I've been mandated by the university of Tokyo to teach Information security courses during my working hours (initiation level). We are 3 teachers, 2 security researchers employed by the university of Tokyo and a tier Infosec engineer with some practical experience (me).
I'm responsible of the workshop sessions. My main goal is to ensure that they can practically apply and test the things they learn with the other 2 researchers.
The first session I gave was about building and configuring their own workplace and just made sure the students correctly followed the manual I wrote. Yesterday I gave the second session (where the fun things should start). This is when i discovered that 70% of my students have no basic IT knowledge.
Most of the students don't understand a single word during the theoretical part of the course (the researchers class, i have no impact on what can be taught there). The 2 security researchers doesn't care.
They say: It's not our fault if the students don't have the necessary knowledge for understanding us, they should work harder at home. And we are busy with our research.
In the workshop sessions (My class) the students are completely lost. They are trying to do things that they totally don't understand.
What am I planning to do ?
Divide the workshop sessions into 2 parts. Teaching IT Basics and the normal workshop (one hour each).
IT Basics course plan
This course will be divided into 3 parts: programming, system administration and networking.
No mouse allowed, only keyboards.
No User friendly OS allowed and of course no GUI. OpenBSD and VIM for everyone.
Programming (15 hours)
Introduction to C (12 hours)
Introduction to Perl or Python (3 hours) <- not sure yet
Networking (10 hours)
OSI Model & TCP/IP Model (3 hours)
Common protocols ( 2 hours )
HTTP in depth (2 Hours)
Sockets & Web Socket (1 Hour)
Packet capture and .pcap analysis (2 hours)
System Administration (10 hours)
Hardware & computer parts roles. (1 hour)
Difference between UNIX, GNU/Linux, DoS. POSIX Standard (1 hour)
UNIX Based system initiation (1 hour)
Common UNIX Administration commands (2 hours)
System calls (2 Hours)
File descriptors and PIPE (2 hours)
Process & thread (1 hour)
I have 80 hours with this class. 4 (sometime 6) hours per week on 6 months. I'm intending to use ~35 hours for teaching basics. There is no way I will let my students cook security related operations without them understanding what they are doing.
Is the IT basics course plan is good enough for understanding basic infosec ? (Should I add or remove topics, is 35 hours not enough or too much..)
I'm very new into the infosec teaching field, not very sure I'm doing this right...
I do not seek opinion based answers, but testimony of accomplished teachers who have watched their students grow from IT enthusiast into promising engineers.
A class of 26 persons. All graduated a bachelor degree, not in the IT Field for most of them. All Japanese, so I teach in Japanese.
Yes, they are motivated, well at least they are highly active in class. I don't know if the infosec field interests them or interacting with a non-Japanese teacher is somehow fun.
They ask me tons of questions, all IT related. Those questions pointed out a general lack of IT engineering basics knowledge. For being sure I wrote a short test, and as expected the results were not good. (Recently teach them how to convert decimal to binary and hexadecimal without tools.)
The other teachers
All researchers and Japanese. My students are somehow afraid to ask questions during other class lecture, looks like I'm their personal stack exchange website.
I spoke with the other teachers, and I somehow understand my students. The youngest teacher is 49, and I feel like teaching is an obligation for them, they don't want to. Writing papers on subjects that don't matter anymore is what they like.
Yes, they are all preparing a master degree in computer science. The majors differ though (Architecture, software, system administration, security...)
From my opinion, The Japanese educational system is pretty odd. I mean how come graduating a bachelor degree in economics or marketing can let you attend a master degree in computer science? The IT fundamental I will try to teach them is a knowledge any future engineer should acquire during a bachelor degree, not a master. At least in France. And I feel like this is somehow the same in Europe or USA.
From my point of view, basic IT knowledge is the fundamental you need to understand computer Science Masters degree's class
I'm not an academic person. Well, I'm a security engineer with 10 years of practical experience, not really a researcher. I know the actual needs of corporation in term of security, how attacker thinks and proceed, How to defend against them... This what I should teach, how it works out there in a practical way.
I'm 34 (French), pretty close to my student's age. This is my first time teaching at master degree level.
I don't know if this feeling is right but I somehow feel responsible for my students Future.