View article

Information security programs teach dangerous skills to their students. Despite our best efforts as instructors and mentors, some students will use these skills in inappropriate, and sometimes illegal, ways. As a result, students jeopardize their careers, hurt others, and put their institution’s entire information security program at risk. In this article, we present results from interviews with information security instructors from academic and government information security education programs. This article includes analysis of real-world incidents where students crossed the line in using their skills, and suggests best practices for deterring student misbehavior as well as techniques for mitigating damage and maximizing learning when an incident does occur.