Education

DTU educating the cyber warriors of the future

Hacker-led cyber-attacks are becoming ever more frequent while also becoming yet more cunning. At DTU’s Hackerlab, students can learn to think like a hacker—an insight that can lead to enhanced cyber security.

Students meet at DTU Hackerlab every Wednesday in a quest to become better ethical hackers. Photo: Thomas Steen Sørensen

Monday 19 December 2022

Miriam Meister

Just as students empty out of the auditoriums and teaching labs around DTU on Wednesday afternoons, the DTU Hackerlab comes to life. Here students from a range of study programmes come together—united by a shared interest in becoming better ethical hackers.

They try their hand at tasks that better equip them to spot errors and vulnerabilities in computer software and hardware. For example, is it possible to hack into a Bluetooth-enabled faucet, and what about penetrating a building’s electronic access control system?

Hackerlab first opened its doors four years ago. According to Associate Professor Christian Damsgaard Jensen, the man behind the initiative, the purpose of the laboratory is to give students somewhere to acquire knowledge about the ways in which hackers attack, so that they can develop the best possible defences to keep the attackers at bay.

“We basically want to educate people who can build the shields that will protect us. To do that, they need to have a grasp of whether the attacker uses a sword, a spear, or a knife. In other words, you need to be familiar with their tactics, techniques, and procedures,” he explains.

DTU students among the ethical hacking elite

Among Hackerlab’s regulars are Alexander Thomsen Skovsende and Polly Nielsen Boutet-Livoff. They spend their afternoons perfecting the many different facets of hacking that have already bagged them a place on Denmark’s national cyber team.

Their main areas of expertise are, respectively, binary exploitation (which is the ability to find coding errors and exploit them), and knowledge of encryption (which are methods of ensuring that information remains a secret that unauthorized parties cannot access).

FACTS

About the national cyber team

  • Denmark’s ten-strong national cyber team is sponsored by the Danish Industry Foundation. The initiative is part of the foundation’s extensive focus on bolstering cyber security in Denmark.
  • The other stakeholders involved in the initiative are the Danish Defence Intelligence Service, Aalborg University, DTU, the IT University of Copenhagen, and the University of Southern Denmark.
  • Every year, the national team participates in the European Cyber Security Challenge, which sees countries compete in a wide range of disciplines in the fields of hacking and cyber security.
  • In September, the Danish cyber team competed at the most recent event held in Austria where they secured the gold medal—their best finish ever.
  • See here for more information on how to secure a place on the national team: The Danish Cyber Championship (info in Danish only).
National coach Jens Myrup (centre) speaking to some of the players on the Danish Cyber Security team during the European Cyber Security Challenge in Austria. Photo: Mads Sejer Nielsen
DTU students Alexander Thomsen Skovsende (right) and Polly Nielsen Boutet-Livoff in action for Denmark. Photo: Mads Sejer Nielsen
The scoreboard on the first day of the European Cyber Security Challenge 2022
The Danes were in the lead for most of the first day of the competition and were placed second overall at the close of play.
There was no shortage of either gold confetti or smiles when the Danish Cyber Security team ended up at the top of the podium. Photo: Ditte Weng
The Danish Cyber Security team basking in the golden glory. Photo: Ditte Weng

According to Polly Nielsen Boutet-Livoff, there are plenty of reasons to acquire cyber security skills, among which is the opportunity to make the world a better place by helping people. However, her own motivation for getting into the field was—to put it in her own words—not quite as altruistic:

“It was more about seeing technology that we know is designed to do one thing and then using it for something completely different. It’s pretty mind blowing on some fundamental level.”

It was that same fascination that saw Alexander Thomsen Skovsende get hooked on hacking. “You have to think differently to the developers to get the program or device to do something that it’s not designed to do. I just think that’s incredibly cool,” he says.

Although both are talented and enthusiastic mathematicians, they have pursued very different programmes of study at DTU. Alexander is studying for a BSc in Software Technology, while Polly has opted for a BSc in Electrical Engineering. But what they do have in common are the many hours they spend improving their hacking skills—both at the Hackerlab and elsewhere.

FACTS

DTU ranks highly

For a number of years, DTU students have participated in Hack The Box—an online competition that tests and develops the hacking skills of individuals and teams. Participants are scored for each task they solve. In the overall rankings, DTU is the best placed university in Denmark.

At the end of 2021, the DTU team participated in Hack The Box’s global University Challenge which required them to solve as many tasks as they could in the space of a weekend. As the only team in Scandinavia, they went straight through to the final.

A future in the field

The teammates are well aware of the prejudices that surround their interests: “A lot of people hear the word ‘hacking’ and immediately think of crime,” says Polly Nielsen Boutet-Livoff. “Especially among the older generations,” her teammate adds with a laugh.

They find that when they explain what an ethical hacker does, most people fully understand why there is a need for people with those skills. However, Polly Nielsen Boutet-Livoff still feels that many people can be somewhat sceptical about the credibility of ethical hackers.

Nevertheless, both plan to make a living from their passion for cyber security and hacking. “It’s one of the most interesting things I’ve ever done, and it’s something that I’d really like to work with and learn more about,” says Alexander Thomsen Skovsende.

“And the pay is really good,” Polly Nielsen Boutet-Livoff adds, before continuing: “Jobs in IT are generally well paid, but very few people have what it takes to do cyber security at the levels demanded by the national team.”

Cloak-and-dagger

According to Niels Trads Pedersen, who is a partner in Deloitte’s Risk Advisory practice, which consults on issues including cyber security, there will be tremendous demand for people who have the hacker mindset. “In order to resist the enemy, we must be able to think like them,” he says.

He notes that there are plenty of enemies given that society is becoming increasingly digitalized and that we have seen a rise in our dependence on technology—all this means that there is a greater incentive for hackers. They can profit handsomely from companies making payments to get hacked systems restored or for the decryption of encrypted data.

At Deloitte, businesses can seek the assistance of ethical hackers who perform stress test a range of systems, including by attempting to gain unauthorized access through what are known as penetration tests.

“It is vital that you expose your building and get experts to see whether they can break in, because you can learn a lot from the experience and identify the holes you need to fill,” explains Niels Trads Pedersen.

“New methods and approaches are constantly emerging, which is why this isn’t something you can just do at the start of January and then figure you’re off the hook forever after. We do see that some companies that are involved in critical activities will run a range of penetration tests several times a year.”

In fact, Alexander Thomsen Skovsende is one of the Deloitte employees who uses a cloak-and-dagger approach to penetrate customer systems as part of his role as a student assistant.

And going undercover can often be fun and challenging for employees, according to Niels Trads Pedersen: “Because you’re allowed to do all sorts of things you wouldn’t normally be allowed to, but it’s all with the best of intentions and the customer’s consent.”

Massive demand for skilled labour

American specialist Cybersecurity Ventures expects damage as a result of cybercrime this year to cost USD 7 trillion worldwide—with the total bill growing to USD10.5 trillion by 2025.
The steady growth in cybercrime has resulted in increased demand for employees who can provide IT security for businesses and organizations around the world. According to Cybersecurity Ventures, there were 3.5 million vacancies in global cyber security in 2021, and that figure is expected to remain unchanged until 2025. 

As such, job prospects look good for talented individuals such as the two members of Denmark’s national team.

Niels Trads Pedersen is clear about what he wants from future employees. Above all, they must naturally possess in-depth technical skills. This includes skills in the field of coding, which enables people to identify coding errors that cause vulnerabilities, and in monitoring so they can quickly spot whether an alert about a possible system intrusion is genuine or a false alarm.

“There will be a need for people with every imaginable technical skill,” he highlights.

He also stresses that being able to and ideally having experience in cooperating in teams and possessing great communication skills are important so that employees can talk to and make themselves understood to every kind of staff member—from the machine room to boardroom.

education

Learn about cyber security at DTU

DTU offers a wide selection of courses in cyber security. The courses are e.g., available to students on DTU's bachelor's programmes in Software Technology, Mathematics and Technology, Cyber Technology and Electrical Engineering.

Bachelor students at DTU have a great deal of freedom in which courses they choose. Consequently, students from many other fields of study can also choose courses on cyber security.

DTU offers a master’s programme in Computer Science and Engineering which features a study line in Computer Security. Students who choose this study line can focus further on cyber security by choosing the specialization in Cyber Security. The master's program in Computer Science and Engineering also has a study line in Safe and Secure by Design for those who want to develop correct, robust, and secure IT systems.

Furthermore, DTU offers a Master of Cyber Security. This continued education programme provides the participants with a great insight into the risks that threaten corporate cyber security and equips them with tools to increase it.

DTU's Ballerup campus offers a number of cyber security courses that are aimed specifically at bachelor of engineering students in several fields. However, they are also available as single course subjects to anyone looking for further education in this field.

Read more about the opportunities to gain a degree within the area of cyber security at dtu.dk.

Topic

Cyber security

Denmark is at the forefront when it comes to the use of technology and digital solutions. This brings about great opportunities – but also makes Denmark an obvious target for IT crime. Consequently, there is a great need for research and training in cyber security to ensure that technology continues to create value for people.

Read more in DTU's cyber security topic.

Cyber security IT systems Systems and data security Software and programming