In an increasingly networked world, in which doing your banking, shopping and investing online is commonplace, securing financial, customer and personal data has become big business — a business that experts expect will continue to grow, and has Mt. Hood
Community College’s Cybersecurity program poised to fill those in-demand jobs.
Research firm Cybersecurity Ventures released a forecast of the cybersecurity sector that projects global spending on cybersecurity products and services will exceed $1 trillion cumulatively from 2017 to 2021. The firm estimated an expected year-over-year
growth of 12 to 15 percent through 2021.
The demand for more cybersecurity professionals is already evident, especially in the United States. Employment search engine Indeed.com found that for every 100 unfilled cybersecurity jobs in the U.S., there are 67 active job seekers looking for
those types of positions.
All of this means good news for Ben Abbott and Brennan Derr, second-year students in the Cybersecurity and Networking program at Mt. Hood Community College. Abbott and Derr led one of six MHCC teams in the National Cyber League’s 2016 fall competition.
Their five-member team, called bits_plz (Bits Please), achieved a third-place national ranking in a competition that included 155 teams from 103 two- and four-year colleges and universities across 31 states.
During the virtual competition, Abbott, Derr and thousands of other student competitors solved online challenges that tested their knowledge and abilities in cracking encrypted passwords, identifying sources of hacking intrusions and locating website
security vulnerabilities. The annual competition gives students like Abbott, Derr and their colleagues at MHCC opportunities to apply what they’ve learned in the classroom within a controlled and accepted environment.
“Some of the techniques used during the competition are illegal to do otherwise,” said Derr. “And there aren’t lots of other ways to practice hacking like this outside of a competition — not unless you get an internship as a penetration tester.”
Competitions like the NCL allow “white hats”, or legal computer hackers, to improve upon their skill sets without crossing that line into “black hat”, or illegal, hacking territory.
NCL — an Opportunity for Legal Hacking
In 2011, the NCL began offering virtual training opportunities to students studying cybersecurity. The organization focused on organizing training environments — called Gymnasiums — paired with Capture the Flag competitions, both designed around the
exam knowledge needed to pass major industry certifications.
According to the NCL website, the competitions aim to provide “engaging, entertaining, measurable, and scalable methods of learning to enlist a new generation of cybersecurity professionals.” More specific methods of achieving this include enriching
classroom learning, promoting industry participation, and providing a tool by which schools and students can assess the quality of their own cybersecurity curriculums.
The NCL’s fall competition takes place from October through December. During the pre- and regular-seasons, students compete individually and must solve the online challenges by themselves, with the use of publicly available information. The preseason
establishes students’ rankings in either the Gold, Silver, or Bronze brackets for the regular season. The 2016 fall regular season included some 2,760 students — who were led by 352 faculty members or “coaches” — from 238 schools nationwide.
For Abbott and Derr, it was their second year participating in the competition, and they both easily made it into the Gold bracket (top 15 percent of competitors). During the two regular season events — held Nov. 5 and Nov. 19 — Abbott, Derr and their
colleagues and competitors were given eight hours (per challenge day) to solve as many problems — also known as flags — as possible, and score as many of the available points as they could.
The regular season was stressful to say the least, said Abbott.
“Incredibly stressful — but really fun,” he added. “But if you’re someone who likes puzzles, likes Sudoku, or plays the crossword, then things like this should be right up your alley.”
To prepare for the event, Abbott and Derr spent time on war-gaming websites, where they could practice the skills they learned in class and labs. They also performed plenty of independent research, finding and collecting publicly available online
resources that would aid them in cracking codes, identifying hacker IP addresses, and performing similar tasks.
Many challenge questions were framed like riddles, such as “Our officers have obtained password dumps storing hacker passwords. Try your hand at cracking them,” followed by a list of four 65-character alphanumeric passwords. For other questions, competitors
were given a webpage and asked to identify the IP address and similar identifier data.
During the postseason, NCL participants can team up. The team-style format helps take some of the stress off, said Abbott. They can train together in-person and, using digital communication tools, talk through the challenges, leaning more on team
members’ individual strengths.
Last November, MHCC fielded six teams of both first- and second-year students for the weeklong NCL fall postseason competition. Three of them competed in the Gold bracket, two in the Silver, and one in the Bronze.
“The NCL allows students to really apply what they learn within the classroom and through their own independent studies,” said CIS instructor Paul Morris, who coaches all of the college’s NCL participants. “It builds on what we do here at MHCC and
helps better prepare them to earn industry certifications. I’m very proud of all the teams we fielded this year in the competition.”
Abbott said he was “definitely surprised” by his team’s success during the competition. Taking part in the NCL and similar programs have helped fuel his interest in the field and better position him for a job.
“This competition prepares people for a real job in cybersecurity better than anything else I’ve done — it requires really creative thinking and a lot of independent learning to succeed,” he said, adding that networking with competitors nationwide
doesn’t hurt either.
Cybersecurity Program at MHCC
Abbott and Derr both pursued their educations in cybersecurity via circuitous routes. Abbott never had any real plans to return to school. The Portland resident said he enjoyed working on computers and had previously served as a lab technician at
Portland Community College. However, the concept of “breaking and fixing things” was what initially attracted him to the field.
“That seems like a big part of cybersecurity — trying to break things, and trying to fix things so that other people can’t break them,” he said. “There’s a real ‘me verses them’ thinking. And I like that I need to learn new skills and step up my game
to keep ahead of ‘them’.”
His wife recommended the Cybersecurity and Networking program at MHCC — one of the few cybersecurity programs in the Portland area and the only community college in the state offering an Associate of Applied Science in cybersecurity and networking.
Derr, the son of MHCC President Dr. Debra Derr, also enjoyed working on computers, and he found the creative problem-solving element of cybersecurity appealing as well. Prior to pursuing his A.A.S., he attended culinary school — another place where
problem-solving came in handy, he said. He’s enjoyed the MHCC program, seen it evolve and grow since he started it, and now looks forward to an internship that will aid him in getting his career started.
Housed at the Oregon Center for Cybersecurity on the Gresham campus, the Cybersecurity and Networking program offers a degree specialization in database development for students pursuing their A.A.S. Students enrolled in the associate degree program
also receive specialty training to earn major industry certifications, including the Computing Technology Industry Association’s A+ and Security+ designations. Additional available certificate programs include secure networking, network and firewall
security, business cyber vulnerability analysis, Oracle PL/SQL development, and digital forensics.
The National Security Agency and Department of Homeland Security recognizes MHCC as a Center of Academic Excellence Two-Year (CAE2Y) for the school’s commitment to training cybersecurity professionals. MHCC also provides training and accreditations
from curriculums created by Cisco, Oracle and Palo Alto Networks. Learn more at mhcc.edu/Cybersecurity.