of DevSecOps for Hypergiant Industries, who also goes by the handle “fraq,” volunteered to be the red team lead. His philosophy when planning the attacks was to give students a mix of challenges like what they encounter in class alongside more advanced problems that take them out of their comfort zones.

“This is a fantastic test of skills against adversaries that will challenge you in an environment that will push you beyond your current limits, reveal gaps, and show you new things,” Briggs said. “The environment is a place where failure is not only safe but expected. If you’re not failing, you’re not learning.”

Volunteers like Briggs, Kammerdiener, and others are critical to the SECCDC’s continued success, as is the support of corporate partners including Raytheon, Palo Alto Networks, and Help Systems, whose Cobalt Strike software runs at the heart of the red team’s activity. Several members of the Department of Information Systems and Security faculty and staff also worked at the event.

The SECCDC was founded in 2006 by Michael J. Coles College of Business faculty members Herb Mattord and Mike Whitman, and is jointly managed by the Department of Information Systems and Security and the University’s Institute for Cybersecurity Workforce Development. It is part of a national network of competitions sponsored by Raytheon.

Green said that the changes rolled out this year will stick around, as cloud computing and enterprise-level thinking are skills that will only become more important in the future.

“It’s necessary for the competition to evolve every year,” Green said. “Students still have to maintain a security posture and deal with red team attacks, but what changes is how we challenge them and how we refresh the scenario to stay current.”

- Patrick Harbin