Interview on the “Practical IT Security” Workshop

On Friday, 16.06.23 CyberShield implemented for the first time a workshop for the computer science students of the 10th classes at the Max-Born-Gymnasium Neckargemünd.

The contact with the school came about through Christian’s and Adela’s daughter, who currently attends this school. The two computer science teachers at the school, Mr. Schwemlein and Mr. Breunig, were open to the project and supported us with helpful information about the local conditions. On the day of the workshop, the 18 students quickly shed their shyness and ambitiously participated in brainstorming and practical applications. The 4 school hours flew by.

A look at the project from Christian and Till:

Dear Christian, thank you very much for agreeing to do this interview.

Why was it important to you to conduct this workshop?

In our society, the topic of cyber security is becoming increasingly relevant (whether you realize it or not!). You regularly read or hear about attacks on companies, data leaks and foreign hacking teams. In many movies or even series, the topic is taken up or at least mentioned in passing. However, a hacker is often equated with a modern magician who types in his spells on a laptop and thus opens gates to another world (or to another computer). So the topic can be any mystical or frightening in the minds of students. For this reason, we wanted to give a realistic excursion into the topic with the workshop.

What exactly did you want the students to learn? In your opinion, did it succeed?

Here the focus was on various things. On the one hand, we wanted to educate people about how attacks work and, of course, how they can protect themselves against a variety of attacks with relatively simple means. At the same time, we wanted to convey how easy it can be to take full control of (outdated) systems.

Ultimately, this gave us two goals:

interest, and perhaps in a few years to gain further reinforcement for the German cyber security community. Create general awareness. Even if someone is not going to delve into the security field later, it can’t hurt to have an idea of what’s going on.

Did everything work out as it should or were there unforeseen obstacles?

The majority worked very well. But we had also tested in advance whether everything was working so far. Only during a password-breaking exercise did the school computers unexpectedly break down, apparently running into a technical problem.

How much effort did it take to prepare this workshop?

The workshop was prepared by several people at different times, starting with a concept with a pedagogical structure, preparing VMs for test cases, creating the slides and of course not forgetting the coordination with the school. In total, I assume that between 40-80 hours of time distributed among different people were spent on the workshop.

What advice do you have for a 16-year-old who can imagine moving to IT security as a career in the future?

I think the most important thing is to build a solid foundation of knowledge about IT and the systems there. This may seem a bit boring in some cases, learning things like computer architectures or how to calculate memory addresses, however, in the end, these are points that you need to understand in order to perform meaningful protection or a successful attack. In general, in the IT security field, you must not only have a view of your “silo”, but ideally have a broad knowledge of networks and IT systems so that you can design solutions together with the responsible technicians.

When you were in 10th grade, would such a workshop have been fun or brought you closer to the subject?

Absolutely! When I was in school, computer science classes were very focused on learning programming and practice in this environment. The issue of safety was not addressed at all. In the studies, you then learned theoretically what is possible and how it works, but unfortunately no practical application.

Would you do such a workshop again? Why?

Yes. I think it’s important to bring the topic closer to young people and it’s fun too 😊

Dear Till, thank you very much for taking the time for this interview.

What was your part in this workshop?

My task at the workshop was to prepare the practical parts and support the students in solving them. I have configured several Linux servers with known vulnerabilities for this purpose.

How much effort did it take to prepare this workshop?

The effort was not too high. The biggest difficulty here was to install a version of the services that is vulnerable, because they have all been patched in the meantime and are no longer available for download from the providers.

Did everything work out as it should or were there unforeseen obstacles?

I think it all worked out the way I hoped it would. As usual in computer science, it didn’t work out the easy and quick way, because that is known to never work. At one point or another I had to find a little workaround to reach my goals, but in the end everything worked out. Also during the workshop, apart from our attempt to show password cracking, which resulted in the PCs going down due to too high RAM requirements, everything worked great. I was a little skeptical at first because participation was limited, but that all changed after 5-10 minutes and it became an interactive course where everyone could get involved.

What advice do you have for a 16-year-old who can imagine implementing IT security as a career in the future?

It is very important to take time to learn and understand the different areas. Many people immediately associate IT security with hacking and want to learn how to do it within 2-3 days and then be able to hack sites within seconds, just like in the movie. Apart from the fact that this is illegal, it is also impossible. To understand hacking, or IT security in general, it is important to understand how a computer works, what network protocols exist and how they work, and more. In order to identify a vulnerability in a system, I need to know exactly how the services work and what opportunities that gives me.

When you were in 10th grade, would such a workshop have been fun or brought you closer to the subject?

I would have liked to have a workshop like this when I was in school, because it would have given me the opportunity to get to grips with the subject in more detail at an earlier stage and to show how much fun you can have in this area and what dangers a badly configured system can bring.

Would you do such a workshop again? Why?

Yes, very much so. The workshop and the preparation for it were not only a lot of fun, but I had the feeling that we were able to bring the whole topic a bit closer to some of the students. Some students seemed to already have a slightly more detailed impression of IT security, while others were dealing with the topic for the first time, but I was very pleased that students from both groups were able to participate in the workshop. I think we sparked an interest in one or two of the students at the workshop, and most importantly, I felt like everyone enjoyed it.

Thank you both so much for sharing your impressions with us!
I clearly heard: After the workshop is before the workshop :-)

To the readers:

You want to participate in a workshop as well? Or you think it’s a brilliant idea for such a workshop to be held at your former school? Then get in touch with Adela via MS Teams.

P.S. Besides Christian and Till, Gunter and Adela were also involved in this action.