Current wars between countries – like the Russia-Ukraine conflict – are being fought not only on land but also in cyberspace, says Mikhail Gofman, associate professor of computer science at Cal State Fullerton. While virtual protection from wartime enemies is an extreme use of ethical hacking, there are applications in less threatening situations as well.
Gofman studies and teaches the concept of ethical hacking – an authorized attempt to gain unauthorized access to a computer system, application, or data. In addition to serving as director of CSUF’s Center for Cybersecurity, Gofman is a faculty coach for a student-led team of emerging cybersecurity professionals known as the Offensive Security Society.
The club’s motto, which aims to advance cybersecurity education at CSUF, is simple: to catch a criminal, you have to think like a criminal. Such logic underpins the work of ethical hackers.
“The philosophy of ethical hacking is to attack your own systems and networks as malicious hackers would in the real world, with the main differences being authorization and intent,” Gofman explained. “Ethical hackers aim to help the organization identify and remediate security vulnerabilities to reduce the likelihood of being exploited by malicious hackers.
“In some cases, ethical hacking is critical to ensure compliance with privacy laws. Educational institutions and healthcare organizations regularly conduct simulated cyberattacks known as penetration testing,” Gofman continued.
He notes that cybersecurity is not just an information technology issue, but rather an organizational issue in which IT plays a small role.
“An organization may have a strong network security system, but it can become irrelevant when an employee takes an infected USB drive, brings it to work and plugs it into their computer.
“For this reason, ethical hackers also rely on social engineering attacks such as phishing – the practice of sending deceptive and deceptive communications – to exploit employees and test for security breaches, in addition to checking for computer and network vulnerabilities.” , Gofman added.
The university’s OSS club helps the next generation of cybersecurity professionals improve these skills. Team members participate in college competitions focused on fictional cyber attack scenarios and improving security.
Last fall, the team entered the Collegiate Pentesting Competition, the world’s first cybersecurity competition for college students.
“We placed third in the western region in this competition to identify security vulnerabilities for the fictional company Le BonBon Croissant and to write a detailed report on those issues,” said Josiah Peedikayil, Computer Science Senior and Vice President of the OSS. “In the end we qualified for global competition and had the opportunity to compete against other top teams across the country. Although we didn’t make the top three, it was still an honor to make it this far.
“Working with like-minded people has been very rewarding and the knowledge I have gained in OSS is invaluable. I wouldn’t be where I am today without that experience,” added Peedikayil, who will join Palo Alto Networks in information security after graduating this spring.
In addition to offerings like the OSS, Gofman notes that ethical hacking techniques are taught in the classroom.
“We offer courses that include an ethical hacking component, including network security, web security and cryptography, the study of secure communications techniques,” he said. “Specifically, we examine approaches and methods for hacking networks, web applications, and cryptographic protocols, with students actually getting hands-on practice in a virtual environment.”
To learn more about the computer science offerings at CSUF, visit the department’s website.