What is the Summer Social Engineering Competition (SEC) all about?
The SEC allows students to compete in a purely social engineering experience that is grounded in the social sciences. The competition offers a timely and unique platform for students to learn about social engineering in a hands-on, engaging, and ethical manner. The competition has a different theme each year to demonstrate the relevance of social engineering across various cybersecurity areas, and is open to high school, undergraduate, and graduate students.
Please note that we are aligning ourselves with NSF’s commitment to broadening participation, which is embedded in its Strategic Plan through a variety of investment priorities related to the Learning and Stewardship strategic outcome goals. Specifically, we are expanding efforts to broaden participation from underrepresented groups and diverse institutions across all geographical regions. This event and evaluation are considered research and are part of the education and outreach efforts of NSF Award # 2032292.
The theme for the 2025 competition is critical infrastructure and social engineering. The event typically occurs virtually on Fridays, Saturdays, and Sundays. Exact dates TBD.
Application window for the 2025 Social Engineering Competition: TBD
Orientation date (virtual): TBD (this is not optional – please hold this date on your calendar)
Competition dates (virtual): TBD (these are not optional – please hold these dates on your calendar)
Graduate Level: TBD times TBD
Undergraduate: TBD times TBD
High school Level: TBD times TBD
Closing ceremonies (virtual): TBD (this is not optional – please hold this date on your calendar)
What is social engineering?
Social engineering (SE) is defined as any act that uses persuasion strategies to influence individuals to take an action that may or may not be in their best interests. Many people use social engineering in everyday contexts.
Why is social engineering relevant?
SE is often used to conduct reconnaissance, which is the first stage of a cyberattack. Previous research indicates that adversaries, such as nation states and organized crime groups, spend a good portion of their time (50-75%) on reconnaissance. Furthermore, SE is used beyond just the initial recon stage to get more/different types of information and access.
SE may also be used maliciously by “deceiving an individual into revealing sensitive information (passwords), obtaining unauthorized access (to restricted areas such as server rooms), or committing fraud (deception via phishing) by associating with the individual to gain confidence and trust”, National Institute of Standards and Technology (NIST SP 800-63-3).
Nearly 70% of US organizations experienced SE attacks in 2017, costing the country approximately $2.76 million and each instance taking approximately 20 days to resolve. The Federal Bureau of Investigation’s 2019 Internet Crime Report noted that the total financial loss from the SE tactics of business email compromise, phishing scams, and confidence fraud/romance scams totaled more than $2.23 billion.
Cybersecurity experts agree that the human factor is increasingly being leveraged in cyberattacks, making SE a major concern for cybersecurity.
So why a ‘pure’ social engineering competition?
There are MANY cybersecurity competitions already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.
Given that the human factor is increasingly being exploited by cybercriminals, a pure SE competition grounded in the social sciences offers a timely and unique platform for students to learn about this topic in a hands-on, engaging, and ethical manner.
Who can participate?
This event is open to high school, undergraduate, and graduate students. Teams are required (solo entries are not permitted). Team sizes can range from 2-4 members. Members can be from different institutions (schools/colleges), but must be at the same educational level (ex: purely high school students).
When and how can we put our application in?
The application window changes year to year – so please check our website for the latest updates!
Please note that we have merged with the CollegiateSECTF, which was held in October, to streamline our efforts and resources. Our Twitter handle remains the same: @CollegiateSECTF and all announcements will be made via this account and this website.