CTEC students test cyber skills in national challengeMay 02, 2022 08:05PM ● By Julie Slama
By Julie Slama | [email protected]
This spring, CTEC cybersecurity students are engaged in a capture the flag competition.
Not the traditional outdoor game where the object is to capture the other team’s flag to bring it back to home base, but more of a series of challenges or questions where students will use their skills and knowledge in cybersecurity to gain points during a set time. The harder the challenge, the more points.
“What it entails is basically a set of challenges or even simple questions, like, what is this called?” Canyons Technical Education Center cybersecurity instructor Ben Crenshaw said. “Or you’ll have to perform some sort of operation on the computer or on a network. Or maybe you’ll have to decode something.”
During this National Cyber League challenge, CTEC’s five-member team is competing against other high schools and colleges.
“It’s great because it’s watched by the government and by industry. Once you’ve participated and completed the CEF, you get a report of your skills. This is something you can give to an employer or put on your college transcripts. It’s a fantastic way people can see what they’ve learned and actual skills that they’ve used or mastered. They are linked to the exact skills that industry is looking for right now,” he said, adding they have competed in some similar challenges.
Crenshaw’s goal is to “create a pipeline between education and industry so that we can really get those positions filled. There are about 3 million open positions in cybersecurity in the United Sates right now. So, we’re really hurting.”
He places an emphasis on students getting these skills because of “what’s going on right now, the effect that cyberattacks are having in the world, on individuals, on our nation. It’s crippling a lot of our industry and our economy; we just need more defenders out there.”
Crenshaw looks at current events.
“I feel what I’m doing is creating the cyber soldiers that can help take over and defend us, especially with what’s going on currently with Russia. Russia is poised for cyberattacks; they’re actually doing it now. They’re going after data; they’re going to either steal it or disrupt it. Things like that, all the way up to infrastructure. I mean, literally, they can turn the lights out; the colonial pipelines, they can shut the gas off and those kinds of attacks. That is the reason we really need more people in cybersecurity,” he said.
He incorporates real-world experiences into lessons into his classroom every day.
“We’ve been focusing on the Russian invasion, so every day, we’ll have a cyber briefing or look at a cyberattack from Russia. We look at the news articles, videos and then, we have a series of essay questions. We’ll spend 15 to 20 minutes on that, then we’ll discuss it as a class for 15 minutes,” he said. “Then, we’ll go into our lesson on a certain skills or topic, such as the principal of CIA—confidentiality, integrity and availability, which is basically the cornerstone of cyber security. I teach those concepts, give examples and have discussions around it. Sometimes, we’ll have hands-on activities, simple things like create ethernet cables for networks.”
CTEC replaced its computer repair program three years ago by offering the two-credit cybersecurity and networking program to 11 enrolled students. Now three years later, the class, which is offered 2.5 hours every weekday morning for one school year, has 20 students and enrollment is growing.
During the first term, students build their own computers, so they learn how “everything fits together.” The next term, they learn about networks, including the equipment that goes into creating and maintaining networks. In the third term, students are introduced to ethical hacking and use tools to “break into the networks and the computers that we created previously.” The last term, students learn about digital forensics, the methods law enforcement officials use to catch cyber criminals.
Crenshaw, who wrote the curriculum, also has his students focus on getting industry certifications.
“By the time the students walk out of my class after the year is over, they’re ready to really enter the industry itself and they’ll have the industry certifications in security and networking, computer systems. They’re a lot more prepared. It took me 15 years to get to where I am today, but I can get these students to the same place in three to five, just because I know how the industry works,” he said.
The program is rounded out with cybersecurity-related field trips, speakers and projects.
Those projects may include the Department of Homeland Defense cyber range, which Crenshaw got a year-long sponsorship for, that allows students to practice hacking skills in a virtual range environment.
Students also created an enigma machine, similar to the enciphering machines used by the Germans in WWII.
“We built one of those out of a Pringles can with all the rotors there. We used it to teach encryption and decryption,” he said.
With all these hacking skills, Crenshaw also puts an emphasis on ethics.
“Every single day in our cybersecurity briefing, we discuss what happened, how it happened and how we could fix that. What they would do in those briefings is what instills the ethics. It also instills the urgency,” he said.
Crenshaw feels so strongly about teaching students these skills, he also is training teachers.
“Even if you don’t go into cybersecurity as a career, this stuff we’re learning is still important just for you to know because we live in a digital world now. I think learning cybersecurity is just as important as learning to drive. We won’t let our kids go out on the roads without a driver’s license or driver’s education, yet we let them go on the internet, which is far more dangerous,” he said.
He also wants cybersecurity introduced to students at a younger age.
“I think we should put this in junior highs. Three years ago, it was taught in colleges. Now it’s in high schools, but it needs to be brought down to junior high level. Right now, I’m one of the few, if not the only, cyber education teacher in Utah and the only cybersecurity class that just teaches cyber,” he said.
Crenshaw, who in February was awarded Teacher of the Year 2020-21 by the Information Technology division of Utah Association for Career & Technical Education (a delayed honor because of the COVID-19 pandemic), came into teaching when he questioned a conference speaker who was introducing wireless medical devices.
“Everyone thought this is a great invention and I think it’s great too, but I raised my hand and asked, ‘What about the security? What would happen if someone hacked into that device?’” he recalled.
As he walked out of the seminar, Canyons School District CTE Director Janet Goble approached him and two months later, “I found myself in front of high school students.”
Now with his teaching license, a master’s degree in cybersecurity from WGU and more than 20 industry service certifications, as well as his full-time position as a vulnerability analyst at Oracle and as head of cyber education at Work Ed, where he provides cybersecurity internships for high school students, he still finds the time to train teachers in the summer how to teach cybersecurity.
“It’s important to get more teachers involved in this, to get more schools offering this, to understand the curriculum and create that pathway for students,” he said. “I am training those cyber warriors who can learn how to defend and attack when needed to preserve information, that data or infrastructure.”