The internet’s crawling with bad guys. Here are some of the good ones. by Kristen Coyne - Contributor September 18, 2018 Share Facebook LinkedIn Twitter There are a lot of cybervillains out there, and the world needs a lot more cyberheroes to take them out. Photo by Adam Glanzman/Northeastern University Russian hackers. WannaCry ransomware attackers. The Equifax data thieves. There are a lot of cybervillains out there, and the world needs a lot more cyberheroes to take them out. According to the U.S. Bureau of Labor Statistics, cybersecurity jobs are expected to grow by 28 percent by 2026, more than twice as fast as computer–related occupations as a whole. Northeastern is training many of those good guys, not just on campus at the College of Computer and Information Science and the Cybersecurity and Privacy Institute, but also beyond it. Last spring, for example, six computer science students represented the university at the National Cyber Defense Competition, organized by the U.S. Department of Energy. It was Northeastern’s first showing at the annual, daylong event, which simulated cyberattacks on an oilrig. Competing against two dozen teams, the students warded off ongoing attacks against multiple servers to keep their rig, represented by a miniature facsimile, operating. While the stakes weren’t as high as in an actual cyberattack, the event gave the students a life-like experience no reading assignment or lab could approximate, said team mentor Tamara Bonaci, an assistant teaching professor in computer science. “After the competition, they joked that in no other circumstances would anyone be able to squeeze so much knowledge and skills and tricks into that short a span of time,” said Bonaci, who teaches at Northeastern’s Seattle campus. Susanna Edens, who has since graduated with a master’s in computer science, had participated in coding competitions as an attacker before signing up for the Department of Energy event. Playing defense turned out to be an entirely different kind of challenge, Edens said. That’s the thing with cybersecurity. You don’t know how the attackers are going to attack. You don’t know all the possibilities, you just know the common possibilities. Nay Htet, Graduate student in Computer Science “We were the ones getting hacked,” said Edens. “We had to do research on how to protect our web server, how to set up a secure email server, how to protect industrial control systems. That was such a different mindset.” Now a software engineer at Google, Edens ended up in the field thanks to Northeastern’s Align program, designed for students who want a master’s degree in computer science but haven’t taken the required courses. When the Align program reached out with a scholarship offer, Edens, who was completing a bachelor’s in health sciences, thought Why not? Was it the right decision? “Oh, yeah,” Edens said. Mark Grube, who fought alongside Edens at the competition also landed in computer science after a detour. A stint in finance taught Grube it wasn’t his thing. Computer science, it turns out, is. He completed his master’s last spring and landed a job as a site reliability engineer at Yapta, a Seattle-based travel technology startup. “It’s constantly always having to learn new things,” said Grube, who helps keep Yapta’s site platform secure. “I feel like I’m using my brain all the time, which I think is more rewarding than doing the same thing every day.” Although Northeastern offers a master’s degree in cybersecurity, students pursuing a general degree in computer science need to develop those skills, as well. The students warded off ongoing attacks against multiple servers to keep their rig, represented by a miniature facsimile, operating. “Cybersecurity is basically embedded in a lot of things,” said Nay Htet, a graduate student in computer science and one of the cyber warriors at this past spring’s competition. He called the experience “terrifying.” After a month of preparation, Htet and his teammates thought they were ready for the hackers, played by cybersecurity professionals. The start of the competition did, in fact, go fairly well. The team changed passwords hourly and monitored systems closely. When a service went down, they diagnosed the vulnerability and blocked hackers from exploiting it again. “By the time it got to 3 p.m., we were like, ‘It’s almost over, I think we’re doing OK,’” Edens said. That’s when the hackers brought out the big guns, making clear they had been toying with the students all along. They took over the Northeastern team’s website, replacing it with a mocking meme. The good guys couldn’t even sign in. “That’s the thing with cybersecurity,” said Htet, who is currently doing a co-op on the applications engineering team at Tesla. “You don’t know how the attackers are going to attack. You don’t know all the possibilities, you just know the common possibilities.” Although the students didn’t win a prize, they did leave with a critical lesson, said graduate student Vinay Preet Singh: That they still have a lot to learn about cybersecurity. “I would definitely like to learn more,” he said. And when he does, he will be in an even better position to land a job in a market expected to more than double from from $75 billion in 2015 to $170 billion in 2020. “It has just grown tremendously over the last five years or so,” said Bonaci. “It feels more urgent than ever to be a part of it.”