Building Cyber Armies at Scale: Methods and Means for Advancing Security Education

No ratings

Presented at AnyconAlbany 2018 by

Patrick Gaasedelen

While nations quietly wage war over the internet, the number of qualified attackers (and defenders!) are few and far between. This can be attributed to the pace at which the field is evolving, its rising complexity, and the lack of effective and scalable security education. It should come as no surprise that cybersecurity has been among the fastest growing industries for the past several years. But this begs the question: How do we efficiently build “Cyber Armies”: medium-to-large sized groups with the skills, passion, and motivation necessary to effectively tackle the increasingly difficult problems in this space?Through cooperation with Rensselaer Polytechnic Institute, we were provided opportunities to refine the mechanics of teaching some the most challenging categories of cybersecurity. The caliber and growth of the RPI CTF team, RPISEC, is a testament to these efforts.In this talk, we will enumerate the difficulties of teaching a diverse group of students the niche subject of binary exploitation. Innovating on past experience, we share how we dampened the subject’s steep learning curve through a gamified, in-browser ‘wargame platform’ developed explicitly for the Spring 2018 ‘Modern Binary Exploitation’ class at RPI. We will speculate on how student-autonomy in these niche subjects can be furthered, and extrapolate on how such educational technologies can be applied effectively to larger, less specialized demographics.