In 2012, the Australian Prime Minister’s Office – together with Cisco, Microsoft and Facebook – established an annual hacking competition to find the next generation of cybersecurity talent. Student teams from across the country compete in the 24-hour hackathon. And every year, for the past four, Richard Buckland’s students have blown the competition away – taking 1st, 2nd and 3rd.
“Every year, we blitz it,” says Buckland, head of the Security Engineering Lab and a professor of cyber security at UNSW’s School of Computer Science and Engineering. “So I think we’re doing something right.”
What he does right is organise courses that teach cybersecurity through a series of hands-on exercises, using cloak-and-dagger collaborative games that ignite his students’ enthusiasm.
This approach flips the standard teaching model, so that students are taught offence as a way to develop defence; and, in the process, come to understand the mindset of the hacker.
“In addition, we partner with experts to bring in real-world scenarios to the classroom,” Buckland says. Sometimes, these are industry gurus in banking and telecommunications. Sometimes they are badass hackers.
“I can give the students an overview and tell them the theoretical aspects, but then we have cyber community leaders show them how to actually do it,” he says. “I think the role of teachers is to lift our students up above us.”
The program’s alumni have brought this collaborative ethos into the corporate world. “I’ve seen the emergence of a community of security professionals who work together, not just for the interests of their own company, but for security in general,” says Buckland.
There is a huge supply and demand problem for cybersecurity professionals. A recent report by US-based market research company Cybersecurity Ventures estimates cybercrime cost companies US$4 trillion in 2015, and is set to rise to US$8 trillion annually by 2021.
It’s a criminal epidemic that can only be fought by cybersecurity experts, a profession that is itself growing at a rate of 18% annually, according to the US Bureau of Labor Statistics.
Cisco estimates there are more than a million unfilled security jobs worldwide. “In the early days, companies just repurposed rebels and old-style malcontent hackers, dressing them in suits and paying them lots of money,” says Buckland. “That was a really great solution. Until the pool ran dry.”
Now that cybersecurity experts need to be mass produced, the burden is falling to universities. “But no one worldwide really knows how to do it – there isn’t yet expertise on training up the rebels and breakers you want.”
Teaching the mindset of a hacker
To help quench demand, Buckland is developing a series of massive open online courses (MOOCs) for anyone to learn cybersecurity, as part of a A$1.6 million SEC.EDU partnership with the Commonwealth Bank of Australia to expand UNSW’s cybersecurity teaching resources and curriculum.
Already, almost 20,000 budding cyber defenders have signed up to the introductory course, 60% of them from Australia, ranging from information technology professionals wanting to brush up on the latest technical knowhow, to schoolchildren – even miners and taxi drivers who want to reskill.
Perhaps most crucial are the many teachers and lecturers taking the course, exponentially increasing Buckland’s reach. “For university academics who have been brought up in a traditional non-hacker way, cyber is a little bit scary to teach,” he says. “Academics can borrow our lecture notes and course materials, or just be influenced to – I hope – become believers in the particular way we teach cyber.”
Buckland’s MOOC is hosted on Open Learning, Australia’s first MOOC provider and a company he co-founded in 2012 with former student and now chief executive Adam Brimo. Designed to deliver more engaging courses online, the platform features lecture videos and exercises, along with wikis and social media-style technologies to allow people to interact and collaborate.
And Buckland is not just focusing on young adults and professionals. Aiming to instil a cybersecurity mentality at an early age, he goes into primary schools to teach kids the basic mindset of a hacker and how to protect against cybercrime.
“I’m trying to get the kids to scam each other in a controlled way, because I think then they get to understand how scams work and how to be defensive against them.”
– Ben Skuse
Featured image: Suzanne Elworthy