Dr. Ahmed Ibrahim teaches his students to think like an adversary. An assistant professor in SCI’s Department of Informatics and Network Systems teaching cybersecurity, he often starts his courses with an introduction to threat modeling, where students have to plan for how someone else would attack a networked system they created.
“Things don’t usually get used the way they should get used,” Ibrahim says. “The things we discuss in class is how certain systems, applications, and protocols work and how adversaries find other ways to use it differently that allows them access to information they should have no access to.”
Ibrahim says this mindset will account for the evolving nature of the cybersecurity field. Protocols and systems will change, but there will always be someone trying to break them down.
After taking his courses at both the undergraduate and graduate level, Ibrahim wants students to walk away with this adversarial perspective, as well as an understanding of the fragile nature of technology. In this day and age, he says, everyone uses technology all the time, and those who create it need to be mindful of keeping that information secure.
“Security and privacy should not be an afterthought,” Ibrahim says. “They should be big during the development of any system rather than thinking of them as something we will figure out later after things are rolled out and people start using it.”
This logic drew Ibrahim into the field in the first place, in addition to the complexities of sharing information in a digital environment. He has applied these interests to his own work in the field through health information exchange. Since the threat of health information being compromised could greatly harm the individuals who constitute the data, he knows the importance of maintaining the security of systems that carry this information. So, he applied that attacker mindset, keeping in mind the ways that someone could theoretically hack those systems.
Ibrahim brings years of cybersecurity subject knowledge to his courses, including Security Management and Computer Forensics for graduate students. Whether in person or over Zoom, he meets with a handful students to hold groundbreaking discussions relating to the various web applications and programming languages they need to understand. The group also discusses the nuances of the field, like all of the resources and skills necessary to ensure a system’s security.
“The whole purpose is to develop the necessary knowledge that allows the student to hold a meaningful conversation with another person about this topic,” Ibrahim says. “They develop the skills that allow them to talk about something they did, not something they only heard about.”
No matter which class he’s teaching, Ibrahim values connecting with various students over a shared investment in cybersecurity. He’s grateful for the lessons he learns from his students, even if they don’t immediately see eye to eye.
“It’s beneficial for both of us, for the student and myself, because I get to know what other people think, and they get to know what other students in the class think as well,” Ibrahim says. “I want [them] to still think what [they] think … because this is what will happen in real life after they graduate.”