30 students from 15 colleges attended the Cybersecurity 101 day held at Te Herenga Waka, Victoria University of Wellington this week. As part of my overall agenda to increase diversity, I invited a mix of co-ed, girls and boys schools and only 2 students from each school were allowed to participate to broaden diversity. We had 9 girls among the 30 students.
The day started with a keynote from Ian White, General Manager at ZX cybersecurity. He is such an inspiration for young people as I have heard him a few times before and built connections over multiple events, finally getting him over to our own high school event. Ian’s background as a people person, which is important in managing a business, was the foundation for growth for ZX security. He also reminded students about the technology hype and how to go with the flow. After the keynote, there was plenty of interest from students to know more about him which followed through a round of Q & A.
Junaid Haseeb, our next speaker, a Ph.D student in cyber intelligence- attackers perspectives, spoke on his current research and trends. A visual of active threats was displayed on the big screen which was of interest and some questions. Junaid also covered areas which are potential threats like IoT devices, something hackers are using these days to run micro crypto mining rigs on and how to ensure safety.
A short practical activity using the Vigenere cipher got students thinking about how basic encryption looks like on paper. They were not allowed to use software, rather just analyse the text and try work it out. It was challenging considering I gave them 6 sentences and only 15 mins. Some of the students managed to finish 3.
Masood, our cybersecurity lecturer, introduced MD5, an algorithm used to generate a hash, scrambled information which encrypts text. Although its outdated technology in terms of encryption, its important to discuss these as vulnerabilities that lie in cybersecurity and how people break into websites and databases. Lisa, our next speaker who is a Ph.D student, discussed acceptance and use of IoT devices in our lives and how it impacts people. It’s scary to know that unencrypted devices can be used as crypto mining rigs. A whole lot of privacy issues are also at stake considering all your questions that you ask Google, Siri, Cortana , Alexa or similar systems are stored in the cloud.
Ian Welch, our professor in Cybersecurity had a round of capture the flag using picoCTF, an online software which has puzzles and students work in teams to solve them. They are usually a mix of computer science areas which keeps students interested. It also uses the linux terminal which is ‘technically’ how hacking happens, contrary to how hollywood portrays it (watch video). [embedyt] https://www.youtube.com/watch?v=SZQz9tkEHIg[/embedyt]
Some of the students breezed through it, and some got through the general section of the CTF which is still impressive, considering they had never done any terminal work before.
Students then used NDGLab, one of the software we use to virtualise computer systems so hacking methods can be demonstrated safely. Finally we had Peter Jakowitz, CEO of PrivSec, a privacy firm talk about a day in the life of a cybersecurity consultant. Its valuable to know that cybersecurity does not happen in dark dingy spaces… rather a team effort led by managers down to penetration testers, who find flaws in the system.
Event resources will be uploaded shortly.