Colin McLean, Lecturer in Ethical Hacking, Abertay University

Colin McLean (@Doctor_Hacker​)

Job Title/Organisation: Lecturer in Ethical Hacking, Abertay University, Dundee

What does your role involve?

In 2005, I had the idea for the BSc in Ethical Hacking at Abertay University. This was the first undergraduate degree in the world with the word "hacking" in the title. I am the programme tutor for the BSc in Ethical Hacking at Abertay, so I look after the day-to-day running of the programme and I am also the front-line for any issues that the 150-plus students may have. 

My main role involves lecturing students about computer security. My main areas of teaching involve penetration testing for both network infrastructure and web applications. Other areas that I teach involve more defensive techniques such as teaching web security to web development students and network management to computer networking students.  

What do you consider to be the most imminent challenge in your line of work?

Abertay is a vocational university, and unashamedly so. Our main role is to provide graduates with the skills, knowledge and attributes that are suitable to the needs of Scottish companies. Many of our courses are leading edge and driven by the needs of the industry.

Our world-known Computer Games programmes are a good example of this and Ethical Hacking is another area in which we excel at producing graduates who are "useful" or billable for a company as soon as possible.

To be able to produce such graduates, it is essential that the teaching staff are knowledgeable about the latest developments in computer hacking. Examining vulnerabilities and re-creating vulnerable systems and networks for my students to investigate can be challenging but is an essential part of my role. 

What has been the most rewarding piece of work you've undertaken?

Since the development of the Ethical Hacking degree, I have had many rewarding moments. Some personal highs have included speaking at high-profile conferences such as BSides London, DeepSec in Vienna and Brucon in Brussels. However, my biggest personal satisfaction has been seeing the Ethical Hacking degree at Abertay evolve from the initial idea to one of the most high profile computer security programmes in the UK. I also get an annual "buzz" listening to our students talking about the how excited they are about the jobs that they are going to.

How can Scotland bridge the digital skills gap?

This is an area in which I have a deep passion for. In fact, I did a talk in Vienna at Deepsec 2014 entitled "Addressing the skills gap" which was based on the experiences of the Ethical Hacking degree at Abertay. 

Worldwide, there is a huge disparity between the demand the number of school leavers and graduates that are required in the security industry. From research, there also appears to be a mismatch in the knowledge, skills and attributes gained in education and those that are required to secure systems. A few of my ideas: 

•    Academia and the industry in general must communicate. Companies should be contacting universities and colleges to try and influence the content of the courses. 
•    Academics should be contacting companies to get assistance with teaching material to ensure that graduates are better equipped and informed. 
•    Courses should be adopting a more case study approach and also make sure the student undertake project work. These help to develop out-of-the-box skills that are essential in security.
•    Security must be embedded in all areas of courses rather than a bolt-on security module at the end of a course. Having a security mindset as a developer is essential. 
•    There appears to be an obsession for teaching crypto, crypto and more crypto in courses. In the vast majority of attacks, cryptography has no bearing. I'd like to see a broader range of subjects  taught in courses.

Which new technology excites you the most?

The advances in wearable medical technology have the potential to vastly change our lives. The older I get, the more I like the thought of a personal area network which is monitoring my vital signs and giving me (and the medical services) notice of any issues.

What's your favourite app and why?

I am not much of an app user. I suppose us old-school geeks are more comfortable with a command prompt! 

What, for you, will 2016 be the year of from a technology/digital standpoint?

I would like to say that it will be the year where security is taken more seriously but I am not convinced about this. So far in 2015, there have been many high-profile hacks such as Ashley-Maddison and Talk-Talk but there have been many more smaller companies who have had data breaches this year.

As a lecturer, I don't have to try very hard to find case study material to illustrate the state of security in the real world. Unfortunately, many of these breaches illustrate bad practice and very simple security concepts such as storing databases unencrypted (or easily breakable encryption). So based on this, I think it will be a year of more hacks.