What is the Summer Social Engineering Competition (SEC) all about?
The SEC allows students to compete in a purely social engineering experience that is grounded in the social sciences. The competition offers a timely and unique platform for students to learn about social engineering in a hands-on, engaging, and ethical manner. The competition has a different theme each year to demonstrate the relevance of social engineering across various cybersecurity areas, and is open to high school, undergraduate, and graduate students.
We are excited to share that the 2024 event is financially sponsored by CISA and we are working with MITRE ATT&CK, NICE and IRS!
The theme for the 2024 competition is tax scams, and the event will be taking place virtually on Fridays, Saturdays, and Sundays. Exact dates are listed below.
Applications for the 2024 Social Engineering Competition are no longer being accepted.
Orientation date (virtual): Saturday, March 23, time TBD (this is not optional – please hold this date on your calendar)
Competition dates (virtual, these are not optional – please hold these dates on your calendar):
Graduate Level: April 5, 6, 7, times TBD
Undergraduate: April 19, 20, 21, times TBD
High school Level: May 3, 4, 5, times TBD
Closing ceremonies (virtual): Wednesday, May 8, time TBD (this is not optional – please hold this date on your calendar)
What is social engineering?
Social engineering (SE) is defined as any act that uses persuasion strategies to influence individuals to take an action that may or may not be in their best interests. Many people use social engineering in everyday contexts.
Why is social engineering relevant?
SE is often used to conduct reconnaissance, which is the first stage of a cyberattack. Previous research indicates that adversaries, such as nation states and organized crime groups, spend a good portion of their time (50-75%) on reconnaissance. Furthermore, SE is used beyond just the initial recon stage to get more/different types of information and access.
SE may also be used maliciously by “deceiving an individual into revealing sensitive information (passwords), obtaining unauthorized access (to restricted areas such as server rooms), or committing fraud (deception via phishing) by associating with the individual to gain confidence and trust”, National Institute of Standards and Technology (NIST SP 800-63-3).
Nearly 70% of US organizations experienced SE attacks in 2017, costing the country approximately $2.76 million and each instance taking approximately 20 days to resolve. The Federal Bureau of Investigation’s 2019 Internet Crime Report noted that the total financial loss from the SE tactics of business email compromise, phishing scams, and confidence fraud/romance scams totaled more than $2.23 billion.
Cybersecurity experts agree that the human factor is increasingly being leveraged in cyberattacks, making SE a major concern for cybersecurity.
So why a ‘pure’ social engineering competition?
There are MANY cybersecurity competitions already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.
Given that the human factor is increasingly being exploited by cybercriminals, a pure SE competition grounded in the social sciences offers a timely and unique platform for students to learn about this topic in a hands-on, engaging, and ethical manner.
Who can participate?
This event is open to high school, undergraduate, and graduate students. Teams are required (solo entries are not permitted). Team sizes can range from 2-4 members. Members can be from different institutions (schools/colleges), but must be at the same educational level (ex: purely high school students).
When and how can we put our application in?
The application window changes year to year – so please check our website for the latest updates!
Please note that we have merged with the CollegiateSECTF, which was held in October, to streamline our efforts and resources. Our Twitter handle remains the same: @CollegiateSECTF and all announcements will be made via this account and this website.
