Stolen personal data. Breaches that compromise millions of credit card numbers in a day. Shady helpdesk phone calls designed to trick employees into fraudulent password resets.
Cybersecurity threats are pernicious and growing, and they’re driving demand for a new field of professionals trained to combat them.
Now, a professor in the University of Virginia’s School of Engineering and Applied Science is partnering with Facebook and CodePath.org to make sure his students are getting the latest and best cybersecurity training.
Ahmed Ibrahim, an assistant professor of computer science, teaches network security. This spring, his students are using a curriculum designed to give them more hands-on training in combating digital threats, which are often difficult and expensive to replicate in classroom environments.
UVA is one of a handful of schools nationwide using the training, which is designed to teach fundamentals and give students a chance to fight off simulated cyberattacks. The partnership started last summer, when Ibrahim met a contact at Facebook who said the company is interested in promoting cybersecurity training in colleges and universities –and in providing mentorship and chances for students to participate in projects and receive scholarships.
One of those early opportunities was the Enigma conference, covering a wide range of topics in security and privacy, that Ibrahim and his students attended in January during a trip that included a visit to Facebook headquarters in Santa Clara, California.
“Our industry needs to be reflective of the diversity of people we aim to protect,” said Stephanie Siteman, an information security program and operations manager at Facebook. “We believe we all have to work on creating an environment that is open and welcoming to different people, with different backgrounds and different thoughts in order to help the security community better reflect the diversity of the people around the world they aim to protect.”
Two students, second-year Saishav Naik and third-year Mariah Kenny, took a six-week training in the fall that prepared them to be teaching assistants for the 50 students taking the course this spring.
Monique Mezher, a third-year computer science student who is also a teaching assistant this spring, said the traditional classroom experience is important, but that hands-on training is a crucial addition.
“It’s like if you wanted to learn to knit,” she said. “You could watch every YouTube video on knitting that there is, and read books, but you wouldn’t really know how until you started trying to do it yourself.”
Mezher was one of several students who benefited from another facet of the partnership with Facebook and CodePath. Over the winter break, she traveled with Ibrahim and others to a conference where she got an up-close look at the cutting edge of research in a particular area of digital security that she’s interested in: combating a now-obsolete security algorithm that is still in use around the web, despite known vulnerabilities. The students also spent a full day with Facebook’s security division, learning how they operate and what they’re looking for in potential employees.
At the conference, she met with a researcher who has written code to address the problem. Back at UVA, she turned that into a classroom exercise for students.
Electronic threats take many different forms, and so must the cybersecurity protocols designed to thwart them. Simmy Bhatia, a second-year computer science student, is interested in how electronic health records are stored and saved.
“It’s a good way to store information, versus physical files, but there’s no good and efficient way to share them between different hospitals,” she said, because many hospitals use different vendors for electronic health record storage. That means they can’t easily share those records with other hospitals or groups, leading to security vulnerabilities and reliance on old methods of sharing health records, like faxes or mail. Bhatia is interested in helping develop a common secure standard for sharing electronic health records, eliminating that risk and enabling meaningful use of such records.
Cybersecurity threats don’t always involve hacking large databases. Sometimes, they target your thermostat – or your refrigerator. Maggie Gates, a third-year computer science student, is interested in the security implications of the so-called “Internet of Things,” or the connected devices that run on home wireless networks.
“I personally had no idea how many different fields of study touch cybersecurity,” she said. “A lot of people in that field now didn’t start off in it, because it’s so new. It made me excited to get in on the ground floor.”
Ibrahim said the networking and training opportunities the partnership allows also help students with an important, but oft-overlooked part of preparing for the workforce: being able to communicate clearly and professionally with colleagues.
“Even if you have a lot of excellent technical skills, if you’re not good at communicating to others, companies might not be able to hire you,” he said. “They might choose someone who has good communications skills, knows the fundamentals well, is not as technically proficient, but who they feel is going to be more productive in the future,” referring to conversation he had with Ben Hagen, head of Corporate Information Security at Facebook.