Each year about 1/3 of the content for the INFO3660 course changes, becomes irrelevant, or otherwise evolves. Attack vectors change. The actors change. Vulnerabilities change. Threats that were once a serious concern drop into obscurity, replaced by something more effective or dangerous. For this reason, the course doesn’t have a textbook. Anything I could pick from the current shelf of publishers would be outdated due to the lag in publishing cycles. Instead we use readings from the web.
In the past I’ve assigned students a 15 minute presentation on a relevant security-related topic not covered in class. This semester I changed the model and moved to an “In The News” segment. Each Monday students come prepared to discuss security events in today’s headlines. So far we've had everything from WikiLeaks to Stuxnet to Eastern European carding.
This 15 minute segment has two important elements. First, it reinforces the applicability of course topics. Second, the students realize how quickly the security landscape changes. If they expect to maintain their fluency in the discipline they’ve got to stay up with current trends.
There’s also another benefit: my professional (and academic) skills stay sharp. In the past cloud technologies were for infrastructure. Two weeks ago when media outlets announced that Thomas Roth cracked SHA-1 hashing algorithm – using $2.00 worth of GPU instances on the Amazon cloud -- security professionals were forced to take notice. You can bet that security implications of the cloud will work it’s way into the Spring 2011 curriculum.
No comments:
Post a Comment