Triumph in Cybersecurity: University of North Georgia Wins DOD Hacking Contest
On March 26, 2026, an impressive feat was achieved by a team of cybersecurity students from the University of North Georgia (UNG), who claimed victory in a highly competitive capture-the-flag (CTF) hacking contest. This inaugural event, held at the National Defense University, saw UNG outperform seven rival teams from military colleges and elite service academies, marking an upset victory that has captured attention in the cybersecurity community.
The Pentagon’s Chief Information Officer (CIO) office organized the Cyber Workforce Competition with a format inspired by the NCAA’s March Madness basketball tournament. In this format, eight elite cyber teams were randomly paired, progressing through three rounds of knockout contests. The intriguing twist was that the teams did not directly compete against each other. Instead, they operated in a shared simulated environment, aiming to achieve the same objectives faster than their opponents. This attire of the competition was designed to emphasize individual skill and team collaboration under time pressure.
In the final round, UNG faced off against the esteemed Citadel, a senior military college from Charleston, South Carolina. The Citadel had achieved their place in the finals by defeating Virginia Tech and the U.S. Naval Academy, showcasing their considerable prowess. Meanwhile, UNG had a strong path leading to the finals, having previously dispatched Texas A&M and West Point in earlier rounds.
The competition was held concurrently with the AFCEA Cyber Workforce Summit, where Matt Isnor, the division chief for cyber workforce development in the CIO’s office, articulated the significance of the event. The primary objective was to provide students with a realistic glimpse of the challenges they may face should they pursue careers in the military cybersecurity sector. Isnor stressed the importance of practical experience in cultivating essential cyber skills, remarking that "one of the greatest training mechanisms is to get people real hands-on keyboard experience."
The victory for UNG can largely be attributed to their meticulous preparation and collaborative approach. Team member Jonathan Farrington emphasized the extensive work the team put in before the event, utilizing pre-released details about the initial scenario to automate certain tasks and assign roles among members. "We really put in the work to make sure that when we showed up, everyone had a role to play that complemented each other," he stated.
Fellow teammate Sawyer Shepherd noted that their previous experience in various contests helped them adapt more quickly to the unfamiliar challenges presented during the competition. He remarked, “This being the inaugural competition, none of the teams really knew what to expect, but because we’ve done so many contests before, I think we came out a little bit ahead.”
The experience was not only about securing the win; it emerged as a robust learning opportunity for all participants. Cadet Robert Powell from The Citadel noted the transition of knowledge from the classroom to practical application during such contests. He acknowledged that while he personally fell short in achieving his team’s expectations, the lessons gleaned from failure were invaluable. A fellow cadet echoed this sentiment, emphasizing that these experiences, regardless of the outcome, were pivotal for their education.
Cyber experts from the Air Force Research Laboratory, known for orchestrating innovative CTF events, designed the tournament. The involvement of a "white cell" of specialists from the National Security Agency (NSA) added an extra layer of learning, as they monitored teams and provided valuable feedback throughout the competition. According to Farrington of UNG, having NSA professionals observing their actions significantly enhanced the training value of the event.
In the first round of the contest, participants were tasked with geolocating a high-value individual by hacking into his devices and transmissions while ensuring that he remained unaware. This complex scenario, combining kinetic and cyber elements, tested the competitors’ skill and ingenuity. Ultimately, the UNG team successfully pinpointed the individual’s location and provided targeting data for a simulated airstrike, completing the round under the constraints of stealth and precision.
As the competition progressed, further rounds required advanced techniques such as leveraging initial access malware to penetrate adversarial networks. With the contest designers introducing a novel tool termed ‘Sliver’, teams had to rapidly adapt their strategies, showcasing their ability to manage real-time challenges efficiently.
UNG maintains two student teams focused on offensive and defensive cybersecurity strategies, and members from both teams participated in this competition. The Institute for Cyber Operations at UNG invested in the students by covering travel and accommodation costs associated with their participation, emphasizing the institution’s commitment to fostering talent in the cybersecurity domain.
Looking ahead, the organizers aspire to expand the competition in future years, aiming to engage not just the elite eight but also the 500 universities recognized by the Department of Defense as National Centers of Academic Excellence in Cyber. Next year’s competition aims to introduce regional qualification rounds, culminating in an even larger final bracket at the 2027 Cyber Workforce Summit, promising to further elevate the standards of cybersecurity education and practical experience for students across the nation.