This article was originally published on July 20, 2020.
Assistant Professor of Computer Science Birhanu Eshete says he didn't know what kind of response he’d get when Professor Di Ma asked if he’d try to get a student organization going to support their burgeoning cybersecurity program. So he started simple, sending out an email inquiry to gauge if there was any interest. Within a couple hours, he had seven responses from cybersecurity majors. In another week or so, Blue Bytes, UM-Dearborn's first cybersecurity-focused student club, was officially a thing.
Every student group, of course, serves different needs: Some are social, others are more discipline-focused, some are even competitive. Blue Bytes offers up a sampling of all of that. Eshete says they typically meet every other week for two hours, during which time one of the members gives a short presentation about a specific cybersecurity challenge. Then, they get to work — tackling a timed activity related to the day’s topic. Last semester, for example, he handed them what looked like a benign image file. But buried deep within the image was a "secret message" — a favorite tactic of cybercriminals called steganography. "It wasn't anything you could see if you visually inspect it," Eshete says. "So to solve the challenge, they had to use their knowledge of image processing and then peel back the layers to find the clue hidden deeply within it.”
Eshete says that type of activity teaches a meta-skill that’s fundamental to most cybersecurity work: The ability to spot something malicious in something that looks completely normal (and hence has the ability to fool people). But doing that in the real-life cybersecurity field, where the attacks and applications are very diverse and always evolving, involves mastering dozens and dozens of different techniques. By taking on a new kind of challenge each time, the students get a really good sense of everything the field encompasses, while quickly building a diverse arsenal of skills. Blue Bytes members Alexander Kostoff, Bryant Dumas, Chevy Pawlik and Brendan Kacic all say they’re getting a lot from that hands-on part of the work. “Obviously, it’s really important to have the knowledge you get in your courses, but at least for me, it’s not until I apply it to something that it really sinks in,” says Dumas. “And at the same,” says Kostoff, “you have to have a really good handle on the core concepts if you’re going to be able to complete these challenges, otherwise you’d be pretty lost. So what we learn in our cybersecurity classes and what we’re learning from these challenges gives you the right kind of balance.”
At the end of each bi-weekly session, they also spend some time working on soft skills. Sometimes that involves talking about how they can translate their technical knowledge into practical tips for the public. And they also practice interview questions designed to help with their job and internship searches. That's something that's already paid off for Kacic, who transferred from Schoolcraft College last year and is one of the group's newer members. "When I was at Schoolcraft, I knew I wanted to get an internship, but I didn’t know where to start. I interviewed with a couple companies, and there were a lot of technical questions I didn’t really know how to talk about. But with the interview prep we do with Blue Bytes, you’re so much better prepared.” Kacic credits that practice and the experiences the challenges have given him for helping him nail the interview for his current internship.
Being a computer science-based group, they've had a little easier time than some student orgs keeping the momentum going during the pandemic. Over the summer, they’ve continued to meet virtually for occasional challenges, and with a year of experience under their belts, they're now preparing for competition season. In November, they hope to participate in the global student competition put on by New York University. And they're looking ahead to hosting their second "Capture the Flag" competition — a day-long cyber decathlon of sorts where they divide up into teams and run a gauntlet of diverse cybersecurity challenges.
For Eshete, it's all pretty satisfying to watch the students build-up their skills and coalesce so quickly into a tight-knit group. "It may sound surprising, but I also learn a lot from them," Eshete says. "In our field, it’s hard to keep track of new developments because cybersecurity is such a dynamic discipline. So the students may have exposure to techniques that I have never tried before, and in those cases, they teach me. That’s a very good thing to do for any professor. You can teach as much as you know, based on your experience. But you’re always learning — including from your students.”