One afternoon, Ross Wheeler was checking out his high school’s website and he noticed something odd. The part of the site that tracked student and teacher attendance was not properly secured. It was possible to see any teacher’s attendance records.
Clicking around, the rising sophomore at Phoenix Country Day School also noticed a vulnerability that allowed student grade point averages to be viewed by unauthorized users. The student reported both issues to the school at once and the leadership team moved quickly to have the site corrected.
But the situation gave Wheeler’s teachers an idea.
Spotting a cybersecurity professional in the making, the Phoenix Country Day School team urged the high schooler to apply for the Summer 2024 High School Research Internship at Arizona State University. The program, conducted by the Global Security Initiative’s Center for Cybersecurity and Trusted Foundations, or CTF, connects talented and engaged future computer scientists with cybersecurity experts and graduate students in the School of Computing and Augmented Intelligence, part of the Ira A. Fulton Schools of Engineering at ASU.
As part of the program, Wheeler spent the summer receiving mentorship from Connor Nelson, a CTF staff software engineer and instructor. The pair worked on research that was designed to give the teenager insight into the real innerworkings of computer science laboratories. Under Nelson’s direction, Wheeler completed a project called, “Bringing Nix to the DOJO,” which involved upgrading the technology used on the pwn.college website — a global hub for cybersecurity education.
Thanks in part to Wheeler’s hard work, it will now be easier for users of the site to develop their own cybersecurity challenge modules, something which can enable educators all over the world to adapt the platform to the needs of their own classes.
Wheeler says he is grateful for the experience.
“The internship was really fun,” he says. “I learned a lot about different tools, like the Nix package manager. But I also learned that I enjoy finding and fixing security vulnerabilities.”
CTF launched the Summer High School Research Internship program in 2021 and, since then, it has steadily grown. This year, the program had 124 total applicants — a record level of interest — and was able connect 24 techies of tomorrow with faculty mentors.
Jackie LeFevers, assistant director of CTF, says that the internship program is an important part of the center’s commitment to filling the cybersecurity education and jobs pipeline with skilled students. There are an estimated 3.5 million unfilled cybersecurity jobs with around 750,000 vacant positions open here in the U.S.
“This type of community outreach is a key part of our mission at CTF,” LeFevers says. “We are out to connect students with cybersecurity education as early as possible in the hopes of increasing involvement in training for essential careers.”
LeFevers notes that it’s also critical to make future students aware that Arizona State University is emerging as a top destination for cybersecurity education and research. The School of Computing and Augmented Intelligence is ranked No. 16 in cybersecurity undergraduate programs — a specialty of computer science — by U.S. News & World Report and CTF recently established the American Cybersecurity Education Institute under a grant from the U.S. Defense Advanced Research Projects Agency, or DARPA.
As part of the eight-week summer internship, students work approximately 10-15 hours per week on a research project designed to connect them with the latest cybersecurity tools and technology. The student work is open source, allowing it to be shared with the cybersecurity community or reused by the student in the future. Interns also receive a $1,800 stipend.
The students presented the results of their research at an open-house poster session on Tuesday, July 30, held at the School of Computing and Augmented Intelligence.
Eesha Sutaria, a rising senior at Basis Chandler, was on hand to present her poster for her project called, “An Analysis of PGFUZZ Results for Policy Violations of ArduPilot.” The work was geared at finding security vulnerabilities in robotic vehicles. The efforts are part of the high schooler’s plan to pursue a career in human-robot interactions after graduation.
“I think this type of work is important,” Sutaria says. “There are a lot of robots in use, and we are trying to find vulnerabilities to make sure they don’t have vulnerabilities. These kinds of projects are about making robots safer.”
Applications for the program typically open in February, and LeFevers hopes 2025 will be even bigger and better.
“It’s been exciting to watch the program grow,” she says. “We hope to keep it going.”