LEVEL:UP Security Education by SE Labs.
SE Labs takes a central role in understanding and assessing IT security. We use our unique position to help guide young people into the cybersecurity world. This year we started running our school’s Cyber Security Week course.
Setting a path to cybersecurity
We have already spoken in the past about the rather fluid manner of getting into cybersecurity. There is no specific, necessary pathway to begin a career in the industry. In many cases attempting to take what some see as the obvious path has problems. We want to help start educating cybersecurity’s next generation.
In our earlier article we talked about the varied backgrounds of our employees. Irrespective of their educational background, the amount of training required to keep them up to speed once recruited seemed to be universal. Whether they carried a master’s degree in cybersecurity or never attended university at all, they could all reach the right level and stay there.
Limitations in traditional education
From our observations of the education system, particularly within the UK’s secondary education sector, tactics prove too ineffective in preparing students for a career in cybersecurity. There is too much emphasis on theory and little to no practical experience. There appears to be little direct assistance in preparing students for the specific duties they would fulfil in the industry.
We have attempted to mitigate this with occasional school visits. This naturally dwindled during the global COVID pandemic. Our end goal has always been to give students some experience in our work environment.
There is no replacement for real world experience, no matter how fancy your PowerPoint slides are.
Programme Structure
Our LEVEL:UP programme is specifically aimed at Key Stage 4 students. It is a one-week insight into core cybersecurity skills. Students have to apply to be part of the programme, as they would for a job. Their CVs and cover letters come under the same scrutiny as starters in SE Labs.
In 2022 we selected eight students from three schools: Bishop Douglass, Southfields Academy and Wimbledon College. They undertook both individual and team-based tasks throughout the week.
Students had to go through three different types of exercises:
- Red Team: This predominant stage focuses on the attacker’s perspective. It introduces using basic Linux commands, penetration testing tools and social engineering tactics. These are tied together by attacking and compromising a target PC, while running commands used by attackers in the real-world.
- Blue Team: This opposing stage denotes the procedures and tools used by defenders. They must identify when a breach has occurred and collect evidence, oversee the eradication of malware and take necessary steps to recover assets.
- Purple Team: This role combines red and blue team elements with students enacting a scenario-based attack/ defence exercise. This includes a Capture The Flag (CTF) activity. The purple team sessions consist of a mid-week CTF to familiarise students with the CTF process. There is then a final, marked CTF exercise combining everything learned in the prior days.
The winner of the purple team activities (the individual who obtained the most points in both scenarios) won a Raspberry Pi 400 Personal Computer kit.
Aside from the above, we also provided additional information, including a dedicated careers segment, where both myself and our CTO Stefan Dumitrascu talked to the students about possible pathways into various cybersecurity roles. This included tips on how to write CVs and cover letters to entice potential employers to hire them in the future.
LEVEL:UP – Educating cybersecurity’s next generation
Running the LEVEL:UP Cyber Security Week Programme was not an easy undertaking. We spent months setting up test machines and recruiting students. The actual programme itself was an intensive process.
We’re grateful to everyone in the SE Labs team who helped ensure the programme was a great success. Furthermore, we have teaching experience in-house, which helped. Solandra Brewster and I have a history in teaching, which helped us prepare as Project Leaders. Students were comfortable and engaged throughout, and we received fantastic feedback after the course.
The main goal of the programme was to help prepare students in secondary education to have a better idea of what it is like to work in cybersecurity. Seeing our students undertake industry-standard tasks and techniques within a short timeframe was nothing short of astonishing. Solandra and I saw the true potential in these eight students. Whichever decisions they all make in the future, we would love to see them again as either guests of our quarterly conferences or potential future employees. We wish them all the best regardless.
The Future
Our very first LEVEL:UP Cyber Security Week succeeded beyond expectations and we cannot wait to welcome new students for the 2023 edition. Furthermore we plan to restart visiting schools for demonstrations and optimising our communication with educational facilities.
We are excited to take this initiative even further, with an even more focused programme that expands to include other ages groups. If you are a student who would like to take part, or are a representative of a school/ college who believes your students would benefit from our LEVEL:UP Cyber Security Week programme, please contact us at levelup@selabs.uk. Let’s start educating cybersecurity’s next generation!