Skip to content

Interview on the "Practical IT security" workshop

On Friday 16 June 2013, CyberShield held a workshop for the first time for year 10 computer science students at a grammar school in Baden-Württemberg. The students were given this great opportunity thanks to the open-minded and progressive attitude of the headmaster. The two computer science teachers at the school were open to the project and supported us with helpful information about the local conditions. On the day of the workshop, the 18 pupils quickly shed their shyness and enthusiastically took part in the brainstorming and practical applications. The 4 school hours flew by.

Here is a look at the project from Christian and Till, who were in charge of both the preparations and the realisation:

Dear Christian, thank you very much for agreeing to do this interview.

Why was it important for you to organise this workshop?
The topic of cyber security is becoming increasingly relevant in our society (whether we realise it or not!). We regularly read or hear about attacks on companies, data leaks and foreign hacker teams. In many films or series, the topic is addressed or at least mentioned in passing. However, a hacker is often equated with a modern magician who types in his spells on a laptop and thereby opens doors to another world (or another computer). The topic can therefore be as mystical or frightening as you like in the minds of pupils. For this reason, we wanted to give the workshop a realistic excursion into the topic.

What exactly did you want to convey to the students? In your opinion, did you succeed?  
The focus here was on various things. On the one hand, we wanted to explain how attacks work and, of course, how you can protect yourself against a variety of attacks using relatively simple means. At the same time, we also wanted to convey how easy it can be to take full control of (outdated) systems. Ultimately, we pursued two goals: To arouse interest and, in a few years' time, perhaps gain further support for the German cyber security community. Create general sensitisation. Even if someone is not going to delve into the security sector later on, it can't hurt to have an idea of what's going on.

Did everything work out as it should or were there any unforeseen obstacles? 
Most of it worked very well. However, we had also tested in advance whether everything was working so far. It was only during a password-breaking exercise that the school computers unexpectedly failed, as they apparently ran into a technical problem.

How much effort was involved in preparing this workshop? 
The workshop was prepared by several people at different times, starting with a concept with a pedagogically sensible structure, preparing VMs for test cases, creating the slides and, of course, not forgetting the coordination with the school. All in all, I estimate that between 40-80 hours were spent on the workshop, divided between different people.

What tip do you have for a 16-year-old who can imagine working in IT security in the future? 
I think the most important thing is to build up a solid foundation of knowledge about IT and its systems. This may seem a bit boring in some cases when you learn things like computer architectures or the calculation of memory addresses, but in the end these are points that you need to understand in order to carry out meaningful protection or a successful attack. In general, in the IT security field, you can't just have a view of your "silo", but ideally you need to have a broad knowledge of networks and IT systems so that you can design solutions together with the responsible technicians.

Would you have enjoyed a workshop like this when you were in year 10 or would it have brought you closer to the subject? 
Definitely! When I was at school, computer science lessons were very much geared towards learning programming and practice in this environment. The topic of security wasn't covered at all. In university, you then learnt the theory of what is possible and how it works, but unfortunately no practical application.

Would you organise such a workshop again? Why? 
Yes, I think it's important to bring the topic closer to young people and it's also fun 😊

Dear Till, thank you very much for taking the time for this interview.

What was your part in this workshop?
My task in the workshop was to prepare the practical parts and support the students in solving them. I configured various Linux servers with known vulnerabilities.

How much effort was involved in preparing this workshop?
The effort involved was not too great. The biggest difficulty here was to install a version of the services that was vulnerable, as they have of course all been patched in the meantime and are no longer available for download from the providers.

Did everything work out as it should or were there any unforeseen obstacles?
I think everything worked out as I had hoped. As is usual in computer science, it didn't work out the quick and easy way, because as we all know, that never works. At one point or another I had to find a small workaround to achieve my goals, but in the end everything worked out. Even during the workshop, apart from our attempt to show password cracking, which resulted in the PCs running out of RAM, everything worked really well. At first I was a bit sceptical as the participation was limited, but that all changed after 5-10 minutes and it became an interactive course where everyone could get involved.

What tip do you have for a 16-year-old who can imagine working in IT security in the future?
It is very important to take the time to learn and understand the different areas. Many people immediately associate IT security with hacking and want to learn it within 2-3 days and then be able to hack sites within seconds, just like in the film. Apart from the fact that this is illegal, it is also impossible. To understand hacking or IT security in general, it is important to understand how a computer works, what network protocols there are and how they work, and much more. To be able to recognise a vulnerability in a system, I need to know exactly how the services work and what possibilities this offers me.

Would you have enjoyed a workshop like this when you were in year 10 or would it have brought you closer to the subject?
I would have really liked to have had a workshop like this when I was at school, because it would have given me the opportunity to get to grips with the subject at an earlier stage and show me how much fun you can have in this area and what dangers a badly configured system entails.

Would you organise such a workshop again? Why?
Yes, with great pleasure. Not only did I enjoy the workshop and the preparation for it, but I also felt that we were able to familiarise some of the students with the whole topic. Some students seemed to already have a more detailed impression of IT security, while others were dealing with the topic for the first time, but I was very pleased that students from both groups were able to get involved in the workshop. I think we sparked the interest of one or two students during the workshop and, above all, I had the feeling that everyone enjoyed it - thank you both very much for sharing your impressions with us!

I clearly heard: After the workshop is before the workshop 🙂

In addition to Christian and Till, Gunter and Adela were also involved in this campaign.

An den Anfang scrollen