Q&A With Information Security Researcher Abasi-amefon Affia on Cyber-Security Related Hackathons
- Can you share with us your journey to discovering your passion for cybersecurity research?
My passion for cybersecurity research started when I had just finished the first semester of my master’s degree program in cybersecurity (a joint program by Tallinn University of Technology and the University of Tartu). At this stage, I had begun thinking about my master’s thesis and the problems in cybersecurity I had intended to solve. With guidance from my supervisor, I focused on research in security risk management. The concept of security risk management was crucial as it enabled relevant stakeholders of software systems to plan and make changes that reduce these risks, thus, driving the focal point of my master’s thesis. After my master’s thesis research, I decided to continue as an information security researcher at the University of Tartu. Here, I realised that in addition to the need to understand the security risks in evolving technologies, i.e. internet of things (IoT), there is an equally important need for methods to effectively share this knowledge with individuals, communities, and organisations. This added need formed my Ph.D. research focus, where I proceeded to study security risk management in IoT systems, and the methods to foster knowledge-sharing about our results through hackathons.
2. What interests you the most about cybersecurity research?
What interests me the most about cybersecurity research is discovery. Through both a thorough literature study and study of relevant security aspects/phenomena, I can develop methods and form relevant research conclusions that provide contributions to the security community. The study of past and ongoing research also becomes most beneficial when connecting with researchers having similar research interests, forming great collaborations for research contributions.
3. What challenges does the cybersecurity industry have and how can Hackathons play a role in its development?
The cybersecurity industry has a significant skill gap. During the last few years, it has been hard for companies to find technically proficient cybersecurity professionals for all their open positions. This skill gap is borne not out of the need for experts to fill a specialized function, but the lack of opportunities for potential experts to gain the necessary skill or experience. Now, to reduce this cybersecurity skill gap, several interventions have been introduced academically (where schools and universities provide courses and training in information security) or non-academically (conferences, talks, competitions and contests, i.e. CTFs). However, not everyone is willing to make financial or time commitments to learning security academically, and sometimes the non-academic ventures may be out of reach for beginners in security. Hackathons, on the other hand, provide a unique opportunity for its participants to engage in real-world problem-solving activities. When a hackathon is security-focused, it provides the resources and environment to facilitate the fast-paced learning experience and work on projects that can be continued even after the hackathon event. With possible project continuity, cybersecurity enthusiasts can develop their skills and show their experience through their project work. Even when project continuity is not possible, participating in the hackathon event itself motivates those interested in cybersecurity to improve their knowledge and skill in security while engaging with the security community breed through hackathons.
4. What are the most interesting find your research has uncovered?
Hackathons provide several benefits, including networking, building prototypes of projects, having fun, and also learning. My research in fostering security learning at hackathons has shown that careful planning of hackathon design aspects can improve the learning benefits that hackathons could provide. Learning benefits is possible through intentionally curated security talks/resources provided, knowledgeable and supportive mentor feedbacks, and a healthy amount of competition all within a specific security theme. My research on this topic has shown that the culmination of these factors can
promote security learning in a case study and can be generalised to other focused hackathons.
5. What challenges are there in academic research regarding both cybersecurity and hackathons?
One challenge seen as I have started academic research concerning hackathons is that with the number of cybersecurity-related hackathons occurring around the world, organisers or researchers have not collected much data for analysis. There exists academic literature of the occurrence of these events as well, but the in-depth study on cybersecurity hackathons has not matured fully.
6. What exciting research topics do you look forward to investigating and why?
I am looking forward to investigating the effects of COVID-19 restrictions which have forced hackathons that occurred mainly in collocated spaces to online spaces. The imposed restrictions change the landscape of knowledge-sharing and can affect learning.
7. What advice would you offer to those that are interested in both hackathons and cybersecurity?
My advice would be to go for it! An avid interest in hackathons combined with one in cybersecurity produces pioneers that have a great chance at tackling real-world security issues, saving individuals, communities, and organisations from significant losses as a result of security risks, and providing more
trustworthy cyberspace for the future.
