Teaching an offensive security course at UTS; am I the professional that I wished to be?

8 months of hard work, and it’s all over in 4 weeks. So what now?

What was this all about? What was it for?

The inception of this subject began when I was beginning the search for internships. I had a deep-rooted passion in security before I sought out career opportunities. During my search I realised that it was difficult to comprehend the current landscape of the security industry without doing extensive reading on current affairs and white-papers released by both the government and large-scaled corporate entities.

Hack. Code. Learn. Weekly Workshop – UTS:CSEC x ProgSoc Collaboration, 2018

It wasn’t until I was fortunate enough to secure an internship in security, where I realised the true value in learning about a booming industry that provided lots of promise. This was coupled with my educational experience in undertaking a Bachelor of Science in IT. Whilst I enjoyed the many opportunities and applications of learning in IT, I identified the unique value proposition in providing a beginner’s course that created a window of insight for young students to explore thoroughly.

Meeting with a well-respected global security professional and educator – BSides Canberra Conference, 2018

In 2017, our government identified that Australia would need another 11,000 cyber security specialists in the next decade to meet current market demands. As a result of this, there was a $400 million deficit in 2018 (AusCyber 2018). One proactive method of bridging this shortage, is through early intervention at a tertiary level.

Camping with elite h@x0rz from around the world – Platypus Camp 2017

After being given the opportunity to run an introductory course over the summer, I felt the strong need to resolve these issues. I jumped on the opportunity to coordinate not only a subject that would have a positive impact on students both personally and professionally, but a subject that was having an impact on broader, societal and industry challenges.

But why? What was my purpose?

My mission from the start of this journey was to paint a landscape of the industry’s current benchmark of work, and what professionals are looking for in their potential colleagues.

My purpose was to understand the development in the demands of certain skillsets from future security professionals, and what skills students need to be developing in order to reach these milestones. My passion therefore stems into bridging the gap between academia and industry in cyber security. I want to instil and inspire a strong and fulfilling passion into students by building, promoting and participating in key industry competitions, challenges and events. My ultimate goal at the beginning of my professional services project was to build a path of trust and become a security professional that is looked upon as a supportive mentor at UTS.

…ok so how did I achieve this?

​The industry is fast paced and continuously adapting to the changes in technology and the knowledge required to understand how systems can be protected, and on the reverse side, how they can be penetrated.

Creating new opportunities falls into the pillars of bridging the gap, and educating students. My teaching methods are unorthodox to the classic classroom setting. In my portfolio, I expanded on the technical content that our team has delivered to the students. Such content includes tasking the students to develop their technical skills whilst providing many resources and real-world examples to help them understand vulnerable systems that we all use today and the methodologies required to break into them.

​As a result of these methods, I created new opportunities by providing consistent and up to date industry knowledge that could not be accessible otherwise. Coupled with the hands-on approach that emulated the real-life working environment of professionals within the security industry, the students were able to gain insight into real-world examples of what work for a security professional would look like. 

Stemming from these technical tasks, our team gave the students a deliverable to present their problem statement to industry experts.

Robert Mitchell, Director of Strategic Security, Gitlab Inc.

More importantly students were able to tie their learnings to the SLOs outlined in the subject… They were able to effectively describe how do these issues effect a business, How can businesses remediate these issues, How effective are security prevention systems and software development life-cycles?

By engaging with professionals, students were able to see how their work translated into real-life scenarios, not only by myself and the teaching team, but to see how this knowledge is advantageous to work within the industry throughout the long run.

Viren Khatri, Manager, Cyber Attack and Response, Deloitte Australia

​One of my biggest concerns throughout the summer studio was my ability to inspire these students and whether they were able to recognise the possibilities or the promising future that the industry could provide for them.

“Our tutor Larry has been a great facilitator of the studio so far by providing enough information on the subjects and extra materials. He has been very transparent with the students from the very start to make his summer studio become open to all person from different backgrounds, skills and personality. From my interpretation, he wants this studio to be ours and wants us to very safe that we can ask questions or ask for help without judgement or intimidation.​”

I tried to connect with students on a 1:1 level, and scheduled meetings with all 20+ of them individually. These meetings consisted of 30 minute coffee chats, gaining a deeper insight into their level of skill, what the students wanted to gain out of the studio, and where I could be of assistance.

Evidently, students responded positively. They were able to recognise the importance of capitalising on time for reflection. My focus on empowering their academic excellence can be reflected in their feedback. Some of the comments shared with me was surprising. It was great feedback to reinforce that I had the right attitudes on how to develop students and how to work with them.

​”Larry has a unique and extremely effective style of teaching. His focus on the practical applications of security techniques without disregarding the deeper theory behind what makes the vulnerability possible has helped me gain a greater level of understanding of the execution and impacts of security vulnerabilities. His approach to teaching and the care he shows his students inspires me to want to be a successful security engineer.”

Final Reflection

​In retrospect, there were elements of running the subject that were both predictable and unpredictable. For example, the chances of having a student who tried to bend the rules so they could receive credit for the subject upon its completion were very high. I had a student miss mandatory sessions and sent me falsified evidence to justify their absence.

​However, what was unpredictable was my ability to remain calm and give empathy, even when my work colleagues had argued I was being too lenient. I also learned that in some circumstances, no matter the effort you put into giving students a second, third or fourth chance, you can’t equally help every student the way you want to.

I wasn’t surprised about the support of our community members. Seeing industry professionals from the security community agree to donate their time to teach eager students was heartwarming and showed other aspects or elements of the workplace that students could look forward to experiencing (such as mentors, or leaders to look up to for support). This was an excellent addition to the industry knowledge they came to understand.

​When I held the first meeting for this subject with the team, I was asked that in the worst case scenario, had the subject not operated or had it not been carried out the way plans had dictated, what was the one objective I wanted to achieve at the end of the studio, above all else?

It was to build a pathway of success for my students. I didn’t take on this subject or plan to create it in hopes that it would boost my CV or any accolades. I’m already working in my dream job. The aim of this studio was to paint a picture of the future for my students of an industry that they could substantially grow in, and contribute to. An industry that I didn’t want students interested in STEM forgetting about.

The one thing that students know about me, is that I don’t care about your level of technical knowledge being low, or high- I care about your persistence, your dedication and your never-give-up attitude. And if students use that in their future endeavours, they’ve already tackled 50% of the challenges they’ll face ahead.

Staying back with students in my final class for feedback and assistance.