Defense Against the Cyber-Arts: An Entirely Student Driven Initiative
A team of 42 Silicon Valley students hosted an event on Thursday, May 9th for fellow students to explore the field of Cybersecurity. Elizabeth Dehmlow, Mya Soni, Crystal Schulle, Jem Cope, and Clayton Allen all worked on Defense Against the Cyber-Arts. Defense Against the Cyber-Arts is an entirely student-driven initiative that students created for their peers. The event was designed as an opportunity to discover what is possible out of a career in cybersecurity.
The Rise of Cybersecurity
Cybersecurity is one of the fastest growing jobs in the tech industry. A recent article in Forbes states, “Official estimates put job growth in the sector at 37% per year at least through 2022 – and that is probably conservative. At the start of this year there were an estimated half million cybersecurity jobs unfilled in the U.S. alone.”
There is a big need for people who can prevent, detect and fix security breaches. The same Forbes article explains, “It is a world where pretty much everything and everybody – individuals, companies, governments, critical infrastructure – are increasingly dependent on connected systems, networks, and devices. And, as we all see in daily headlines, those systems, networks and devices remain insecure; and criminals, terrorists and hostile nation states continue to get better and more sophisticated at exploiting their vulnerabilities.”
The Inspiration Behind Defense Against the Cyber-Arts
We asked Elizabeth Dehmlow what inspired her to create this type of event for her peers in the 42 community. She shared, “So initially when I got into coding I didn’t know what I wanted to learn. I wanted new students at 42 to see what was possible beyond coding. Or for people who decided they didn’t want to do coding but to know there was the possibility of Cybersecurity.
Cybersecurity is currently developing itself as a field. There are so many different careers under cybersecurity. People can share so they have a better idea and a more concrete understanding of what it is. That is what is fun about 42, you get to discover and play around as you go.”
Burp Suite Workshop
A workshop on Burp Suite was hosted by Bugcrowd. Burp Suite is a graphical tool for testing web application security. Bugcrowd is a powerful platform and team of experts that connects organizations to a global crowd of trusted security researchers. Bugcrowd team members JP Villanueva, Jeff Boothby, and Chloé Messdaghi facilitated the workshop.
42 Student Eli Goodale attended the workshop. He shared, “They were really knowledgeable about what they do. They were fun to listen to and were interactive, taking the time to make sure everyone understood and learned the information. It was a really good experience. I do enterprise application development and it was relevant to me to look at all the vulnerabilities in the system.”
Different Pathways to Cybersecurity
In the evening, students were able to explore different branches of cybersecurity through knowledgeable speakers from local cybersecurity companies. There were two panels at the event.
The first panel shows the different pathways to cybersecurity. The panelists shared the exciting things they have gotten to do in their jobs. This panel included Paul Debone, an Information Security Consultant at Evolver, and Michael Brodhead, Cloud Security Architect at Stark & Wayne, LLC.
“Find your Niche Within the Industry”
Paul Debone shared his experience coming to 42 and has some advice for our students, “I had a fantastic experience speaking on the panel of the Defense Against The Cyber-Arts event in May of this year. Having the ability to help others get a glimpse into real-life experience in the cybersecurity industry I’ve had, provides them considerations to take into account and hopefully avoid a few mistakes when starting out. It was beneficial for myself as well as recalling past positions and projects and in some regards reflecting on my perspective then opposed to now. The students asked some great questions that really made me think, and the overarching interactions between everyone were authentic.
My advice for students that are interested in the cybersecurity space is to find your niche within the industry for whatever that may be, PEN Testing, Security Development, Networking, etc. Become a specialist, not a generalist while always being willing to learn things that you may not necessarily be interested in. The old saying holds true, adapt or die. Lastly, I would say find a mentor, I would not have progressed to where I’m today, nor as quickly without the guidance, I was given. Remember to master the skill of working well with all personality types, stay hungry and stay passionate!”
“There are no absolutes in security”
Michael shared his experience coming to 42 and gave some advice for students thinking about going into cybersecurity, “I loved it! I’d do it again in a heartbeat. The single most important concept: There are no absolutes in security. Perfect security isn’t an option. It’s always about tradeoffs. When you have an incident, stay calm. This too shall pass.
There’s a saying that we spend the first half of our lives sacrificing our health to get money and the second half of our lives spending that money to get our health back. Don’t do that. Nobody on their deathbed ever said, ‘I wish I’d spent more time at work.’ Take breaks, take care of yourself mentally and physically.”
Bug Bounties: Finding Bugs and Flaws
The second panel was BountyCraft by Bugcrowd. The focus of this panel was about bug bounties and getting paid to find bugs and flaws. The panel included JP Villanueva, Jeff Boothby, and Chloé Messdaghi.
Security Researcher Advocate, Chloé Messdaghi, shared, “I really loved the open space at 42, it has an inclusive vibe. At 42, I like how the curriculum is set up, it gives a sense that you can basically make your own schedule. While there, I asked students how they felt about being at 42 and they absolutely love it because it is not your typical school. The fact that they are aware of infosec as an option is fantastic and rare to come by since a lot of people don’t know that it is a career option. At 42, they are being exposed to various industries to learn about and I think it’s good for them to hear about various fields to know where to go next to.
The Bugcrowd Bug Bounty panel was fun to do at 42. We were able to dive into the technical side, which shows that 42 is doing a great job with their curriculum. The feedback has been overwhelmingly positive with students wanting to now become hackers since it’s empowering, cool, and fun.”
“To be a good hacker you can’t give up”
Chloé continued, “If you are interested in becoming a security researcher, I highly recommend people try bug hunting. It gives you practical experience and evidence that one has the experience to do well in pentesting. Bugcrowd provides such an opportunity with its platform. Also, Bugcrowd University is a great resource for learning how to get started.
If you are unsure or uneasy if you are going to do something incorrectly check out disclose.io. It provides a list of companies that practice safe harbor, along with expected rewards, contact info, and disclosure policies. When first starting, it can be a bit scary due to the fear of doing something wrong and being prosecuted. This is why by starting to look at companies that practice safe harbor is essential. Also, picking up a new skill can be overwhelming. But honestly, to be a good hacker you can’t give up. Persistence and patience with yourself are how one can excel at bug bounty.
Also, if you are from an underrepresented group I would say it is critical to have a good support network. There are about 12% of minorities and 11% of women in infosec, and only 4% of hackers are women. Because of these statistics support groups are needed. Have a mentor, learn some skills, and meet someone else who wants to learn with you. If you are looking for a mentor or support, feel free to reach out to me. More than happy to help. We have a mentorship program at Bugcrowd.”
Guests Speakers from the field of Cybersecurity
There were guest speakers from cybersecurity companies who gave talks about what they have learned being in the field.
We had a presenter from Expanse, Product Manager Haley Sayres. She talked about the history of the internet, internet protocols, and how the internet has holes in it. She shared, “I was impressed by 42’s set up for students and the overview of the curriculum I received. The cyber event, put on by 42 students, was especially well-run with strong engagement from the students– their questions for the panelists and speakers were challenging and thoughtful.
My advice for students who want to get into cybersecurity is to engage with the community through events (like security conferences and meet-ups in the Bay Area), participate in online forums, reach out to security practitioners both on the customer side (e.g., on security teams at companies) as well as on the cyber-security vendor side to discuss the industry/opportunities/challenges, and to publish their work in the field (e.g., contributing to open source projects on Github and sharing any public bug bounties that they participate in).”
Jackie Castell, Director of Product Marketing at CrowdStrike, also spoke to our students. She gave a general cybersecurity overview and touched on the history of what CrowdStrike has done. Jackie shared, “The event was a great opportunity to interact and learn from a group of highly engaged coders who are expressing their interest in Cybersecurity. Their level of participation after a whole day of presentations was a testament to their high level of motivation.”
42 Alumnus Gives Advice About Working in Cybersecurity
42 Silicon Valley alumnus, Isaac Rhett, who now works as a Security Intelligence Engineer at Lookout, gave a talk. His advice for 42 students, “Much like 42’s skill tree which shows all the different paths you could take in computer science, cybersecurity is also a surprisingly broad field. Each of those is highly specialized and requires domain-specific knowledge and skills. If you’re a student interested in the field, my advice is to first make sure you have a solid grasp of the fundamentals. Once you’ve reached competence in core CS, branch out and try the different subdomains, in whatever order interests you (encryption/PKI, IAM, and infosec, appsec, pentesting, RE and malware analysis, just to name a few), but not all at once. Nobody can do everything, but everyone can do something.”
Learning More about Cybersecurity in a Fun Way
Elizabeth shared her hopes for what students will take away from Defense Against the Cyber Arts, “I really want them to have fun. And to just really see what is possible. I want everyone to walk out with something new that they learned. Whether they go into Cybersecurity or not, to have information to see what is possible. Also from this event, I would like to start the conversation. I want to see what is possible to create on campus when you get a group of students together. This is our school and we get to create it.”
published by Stacey Faucett – May 23, 2019