Watch this talk HERE for more information 

HOLD MY REDBULL: UNDERGRADUATE + GRADUATE RED TEAMING

The current state of undergraduate education when it comes to Cyber Security is lacking. Thus is part of the reason there are so many openings and why positions look for a lot of experience and often more then a Bachelors degree. Cyber Security consists of Offensive and Defensive Security. They are similar and ultimately cannot exist without each other. Think of Yin & Yang. Let this serve as a overview of this approach for both n00bs and educators. My goal is for you to walk away with a better understanding of the current state of this strange field and for educators to implement fields and topics within Defensive and especially Offensive Security. I have a 2 year degree and am finishing early fall on my 4 year degree. I also have a certification  and work as a Ethical Hacker. 

                                                              A New Understanding:

                                                                     Within Offensive Security

• Operations Security 
• Network Security 
•  System Security 
• Physical Security 
• Web Security 
• Reverse Engineering 
•  Social Engineering 
• Open Source Intelligence 
•  Methodologies and Mindset 
• Information Technology
•  Information Security
• Computer Science  

 Within Defensive Security 

• Operations Security 
• Network Security 
• System Security 
• Physical Security 
• Web Security 
• Hardened Programming 
•  Information Technology
•  Information Security
• Computer Science 
• Digital Forensics (In Depth) 
• Incident and Disaster Recovery 

This is not meant to be a program where a student who is studying Offensive Security learns Anti-Forensics, Program Obfuscation, L33TSP34K, aka Hacker University. But those fields do not apply because as a Security Engineer, CISO, CSO, Technology Director, Penetration Tester and other jobs that fit under the whitehat umbrella there is no need for these. (Unless you are a home of Corporate Espionage, Military, Law Enforcement, or Government.)  

                  Red & Blue Approach to Undergraduate Education spanning across multiple majors

1. Starts Day 1  
2. CTF (Framework)
3. Social Web Application (Open Source alternative to Facebook)
4. Wiki (MediaWiki)
5. Education Framework (i.e. blackboard, canvas)
6. Bug Bounty Program (Junior Year)  
7. Gamify 
8. Competition 
9. Couples with degrees--
   • Information Technology
   • Information Security
   • Cyber Security (Which is now know as):
     • Offensive Security
     • Defensive Security 
   • Comp Science 

Why day one?

Starting on Day 1 and Freshmen year with an ethics class will do something towards deterring people who like to get blackout drunk on a Friday night by themselves.  But really it should give students a feeling of importance, a greater good and an strong belief in the importance of both Offensive Security and Defensive Security. 

Capture the Flag

  Capture the Flag has really jumped off in terms of popularity worldwide. This gives educators a way to attract students that they normally may not stand out too. Social Platforms exist at colleges but I have yet to see any real use by any students. By integrating a Profile, Instant Messaging, Notepad (Think Pastebin), Pictures into the CTF platform it will give the immersion required to keep the attention of students.   

Wiki

 The Wiki would be where students would do some of their Group Work, Perhaps Flag Submissions and the best work would get published to the Wiki for the entire school. This will allow the Wiki to grow immensely from the help of the students and can be a way for future students to have something broken down for them by former students of all backgrounds and learning types. As well as students in a different major to learn new things. 

Learning Management System

 Learning Management Systems are used across institutions both in their online education and in-house. A lot of the functionality of LMS should be coupled with the CTF platform (Hand in Raw Notes, Flag, Assignment to CTF Platform, Hand in individual student Report for the ladder to LMS). Creating a school wide community can lead to amazing suggestions, leadership skills, group work skills, and creations. Imagine IT, CompSci, Web Design, Cyber Security, and InfoSec students working together to solve flags (or assignments) or even brainstorming future challenges. 

Bug Bounty

 For this to succeed students in the qualifying majors should be given access to a Bug Bounty Junior Year. This bug bounty is not for another company but for the institution itself. This is something something I have encountered. It opens the door for students to receive scholarships, recognition, awards and gives them an experience that they can benefit in their own way and the institution benefits both from the findings of the bounties but also by being able to give their students a higher level of understanding, opportunities and can even be used as a point to employers that they are ethically sound. 

Limitless

  This will let colleges evolve the competitive teams and cover a larger pool of players. More importantly it will close the gap that traditional sports and e-sports has on what I'll call Cyber Sports. 

It would be similar to CCDC but larger teams of students on Red(Offensive Security) and Blue (Defensive Security). Currently CCDC pits the teams of students against a group of professional pen testers. In my instance more students can be apart it, can be creative with what they do and there can be higher understanding of the importance of both Red and Blue when it comes to Cyber Security.  

Implementing an higher education program like this would give the students technical knowledge and will let students push each other to know more. After all, being a Cyber Security Professional means you may never be a complete expert in any one of the topics or even fields that it consists of but it does mean you will have a large knowledge base across them all. 

This will churn out eager,ethical and well-prepared professionals looking into entering the field. 

An Example of Freshmen Year as a Offensive Security Major:

  Semester 1 

1.  Networks 
2. Operating Systems 
3.  Websites and Web Applications  
4. Red vs. Blue: Cyber Security 
5.  Programming 
6. Criminal Justice: Cybercrime  

 Semester 2 

1. Networks 2 
2.  Virtualization and Operating Systems 2 
3. Websites and Web Applications: Cloud Services 2
4. Red vs. Blue: Ideology, Methodology, Ethics 2 
5.  Programming 2 
6. Cyber Intelligence

      Sections of Offensive Security

1. Vulnerability Assessments 
2. Internal Penetration Test 
3. External Penetration Tests
4. Web App Penetration Tests 
5. Phishing  
6. Social Engineering 
7. Physical Penetration Tests
8. Reconnaissance 
9. Operations Security 
10. Offensive Security Tools/Tool Creation 
11.  Counter (Cyber-)Intelligence