Integrated in our bachelor study programmes is a period where students are sent out into the world to apply what they have learned so far, experience a real workplace, and come back with new skills and renewed motivation for the remainder of their studies. Professors visit the students to ensure they are doing well and to find out if companies still see a match between what we teach and what our graduates need in the workplace.
Additionally, I found the visits to be a superb occasion of extending my contact network in the region and to investigate the challenges reginonal industry faces in IT security.
So far, I have visited 13 companies this year: Atos, Avira, Bosch, Bosch Packaging Technology, Bosch Software Innovations, Diehl, HolidayCheck, Kaba, MTU, Novartis, Skillworks, Takeda, ZF. All of them use IT, many of them are in manufacturing, some of them are on the other side of the lake, some of them are in Switzerland. All of them deal with interesting and challenging problems. By the way, the picture showing me in the funny overall was taken when visiting production at Novartis, a pharmaceutical supplier.
With respect to IT security, all companies I visited had individual challenges:
- They have different products/services: mobile and web applications used by anybody, web applications used by enterprise customers, closed production systems that are increasingly connected to internal and partner IT systems, embedded software that runs in stationary or moving devices
- They have different threats to deal with: external attacks on their network infrastructure, external attacks on their services, targeted spear-phishing attacks on C-level executives, untrustworthy employees, untrustworthy suppliers, industrial espionage from friendly and not-so-friendly nation states, security problems that threaten the safety of products
- They have different skills to build on: software engineers, network operators, mechanical and electrical engineers, economists, lawyers
- They organize differently: in-house security teams, outsourced security services, security as part of quality assurance, IT security as part of company security, dedicated positions, people with multiple hats on
What does this mean for my research? Malware is used as a tool by adversaries, so malware-resilient software is relevant also for a regional audience. Investigations after an incident become more important, so forensic readiness of IT infrastructures and applications is relevant also for a regional audience.
What does this mean for my teaching? I reach software engineers in both the bachelor and master programme in applied computer science. I reach information systems-oriented students in the master programme. I need to find a way to address IT security for information systems students in the bachelor programme, and I need to find a way to attract students from engineering programmes in other faculties to the classes we offer in IT security at the faculty of computer science.
