DTU educating the cyber warriors of the future

Article from the DTU magazine DYNAMO, no 71 and dtu.dk, Journalist Miriam Meister, Photo: Ditte Weng

Just as students empty out of the auditoriums and teaching labs around DTU on Wednesday afternoons, the DTU Hackerlab comes to life. Here students from a range of study programmes come  together - united by a shared interest in becoming better ethical hackers.

They try their hand at tasks that better equip them to spot errors and vulnerabilities in computer software and hardware. For example, is it possible to hack into a Bluetooth-enabled faucet, and what about penetrating a building’s electronic access control system?

Hackerlab first opened its doors four years ago. According to Associate Professor Christian Damsgaard Jensen, the man behind the initiative, the purpose of the laboratory is to give students somewhere to acquire knowledge about the ways in which hackers attack, so that they can develop the best possible defences to keep the attackers at bay.

“We basically want to educate people who can build the shields that will protect us. To do that, they need to have a grasp of whether the attacker uses a sword, a spear, or a knife. In other words, you need to be familiar with their tactics, techniques, and procedures,” he explains.

DTU students among the ethical hacking elite

Among Hackerlab’s regulars are Alexander Thomsen Skovsende and Polly Nielsen Boutet-Livoff. They spend their afternoons perfecting the many different facets of hacking that have already bagged them a place on Denmark’s national cyber team.

Their main areas of expertise are, respectively, binary exploitation (which is the ability to find coding errors and exploit them), and knowledge of encryption (which are methods of ensuring that information remains a secret that unauthorized parties cannot access).

According to Polly Nielsen Boutet-Livoff, there are plenty of reasons to acquire cyber security skills, among which is the opportunity to make the world a better place by helping people. However, her own motivation for getting into the field was - to put it in her own words -not quite as altruistic:

“It was more about seeing technology that we know is designed to do one thing and then using it for something completely different. It’s pretty mind blowing on some fundamental level.”

It was that same fascination that saw Alexander Thomsen Skovsende get hooked on hacking. “You have to think differently to the developers to get the program or device to do something that it’s not designed to do. I just think that’s incredibly cool,” he says.

Although both are talented and enthusiastic mathematicians, they have pursued very different programmes of study at DTU. Alexander is studying for a BSc in Software Technology, while Polly has opted for a BSc in Electrical Engineering. But what they do have in common are the many hours they spend improving their hacking skills—both at the Hackerlab and elsewhere.

A future in the field

The teammates are well aware of the prejudices that surround their interests: “A lot of people hear the word ‘hacking’ and immediately think of crime,” says Polly Nielsen Boutet-Livoff. “Especially among the older generations,” her teammate adds with a laugh.

They find that when they explain what an ethical hacker does, most people fully understand why there is a need for people with those skills. However, Polly Nielsen Boutet-Livoff still feels that many people can be somewhat sceptical about the credibility of ethical hackers.

Nevertheless, both plan to make a living from their passion for cyber security and hacking. “It’s one of the most interesting things I’ve ever done, and it’s something that I’d really like to work with and learn more about,” says Alexander Thomsen Skovsende.

“And the pay is really good,” Polly Nielsen Boutet-Livoff adds, before continuing: “Jobs in IT are generally well paid, but very few people have what it takes to do cyber security at the levels demanded by the national team.”

Cloak-and-dagger

According to Niels Trads Pedersen, who is a partner in Deloitte’s Risk Advisory practice, which consults on issues including cyber security, there will be tremendous demand for people who have the hacker mindset. “In order to resist the enemy, we must be able to think like them,” he says.

He notes that there are plenty of enemies given that society is becoming increasingly digitalized and that we have seen a rise in our dependence on technology—all this means that there is a greater incentive for hackers. They can profit handsomely from companies making payments to get hacked systems restored or for the decryption of encrypted data.

At Deloitte, businesses can seek the assistance of ethical hackers who perform stress test a range of systems, including by attempting to gain unauthorized access through what are known as penetration tests.

“It is vital that you expose your building and get experts to see whether they can break in, because you can learn a lot from the experience and identify the holes you need to fill,” explains Niels Trads Pedersen.

“New methods and approaches are constantly emerging, which is why this isn’t something you can just do at the start of January and then figure you’re off the hook forever after. We do see that some companies that are involved in critical activities will run a range of penetration tests several times a year.”

In fact, Alexander Thomsen Skovsende is one of the Deloitte employees who uses a cloak-and-dagger approach to penetrate customer systems as part of his role as a student assistant.

And going undercover can often be fun and challenging for employees, according to Niels Trads Pedersen: “Because you’re allowed to do all sorts of things you wouldn’t normally be allowed to, but it’s all with the best of intentions and the customer’s consent.”

Massive demand for skilled labour

American specialist Cybersecurity Ventures expects damage as a result of cybercrime this year to cost USD 7 trillion worldwide - with the total bill growing to USD10.5 trillion by 2025.

The steady growth in cybercrime has resulted in increased demand for employees who can provide IT security for businesses and organizations around the world. According to Cybersecurity Ventures, there were 3.5 million vacancies in global cyber security in 2021, and that figure is expected to remain unchanged until 2025. 

As such, job prospects look good for talented individuals such as the two members of Denmark’s national team.

Niels Trads Pedersen is clear about what he wants from future employees. Above all, they must naturally possess in-depth technical skills. This includes skills in the field of coding, which enables people to identify coding errors that cause vulnerabilities, and in monitoring so they can quickly spot whether an alert about a possible system intrusion is genuine or a false alarm.

“There will be a need for people with every imaginable technical skill,” he highlights.

He also stresses that being able to and ideally having experience in cooperating in teams and possessing great communication skills are important so that employees can talk to and make themselves understood to every kind of staff member - from the machine room to boardroom.