There is a reluctance or hesitation on the part of academic institutions to engage in the craft of hacking as an integral skill for those in IT.
While some colleges are starting to have programs in this area, Oliver Lavery, vice president of research and IT security specialist for IMMUNIO, said, "It is strange that it's not a broader part of [computer science] curriculum. We are not addressing the problem. We need to teach developers to think like hackers."
[ ALSO ON CSO: Cyber security curriculum across all disciplines ]
Thus the security industry might have a need to rebrand hacking. If academic institutions are struggling to justify why to bring “hacking education” into their programs, here are five reasons Lavery said you might want to consider teaching these skills.
- What does hacking mean? Hacking is the ability to look at the design of a system and use it for ways that it wasn’t designed to do. Security is fundamentally important to have people around in order to understand how it might be exploited. Hackers are able to identify those poorly designed applications that are allowing for exploitation. It is a skill set and tool like any other tool.
- Society has stigmatized this area of knowledge. Hacking never started as a term that implied the people doing it were unethical. The idea that hackers are unethical to begin with is not necessarily true. We have consumed that negative stigma into our collective consciousness. A huge advantage of including cyber security and hacking in curriculum is being able to teach students about the ethics of the field, and the legal risks for unethical actions.
- Hacking used to be a pretty typical profession. Computer security circa 2000 was just emerging, and hacking was a strange or obscure thing within larger organizations that were focused on security. Hackers are those who possess a fundamental skill set that allows them to take a program and understand how it works without access to that source code.
- If something unexpected happens, it shouldn’t fail catastrophically. Fundamentally the skill set is thinking outside of the box. Teaching a combination of good applied programming skills and an understanding of how computers work and teaching them to question assumptions will prepare practitioners to understand the failure modes of a system with an emphasis on how to go from a set of problems to a minimal complete solution.
- There is a huge problem with the hiring of skilled people. We see more and more demand, with a diminished supply of talented practitioners. Schools don’t have a problem teaching criminology for those going into the law enforcement professions, so why do we not teach the fundamental principal of thinking like an attacker.
These skills are things people should learn along with being ethical, but the identification of hacker has been sullied by the use of the "ethical" qualifier. "We don't call someone an "ethical" programmer, but a programmer can write a software that is nasty and malicious," said Lavery.
Nor does society differentiate good actors from irresponsible or malicious ones in any other profession. We don't refer to someone as an ethical steel worker or an ethical teacher. The presumption is that hackers are inherently unethical and there is a segment of the population that has taken the skills of hackers and used them for good, deeming them the ethical ones.
The space that hackers operate in is always the same. Hacking is looking at a system differently, thinking If I give it completely different inputs, what will it do and how can I use that to accomplish some other goal.
Academia can help to rebrand the field of hacking in a way that helps erase the stigma and change the collective consciousness to better understand the value of these skills.
This article is published as part of the IDG Contributor Network. Want to Join?