Interview with B. Bencsath, Assistant professor at BUT & CEO of Ukatemi


Welcome Boldizsar! Please, introduce yourself and your expertise on the topic.

My name is Boldizsar Bencsath, PhD, OSCP. I am assistant professor at Budapest University of Technology and Economics, and the CEO of Ukatemi Technologies Plc. I have participated in a number of digital incident response processes. Our most famous work was the discovery of Duqu malware back in 2011 during a forensics type of work. I have, also, participated on recent forensics events.


How is the enrollment of students on your courses? Is it a high number compared to other ICT? And what about the gender balance?

Enrollment on the courses is promoted via an automated electronic system. However, we can encourage students  to attend the courses by advertising them through other courses and by showing our expertise and knowledge on the topic as well as the benefits of the specific course. We do not run a specific incident response course, but we share information stemming from our experience and knowledge gained on specific forensics activities to let them understand both the process and the needed mindset for the topic.

At our university, computer security related courses are attractive to the students. There are multiple reasons. Our trainers are well-performing, knowledgeable, and the topics are something that the market is interested in. The students have been learning about the quality of lectures and the activity of BME CrySyS Lab through word of mouth for many years, that I can be proud of. Our talent management programme is also something to be noted amongst the other activities, and also the results of the semester project are generally exceptional.


How would you explain what is incident response to someone that has never heard about it?

To explain incident response to outsiders is very easy. Everybody has heard of ransomware attacks, CEO scam, or bank frauds. Having informative movies like the Billion dollar heist, people without IT knowledge can understand how internet based attacks can be done. When talking about the topic, I always prefer to share case studies. Stories, where either we performed the investigation and thus we have hands-on experience that supports the validity of our message, or we describe stories where others performed the investigation that resulted in strange consequences or important conclusions. Telling about the experience of the victim of a ransomware attack makes the students deeply understand how bad one can feel about a situation that is possibly impossible to solve.


Which were the main elements that you considered in order to create the course?

Courses are generally developed during reform-type of operation on a larger scale. Once a reform having multiple courses is considered, then people start to overview the structure of different courses and to find targets that are not met with existing courses. For incident respose,  we do not consider at the moment that a specific course is needed for the topic, instead some subtopics are inserted into different courses: IT Security laboratory, Computer- and network security and similar courses.


Any advice that you would like to give to anyone wanting to get into the topic of cybersecurity?

My advice to promote IT security among  IT students is to have a general course that is not trying to cover IT Security extensively. Instead, a short introduction should be given at lectures of different topics to raise the students’s interest on IT security, and then, specific courses should be available to deepen knowledge in the particular topic.