Growing an Organic Cyber Security Community*
One thing that's worked really well for us is that, rather than lecturing at the students, the two faculty act more like any other member of the team. We work through problems together, and we encourage anyone and everyone to suggest solutions. To show how this works, I'll step through a couple of online security challenges with the audience as the team. To keep it accessible to even the beginners, the challenges will be taken from an entry-level exercise like "Bandit" from Over The Wire. http://www.overthewire.org/wargames/
In this talk, I’ll share experiences and lessons learned from co-founding and co-advising (with Wu-Chang Feng) a new student group in computer security at Portland State.
Starting with just two or three students in early 2013, we were all newbies in software security. We began playing through online “capture the flag” challenges together once a week, and over the past year we’ve learned a lot. We’ve now placed in the top 25% of teams in an international security competition, and in the top 10% of players in an online collection of challenges. Throughout this process, we’ve also gradually grown our little club of students to several times its original size.
This talk will focus on insights into what’s worked, what hasn’t, and where we go from here. It should be helpful to anyone who’s interested in starting a security club in their school, company, or community.
security hacking capture-the-flag
This is a new talk, so I have not given it before. I have given technical talks at some of the top security conferences, including:
* USENIX Security 2007
* IEEE Security & Privacy 2008
* ISOC Network & Distributed System Security 2009
* Recent Advances in Intrusion Detection 2010
I've also given talks in smaller venues focused on the US defense industrial base:
* MIT LL Cyber and Net-Centric Workshop 2011, 2012
* International Test & Evaluation Association (ITEA) Cyber T&E Workshop 2012
Portland State University
I’m an assistant professor in computer science at Portland State University. Before my academic career, I worked on government R&D programs as technical staff at MIT Lincoln Laboratory. In my graduate research at Johns Hopkins University, I worked on analysis of encrypted and anonymized network traffic. Among other things, we showed certain kinds of encrypted voice over IP traffic leak the language being spoken, and how they can even be abused to identify spoken phrases in the encrypted conversation. Now at Portland State, I’m co-advising our student security club and leading research on network security and data privacy.