In winter semester 2023/24, the bachelor's degree programme Information Security commenced at the Technical University of Applied Sciences Würzburg-Schweinfurt. The new programme unites IT security and a corporate perspective. After two semesters, the programme director and students draw their first conclusions in Fokus Orange.
Published on 15 October 2024
Last October, hackers attacked car parks in Würzburg. The result: One day of free parking for everyone. But what might have made customers happy was actually pretty concerning. This incident showed clearly how vulnerable companies are in the digital sphere. Cyber attacks are become more frequent and cannot only hit companies, political institutions, or parties. They can also cause enormous harm to critical infrastructure like hospitals.
"There is a huge demand for skilled personnel in the field of information security", says Professor Dr. Sebastian Biedermann, programme director of the new bachelor's degree programme Information Security at THWS. "There are many vacancies and above-average salaries." But does a traditional programme in Computer Science not meet the criteria all the same? Many German universities and higher education institutions offer information security only as a specialisation in their computer science programmes. THWS is taking a different approach with the programme that started in the winter semester 2023/24: In addition to basics in computer science, IT security is also taught from the first semester.
Technical and managerial perspective united
For Lucas Bühler, this special focus was the reason for choosing this degree programme after training as an industrial clerk. "So far, my expectations have been met 100 percent," says the student, who has just completed his second semester. "It's a great mix of management and technical topics." In addition to the predominantly technical security track, there is also a security management track, which focusses on the company perspective. Both tracks are equally weighted and continue throughout the entire course of study - another unique feature of the degree programme.
"We wanted to unite these two topics," says Professor Dr. Biedermann, who worked as IT security advisor at the former Daimler AG before joining THWS. Computer scientists should not only be experts in their fields but also understand the perspective of companies and employees alike. One important module of the programme thus is Social Engineering and Awareness - which focuses on topics like sensitising employees.
Self-made honeynet lured attackers into a trap
Good security awareness in companies is important, because "password" is still one of the most popular passwords worldwide. This was also proven by the data of the honeynet on the website of the degree programme. For this project different web systems were set up to try and lure attackers into a trap. The access attempts offer interesting and useful insights into current trends and attackers' strategies. The honeynet records where attacks come from, what services they scan, or which username-password combinations they use to access the system. Other popular passwords which hackers were taken in by the honeynet were: "admin", "test", or also "1234".
Theory and practice alternate
Lucas Bühler is still amazed by how easy accessing external data is if you have the right tools and know-how. "After the lectures, I can often only shake my head in disbelief but also in awe," he says.
Second-semester student Moritz Bauer was also actively looking for a degree programme in IT security when he found the THWS programme. He is positively surprised by the well-balanced proportion of theory and practice. He finds the theoretical content rather dry, but also important. To loosen things up, there are Capture the Flag Challenges, a popular method in computer security to put your own skills to the test and look for vulnerabilities. Students scan for security vulnerabilities and try to gain access to a system by themselves or in teams. The first person to find the flag, usually a long string of characters, receives a sticker for their laptop.
More and more vulnerabilities in programmes are being disclosed worldwide. However, instead of reporting these to manufacturers, they are often sold for large amounts of money on certain platforms. This falls into a regulatory grey area from which a large business has emerged, Professor Dr. Biedermann explains. At the same time, there is an increasing number of malwares – according to statistics of the organisation "AV-Test" more than one billion different types. Traditional, signature-based recognition mechanisms like virus scanners could not keep up, Professor Dr. Biedermann says. That is why the focus would move towards recognising anomalies, i.e. detecting unusual processes in the system. According to Professor Dr. Biedermann Artificial Intelligence (AI) could pose a chance as well as a risk in this. The module AI and cyber security focuses on this most recent topic. In the course of the module, students not only learn how to apply AI to secure IT but also how attackers use the technology for their means.
Unconventional approaches welcome
What mattered in cyber security: Putting oneself in the attacker's position and exploring unconventional approaches. According to Professor Dr. Biedermann, prospective students should therefore want to question contexts. It is also important to have a broad interest in a wide range of technology areas. "You should be eager to learn and be familiar with all areas in order to understand the big picture," agrees Moritz Bauer. And persistence should not be lacking either, Lucas Bühler adds.
Graduates could specialise further in their master's studies or they could choose a career in academia. The two-track bachelor's programme opened bright career perspectives in IT and management. "I definitely want to work in red teaming," says Moritz Bauer. This includes professions that are concerned with attacks on systems - while blue team jobs specialise in defence.
Red teams comprise penetration testers, who are used by companies to find security loopholes. They are considered "ethical hackers". A dream job? "You should let go of the movie hacker image," says Lucas Bühler. Reality is significantly less action-packed and more time-intensive. "Which does not mean that it is less fun," he adds.
Positive review of the first year
Two semesters have now been completed and the programme will turn one in October. Professor Biedermann uses this opportunity for a first interim conclusion: "I think it's particularly great that the degree programme also attracts outside applicants." The students actively chose the specialisation and didn't just want to study "something with computer science". This was also reflected in their commitment and interest in the topic. "We depend on reliable functional, and constantly available IT," concludes Professor Dr. Sebastian Biedermann. IT security has long been about more than protecting computers. "I keep telling my students: We are ultimately securing our digital society."
Key facts about the degree programme Information Security at THWS:
- Start of studies: 1 October (winter semester)
- Degree: Bachelor of Science (B.Sc.)
- Duration of studies: 7 semesters
- Place of study: Würzburg, Sanderheinrichsleitenweg 20
- Study mode: full-time
- Credit points: 210
- Language of instruction: German/English
- Application period: from 1 May to 15 July
- Requirements: General higher education qualification (Abitur)/Advanced technical college certificate (Fachhochschulreife)/or a comparable degree
- Admission restrictions: none
(last updated in October 2024)
To the website of the bachelor's degree programme Information Security
