HUNTINGTON, W.Va. -- It took a bit of convincing with the powers-that-be.
They wanted to train students to think and act like hackers to better understand their methods, said Marshall University assistant professor Bill Gardner.
"The administration had to be talked into it in some aspect. We had to explain we weren't trying to make better criminals, we're trying to make better defenders. So, once we explained it to them they understood," he said.
The end result is a new degree launched last spring in digital forensics and information assurance.
Digital forensics is what happens when someone has broken into a computer and you have to figure out how they got in, where they are and what they took, all of which can help make a legal case.
Information assurance -- the hacker side of things, you might say -- "is more of a proactive role to find the vulnerabilities and fix them before they actually get in," Gardner said.
"I always say that I'm the fire marshal and they're the fire department. Digital forensics is more of a reactive security measure, where after someone has broken in you figure out what was taken, what was the value of what was taken, how it was taken. Information assurance is looking at the flaws in an application or network that can be fixed before someone breaks in."
So, in order to do that students are taught some popular hacking "exploits."
"We teach how you clone a website so you can put up a website that looks just like Bank of America.com or whatever website you want to clone and then put exploits on it that then direct people to that website through spearfishing."
Spearfishing refers to any of a number of means of requesting confidential information over the Internet to fraudulently obtain credit card numbers, passwords, or other personal data.
"Actually, we're showing the exploits that hackers use so that they know what they look for when they're defending against those exploits," Gardner said. "Information assurance is very much like information security -- cyber defense, whatever you want to call it. We're basically teaching students how hackers break in so they can better defend digital assets."
The program also teaches a career path known as penetration testing, he said. "People get paid very good money to fly around the United States and the world and break into people's networks with permission. And that's one of the career opportunities that we have."
Aaron Logan has exactly that career in his sights.