Discover the fascinating world of social engineering and cybersecurity as we dive into a captivating conversation with Aunshul Rege, revealing the secrets of blending tech and human psychology.
Guest: Aunshul Rege, Director at The CARE Lab at Temple University [@TU_CARE]
On Linkedin | https://www.linkedin.com/in/aunshul-rege-26526b59/
On Twitter | https://twitter.com/Prof_Rege
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________
This Episode’s Sponsors
Pentera | https://itspm.ag/penteri67a
CrowdSec | https://itspm.ag/crowdsec-b1vp
___________________________
Episode Notes
Welcome to a riveting new episode of the Redefining Cybersecurity Podcast, hosted by Sean Martin! Today, we're diving into the fascinating world of social engineering and the crucial role of education in understanding cybersecurity. Join us in this engaging conversation with Aunshul Rege from Temple University, who does amazing work in helping students comprehend the importance of cybersecurity and how social engineering plays a vital part in it.
Imagine a world where computer science students and liberal arts students come together to tackle cybersecurity challenges from different angles. Aunshul Rege is an associate professor at the Department of Criminal Justice at Temple University, who has a unique journey starting as a software engineer and eventually realizing that computer science wasn't enough to answer the who, why, and how of cyber attacks. Her passion for understanding human behavior, sociology, and cybersecurity led her to explore the liberal arts side of cybersecurity.
In this episode, Aunshul talks about her innovative teaching methods, where she pushes her students to collaborate across disciplines and explore the importance of social engineering in cyber attacks. From shoulder surfing activities to discussing ethics and multidisciplinary teamwork, her students learn to appreciate the different skill sets and perspectives they bring to the table.
But it's not just about the technical aspect of cybersecurity. Aunshul's approach to teaching focuses on building students' understanding of human behavior and psychology in cyber attacks, emphasizing the value of social engineering in both the attack and defense aspects of cybersecurity.
As you listen to this fascinating conversation, you'll discover the powerful impact of merging computer science and liberal arts perspectives, the importance of ethics in cybersecurity, and how Aunshul's unique teaching methods help students appreciate their role in the ever-evolving world of cybersecurity.
So, get ready to be inspired by Aunshul's story and her innovative approach to cybersecurity education. You won't want to miss this captivating episode that challenges our understanding of cybersecurity and the critical role of social engineering in it. And don't forget to share this episode, subscribe to the podcast, and join us for more insightful conversations on Redefining Cybersecurity.
____________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
____________________________
Resources
The CARE Lab: https://sites.temple.edu/care/
Summer Social Engineering Event: https://sites.temple.edu/socialengineering/
____________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Watch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording as errors may exist. At this time we provide it “as it is” and we hope it can be useful for our audience.
_________________________________________
voiceover00:15
Welcome to the intersection of technology, cybersecurity and society. Welcome to ITSPmagazine You're listening to a new redefining Security Podcast? Have you ever thought that we are selling cybersecurity? insincerely buying it indiscriminately and deploying it ineffectively? Perhaps we are. So let's look at how we can organize a successful InfoSec program that integrates people process technology and culture to drive growth and protect business value. Knowledge is power. Now, more than ever. Crowd sec, the collaborative and open source cybersecurity solution, analyze behaviors, respond to attacks and share signals across the community for free. Let's make the internet safer together. Learn more at crowd sec.net entera the leader in automation security validation allows organizations to continuously test the integrity of all cybersecurity layers by emulating real world attacks at scale to pinpoint the exploitable vulnerabilities and prioritize remediation towards business impact. Learn more at Penn terra.io
Sean Martin 01:40
Hello, everybody, I am on shoe reggae. Hosting the redefining cybersecurity podcast in place of Shawn, even though I look like I'm on show. And with me, I have Shawn Martin, how are you?
Aunshul Rege01:57
I'm doing great. How are you on troll?
Sean Martin 02:01
Fabulous show. Obviously, we're playing a little game here. And it's all about social engineering and education. That's the topic today. And I am Sean Martin, if you choose to believe me. And you're very welcome to new redefining cybersecurity podcast you're in ITSPmagazine. And I do have on show reggae with me from Temple University. And she does a lot of cool things to help students understand cybersecurity and to use sure many things but social engineering is one means to do that. And she does a lot outside of the classroom as well. onshore, it's so great to Great to meet you.
Aunshul Rege02:49
Thank you so much for having me. Super excited to be here.
Sean Martin 02:53
Yeah, this is gonna be fun. And for those who have not met you yet, a few words about who you are your journey to into the field, perhaps and then maybe your journey to Temple University as well.
Aunshul Rege03:08
Sure. So a little bit about me, I am an associate professor with the Department of Criminal Justice at Temple University. This is my 11th year here. So I've been here for a while. And I also direct the cybersecurity and application research and education or care lab for short. And my interests lie at the intersection of human behavior, sociology and cybersecurity. So I'm very interested in the human behavioral psychological sides of cyber attacks in cybersecurity. If you asked me, you know, 15 years ago, would you ever be an academic, I would have laughed, and I would say, What are you talking about? Absolutely not. So I've had an interesting journey. My first degree was actually in computer science. I worked for two years as a software engineer, and then experienced our first breach, which back then, and I'm not going to tell you how old I am, although I'm sure you can all Oh, sent it and figure it out. Back then, we didn't even talk about cybersecurity in the classroom. We didn't know how the breach happened. But I know we were all scrambling and trying to fix this. And that made me wonder, wow, you know, there's this whole other side of things that I know nothing about that computer science cannot answer. Right? Like who is doing this? Why are they doing this? How are they doing this? And there's the technical side, right, the hard science side of how but there's also like a whole other side. So I quit my job. And I went back to school to study criminology. And I looked at everything from cyber crimes at gambling. upsides to cyber attacks against the power grid. And then I ended up at temple after I completed my PhD at Rutgers, and ever since then have just been researching more and more in this space. But what got me particularly interested in the area of social engineering was because of my role as an educator, not as a researcher. And what I discovered was that I had a lot of liberal arts students, because I'm housed in the College of Liberal Arts, who took my cybercrime class. And every semester, they would say, Well, I can't do cyber, because I don't know how to code. Or I don't know how to pen test, or I don't know how to do this hard science thing. And I had to tell them a story that I was in that space, and I quit my job, because computer science didn't give me what I need. needed to pursue these types of topics, right to understand adversarial mindsets to understand defender mindsets to understand how these intersect. These are the types of skills that computer science does not necessarily get into. And that you, as a liberal arts student have so much that you can can offer that you you know, and you should be offering. So it made me wonder, what do I need to do? How do I teach differently, to make students realize that they are getting the right training, they are relevant that their perspectives matter. And so I had to rethink myself, right, I had to rethink cybersecurity education for myself, I had to say, how do I change the way we are doing things? Um, and that's how I started getting into the area of social engineering because this was a space that is very much a liberal arts space. Right? You have to understand how people think, why do they do what they do? How do I convince them to do something for me? And I said, Alright, how do I bake that into, into the education space. So so that's a little bit of, you know, a journey, in terms of where I was, and how I'm here right now doing what I'm daring.
Sean Martin 07:43
That's, that's a fantastic, fantastic story. Thank you for sharing that. I think there's a lot of a lot of people listening that will be inspired by that. And recognize what what you do and how important it is. Tell me a little bit about the, because I guess, a lot of uses that you said a lot of your student items, and I was impressed that they actually knew what pen testing was, and some of the hard science terms. But you had the the luxury or the privilege or the pleasure, whatever it is to be in the tech part of it first. How do you help students then recognize that they don't need that when you already have that? Because I even myself, I was an engineer in the past. And I immediately go to Okay, well, you can do all this stuff at the human level, which we need that as well. But ultimately, it does come back down to well, the computer works that way or the app works that way. Right. So how do we there are those parts? So how do you help the students understand their role not get hung up on? Well, how does it work? And why does it work that way?
Aunshul Rege09:01
Right, right, and I guess I'll answer the question, in a couple of ways. So the class that I teach the Cybercrime class that I teach every semester, I have a good chunk of computer science students, and also liberal arts students taking the class. And for the computer science students, when I say you know, you're going to have to go talk to people and convince them to do something. The reactions are not always the greatest, right? Like, we have to we have to do what, right because there's so used to not doing that.
Sean Martin 09:41
I became an engineer, so I didn't have to do.
Aunshul Rege09:45
Right. And they they're like, why does this matter? And I said, I promise you just hold on for a little bit longer, and you'll see. Right, and I tell them, they're also very shocked when I tell them that I started in computers Alliance and it worked for two years in the private sector. Right? And they're like, why are you doing this now? And I was like, Well, you know, there's there's many different ways to to look at how the social side matters. So I have those, that group on one end of the spectrum, and then I have the liberal arts students going, well, this is not cybersecurity. Yes, it's social engineer talking to people. But that's not cybersecurity. So how do I convince both sides of the spectrum that this matters, and by the time we get to the, you know, two weeks, three weeks into the class, both sides are sold, right? Because for the computer science students, they first of all understand that it's not just bits and bytes that matter. Right, that there's a whole other attack vector phishing may be the most prominent one that we all know about. But there's so many other ones that are just like, oh, I never thought about it that way. Right. So you have that mindset change. On the flip side, I have liberal arts student going, Oh, I didn't know that could, you know, start a cyber attack, dropping a flash drive and hoping someone picks it up and plugs it in what? Right, so so when you have those types of conversations, and then the projects that we do in class, right that, that get them to try their hand at social engineering in a safe and fun and ethical way, then they start really understanding the value of these types of things. And so if you design your projects around those types of ideas, and you think about, and have conversations about ethics, potential implications, prevention, writing up your findings, right, all of these kinds of things come together to, at the end of the day, keep our systems more secure, protect our systems, and protect our humans. And you give students that creativity, to go explore that, I think that really has helped change mindsets. More than anything else.
Sean Martin 12:20
I love that you have we'll see, say, both sides, the technical and the and the psychological elements. Because one, one knows how one thing works, the other knows how the other thing works, but together, it becomes super powerful, right? Really, the really targeted aggressive attacks, succeed, and, and, and likely is driven by people from, from all those aspects, understanding human behavior, computer behavior, the flow of those things, the responses you get, because it's not just the single, it's not, it's not always just a flash drive dropped. Right now, there's multiple steps involved, perhaps Yeah, to get deeper and deeper and go side to side and come back out. And so talk to me a little bit how the students you said a few weeks in, they kind of realized that themselves. But then how do they I'm assuming they do come together and go, Hey, you're a great ally here, let's how does this work? I can get the person to do this. Is that going to be helpful in this particular? Engagement?
Aunshul Rege13:33
Yeah, and so one of the things that we do is because we have students from different disciplines, and all of my projects are group based, I first of all, tell them, they have to work with someone who is outside of their field. So create groups accordingly. And I think these multidisciplinary dialogues, teamwork, these kinds of things are so important. And we need to start having these experiences sooner earlier in educational settings, right? Because then you go out in the field, and you kind of have to do that anyway. But one of the best icebreakers activities that we've had is shoulder surfing. And I'm assuming your you know, audience knows what that is, right? But this is, this is one of the most fun projects that we've done. And students are divided into groups. And for two weeks, they have to target each other while they're on their devices. Now, of course, we have rules. You can't capture any sensitive information that's off limits. You can't follow people home. And I say that because these were questions that students asked and I had to say no, you can't do that.
Sean Martin 14:56
Social engineering in itself, right? What Yeah, I get away with what exactly
Aunshul Rege15:01
but these see, but this is how you have the conversations about ethics. What you're right. So so part of this also is because we are a university students can go through ethics training through, right through through our school. And so they have to complete this training in the first two weeks, otherwise, they cannot take my class. So that's number one. Number two for each project, right? For each project, they have to also then come up with their own sort of strategies, but they have to get them vetted by me. And I said, Well, how would you feel if they're like, No, we wouldn't like it. I'm like, Ah, so then don't do it. Right? And why is this problematic? Let's talk about this. So rather than having a distinct conversation about ethics, you bake it into the project, as you go through it, students are going to understand the ethical side of things better. And when so they're so they're learning about ethics, but they're also learning about, Hey, you're good. Because I remember this one semester, we had in the class, we had someone from the business school, and he was specializing in sales. So he had the most finesse in that group, they always put him in front like, Okay, how are you going to convince our rival team members to do something and distract them, so that we can get a picture of them shoulder surfing? Right, so they figured it out on their own, Hey, you're good at this, you're good at this, what we see are group dynamics and divisions of labor, that are coming about based on skill sets that are discipline specific, that are personality specific, right, and they get to experience this firsthand. So understanding that you not one person alone, does not have all the skill sets that you need to pull something off, you have to work together, you play off of each other's strengths to make it happen. And I think that's how students have figured out also, it's like, hey, I need to find people in the social sciences, right? If you're a computer scientists or for social scientists that can say I can talk to computer scientists to get this done. So those are also so it's not just social engineering, right? You're talking about ethics, you're talking about multidisciplinary work and respecting each other for the strengths that you bring to the table. These are concepts that you can't teach through a, you know, typical quiz or an exam, or go figure it out in the real world. These are those aha moments that you have to capture as the projects are unfolding.
Sean Martin 17:41
So talk to me, I presume a lot of this is communication driven, there may be some things that are covert, as well, like shoulder surfing is one example. But I presume that the communication is a big part of this. And so there's with each other as a team with the column the the subjects of their activity. And then I some maybe a little bit about that, but then also, do you take this to what the purpose is, in terms of the business benefit? Or at the business, its impact to the business, I should say, an impact to society, and how they need to communicate that externally. So yeah, I think,
Aunshul Rege18:36
yeah, and let's see if I remember all of those. So it's, I feel like I'm taking my own test right now.
Sean Martin 18:42
With each other, with the subjects and with business and society.
Aunshul Rege18:48
Yeah. So I will, I will start obviously, with each other. So I spoke a little bit about that, right? With regard to this subject, so one of the people. So I'll continue with the shoulder surfing one, for instance, if for those two weeks, they're not allowed to disclose to each other, if they successfully captured them or not, right, you can't reveal your successful shoulder surfing captures. At the end of two weeks, we have a debriefing session, and each team comes to the front of the class and does a PowerPoint and said, This is where we caught you and the person in class that was the target. Like when did you get that I didn't even notice you were there. So so in this case, the subject you know, just happens to be the person that you targeted who is in the classroom, but they realize how easy it is for them to be captured and how easy then it is by extension for anyone to do this and also realize that the bad people out there are not governed by ethics. They don't care about ethics, right? You do but they don't. So So there's sort of those types of conversations. shins when they have realizations that oh my gosh, I'm going to be a little bit more careful next time, or I'm not going to sit with a giant window behind me. Right? And serve, because I know that you that's how you all got this shot, right? Because he sat there the the person sat there because they wanted the sun on their back. And it was nice. But the people behind him could see completely, you know what they were doing on their screen, right? So being a little bit more careful. And then sort of, by extension, you know, having conversations, right? Because, hey, I did this at school today. Right? This is what I learned. And then this becomes dinner conversation. So I actually had students come back and say, Hey, last night, I was telling my mom and dad about this, or telling my little sister about this, or telling my grandma about this, you know, and now I'm a little bit more cautious when I'm taking that train to, to school, or trained to work, or I'm on the bus. And I'm like, do I what do I want to be browsing on my phone at this time? Does it doesn't have to be sensitive information? No, probably I shouldn't be doing that. Right. So it's sort of it trickles out that way, through just a simple classroom project. Now, of course, you can scale it up. And you know, we're starting to get into that space too. But absolutely. So talking to each other, educating each other, having those moments and you know, you reflect on yourself about your own sort of cyber hygiene, if you will, and then share that knowledge because you have done it and you've experienced it, you're more likely to go and have conversations about it with with your friends and family. And that's how you get started.
Sean Martin 21:41
It's all about starting. The first step is understanding right? And I'm excited to hear it all the aha moments. I'm sure did tickles you inside when when you you see this students twig? Oh, I understand what what's going on here. Now. Talk to me a little bit about I mean, you're able to do certain number of things in the classroom with with a big group. But then you also take this outside of the classroom into what's a collegiate sec, TF, which is social engineering. Competition. Maybe that's just the handle? Yeah, no, you merged with? Sorry, I should have read that before I jumped into it. You put on advanced? Let's just go there. Yeah. Where it's a competition on social engineering, which sounds really cool. It's actually coming up. Assuming we get this produced before. What is it? May 19. People will be still still joining you for that. Tell us a little bit about the events? who applies it to just your students? Or is it open? Beyond that? Can you have people who didn't take your class? Try their social engineering this?
Aunshul Rege23:03
Sure. So the project that I just told you about right social shoulder surfing or other? We've have lots of other projects that we've tried out in the classroom. And so I would go and as an academic, of course, after write about these things, and so I published and then I have to go present my findings. So I'd be at conferences and present these types of projects. And I'd have students from other schools come up to me and say, well, we don't have this in our school. Do you have a CTF? And I said, Oh, dear, I don't. But that made me think, okay, maybe this should be scaled up. And then how do I go about doing that? And so the answer to that was the competition. And so we now have every summer, this social engineering competition. And it's open to undergraduate students, of course, because that's predominantly the group that I work with and the Cybercrime class. And then we started having graduate students email us going, Well, why can't we participate? And I said, You're right. I don't know why you can't. So we opened it up to graduate students. And then we had high school teachers reach out to us and say, Well, why can't our students compete? They're interested in this and I said, Okay, I've never worked with that age range. So it added a little bit more of a administrative step, and that we're working with minors. So how do we now get that approved? But we did. And so for the past two summers, we've been doing our summer camp. Yeah.
Sean Martin 24:48
Can I pause you there? Because just triggered something for me. So the ethics are the same.
Aunshul Rege24:54
The ethics are the same.
Sean Martin 24:57
Yeah, it's just the tolerance and
Aunshul Rege25:00
Oh, you're working with minors. So every time you work with minors, you have to get parents consent. Number one, we have to get background checks that we are clear to work with youth, these types of things. So, you know, we have to go, of course, beyond the just the ethics of it, right? It's you're working with, you have to get that paperwork done, if it got a whole bunch of paperwork done. But, but I want to do that if they are hungry to learn, right? So so it took a little bit longer? Oh, no, no, not at all. So but we made it open, right. And so this is our third year that we're doing this, but we change the theme up every single year. Right. So in our first year, the theme was social engineering, pen testing. And as the director of the care lab, I hired students to pose as pen testers, because I wanted them to do a social and new pen test of my company, my lab and my employees, which are my grad students, right. And we gave them the scope, we said, these are the flags that you can go after, these are the techniques that you can use, and you have this long to do it. And so we started, you know, designing this, and we started promoting it. And interestingly, we ended up connecting with Sissa part of DHS, and they said, This is really cool, we want to play and I said alright, you know, and so they've been with us since we started and so they're our government sort of I like to think of them as our partners. But uh, you know, we don't have an official partnership, but but they've been working with us behind the scenes, we have folks from nice and National Initiative for cybersecurity education. So, folks from Sousa folks from nice, they serve on our advisory board, right as we're designing these competitions, and to get feedback and make sure that we're, you know, giving the best possible product to our students and experience to our students. So that was the theme for the first year. Our theme for the next year was inspired by the Colonial Pipeline hack that happened and ransomware. So our theme was ransomware and social engineering. And so the the narrative there was, oh, no, my labs been hit with ransomware, we're going to be calling you on as negotiators to represent us during the negotiations with this ransomware group. And so for that particular competition, we had a representative from Sentinel one. So they served on our advisory board that year, in addition to again says it and nice, because they had experience in ransomware negotiations. And this is the art of negotiation, that is social engineering. Right. So that was a theme for a second year. So you know, they had to sort of unpack or solve the mystery of who might it be based on the ransom note and, you know, a little bits and pieces of whatever we got from the incident response team. We had folks from mitre attack on our advisory board, because students had to then map out these sort of playbooks of their exchanges and how they got in and how they traverse through our system using the attack framework. So So you know, and then they had to also be able to translate these exchanges with us, the client and my boss's right to see well, this is how they got in. This is how the negotiations went. And this is what we recommend you do. Right. So so that was the theme for last summer. And the theme for this year is romance scams and social engineering. And this was inspired by the Federal Trade Commission report that came out right so and 2021. They said that the financial losses stemming from romance scams just in 2021, were about $547 million. And then in 2022, that number went up to $1.3 billion in losses. And so we said okay, that's a theme that we need to address because that's another place where social engineering is key. So once again, we have Sousa we have nice, but this time we've partnered with AARP, right and PBGC so these are This is what I hope to demonstrate right is that social engineering is is multifaceted. It manifests itself in different ways. And we don't even maybe make the connection that social engineering is happening, or this is how you can use social engineering, not just for an attack vector, but also a defensive vector, right? Like how can you use social engineering to defend yourself, your families, your loved ones, your business, right? How do you use these types of approaches? So that's going to be the theme for this year.
Sean Martin 30:35
And of course, if you know this, all too well, I'm sure from a criminal perspective, you don't just catch somebody right off the bat, there's probably some, some back and forth, to get them to engage in certain ways in certain places with certain things that can be used as evidence and all that's social engineering to, to catch the catch the criminal. As we, as we begin to wrap here, want to touch on the the diversity piece, you mentioned a little bit from an operational perspective, the students kind of interacting with each other, they have their own skill sets and things like that. Can you expand on that a little bit more? And? I don't know, are there things you can highlight from some of the previous CTFs? That, that stand out? Yeah, I'll never forget as well.
Aunshul Rege31:32
Yeah. So obviously, you know, diversity could mean so many things, right? Obviously, the one to start with, I think, is just the skill sets and your disciplinary backgrounds. So I think for our very first competition, we had a team that had zero, computer science students on it. So we had one from psychology, when one of the members were shown psychology, one of them was from nursing. One of them was from Global Studies. And when they put their application together, it was so refreshing for me to see that they said, we actually view our varied backgrounds as a strengths, that's going to bring value to our, to our game when we interact with, with folks during this competition. Right. So the computer science students love, you know, especially for these competitions, love to find a psychologist or an anthropologist or a sociologist to to bring on their team. One of them had an English major on their team, because they did not know how to write a report properly. And the English major came to the rescue and said, Give me all of your findings. I'll write it up beautifully structured, logical flow, right, all that kind of stuff. So they figured out what they were missing and brought that to the table. Right. So So I think that's really cool to me, is that I like to think that our competitions are truly open to everybody. It does not matter what field you're in, we've had music majors, we've had language majors come compete in our and the message rate, hopefully with that is cybersecurity is for everyone. Right? The cyber criminals aren't looking at you and going, Oh, you're not a computer science person. I'm not going to target you. It doesn't work that way. They're going to target everybody. And so this is like basic at the core of it. It's something that's relatable to everybody, because we've all gotten phishing emails, right? We've all gotten those pesky phone calls, right? This has happened to all of us. And that the relatability of it makes the entry into this space. A lot more familiar, a lot more comfortable. And a lot more. Oh, yeah, this matters, right? And this, I can see, it's the way to connect to a wider audience becomes easier, in a way. Right. So that to me, the fact that we we have cater to students from a diverse set of backgrounds, the fact that it's relatable to so many people, that to me is one aspect of diversity, right that matters. Another aspect of diversity, of course, comes with demographics. So your race, your ethnicity, your gender, and the like. Why does this matter? Or our adversaries are not homogenous. They're not. They come from all parts of the world. They They're going to they're they they look like all different types of people. Right. And they target again, without any sort of, you know, they target everybody, right equally. And so if your adversaries aren't homogenous, you need to have a workforce that isn't, because they're going to understand different cultures, they're going to understand different languages, different ways of thinking, what matters in different societies. And if you have a workforce that gets it, that understands these types of issues, and they bring that to the drawing board, when you're designing defense mechanisms, when you are designing building systems, when you are trying to see there's a particular segment of the population that is experiencing a particular type of let's say, social engineering attacks, you know, this, like the elderly might be getting targeted in a particular way. Versus if you're looking at, you know, certain times of the month, right, like, if it's right now, we just finished, you know, Ramadan, the amount of scams that were going around over that, right, so the religious side of things. So do we have a group of individuals that is truly diverse, that is reflected in our workforce, to understand the different kinds of threats that may be seasonal? Right, so that's another component of diversity that is so so important. And we need to have a workforce that is diverse, not just in terms of the skill set and the way of thinking but also culturally diverse, right racially and ethnically diverse that's that, to me is a is such a strength and is a must, if you are going to tackle cyber attacks on a global scale. So that is something else that's relevant.
Sean Martin 37:00
And Marco, is not here to stop me from one more question, because I always do one more. And he says, No, we don't have time. I'm gonna do one more, because he kind of that outbound see, clearly, you have I mean, you talked to even in the CTF, the nurse, and the language and all the other roles that people had, they then go back into hopefully they graduate and go into the workforce in different fields. Are there any, any highlights of how students take what you provide to them, and they provide themselves as part of your course. And CTF, that is this, this is going to be super cool for my job.
Aunshul Rege37:42
Yeah, and there have been some students that have reached out and said, You know, I took what I learned, and I'm going to try it out in my new job, right? I'm like, okay, so So I do get emails like that, you know, that are like, thanks for that cool experience. You know, I went and talked to like, you know, in my volunteer job where I, you know, work with the elderly community, I told them about these things. And we had a wonderful conversation. And one of the things that I've started to do, right, in addition to continuing with these sort of social engineering projects in the classroom, last semester, we started working with a digital equity center on campus, and they offer digital literacy classes to predominantly adults, right, elderly, I should say. So my students took the concepts that we've learned from class, right, social engineering, phishing, phishing, deep fakes, disinformation, all this kind of stuff. And they went and started giving presentations at the digital equity center, to members of the North Philly community, right seniors in the North Philly community. And what's was supposed to be a formal presentation, like they had beautiful slides, and everything ended up being a dialogue. Right? And they said, Well, my granddaughter has done it out it out. Right? And then you have, it was such a wonderful dialogue, because it was so intergenerational to see, you know, undergraduate students, trying to explain these things to the elderly, who were so receptive and ask genuine questions back. And the students loving the fact that they could understand and explain these things. And every student that I knew who was done with that said, that was the best experience that we had, because it helped them apply the concepts that it learned and translate it into everyday speak, for it to be digestible for the regular community, right. So we started doing that. And, and we did it again this semester. And we're only going to sort of continue to grow in that space, right working with the elderly communities. We are also working with par recycle works. So this is an E waste recycling nonprofit that offers primarily, in addition to that business side of things, they offer transitional employment to previously incarcerated individuals. So these are people who are coming back after 2030 years. Technology's changed, right? So there's we're helping with digital literacy. But we're also going to be doing cyber hygiene training there. And then the third group that we're trying to work with our youth. So last year, we did free after school, virtual training programs for high school students, where we just went through various aspects of social engineering, and sort of the endpoint of that was if you wanted to come compete in our competitions, we'll help you put your application together. Right. And so we got a few students from that program come compete. But we're trying to see right there, we have three segments of society that we're trying to reach, right and engage with the elderly, previously incarcerated and use. And there's so many more that we haven't even started yet. So to me, again, these are the forming relationships with your communities with your nonprofits, right, with local businesses, how can we offer free social engineering training to employees of small businesses, right? So so making it I think, accessible in a way that is easy to understand, where you feel safe to ask questions, and you're not judged, where you make mistakes, and it's okay, because you learn from them. That's, I think the way education needs to happen. And this is, this is why we really do need to rethink the way we teach and the way we talk about these things and not make people feel guilty, or feel ashamed for having been a victim of let's say, a romance scam, right, or whatever it may be. So that sort of, you know, if anything, I would love to leave your audience. With that, hopefully take away.
Sean Martin 42:15
You alluded to it at the very beginning, and you use the word, few minutes ago experience. And you can talk about it all day long. You can read a book about it, you can watch a documentary on it, but until you actually experience it, and through through you in a safe way. Yeah. It's that experience that really triggered learning, and super cool all that you're doing. Thank you. It's a treat to talk to you and pleasure having you on the show. Hopefully, awkward, obviously, we're gonna load up the show notes with a bunch of links to the CTF and your program and your profile and hopefully people can connect with you and join you and support you.
Aunshul Rege43:02
And thank you so much. Thank you so much,
Sean Martin 43:06
everybody listening thanks for listening and watching. We decided to do this Yep, stay tuned for more and subscribe, like share and experience in your own way. Thank you.
voiceover43:29
Pen Tara, the leader in automation security validation allows organizations to continuously test the integrity of all cybersecurity layers by emulating real world attacks at scale to pinpoint the exploitable vulnerabilities and prioritize remediation towards business impact. Learn more@pantera.io Crowd sec, the collaborative and open source cybersecurity solution, analyze behaviors respond to attacks and share signals across the community for free. Let's make the internet safer together. Learn more at crowds sec.net. We hope you enjoyed this episode of redefining security podcast if you learn something new and this podcast made you think then share itspmagazine.com with your friends, family and colleagues. If you represent a company and wish to associate your brand with our conversations sponsor, one or more of our podcast channels, we hope you will come back for more stories and follow us on our journey. You can always find us at the intersection of technology, cybersecurity, and society