A recent trend in security education is towards teaching offensive techniques which were originally developed by hackers. This reflects tendencies in the professional world where offensive security testing (penetration testing) is quickly gathering widespread acceptance. We report on good experiences with a security curriculum at a university degree level which emphasizes offensive techniques over defensive ones. Our claim is that teaching offensive methods yields better security professionals than teaching defensive techniques alone. The paper presents an experimental setup with which we plan to investigate this claim further. The experimental setup uses concepts from psychology and pedagogical sciences to empirically assess the benefit of offensive teaching. Categories and Subject Descriptors K.3.2 [Computers And Education] - Computer and Information Science Education – Curriculum,Informationsystemseducation. General Terms Measurement, Security Keywords Security education, empiric...
Martin Mink, Felix C. Freiling