Over the second trimester at UNSW 21T2, I was given the opportunity to tutor some security courses at UNSW, namely

• COMP6443 - Web Application Security and Testing
• COMP6843 - Extended Web Application Security and Testing
• COMP6447- System and Software Security Assessment

When I personally did the course, I did much better in COMP6[84]43 compared to COMP6447 - however, when it came to teaching those courses this term I had actually found that it was more fun and interesting to teach COMP6447 (maybe my students were just awesome)! Ironically, I remember having a conversation with a friend; that if I were to tutor a security course, it wouldn’t be COMP6447.

COMP6[84]3

COMP6443/COMP6843 - [Extended] Web Application Security and Testing, is a course that introduces and delves into network security surrounding websites, web services and web applications. Students learn about web technologies, their vulnerabilities, their exploits, their mitigations, and their vulnerabilities as well.

I did pretty well in this course (🥇) when I took it last year, and I was quite excited when the university had reached out and asked me to tutor. My own tutor (when I did the course) was also asked to tutor again, which was pretty cool! I had some fun chats with him about stuff.

Group Chats

The Plan
Send seemingly unhelpful replies to students that are actually helpful, or maybe not… 🤷‍♂️

Look look it’s my name!

COMP6447

COMP6447 - System and Software Security Assessment, introduces students to binary/application security on software that runs locally on your computer. Teaching the x86 Linux architecture, students learn about how vulnerable code can be exploited to control the flow of a program. Students also learn about different protection strategies that have been introduced to counteract these exploits, of course not without learning about their mitigations too.

It all started one fateful day when the lecturer interrupted my peaceful Sunday morning with a Facebook message. tbn I’m not sure why I said yes, but here I am.

Tutorial Content

Compared to other courses that I’ve taught (either at uni, or privately) - these two security courses didn’t have as much of a structure (if any) for the tutorials. Unlike the more mainstream and core university courses (i.e. enrolments in the hundreds) which have a set list of questions and teaching content, I had to write my own content and demos. Though it required extra work to prepare for each lesson - it means that I had more control over how the tutorials ran.

Having made slidedecks for other courses and teaching engagements, it was no hassle to create slides each week, as they helped me to stay on topic and have content relevant to what was taught that week [Slides: COMP6[84]43 | COMP6447].

The sites are generated from a template that I created a while ago, which lets me write slides in Markdown, which gets built with Hugo and reveal.js, and published to GitHub Pages via GitHub Actions

Having some spare time leading into the start of the teaching period, I decided to update my tutoring resource portal, where students can access relevant links, articles, pages, and other resources that I share.

I updated the access code and encryption system, under the guise that students accessing the site for security-related content might try to “test” their new knowledge against my site. The encryption system is the same as my link shortener project’s, so it should™ be secure enough.

Recordings

I was also engaged by the university to provide some audio/visual services to livestream an in-person lecture to provide online content delivery. You can read abit more on this here.

On top of all of the tutorials that I recorded and uploaded (in a funky 20:9 aspect ratio - 2400 x 1080 @ 60 fps), I also recorded some additional explanation videos for the benefit of all the students doing the course.

Prior to tightened COVID-19 restrictions, I was able to do some of the recordings inside the university.

Late Submissions

AHHHHHH KIDS. PLEASE. SUBMIT EARLIER.

🙋‍♂️ Yeah this vibe never changes regardless of what course it is :)

pRoFfEsIoNaLiSm 🐣

Make teaching fun again!

…?

snacc 🍩

So the plan was to buy my students Krispy Kreme doughnuts at the end of the term… but further COVID-19 lockdowns had impeded that opportunity.

Nevertheless, each week I tried to bring something for my students to nibble on.
If you’re gonna be forced to listen to me rant for two hours about security, you might as well try to enjoy it 🍪

Going Overboard

You know those interview questions where they’re like, what’s your biggest weakness? And after you answer they ask a follow up question about how you use that weakness as an advantage?

Yeah, so mine is putting a lil' too much effort into things.

Sometimes I can’t believe I get paid to make so-bad-that-it-kinda-looks-good™ graphics

Secret Stats

Over on the tutor’s side of a course, we have access to the student’s submissions (to judge overall performance, mark assessments, etc). However the inbuilt statistics (i.e. on CTFd) kinda suck (or at least, our probably-outdated version did).

This gave me the opportunity to write up my own statistics scripts and views.
I do quite like my stats :D

I’m so humble, tell me I’m humble™

Having never officially tutored a security course for UNSW, I wasn’t sure how well I did, however from my previous experience with teaching in general, I reckon I did well!