Engineering disciplines teach by doing, e.g., one builds programs in computer science classes and circuits in computer engineering classes. Security is also best learned by doing, but as it is a meta-discipline, the doing is not always straightforward construction. One "does" security through a combination of setting up systems, gathering and analyzing data, and breaking things.
In this talk, I will share my experiences in an eight-year extended detour developing and teaching the security lab class and teaching the introductory computer security course at the University of Illinois. I will share what went well and what could be improved. Please come with your experiences in and opinions on security education, and we will brainstorm on how computer security education can better reach more students.
For the past eight years, Dr. Susan Hinrichs has split her time between lecturing on computer and network security at the University of Illinois at Urbana-Champaign and being the CTO for Network Geographics. At Network Geographics, she developed tools and algorithms for network security analysis. More recently, she has been involved in consulting on a number of projects in the areas of network traffic management and cloud computing.
Previous to her current positions, Dr. Hinrichs earned a Ph.D. from Carnegie Mellon University (1995) studying communication optimization techniques for parallel systems. After graduation, she joined Global Internet Software Group, where she helped develop Centri Firewall. Cisco acquired Global Internet Software Group, and Dr. Hinrichs stayed at Cisco, where she led efforts in policy-based security management, until 2005. In addition to networking, Dr. Hinrichs has worked with multilevel operating systems ranging from development on a multilevel Unix system in the late 1980s to policy analysis of SE Linux type enforcement systems.