Tech 100: ‘We need to know how a malicious hacker will break into our network to understand how to defend it’

Written by Dr Natalie Coull on 12 January 2017 in Comment

Abertay University lecturer Dr Natalie Coull on the need to focus on offensive security within education

Dr Natalie Coull, Abertay University

It has been over 11 years since Abertay introduced the UK’s first BSc Ethical Hacking degree, followed by the MSc for graduates with a computing background.

We received a lot of attention from both the media and others in the academic community surrounding the ethics of teaching people how to hack and the value of specialist undergraduate computing degrees.

That initial criticism is a distant memory: there is great demand from industry for graduates from the programmes and we continue to recruit healthy numbers of students.


Updated UK cyber security strategy to narrow the gap between convenience and security

US election hack could inspire political interference in Britain, according to cyber security head

Cyber security centre to research 'developer-friendly' approaches

Many companies who employ our students comment that they simply can’t find graduates with the same skills elsewhere.

Part of the reason that companies struggle to recruit in this space is a gap in specialist undergraduate degrees where students are taught cyber security skills that are required by industry, underpinned by core computing.

There are two fundamental approaches to teaching cyber security: defensive and offensive.

Defensive cyber security teaching is relatively mature and there exist a number of highly valued university programmes that develop the skills relevant to defensive security such as cryptography and intrusion prevention.

Skills in this defensive domain are vitally important but it is equally important that an organisation also considers offensive security in order to better understand its weaknesses and strengthen resources.

Offensive cyber security focuses on attack techniques – in order to defend a system, we need to know how a malicious hacker can exploit vulnerabilities and weaknesses to gain access and control.

Simulating an attack by a malicious hacker, utilising the same tools and techniques that a hacker would use, can be a very effective way of identifying security weaknesses that need addressed.

We need to know how a malicious hacker will break into our network in order to understand how to defend it properly.

The UK Government has recently acknowledged the need for offensive cyber security skills in the National Cyber Security Strategy, to actively target and disrupt criminal activity.

Defensive security has received considerable investment in this area to date. Offensive cyber security is comparatively less well developed, perhaps due to the stigma associated with teaching people how to hack.

We firmly believe that academia and industry need to overcome that stigma and develop this field to ensure that graduates have the skills necessary to address the cyber security shortage and ensure that the workforce has sufficient personnel equipped with offensive cyber security skills.

Dr Natalie Coull is a lecturer in computer security at the Abertay University and won the Outstanding Woman in Cyber award at the inaugural Scottish Cyber Awards in November 2016.



Related Articles

Related Sponsored Articles

Associate feature: 5 ways IoT is transforming the public sector
5 February 2018

Vodafone explores some of the ways IoT is significantly improving public sector service delivery

Associate feature: Who keeps your organisation secure?
19 February 2018

BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.

Health Innovators You Should Know About: FlowForma's no-code, logic-only solution
19 December 2016

Microsoft partner FlowForma walks through its efforts to empower local government as part of a series that highlights local government innovators across the UK

Share this page