Prasant Adhikari, a Ph.D. student at the NYU Tandon School of Engineering, spent his summer in a rather unusual way. He put together and helped to run an online modular instruction program in cybersecurity for undergraduates in Nepal. The program, dubbed Gajabaar after the horizontal wooden bar that secures doors in traditional Nepali houses, offered a different approach from most online learning scenarios. Its promotional materials describe Gajabaar as a “program where mentors listen to you about your interests, ask you about your goals, then design a path from where you are to where you want to get in cybersecurity.” And, for those with the interest, but not the background, the program offers a twelve-week, three-part introductory curriculum that includes lab assignments and options to visit companies for real-world exposure.
The initial edition of the program ran from May through August, 2020 and had 12 undergraduate mentees from three different universities. Adhikari reports, “We opened up the audit track, since the program was virtual and had 8 people from the initial 12 and 3 people from the audit track finish the whole program.” Aiding him as mentors were two other NYU Ph.D. students —Marina Moore and Axel Elaldi— along with Rashmi Lamichhane, an analyst at DB Schenker in Hamburg, Germany; and Pratima Sharma, co-founder of Mandala IT Solutions in Pokhara, Nepal. NYU Tandon Professor Ramesh Karri served as an advisor.
Asked to assess the program’s initial year, Adhikari points to three positive achievements. First, “we were able to meet the mentees where they were in terms of their skill levels, time commitments, interests, and goals,” he says, allowing mentors to “eliminate prerequisites and focus on individual experiences.” Second, “we were able to cover all costs for the mentees,” which levelled the playing field for those with the interest, but not the funds. And, lastly, “the modular structure, which focused on solving a lab/set of technical challenges, helped participants quantify progress, and kept mentees motivated.”
As for the mentees, most seemed very appreciative of their summer experience. At the end of program, they were asked to write a letter to potential 2021 participants. The responses were enthusiastic and often lengthy, but the following excerpt from one letter probably summarizes the shared sentiments.
“If you are reading this, feel blessed that you survived the devastating year, 2020. Gajabaar started in July 2020. It was the mid Lockdown season in Nepal and in other countries worldwide. As per I know, our mentors tried to utilize this leisure period in something productive and this is how Gajabaar was created.
I was very new to cyber security then. I had barely used Linux OS; I did not know what CTFs are; what a cyber security professional does. When I was interviewed, I told them these things so clearly. I told them I did not know the basics; I just knew a word cyber security and I was fascinated by that word. But of course I got selected; or else I would not be writing this.
Then it started. Throughout the journey, the mentors guided us as per our requirements and caliber. They knew what would be difficult for me and what would make my path easier. Often in many labs and CTFs, I would feel it difficult to understand a problem, its motive, process or anything else. They were always ready to guide me through any sort of situation, be it via code analysis, examples, blogs, write-ups, interaction through calls, etc. They never stopped until I was satisfied with the solution.“
Based on this positive feedback, Adhikari is looking forward to making Gajabaar a recurring summer event, though he noted there are a few issues to address. For the initial session, “we had to make a lot of adjustments to the curriculum to account for the feedback we were receiving on a weekly basis,” a process he called, “both fun and challenging.” Tailoring the program to “the needs of each candidate” was also a major time commitment for the mentors. Lastly, Adhikari notes that the program is limited by current available resources. “A lot of our mentees were heavily invested in support beyond the program, including lab subscriptions, internship opportunities, tools and networking opportunities,” Adhikari explains, adding “we are limited in how much we can offer outside of our summer timeline and immediate mentoring in that timeframe.” One possible way to address this issue would be to extend it to a “Residency Program,” where a graduate of the summer program would spend a year continuing to explore the field of cyber-security via specialization in an area of their choosing under the mentorship of the program.
In the meantime, a coordinator has been chosen to oversee follow-up activities, including engaging the participants as a team in Capture The Flag (CTFs). Participants are also free to continue reaching out to their mentors. “We are keeping the communication channels alive for any candidate of the program to reach out for any future guidance, “ he notes.
For more information on Gajabaar, check the website at https://gajabaar.io/.