– Christy Loh –
Attending A Cyber Security Workshop For The First Time
This story recounts the experience of Samantha Goh, a participant at the recent Youth Cyber Exploration Programme (YCEP) May 2020.
YCEP May 2020 is a 4-day cyber security workshop organised by Cyber Youth Singapore (CYS) and Singapore Polytechnic School of Computing, held on the CYS Discord channel.
Before the YCEP, I had no prior knowledge about cyber security. The only times I ever heard about cyber security was through cyber wellness talks in school during assembly programmes.
I wouldn’t say that I’m completely foreign to the concept of technology, however, as my CCA happens to be Infocomm Club. We learn about game programming and basic coding. It was through my CCA that I got to learn about YCEP, but like my peers, I was rather apprehensive initially. I was afraid that the programme might be too technical and challenging to understand. Deep down though, I’ve always yearned to learn more about programming in general, which spurred me to take up the challenge and sign up for the workshop.
The programme for the first three days was split into morning lectures and afternoon practicals, quizzes and showcases, which were essentially live demonstrations. The final day was dedicated to an online Capture-The-Flag (CTF) competition, where we had to hunt for specific codes called ‘strings’ across various platforms. This structure made the programme really engaging and fun—things I honestly didn’t expect out of an online workshop. I also got a rough glimpse into Poly life in Singapore, which was really insightful.
At the end of each day, we would be given a feedback form to give the student lecturers a sense of our understanding. What impressed me was that they actually used the feedback forms to assess our level of understanding, and tweaked subsequent lessons to suit our pace of learning. They also took the time to revisit topics we faced difficulty comprehending and made themselves available for consultations even after the programme had ended for the day.
Day 1 started with us having to introduce ourselves and getting comfortable with our virtual classmates, which was facilitated by the student lecturers.
We were introduced to the basics of cyber security, like the anatomy of a computer, law and order in cyber security, networking, user management and inevitably, coding. When the lecture first began, I was immediately overwhelmed by the many slides thrown at us. But this concern was soon dispelled as I was fortunate to have a student lecturer who could explain it well.
While the lecture was quite the ordeal, the practical was easy to understand, thanks to my basic understanding of coding from my CCA. One of the key things I learnt was how to apply coding into practical means, like securing our computers.
By the end of the first day, I was EXHAUSTED but the feelings of accomplishment got me so riled up for the following day.
Day 2 was all about the ‘Attack Methodology’, so we learnt things like penetration testing, which involves testing the system of a computer to check for vulnerabilities by attempting authorised hacking on our own devices. Before diving straight into penetration testing, we had to learn the 5 stages of a cyber attack and the intentions of the attackers at each stage to prevent those opportunities from presenting itself in the first place. In short—we’re trying to outsmart them.
With the concepts taught to us in the perspective of a pen tester, it allowed us to digest the information much better. A pen tester scans the device for vulnerabilities in a system and identifies them to prove that a system is not protected. By experiencing pen testing first hand, we could better understand what went wrong and manage the situation ourselves.
The lecture was much simpler to understand, but the practical was much more challenging this time round. I was struggling quite a fair bit and had to seek guidance from the student lecturer time after time. But I was determined to grasp the concepts fully, so I reviewed the slides once more later that evening and that helped a lot.
The lectures on day 3 provided more insight on the concepts taught the previous day. We were taught what attackers would do when finding vulnerabilities in our program. I had the opportunity to put myself in the shoes of an information officer to learn how it protects its company or organisation from cyber attacks.
The practical was a lot easier to complete compared to the one on day 2 even though I faced some challenges during the troubleshooting process. This process required me to use the secure shell command, which connects our computer to another computer on the internet in order to spot vulnerabilities. A recap of the content taught over the first 3 days was later streamed and that allowed me to better understand the correlation between the chunks of information taught over the workshop.
Throughout these 3 days, I learnt a lot, including how to crack passwords and keep it safe. The most valuable piece of information I’ve learnt through the workshop would be the importance of updating the operating system of my computer. Since many computer updates introduce new security features, it is necessary to ensure the versions are up to date with them.
When I heard that there was going to be a competition, I initially thought it was going to be a test, only to be surprised that it was more like a game. During the competition, we had to look for challenges on the jeopardy board to solve it. Since my teammates were all friends from my CCA, communication was not an issue for us and we delegated the challenges pretty efficiently among each other.
Although we failed to obtain a good score, our team worked well nonetheless and had a blast. With my skills adopted over the past three days combined and put to the test, I managed to elevate my understanding of the concepts to a greater level.
Final Thoughts On The 4-Day Cyber Security Workshop
Overall, I feel that this cyber security workshop has taught me the importance of protecting my information. If you, like me, thought that simply going incognito on your browser would help secure your data, think again. I learnt to be more woke about my online activity and that without proper encryption, others can still gain access to our data via Wi-FI. Now, I try to add special characters and use different passwords for each account to make it more secure.
I can understand why people have the mindset that cyber security is complex, daunting and difficult to grasp. I mean, jobs in this field require years of proper education and training as it is the digital security of our devices and the devices around us that we’re talking about here. My advice for those keen on dabbling in cyber security, but are intimidated to do so, would be to just get to it, start slow and learn your basics well. Enroll yourself in beginner-level workshops like these.
Technology is advancing at a rapid pace and to say that IT literacy is only for experts in the field would be false. IT literacy has undoubtedly evolved into a staple skill set in our 21st century and it is therefore crucial to know the basics of technology, at the very least. The most crucial part of it all would be to know how to protect your information online. All in all, I would attend another workshop of the likes and recommend them to my peers. Two thumbs up!