UWM cybersecurity expert teaches students how to hack for good

Learning how to secure websites and computer systems from hackers requires someone to figure out how such virtual crimes occur in the first place.

Khaled Sabha wants to teach students how to test a computer network for vulnerabilities so that they can fix them before a real hacker finds and exploits them.

It’s called “ethical hacking,” and it’s an in-demand skill in the growing field of cybersecurity. Sabha, who teaches an ethical hacking class at UWM, likens it to the virtual version of the skill set needed by police departments to determine how a crime occurred to try to prevent it from happening again.

“Technology changes so fast, especially in cybersecurity. Therefore, it is important to stay up to date,” said Sabha, a senior lecturer in the School of Information Studies. “The goal of this class is to teach students how to secure their computer systems.”

Teaching ethical hacking requires extra precautions. First, those taking the class have to sign a form agreeing that whatever they learn is purely for educational purposes.

Sabha also has to create a virtual environment walled off from networks outside the computer lab so as to avoid inadvertently stealing passwords from those in neighboring classrooms.

Real-world scenarios

Next comes the fun part for aspiring cybersecurity experts.

Sabha and his students work through scenarios that might play out in the real world. For instance, one example taught by Sabha shows how it easy it could be to steal passwords from unsuspecting customers using their laptops or mobile phones at a coffee shop that might have an unsecured public Wi-Fi network.

“These classes are really a lot of fun,” Sabha said. “They have a lot of hands-on, real-world scenarios that students really enjoy.”

In a corporate setting, internet security specialists might be asked to conduct ethical hacking on a company’s own systems to test for vulnerabilities. They also might test employees by sending what looks like suspicious emails to figure out who is paying attention and who might need more training.

The demand for professionals with cybersecurity expertise has grown as online environments become more intertwined with everyday life. Recent ransomware attacks have led to financial and security concerns in the energy and meatpacking industries.

Nationally, the supply of cybersecurity workers is considered “very low,” according to CyberSeek, a tech job-tracking website overseen in part by the U.S. Commerce Department.

Demand for workers

Supply was also considered very low in Wisconsin, which CyberSeek said had more than 4,600 job openings in the cybersecurity field as of early August. The three most listed openings were for positions for cybersecurity analyst, vulnerability analyst/penetration tester and cybersecurity consultant.

“Many companies nowadays are looking for graduates who can work in their security department to test their system and make sure they’re secure against any outside threat,” Sabha said.

UWM is trying to help fill the demand by offering a new graduate certificate in cybercrime forensics, taught jointly by the School of Information Studies and the criminal justice and criminology program at the Helen Bader School of Social Welfare. The ethical hacking and computer forensics classes are part of the program beginning this fall.

The program also covers cybercrime, law and public policy, as well as classes that take a closer look at investigating the “dark web” and how sex offenders prey on victims online. The dark web is a collection of hidden websites that cannot be accessed by regular browsers and are not indexed by search engines like Google.

Need in law enforcement

In the public sector, demand in law enforcement includes the need for officers and analysts who can help investigate crimes such as human trafficking, said Danielle Romain Dagenhardt, assistant professor of criminal justice.

Advocates fear trafficking rose during the COVID-19 pandemic. A recent report from the Human Trafficking Institute said the internet has become the dominant avenue for traffickers to recruit victims, including the use of social networking sites.

Other brewing law enforcement issues in the virtual environment include how Fourth Amendment protections on privacy apply to texts, emails and other online forms of communication; and how investigators should gather and preserve virtual evidence so that it holds up in court.

“There is a need for people who have the skills and criminal justice experience related to cybercrime because it continues to be a growing threat across so many issues in society,” Romain Dagenhardt said.

Top Stories