Recently in Teaching Category

Just a quick reminder: I will be starting a new SANS mentor session for Security 504: Hacker Techniques, Exploits and Incident Handling on January 7 out of Garden City, NY (Long Island). Some spots are still available, so please sign up if you are interested. We'll convene once a week on Wednesday evening from 7.30pm-9.30pm.

More information at: http://www.sans.org/mentor/details.php?nid=14803

From September to this week, I was privileged to teach an introductory class in computer science at Adelphi University (Garden City, New York). My objectives with this class were to take a group of computer science and management of information systems students who had not have any security classes and teach them the basics of computer security.

By the end of class, I wanted them to understand what the technological implications of computer security were, and I wanted them to be able to recognize certain attacks, as well as to know how to prevent and/or stop these attacks them from continuing.

This Tuesday, we had our final exam and the students did better than I had expected.

I teach a basic undergraduate computer security class, which is a mix between ethical hacking, incident response, and a little bit of security management. My students do their assignments in a virtual security lab (7 hosts in a VMWare environment). When class is over, I'll post how I set up this lab in a little more detail.

Getting to work this morning, I found the following message in my mailbox:

Subject: host5 is down
Date: 11/25/2008 2:10 AM

Good Morning,

I crashed host5 by trying to run the following exploit:
http://milw0rm.com/exploits/7091
The files that should be removed: ~mikei/data/1.c    and   ~mikei/data/1

~Apologies

I regularly get questions of students who expect to graduate soon asking what they need to do to get started in the information security field. Unfortunately, I cannot give a straight unambiguous answer to that. What I can do is start a thought process for that student. In the end, they will have to do the work.

The nice people over at SANS just put up my course details. Before registering, please contact me for a referral code, or send me an email at sans.mentor@leune.com.

For most universities and colleges, today is the first day of the new academic year.

The joys of overfull parking lots, stuffed cafeterias around lunch time, and battling through waves and waves of students on your way to your next meeting is offset greatly by the presence of "learning".

It sounds a little romantic, and possibly even naive and/or imaginary, but working in higher education has always given me the feeling that being around so many people who are learning has something reinvigorating.

SANS courses have a reputation as being the best technical vendor-neutral security training available at the moment. I am pleased to announce that I have recently joined the SANS Mentor program, and I am currently preparing to host a SEC 504 Hacker Techniques, Exploits & Incident Handling class. The class prepares the attendees for the GIAC certified incident handler (GCIH) certification.

We are currently looking at starting the class somewhere around Christmas. Mentor classes run for 10 consecutive weeks for two hours a week, usually in the early evening.

If you are interested in taking the class through the Mentor program, and if you are able (and willing) to travel to Long Island (NY) to take the class, please let me know.

Exact dates and times have not yet been determined, so I can work with you on that aspect. For now, we are looking at holding the classes in Garden City, or in Hauppage.

I am very fortunate in that I will be teaching an undergraduate-level class on computer security this fall. This is a class for computer science students with a technical interest, and not so much a business focus.

When I was a student in college, I avoided many classes because of a number of reasons. Some of them were simply way too early (what student can pay attention at 7.45am?!), and others were on topics that I did not find all that interesting. However, the biggest turn-off was when a teacher opened the first class of the semester with a statement similar to "There is nothing I am going to tell you in the lectures that is not also in your books". Great. Why am I sitting through hours of boring agony when all that material is also in a book that I can study when it suits me best? More often than not, questions that might arise during lectures of this type are not answered sufficiently anyway. In my opinion, a lecture that merely summarizes a book's content, without adding insights to it or without enriching the "learning experience" should be made illegal.

While reading one of her posts, I picked up on a point that Heather is making:

Many students are not in school for the education part of it. They are in school, particularly community college, for the training and skills that will help them get a better job

I have wondered about the same question quite often, since I have the feeling that we have been continuously lowering the standards that we expect students to live up to. If certain topics are considered hard, we remove them from our educational programs, rather than paying more attention to them.

Make the distinction between `training' and `education' might just be why...