Current wars between countries — like the Russia-Ukraine conflict — are being fought not only on land, but in cyberspace, says Mikhail Gofman, Cal State Fullerton associate professor of computer science. While ensuring virtual protection against war enemies is an extreme use of ethical hacking, applications exist in less threatening situations as well.
Gofman studies and teaches the concept of ethical hacking — an authorized attempt to gain unauthorized access to a computer system, application or data. In addition to serving as director of CSUF’s Center for Cybersecurity, Gofman is a faculty coach for a student-led team of up-and-coming cybersecurity professionals known as the Offensive Security Society.
Aiming to foster cybersecurity education at CSUF, the club’s motto is simple: To catch a criminal, one needs to think like a criminal. Such logic underpins the work that ethical hackers do.
“The philosophy of ethical hacking is to attack your own systems and networks the way real-world malicious hackers would, with the key differences being authorization and intent,” explained Gofman. “Ethical hackers aim to help the organization recognize and address security vulnerabilities to reduce the chances of being exploited by ill-intentioned hackers.
“In some cases, ethical hacking is critical to ensuring compliance with privacy laws. Educational institutions and healthcare organizations regularly conduct simulated cyberattacks known as penetration tests,” Gofman continued.
He notes that cybersecurity is not just an information technology problem, but rather an organizational problem in which IT plays a small role.
“An organization may have a strong network security system, but it can be rendered irrelevant if an employee picks up an infected USB drive, brings it to work and plugs it into his or her computer.
“For this reason, ethical hackers also rely on social engineering attacks such as phishing — the practice of sending fraudulent and deceitful communications — to exploit employees and test if the security can be breached, in addition to checking for computer and network vulnerabilities,” Gofman added.
The university’s OSS club helps the next generation of cybersecurity professionals hone such skills. Team members participate in collegiate competitions that focus on fictitious cyberattack scenarios and how to improve security.
Last fall, the team competed in the Collegiate Pentesting Competition, the world’s premiere cybersecurity competition for college students.
“We placed third in the western region in that competition, which involved identifying security vulnerabilities for the fictional company Le BonBon Croissant and writing up a thorough report detailing those issues,” explained Josiah Peedikayil, computer science senior and vice president of the OSS. “We ended up qualifying for the global competition and had the opportunity to compete against other top teams around the country. Although we didn’t finish in the top three, it was still an honor to advance that far.
“Working with like-minded people has been very rewarding, and the knowledge I’ve gained in the OSS is invaluable. I wouldn’t be where I am today without this experience,” added Peedikayil, who will be working in information security at Palo Alto Networks after graduating this spring.
In addition to opportunities such as the OSS, Gofman notes that ethical hacking techniques are taught in the classroom.
“We offer courses that include an ethical hacking component, including network security, web security and cryptography, the study of secure communications techniques,” he said. “Specifically, we look at approaches and methodology for hacking networks, web applications and cryptographic protocols, with students actually receiving hands-on practice in a virtual environment.”
To learn more about the computer science offerings at CSUF, visit the department website.