Skip to content

FAQs

Who We Are

Student-ran org under Baskin Engineering focused on all things computer security. All programming comes from students with faculty oversight for leadership. Founded in 2022 after students wanted a community around security. There was a club before us (Security Santa Cruz) but it faded around 2014.

TLDR: do cool stuff with computers.

This group is open to all students consistent with state and federal law, the UC Nondiscrimination Statement and the Nondiscrimination Policy Statement for University of California Publications Regarding Student-Related Matters.

What We Do

Socialize

Socialize (mainly)

Our Discord is where most of the action happens. Sharing cybersecurity news, talking about industry events, showing off cool projects, or getting help on something you're working on.

Follow us on Instagram to see the fun side of the club.

Learn

Learn

Hands-on workshops and working sessions. We show you a concept, explain why it matters, then let you go free range on a practice environment. Everything runs on our Cyber Range (our club server rack) where we spin up vulnerable machines, emulate networks, and host challenges. Open to all unless marked cohort-only (check event details). No prerequisites unless stated.

Compete

Compete

Diverse competitions throughout the year, mostly online, some in-person. See the competitions section below for the types we participate in.

Projects

Club Projects

Applied hacking on real stuff. Bug bounties, securing university systems, and personal projects. For example, hacking routers and IP cameras, porting Doom onto a handheld scanner, reverse engineering alarm systems with RF hardware, building radio scanner tools.

Competitions

CTF

Capture the Flags

Jeopardy-style hacking competitions that run over a weekend (usually 48 hours). Small computer puzzles (like leetcode but for hacking) across categories like web exploitation, reverse engineering, cryptography, forensics, and binary exploitation. Each challenge has a hidden flag, submit it for points. Harder challenges are worth more.

Part of the CTF experience is writing up your solutions after, documenting how you approached the problem and what you learned, which builds technical writing skills and reinforces what you picked up. We encourage members to post writeups on our writeups page.

CCDC

Cyber Defense

Blue team competitions where you defend a network while red teamers (hackers) try to break in. You're keeping services running, handling business tasks, and responding to security incidents all at once.

For example, CCDC (Collegiate Cyber Defense Competition) is the largest in the US. Your 8-person team inherits a corporate network full of vulnerabilities. You're patching systems, responding to intrusions, and answering fake customer service tickets while professional pentesters actively attack you. Each competition day runs 9-5. The season structure: invitationals (open practice runs), qualifiers (regional teams only), regionals (top 8 from quals), then nationals. We compete in the Western region.

eCTF

Attack/Defend

Competitions where you build something secure, then attack other teams' implementations while they attack yours.

For example, MITRE's eCTF (Embedded Capture the Flag) is a semester-long competition focused on embedded systems. First phase (~2 months): design and build a secure system based on their specs (past challenges have included satellite TV decoders and medical devices). Second phase (~1-2 months): break into other teams' designs.

What Is a CTF

More info at CTFd's "What's a CTF?".

I'm Not a CS Major

Good, we need you. Security touches everything, so we need people who understand everything. Policy, psychology, economics, design, law, hardware, biology. The field has a blind spot when everyone comes from the same background. We've had economics majors, politics majors, and art majors contribute to CTF teams and club projects.

Member Rules

  • Treat everyone with respect - no personal attacks, harassment, or discrimination
  • Don't be condescending - if someone asks a basic question, answer it or point them to a resource
  • Be friendly to beginners - everyone starts somewhere, help them get up to speed
  • Adhere to ethical practices - only hack systems you have permission to access
  • Don't be evil - don't use what you learn here to harm people

Computer crime is a real thing (18 U.S.C. 1030). If you're unsure whether something crosses a line, ask around in the community.

How to Get Involved

If you want to casually learn and hang out, just show up to our events. Check our events page or Discord for what's happening.

If you want to formally join and become an active member, visit our join page for the requirements.