Supervising undergraduate cybersecurity projects

Abstract

As cybersecurity grows as a specialty within electrical and computer engineering and computer science, students increasingly choose to pursue projects in the area. These projects come in the form of class projects, senior design/capstone projects, and extracurricular research of varying degrees of difficulty and sub-genres of cybersecurity. However, it is easy for these cybersecurity projects to put students in danger of violating laws or compromising equipment; thus, it is critical for faculty to properly guide and moderate these projects. While each project may be from a different subcategory of security, some general rules and tips can help maintain order for the undergraduate student teams. In this paper, two faculty members (one in Electrical and Computer Engineering, one in Computer Science and Networking) describe their efforts to create, supervise, and guide these cybersecurity projects at Wentworth Institute of Technology. The majority of these projects have come from senior design courses and security-related final course projects. Each project was largely student-driven, inspired by the relevant course, student interests, and their level of expertise and resources. The challenge for the instructors/supervisors then was to keep the students from hurting their own systems or putting themselves in danger of breaking a law (for example, hacking into a private or government system), while also ensuring that the students are operating in a realistic and contemporary environment. This second point is especially difficult as students must see cybersecurity outside of small exercises and apply their skills in a realistic manner. The authors will review the types of projects that students have completed in the last four years at Wentworth Institute of Technology. These descriptions will include details of the projects and the technical and ethical challenges that accompanied each. These tips and best practices are intended to provide instructors with a starting point as these types of security projects become more prevalent across undergraduate education. The descriptions will also detail the level of project that students of various backgrounds and class levels can accomplish within the cybersecurity field without monetary resources or years of experience. This work will provide new instructors and project supervisors information to guide similar projects, paving the way for much needed cybersecurity professionals to gain valuable experience during their undergraduate education.