“The information learned in class provides the foundational knowledge to successfully defend oneself or business by learning the tactics, strategies and actions that nefarious individuals may utilize. Thus, knowing your opponent, or cyber adversary, allows for the ability to be better prepared to defend against them.” There are no PowerPoint slides or handwritten notes on the wipe board in ITM 480. “It’s like one endless lab,” said Ken Knapp, director of cybersecurity programs, of the course. “It’s all very hands on and experiential.”
Seeing the End Game
Knapp defined ethical hacking as hacking with permission. “Any time you hack or break into a system without permission, you’re probably violating the law, and you can get in big trouble, but here we have permission. It’s a sandbox environment where we can hone our skills and develop our talents within a safe place.” On the very first day of class, the students hacked into a system. Knapp said it was intentional so the students could see the end game, and give them a frame of reference for the methodology.
“It’s definitely pretty cool to say that after the first day you’ve already compromised and managed to access a target,” said Bilotto, who is majoring in management information systems with a minor in cybersecurity. Working out of the first floor of the Daly Innovation and Collaboration Building, the class’s lab has been transformed into a cyber range built by Ryan Burcel, the cybersecurity lab coordinator who is a Cisco Certified Network Professional (CCNP). Knapp described it in terms of a gun range. “You have to learn proper training, safety, how to use your gun and then you fire it down range at the targets,” Knapp said. “Here at a cyber range, it’s somewhat like that. The weapon is Kali Linux. The targets are a variety of virtual machines-different types of computers that are run virtually.”
Hacking and Penetration Testing
Knapp said Kali Linux, which is an operating system like Windows, was built for the whole purpose of hacking and penetration testing. It’s a state-of-the-art tool that allows students to use the same hacking tools that the malicious attackers are using. The cyber range Burcel built is comprised of virtual machines that run different types of operating systems. Students run their scans against these to figure out what the machine is, what the machine does and what kind of traffic is coming out of that virtual machine. “The size that we can build our classes out to is very large because of our virtual infrastructure,” Burcel said. “We’re not size restricted with anything that we can do in here with targets or attack machines.”
Ethical hacking is a required course for the cybersecurity major. There are two pre-requisite courses, as well as the need to be in good standing with the University. Students also sign a user agreement acknowledging the serious nature of what they are learning and the consequences if used in a malicious manner. “I think the cautious approach is essential, because anyone who is working in an information and security role has a very high degree of trust placed in them. So it’s very important I think that you ensure the people entering into that field are of good moral character,” Bilotto said. “When in the proper hands, this knowledge is a very powerful way to ensure that you can protect against the nefarious people.”
A Growing Cybersecurity Program
Interest in the cybersecurity program has grown in the year since it began, with nearly 130 students now in the major. Career options are plentiful and varied, Knapp said. “It’s very dynamic. It’s always changing,” he added. “The threat is changing, the attack vectors are changing, the systems are changing.
You’ll never be bored in cybersecurity.” UT’s program prepares students for professional security certifications, such as the Certified Information Systems Security Professional (CISSP) exam and Certified Ethical Hacker (CEH), both of which Knapp holds. “After meeting with Dr. Knapp to discuss the program and see what was going to be offered, I knew immediately that I wanted to come to UT. The program was everything I was looking for and was better than what was being offered at the state schools,” said Michael Merrick ’17, a cybersecurity major. “UT has a cutting-edge cybersecurity program housed in an AACSB accredited business school, the best of both the business and technical worlds.” Merrick is interning this semester at MacDill Air Force base working with the deployment and support of Windows 10 in an enterprise environment.
Bilotto interned with Raymond James Financial this summer in information security and was offered a full-time job starting in January after he graduates. “One of the things I have desired most, both personally and professionally, is a stable, enjoyable and rewarding career,” Bilotto said. “Thanks to my education and experiences at UT, I believe the University has helped to put me on that path. The information learned in my MIS and cybersecurity classes has already proved invaluable in my past internship experiences, and will undoubtedly assist in providing a foundation for future growth and learning.”