Tech 100: ‘We need to know how a malicious hacker will break into our network to understand how to defend it’
Abertay University lecturer Dr Natalie Coull on the need to focus on offensive security within education
Dr Natalie Coull, Abertay University
It has been over 11 years since Abertay introduced the UK’s first BSc Ethical Hacking degree, followed by the MSc for graduates with a computing background.
We received a lot of attention from both the media and others in the academic community surrounding the ethics of teaching people how to hack and the value of specialist undergraduate computing degrees.
That initial criticism is a distant memory: there is great demand from industry for graduates from the programmes and we continue to recruit healthy numbers of students.
Many companies who employ our students comment that they simply can’t find graduates with the same skills elsewhere.
Part of the reason that companies struggle to recruit in this space is a gap in specialist undergraduate degrees where students are taught cyber security skills that are required by industry, underpinned by core computing.
There are two fundamental approaches to teaching cyber security: defensive and offensive.
Defensive cyber security teaching is relatively mature and there exist a number of highly valued university programmes that develop the skills relevant to defensive security such as cryptography and intrusion prevention.
Skills in this defensive domain are vitally important but it is equally important that an organisation also considers offensive security in order to better understand its weaknesses and strengthen resources.
Offensive cyber security focuses on attack techniques – in order to defend a system, we need to know how a malicious hacker can exploit vulnerabilities and weaknesses to gain access and control.
Simulating an attack by a malicious hacker, utilising the same tools and techniques that a hacker would use, can be a very effective way of identifying security weaknesses that need addressed.
We need to know how a malicious hacker will break into our network in order to understand how to defend it properly.
The UK Government has recently acknowledged the need for offensive cyber security skills in the National Cyber Security Strategy, to actively target and disrupt criminal activity.
Defensive security has received considerable investment in this area to date. Offensive cyber security is comparatively less well developed, perhaps due to the stigma associated with teaching people how to hack.
We firmly believe that academia and industry need to overcome that stigma and develop this field to ensure that graduates have the skills necessary to address the cyber security shortage and ensure that the workforce has sufficient personnel equipped with offensive cyber security skills.
Dr Natalie Coull is a lecturer in computer security at the Abertay University and won the Outstanding Woman in Cyber award at the inaugural Scottish Cyber Awards in November 2016.
Sally Smith, Dean of Computing at Edinburgh Napier University, on digital skills and investment for the future
Professor Bill Buchanan, a professor of computing at Edinburgh Napier University and lead for The Cyber Academy, on fostering talent
In the second part of our interview with Sarah Davidson, the Scottish Government director general for communities reflects on efforts to tackle the skills dilemma
The online Gaelic school provides opportunities for pupils and teachers across Scotland
Vodafone explores some of the ways IoT is significantly improving public sector service delivery
BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.
Microsoft Surface has helped Cheshire Police reduce paperwork and free up time
Microsoft partner FlowForma walks through its efforts to empower local government as part of a series that highlights local government innovators across the UK