Recently returning from Source Boston 2009, I am still basking in enlightenment and the excitement of meeting brilliant computer security professionals in the relaxed, small atmosphere at the Seaport Hotel. Without fail, I’d sit down at lunch or in the lounge and be discussing computer architecture or be debating how information security professionals can improve their craft.
After a high speed dash in the snow from Southern Maine to
Right after Joe’s presentation, I went to hear Dan Guido from NYU/Poly present on “So You Want to Train an Army of Ninjas...” The way in which he has added penetration testing into a traditional computer science curriculum is exemplary and a model I hope to adopt for the University of Maine’s computer science curriculum. Teaching about the importance of engineering security from the first line of code to the final testing phase is crucial to providing computer science professionals with the skills they need to compete in this competitive employment environment and to responsibly design better software and hardware products for the market.
I’m tired of hearing about ridiculous vulnerabilities that were the fault of a lazy software engineering where the most important aspect in the design was, “Does it work?” Going beyond just making the code work is what Dan teaching his students. By hands–on methods teaching students how vulnerable stuff can be broken and then learning how to fix it, he’s not only teaching them about what happens if you design broken crap and its vulnerability is exposed, but consequences if you’re the one who put the crap out there in the first place. Better yet, he has released all of his course materials online to share with anyone interested in creating a better computer science curriculum. Thank you, Dan! As a side note, he has also started something of a crazy tradition at Source Boston (or so he told me!) with a potato being passed around. Dan Kaminsky (in the background in photo) got it next. Ah, the fun of hanging with the techie crowd—it’s funny that after hours the humor is often associated with anything BUT technical things. But I still don’t get it—why a potato?