Breaking and Entering – For a Class Assignment
Imagine if your grade depended on how successful you were in breaking into a local business. That’s the fun, yet challenging, project for students in Bradley’s innovative and unique Advanced Ethical Hacking course. The class is one of many courses offered for students interested in cybersecurity – a new major introduced at Bradley for the upcoming semester.
The field offers a lot of potential for growth. According to the U.S. Bureau of Labor Statistics, the job outlook for this sector sits at 33%, much faster than the rate for other industries. In 2020, the median annual pay for information security analysts was $103,590 for an entry-level position requiring a bachelor’s degree. Another source indicated an estimated 500,000 cybersecurity jobs have gone unfilled since 2018, making it an optimal career choice for these students.
“Unfortunately, few businesses take their cybersecurity as seriously as they should,” said Jacob Young, associate professor and the director of the Center for Cybersecurity. “Small businesses are more susceptible for a variety of reasons.”
The student team has carte blanche to seek and exploit security vulnerabilities. To train the “white hat” – or ethical – hackers, Young stressed the need to teach offense so students and businesses learn good defense. And sometimes that demands unorthodox approaches.
Backdoor is a common term in cybersecurity, but the student team used an actual backdoor to infiltrate their target this past semester. They managed to penetrate the company’s network security with a physical breach, employing social engineering skills learned in class.
All it took was one custodian who empathized with a distressed young lady – expertly portrayed by Meghan Lennon ‘22, a recent management information systems graduate. This gained her, and later the team, unchecked access into a restricted area with full access to sensitive data.
“We had a run of the human resources office, where so much personal data is stored,” she said, and noted the wisdom of playing to advantage when using social engineering. “We even accessed the C suites.”
Although this turned out to be a physical intrusion exercise, Young stressed the need for businesses to maintain a holistic approach to cybersecurity.
“Ultimately, the Bradley Red Team security assessments help small businesses realize cybersecurity needs to be a priority across the entire organization, and every employee has a role to play,” said Young.
With another successful operation, the Advanced Ethical Hacking student teams are now 6-0 against local businesses – and the businesses are grateful for the students demonstrating how they can properly protect themselves from malicious cyber actors. It even helped improve their physical security practices.
Young stressed cybersecurity is open to everyone, and it’s a field that benefits from diverse and universal experiences and skill sets. “We even have a theatre major,” he said.
For Lennon, this was an extremely fun project. “It’s an extremely unique experience to be able to legally perform physical and network penetration tests,” she said, adding that when she described this project to her parents, “They honestly thought it was cool!”
“The class was a lot of work, but it was one of the most rewarding experiences I've had at Bradley.”