Lecturing Experience: 'Introduction into Penetration Testing'

In this blog post, I would like to share my reflections on the first six months of my journey as a lecturer. Looking back on a semester of teaching, it felt great trying to motivate students get into the very field that I am in.

Motivation

Back when I talked about the idea with my professor, the main motivation was to extend the offer of operative IT security courses at our university in Frankfurt, Germany. Although I acknowledge that universities are mainly educating researchers, the reality is that most of the graduates end up in the private sector. I reckoned that we have a lack of practical courses that reflect this reality. Another reason for motivation is that I loved being a student, but I always asked myself how it is to be on the giving end. So I asked my professor who supervised my thesis whether it would be possible to hold a lecture.

The Course

Together with two colleagues of mine in the company that I worked back then, we started designing a curriculum for a course with labs where the students could try themselves on. As all three of us have a security background with different levels of experience and we all went through some CTF style penetration testing challenges, we thought this mode would be a good way to start for the students. I won't go into detail regarding the technical implementation, this may be part of a future blog post. We designed six lab environments with vulnerable machines. The students had to utilize different techniques in order to compromise these machines for initial access. Following that, they had to escalate to the root user of the machine.

Final thoughts

Doing the lecture besides my full-time occupation as a software engineer was tough and challenging. However, since I love being on the campus and give something back to the university I did not regret doing it and I would love to do it again. In addition to that I learned some invaluable things.