The topics we spoke with Dr. Yoon about yesterday evening:
  1. Scripting
    We found that having skills in Python scripting is very useful as there is currently a push within the space to integrate various technologies. We recommend incorporating Python into multiple courses to help students retain the knowledge they have learned.
    Additionally, stressing the versatility of the language may be helpful in relating how useful the language is in all roles within cybersecurity and even outside of this field. Include using linters and tools for static analysis (Bandit is a great open source tools for static analysis)! Also, it would be good to (at some point) expose them to style guides, like PEP-8 for Python, since they will most definitely be sharing code amongst peers and colleagues at some point.
  2. Networking concepts
    Although we did find the foundational courses at the beginning of the program (500 and 505) to be very informative, we realize now that having a course specifically covering networking concepts (protocols, routing, etc.) would have been extremely helpful in the long run. Basic principles like packet construction (and deconstruction) and analysis would be immensely beneficial to the students in the program.
  3. The lab
    For some time now Mercy has had servers available to the program that haven't been used in a manner that would most benefit the students. When Ashley and I first joined the program many of the students expressed interest in helping build and develop the virtual environment in the lab so that we could gain knowledge of virtualization technologies, networking in virtual environments and attacking and defending virtual environments. It would be beneficial to carve out a section of the virtual environment for each incoming class and allow them to develop their environment over time.
    You could, for instance:
  4. Open source tools
    Exposing the students to open source tools like ELK, Snort, Suricata, etc. (there's a good collection here - https://github.com/sbilly/awesome-security) will aid them in their careers, as they'll gain operational knowledge of tools that are widely used in the industry. You mentioned not being able to learn or master the tools yourself in order to expose students to them, but you don't have to! If you give the students the foundational knowledge during a course, you could have them implement (if a virtual environment is made available to them) or evaluate a tool of their choosing as part of a project.
  5. Fostering the team
    The last thing we spoke about was how to create an environment that fosters a team. For us it had a lot to do with the projects and trying to understand the more difficult concepts we were being exposed to. We relied heavily on each other throughout the program in order to make sure we completely understood what we were learning.
    Part of what needs to be done is break down the traditional academic mentality of the singular and begin growth of the [hacker|infosec] community mindset that the community thrives on (after all, we wouldn't have all of these awesome open source tools if this culture didn't exist). Pushing students to challenge themselves and challenge each other will go a long way in reinforcing this, as will forcing them to work as a team. Give them tasks they can't possibly complete on their own.
    Help them understand that in the real world ALL of the work that they do will be part of a team effort. I think utilizing the lab in the way we outlined can go a long way here.

Thank you for your time yesterday. If you would still like for me to meet and speak with the advisory board please let me know when and where!

Regards,
Chris