Over the second trimester at UNSW 21T2, I was given the opportunity to tutor some security courses at UNSW, namely
- COMP6443 - Web Application Security and Testing
- COMP6843 - Extended Web Application Security and Testing
- COMP6447- System and Software Security Assessment
Despite not doing as well in COMP6447 than COMP643 (when I did the courses myself), I personally found it more interesting and fun to tutor COMP6447 (maybe my students were just awesome?), which is ironic and I remembered having a conversation with a friend; that if I were to tutor a security course, it wouldn’t be COMP6447.
COMP6443/COMP6843 - [Extended] Web Application Security and Testing, is a course that introduces and delves into network security surrounding websites, web services and web applications. Students learn about web technologies, their vulnerabilities, their exploits, their mitigations, and their vulnerabilities as well.
I did pretty well in this course when I took it last year, and I was quite excited when the university had reached out and asked me to tutor. My own tutor (when I did the course) was also asked to tutor again, which was pretty cool! I had some fun chats with him about stuff, cool guy!
The plan: Send seemingly unhelpful replies / banter to students that are actually helpful (at times), when students ask for hints, etc…
Sometimes we have exceptions I guess 😜
(I believe the tutors listed are only the tutors who are still UNSW students, the other tutors had graduated / were external people)
COMP6447 - System and Software Security Assessment, introduces students to binary/application security on software that runs locally on your computer. Teaching the x86 Linux architecture, students learn about how vulnerable code can be exploited to control the flow of a program. Students also learn about different protection strategies that have been introduced to counteract these exploits, of course not without learning about their mitigations too.
It all started one fateful day when the lecturer interrupted my peaceful Sunday morning with a Facebook message..
TBH I’m not sure why I said yes, but hey here I am
Compared to other courses that I’ve taught (either at uni, or privately) - these two security courses didn’t have as much of a structure (if any) for the tutorials. Unlike the more mainstream university courses (i.e. enrolments in the hundreds) which have a set list of questions and teaching content, I had to write my own content and demos. This isn’t a negative remark or anything though, the security field keeps changing and evolving!
Having made slidedecks for other courses and teaching engagements, it was no hassle to create slides each week, as they help me to stay on topic, but also make it easier for students to follow [Slides: COMP643 | COMP6447]. The sites are generated from a template that I created a while ago, which lets me write slides in Markdown, which gets built with Hugo and reveal.js, and published to GitHub Pages via GitHub Actions
Having some spare time leading into the start of the teaching period, I decided to update my tutoring resource portal, where students can access relevant links, articles, pages, and other resources that I share.
I updated the access code and encryption system, under the guise that students accessing the site for security-related content might try to “test” their new knowledge against my site. The encryption system is the same as my link shortener project‘s, so it should™ be secure enough.
I was also engaged by the university to provide some audio/visual services to livestream an in-person lecture to provide online content delivery. You can read abit more on this here.
On top of all of the tutorials that I recorded and uploaded (in a funky 20:9 aspect ratio - 2400 x 1080 @ 60 fps), I also recorded some additional explanation videos for the benefit of all the students doing the course.
Prior to tightened COVID-19 restrictions, I was able to do some of the recordings inside the university.
AHHHHHH KIDS. PLEASE. SUBMIT EARLIER.
🙋♂️ Yeah this vibe never changes regardless of what course it is :)
Make teaching fun again!
So the plan was to buy my students Krispy Kreme doughnuts at the end of the term… but further COVID-19 lockdowns had impeded that opportunity.
Nevertheless, each week I tried to bring something for my students to nibble on.
If you’re gonna be forced to listen to me rant for two hours about security, you might as well try to enjoy it in style 🍪
You know those interview questions where they’re like, what’s your biggest weakness? And after you answer they ask a follow up question about how you use that weakness as an advantage?
Yeah, so mine is putting a lil’ too much effort into things.
Sometimes I can’t believe I get paid to make so-bad-that-it-kinda-looks-good™ graphics
Over on the tutor’s side of a course, we have access to the student’s submissions (to judge overall performance, mark assessments, etc). However the inbuilt statistics (i.e. on CTFd) kinda suck (or at least, our probably-outdated version did).
This gave me the opportunity to write up my own statistics scripts and views.
I do quite like my stats :D
I’m so humble, tell me I’m humble™
Having never tutored a security course (specifically) in a group setting for UNSW, I wasn’t sure how well I did, however from my previous experience with teaching in general, I reckon I did well!