“I had recently learned in my Pre-College Cybersecurity Program class (taught by Jay Gala, a teaching assistant at Mason) about the entire responsible disclosure process, to include the proper steps of how to contact the vendor of the affected product, coordinating patches to fix the vulnerability, and eventually requesting a CVE ID.”
Tyler Schroder
Tyler Schroder, a freshman at Centreville High School in Clifton, Virginia. says he has always been a huge fan of all types of technology. In middle school, a good friend of his discovered George Mason University’s Pre-College Cybersecurity Program and encouraged him to sign up for the program, which he did.
“I’ve been hooked on cybersecurity ever since,” says Schroder. “It’s a rapidly growing and developing field, continuously undergoing innovation and change.”
This year Schroder’s passion for cybersecurity paid big dividends when he made a Common Vulnerably Exposure (CVE)-type discovery that earned him a publication with corporate partner MITRE and a visit to one of Mason Engineering’s digital forensics classes.
“In mid-February I was working on my computer at home, and attempting to sign into a website,” Schroder says. “A password manager product I use to sign into the website, Abine Blur, has a feature that can send a second-factor request to your cellphone to make sure it’s actually you requesting to sign into the site. My cellphone was elsewhere in the house when I attempted to sign into the website, and rather than going to get my phone I decided first to see if I could find a quick way around the sign in requirement.” What he found was a vulnerability in the product that would expose user data to a hacker without sending the request.
Schroder credits his instructors at Mason for his knowledge of CVEs. He says they were the reason he knew that he had made a CVE-type discovery and what to do next.
When CVE was launched in 1999, security products varied and there was no easy way to determine when different databases were referring to the same problem.
CVE now provides an industry standard for vulnerability and exposure identifiers by providing reference points for data exchange so that cybersecurity products and services can speak with each other. CVE Entries also provide a baseline for evaluating the coverage of tools and services so that users can determine which tools are most effective and appropriate for their organization’s needs.
Schroder says, “I had recently learned in my Pre-College Cybersecurity Program class (taught by Jay Gala, a teaching assistant at Mason) about the entire responsible disclosure process, to include the proper steps of how to contact the vendor of the affected product, coordinating patches to fix the vulnerability, and eventually requesting a CVE ID.”
Armed with the knowledge about CVEs Schroder was able to work through the proper channels so that this vulnerability could be fixed. For his work, he earned the opportunity to present his findings to a digital forensics class of master’s students.
For Schroder it was an exciting experience and opportunity to share his findings with other like-minded individuals. “But what made it special,” he says “was the opportunity to present to an audience that was so much more experienced and educated than I was, in a field that I’d like to work in some day.”
After he completes the GMU Pre-College Cybersecurity program this summer, Schroder is looking forward to an internship opportunity in the cybersecurity field. After high school he plans on attending a four-year college and earn a bachelor’s degree with a major cybersecurity, followed by a career in cybersecurity. He also plans to get an advanced degree while working in the field.
About the Pre-College Cybersecurity Program
The Pre-College Cybersecurity program is a two-year program offered by Mason Engineering. It is broken into eight quarters of 10 classes each. The classes are taught on Saturdays at the school’s Fairfax campus.
Over the two years, students learn about Principles of Information Security, Fundamentals of Hardware & Software, Fundamentals of Networking, Security Awareness, Fundamentals of Cyber Security I-II, Ethics in Computing, Ethical Hacking I-III, Computer Forensics I-III, Penetration Testing, Incident Response and Disaster Recovery and Career Readiness. At the end of the two years, they complete an internship in the field of cybersecurity while still in high school.