Save Our Software: Security Day 2019

While the rest of Wellington was in weekend mode, the Kelburn campus buzzed with activity as close to 200 students worked at software security tasks.

A lecture theatre full of students with a woman giving a presentation at the front.

The young cyber-enthusiasts were on campus to participate in a Security Day event organised by the Wellington Faculty of Engineering, together with OWASP New Zealand and ZX Security.

Aimed at students interested in software and keen on understanding how to make software secure, the event gave participants the opportunity to listen to some of the leading experts in the industry, including Simon Howards, ZX Security; Dr. John DiLeo, OWASP New Zealand Chapter; Alex Nikolova, Aura Information Security and Kate Pearce, Trade Me.

The event also included activities that offered participants hands-on experience with cybersecurity. Capture the Flag and Bug Bounty were practical exercises designed to give students some understanding of offensive security techniques and offensive penetration testing engagement against a real-life target. The Secure Code Warrior team ran a secure coding tournament, where players were presented with a series of vulnerable code challenges asking them to identify the problem, locate the insecure code, and fix the vulnerability.

Associate Professor and Director of Cybersecurity Ian Welch explains that “the Internet brings the world to us, but also exposes us to threats from the world. It is important that people understand how they can recognise such risks and protect themselves. The students we had at the event are aware of what’s happening and they want to stay safe in an increasingly online world. It’s been great, having them here and engaging with activities with such enthusiasm.”

One of the highlights of the event was an address to participants by Joanna Rubi, Spark New Zealand, who spoke about her personal journey from being an engineering student at Te Herenga Waka Victoria University of Wellington to being a cyber-specialist working in industry: in particular, Rubi cited the cyber security engineering course taught by Ian as being pivotal in her journey.

Benjy Smith, a 14-year old student who participated in the event, said “I was keen on participating in this event because it seemed like the perfect opportunity to learn about emerging ideas and concepts in cybersecurity. I enjoyed learning about fundamental Internet-related topics and the basics of cryptography, and getting hands-on experience in offensive and defensive programming. Sessions like this are very useful for students like me, who are interested in cybersecurity, as this isn’t something schools focus on. These events are a good way to meet people in the industry.”

“It was a great event to be a part of” says Keith Paterson, a teacher who participated in the event. “I lead the digital technology programme at a high school in Auckland,and have recently developed a keen interest in cybersecurity. Personally, I thought the entire event was pitched at the perfect level for someone like me, who is new to it but also not a complete beginner. From a teaching perspective, I have always worked in single-sex girls schools and it was great to see so many women presenting. I thought all of them were inspiring in different ways. And I’m sure that the lectures are also going to help with my teaching.”