Computer Science students are out-innovating their institutions by creating cybersecurity and hacker clubs that implement a hands-on approach to cybersecurity education.
For students hoping to pursue degrees in information security, picking the right school can be tough. The rate of innovation within the cybersecurity field demands highly knowledgeable professionals with practical problem-solving experience. Though related fields like Computer Science are growing in popularity in high schools and universities around the country, vocational cybersecurity education remains a rarity everywhere. This leaves many young professionals less than adequately familiar with the specialized skill sets used every day by incident responders and network security monitors. This subpar status quo is now forcing students in high schools and colleges to take their education into their own hands. One manifestation of this is the rapid spread of student-run hacking (cybersecurity) clubs.
Hacking clubs are on-campus student organizations created to supplement traditional information technology curricula with training in the skills necessary to become entry-level professionals in the information security field. They typically focus on thought-provoking discussion, vulnerability checking, and interactive demos. Beyond that, students typically attend conferences across the country and participate in hackathons.
These clubs currently operate in numerous universities around the country including California-Berkeley, Harvard, NYU, Stanford, University of Michigan, Virginia Tech, and USC. However, these organizations aren’t limited to universities and can be found at innovative high schools across the country such as Catonsville High School in Maryland and Homewood-Flossmoor High School in Illinois.
Hacking clubs allow students to come together to learn about topics neglected in traditional education, all without official curricula or instructors. The Buff and Blue Hat Hacking Club at the George Washington University, of which I am a member, is one such example. It focuses on software and hardware security, and in our weekly meetings, members try to find and expose vulnerabilities in systems for both educational purposes and professional research. Buff and Blue Hat Hacking has no official organizer other than the club president, an undergraduate sophomore Computer Science major whose passion for cybersecurity drove him to run for president during his freshman year. He manages the procurement of hardware, the development of course materials, and the teaching of technical concepts.
Students interested in computers, software development, cybersecurity, systems, artificial intelligence, or data science are all directed into Computer Science programs at their respective universities. However, each of these subfields is so expansive that a general Computer Science education fails to adequately prepare students for their specialized fields. Some universities attempt to solve this by allowing students to take electives to prepare them for the workforce. Yet, each subfield could be a whole degree program spanning the course of four years instead of just a few classes. This leaves Computer Science students with the burden of teaching themselves many of the requisite skills they’ll need to excel in their field.
The Traditional Path
Traditional Computer Science curricula offer students solid foundational knowledge of topics in information technology. While providing general problem-solving skills, most fail to allocate sufficient attention to the specific skills employed by cybersecurity professionals.
A typical first-year education focuses on teaching students the foundations of programming, basic algorithms, data types, methods, and operations. In their second years, students would progress to topics like database systems, discrete structures, or software engineering, depending on the institution they attend. Year three would pivot to computational theory, operating systems, and systems programming. In their final years, Computer Science students would have wider latitude to take specialized course electives and may even continue with foundational classes on theories of information management and systems architecture.
While robust, this kind of education imparts knowledge that is mostly of no immediate relevance to the everyday practice of cybersecurity. This discipline does require a deep understanding of computers, data, and software, but security professionals interact with these concepts differently than would others in the IT industry, such as software engineers.
Hacking clubs, with their vocational curricula, are trying to fill this gap.
A Better Way Emerging
One of the novel aspects of hacking clubs is the way they flatten curricula for their members. Unlike the hierarchical structure of traditional majors, members of all ages learn and practice specific skills together. Less seasoned members can get a jumpstart learning about advanced topics they’ll likely encounter later by first casually experimenting with more practical aspects. Senior members can refresh their memories of foundational topics and reinforce their current understanding of advanced topics by guiding junior members.
Of course, the more important aspect of hacking clubs is the practical, hands-on experience they provide members. For example, at one Buff and Blue Hat Hacking meeting, the club president brought in his own WPA-2 Wi-Fi router for a lesson on Wi-Fi cracking, a method used to determine if a network is susceptible to unauthorized access. Members spent an hour attempting to break into the router using commands and tools from the Metasploit framework on Kali Linux. At another meeting, members practiced network scanning using Nmap, a vulnerability discovery tool. For cybersecurity professionals, specifically penetration testers, both are invaluable skills essential to their trade.
Beyond the supplementary dimension of their curricula, many hacking clubs offer opportunities to explore related topics in security not typically found in traditional curricula even at a theoretical level. An example of this is Buff and Blue Hat Hacking’s focus on physical security topics like electronic surveillance. Members are trained in the use of common tools of technical surveillance countermeasures (TSCM), such as frequency monitors and other equipment to find and detect signals emitted by eavesdropping devices.
The Way Forward
Cybersecurity is typically pushed to the wayside for undergraduates at most institutions of higher education, with only a select few graduating with a set of information security skills directly relevant to the workforce. Hacking clubs are helping to fill the gap in traditional Computer Science education.
Students coming from hacking clubs like Buff and Blue Hat Hacking are armed with the practical knowledge and skills able to propel them ahead of their peers in the professional world. Clubs like these need to continue, receive university funding, and become more widespread if the future cybersecurity workforce is expected to stay ahead of ever-evolving malicious actors.
Admittedly, some universities have cybersecurity-specific concentrations for undergraduates and programs at the graduate level, but cybersecurity is an ever-changing and complex field that cannot be effectively encapsulated in the traditional pedagogical mode. Not all Computer Science majors pursue a graduate degree or specialized post-baccalaureate education, so the need for cybersecurity education at the undergraduate level—or sooner in high schools—is immense.