My university does/did a 'security clinic' thing open to all areas of the IT department- (so Forensics, security, networking, general CS etc) where we explicitly looked into ethical hacking.
The purpose of the group was to train everyone together, to a level at which they can then go out and do free security consultations for local businesses- who can then pay the students for any fixes that are made. It was organised for two hours each week, and consisted mainly of tutorials from other students; but also a few guest IT Security speakers.
We've had a few cool projects, like one of the IT staff bringing their mini robot each week- with the challenge being for someone to wirelessly hack and control it.
There were a fair few people attending it last I checked. I hope that gives you some ideas you can work with.