That's what I love about IT: there's always so much work because it keeps changing.
08 februari 2018
Auteur: Security Talent

That's what I love about IT: there's always so much work because it keeps changing.

Educating talent is key in securing the future. Teaching students secure programming helps them building better and more secure applications. As a teacher Application Development and Media Design at the ROC Mondriaan, Hanneke grows the talent pool for us all and keeps up-to-date with the latest technology trends.
Hanneke Kool
Teacher Application Development and Media Design
ROC Mondriaan

Bachelor Communication at the University of Amsterdam

Teacher Degree (BVE) at Fontys

Self study in Flash, Illustrator, XAMPP & Photoshop

Webdesign course at Mediacollege Amsterdam

Teaching Assistant degree at NHA

Teacher Application Development and Media Design, what does that mean?

I work at the ROC Mondriaan, a school for intermediate vocational education. The courses I teach are part of the educational programme Application Development and Media design. There are a lot of subjects that are part of this education. For example, I teach some popular programming languages that are being used for app development such as MySQL, PHP, Symfony and some JAVA. Recently we also started with a course on ‘secure programming’. We work in projects, it starts with a request for an application, we give the assignment to students and they manage and deliver the project, like as if it would be a real assignment. The students will have meetings with the client to map what their needs are and what functionalities are asked for. Based on that they make use cases, and now that we also offer the secure programming module they also make abuse cases. When the use cases are approved they continue to build the databases that are needed for the product. The database is build with MySQL and the Oracle course taught them SQL that they use to manipulate the database and the data. Finally, when all is ready the students actually build the application using various programming languages and the Symfony platform because that is a nice comprehensive platform with a lot of build in functions and the security is tested too.


What kind of projects are you involved with?

It’s mostly projects within our school. Students work on phone lists for example if a teacher needs one. Seems easy but a lot of things need to be taken into account. Aspects like authorisation for example. The teacher gives feedback on the development of the app throughout the whole process from idea to the final build.


For the secure programming elective, we have created a virtual machine running a version of Linux –Kali Linux to be precise – with hack tools to test the apps we build. We don’t use all the available tools because that would take years. We start with some often-used techniques like intercepting traffic to servers: the man in the middle technique. Another is SQL injections to test if you can get more information from the database than you should. A lot of older websites still have problems with SQL-filtering, making it possible to retrieve information from the database that is not intended for you. We teach them to consider this right from the start when designing and building apps. Cross-site scripting is also given attention. That’s basically sending pieces of code to the server to take over control. These three techniques are still close to what an app developer does. Of course you can also teach them how to break into networks, but that is more of a subject for the network management programme. We just want to make our students more aware of the vulnerabilities in the apps they build and make them able to deliver secure apps.


HSD ROC 00004 extra


Really teaching them how to hack is tricky for us as a school. You don’t want them to use the skills we teach them for mal intent. So we teach them how to detect and intercept potential abuse. We do so in a closed environment with a virtual machine. The whole process of how to hack into a server is not something we teach them. We should not educate hackers but make them aware how the apps they build can be broken and how to prevent that from happening. That’s our responsibility if we are training app developers that have to work on safe and secure working apps. We are also developing an assignment for secure programming for interns, together with our partner Exact. Students will fulfil security tasks on the job.


Another project we are currently working on is in cooperation with the ‘Techniek Innovatie Huis’ (Technique Innovation House). That’s a joint venture of several educational programmes within ROC Mondriaan, companies and the municipality of The Hague where we work together on projects and want to get businesses more involved in our programmes. We are going to work on topics like cybersecurity and serious gaming for example. The location has only recently been opened so right now it’s still in its startup phase. But the idea is to really create a thriving environment where businesses can ask for help, participate in workshops and provide guest lectures. One project we are already working on in the Techniek Innovatie Huis is virtual reality. Right now it does not have a cybersecurity component but we do want to add that aspect too. The students are busy with programming a virtual reality environment to learn what the effects of adding new elements to it are and how you can program that.


HSD ROC 00003


Why did you pursue this career?

I started my career as a PL/1 programmer at an insurance company right out of high school. Building the systems that were used to store all the insurance policies. I started right after high school because there was such a big demand for programmers back then. After doing that for a while I decided to go back to school and study communication. But when I graduated there was a spike in the number of available jobs in IT again. So when I couldn’t find something that was related to my study I decided to pick up programming again and started with Visual Basics for Applications.


After working in the commercial sector for a while it didn’t really feel satisfying anymore. I became a bit bored and working in education appealed to me more than a commercial organisation. Education is less tedious in my opinion, there is nothing as dynamic as being a teacher. It’s really nice to work with and guide youngsters in a craft like programming. It’s surprising to see how much ROC students can do. Often when we talk with organisations and show them what we’re doing they are surprised by the skills of our students. We have a lot of hard working and curious ‘go getters’. We see that now with the secure programming course. We just started a few weeks ago and already they are helping each other and telling each other about various hacking techniques and where to find documents. They manage to find things before I do, luckily enough they keep me informed too. I’ve already had several books added to my collection because of them since we started with the module.


HSD ROC 00006


Education is very challenging and rewarding. Because I teach in app development I also have to be on top of what trends and developments are in the market just like in commercial organisations. Right now for example my job looks completely different from when I started. Nowadays a lot of work is cut up in little pieces and needs to be done quickly. That’s a completely different way of working then when I started when we would build a whole system, test it intensively and then put it into practice. The way of working is the same though: whether you’re in a commercial organisation or educational institute, you need to adapt constantly.


Can you name a milestone in your career?

A recent milestone was that we started with the secure programming elective. I experienced hacking when my personal website was hacked and when my bankcard got skimmed at a gas station. That I can educate the next generation of app- and software developers on techniques they can use to make their products more secure is a milestone for me.


Another thing is the Technique Innovation House I mentioned earlier. We see a lot more companies who are interested in what we are doing. When we had the official opening, we saw that our students who were busy with the secure programming course and hacking received a lot of attention. Even more than the group that was working on some more flashy applications they build with the Raspberry Pi. It’s nice to see this attention for our students after the hard work and steep learning curve we experienced while putting this programme together.


How will your industry or job in particular change over the next few years? How do you keep up?

I see my profession change in the sense that I will need to learn more techniques, especially now that we introduced hacking into the curriculum. We will keep working on that to show what can be done with hacking and how this affects app development. Also new ways of programming and new types of devices or the Internet of Things for example will be introduced and need to be secure. In the future, if a new relevant programming language comes around, we are going to include the secure programming part right from the start. This might have as a result that secure programming becomes so integrated that the actual elective becomes much more in-depth. Which means I need to learn more on the various techniques.


To keep up I read a lot of books, practice a lot and do internships at companies. For example I once did a workshop at Deloitte at a department that was specialised in cryptography. If you work with those people you really learn a lot of things that you will then bring to the classroom. More organisation should start offering this type of workshops or guest lectures to teachers as it’s very valuable for the level of education.


HSD ROC 00005


How did finding a job after your study go?

The first time I needed a job, the job actually found me. In IT there are always peaks at which a lot of people are needed. So when I finished high school I got a call if I wanted to start as a programmer and started right away. After I finished my study communication there was another peak in demand and I got hired pretty fast again. That’s what I love about IT, there’s always so much work because it keeps changing. You see it happening again right now with cybersecurity.


The switch to go work in education was intentional. I was working as an application developer at the time when my home situation changed and I was not really challenged in my job anymore. So I applied for a specific job at the ROC of Amsterdam that related to the job I had at the time. And I love my job ever since.


Do you have any tips for up-and-coming talent?

Yes! It’s my experience that companies respond very enthusiastic to security and hacking. They always say they are looking for people that like to puzzle, who are go getters and have good ethics. If you like to keep learning and do challenging work, IT really has everything to offer for you.