University of New Haven Finishes Second in Regional Collegiate Penetration Testing Competition

Over the course of a recent Saturday, a group of University of New Haven students spent hours taking on the role of penetration testers, studying a “customer’s” digital security and seeking out any vulnerabilities they could find.

Members of the University’s Cybersecurity and Hacking team, they worked from 10 a.m. to 6 p.m. searching for ways into the mock company’s computer system and devising solutions to make that system as impenetrable as possible.

They were competing in the New England Regional College Penetration Testing Competition (CPTC) against teams from the University of Massachusetts Amherst, the United States Military Academy at West Point, Northeastern University, University of Massachusetts Lowell, Rutgers University, Illinois Institute of Technology, and the University of Virginia. Teams from more than 100 universities compete across seven global regions.

Throughout the day, four cybersecurity professionals from Black Hills Information Security acted in character, “going into the competition rooms, playing the role of the customer, interacting with competitors and scoring them on the interactions,” explained Liberty Page M.S., senior lecturer and program coordinator of the University’s B.S. in cybersecurity.

“These are highly skilled and experienced people working in the field.” At the same time, two representatives from CPTC Global and an unseen group of professionals monitored the student teams’ work online.

Prof. Page coordinates the University hosting the two-day event, which involves dozens of volunteers – faculty, student, and industry professionals – as well as sponsors, including Black Hills Information Security.

With the first part of the event complete, the students then had until 12:30 a.m. to collaborate on writing an exceptionally detailed report, which would serve as an action plan for the company they were a consultant for.

‘They stayed motivated throughout the day and until the very end’

The deadline didn’t faze the team nor did the long hours, said Jonthan Chute ’25, captain of the CPTC team. For the last several months, Chute had the team tackle different problems and scenarios, focusing not only on technical savvy but also on developing soft skills.

“We acted as attackers attempting to breach the company's cybersecurity, and we also have to handle the business side of things: responding to the client's concerns and providing a comprehensive report of the outcome of the penetration test,” he said. “The team did not need me to keep them focused during the competition. They stayed motivated throughout the day and until the very end.”

They were ready, too, to write the report. “Writing security assessment reports is not something many students do in their free time, or in class,” Chute said. “To overcome this, we wrote our own report, as if it were the competition, to gain experience.”

“Jon did an excellent job organizing these meetings and ensuring that we were well prepared,” said Kristine Zurovchak ’26.

'It felt like all of our preparation from over the last several months had truly paid off'

The next afternoon, the teams heard talks from industry professionals and the winners were announced. The University of Massachusetts Amherst took first place, the University of New Haven placed second, and West Point third.

“I’m so incredibly proud of our team,” Prof. Page said.

Murat Gunestas, Ph.D., assistant professor of cybersecurity and the hacking team coach and club adviser, called the competition “the most realistic I’ve ever seen. Besides technical skills, it tested students’ professionalism, communication skills, ethical approach, and responsibility.”

Chute said “CPTC is one of the few competitions that provides students with experience that is directly transferable to professional work. The competition is sponsored and shaped by organizations that do security assessments on a daily basis. These companies also use the competition as an avenue for hiring recent graduates, so it is a nice addition to your resume.”

For Zurovchak, who was competing with the team for the first time, said placing second was “an incredible moment. In addition to Chute, she was joined by Ryan Stapleton ’26, Mark Daniels ’25, Ronald Scarpa ’25, Jessica Berrios ’25 M.S., and alternate Matthew Liselli ’27.

“It felt like all of our preparation over the last several months truly paid off,” Zurovchak said. “For me, it means that penetration testing as a future career is an achievable goal and one that I can realistically aim for. I’m proud of what the team accomplished and excited to see where the skills gained from the competition take us.”

‘It’s a cat-and-mouse game with bad actors’

Graduates of the University’s Cybersecurity program go on to work for leading companies, including the MITRE Corporation, as well as for the NSA, the FBI, the military, FDIC, and the U.S. Department of State.

Students who take part in the CPTC and competitions are highly sought after, Prof. Page said. “The members of this team are almost uniformly getting job offers,” she added.

“One of the key indicators of success in cybersecurity is the willingness to work inside and outside the classroom and to continually seek more knowledge all the time,” Prof. Page said. “In this job, you cannot stay static. You are constantly faced with new challenges, so you have to always be learning. It’s a cat-and-mouse game with bad actors, so you have to stay out ahead of them.

“The work is so important – it impacts people everywhere,” Prof. Page continued. “These students are heroic to me.”