~$ lecturing: 4 years in

Posted on Jul. 5th, 2026. | Est. reading time: 5 minutes

Tags: AcademiaProfessionalInformation Security


for the last 4 or so years (i think i started back in 2023) i have been lecturing a seminar which i originally attended as a student during my MSc on Digital Systems and Services (specifically this was available in the Information Security specialization) at the University of Geneva’s “Centre Universitaire d’Informatique” (Institute for Service Sciences).

the seminar is aptly and longly titled D400018: Introduction to Enterprise Risk Management, the Lifecycle of Information and Ethical Hacking


how aptly, you ask?

as i was given full latitude in how i could approach this seminar, i also could act upon my motivation to provide students knowledge which exceeded academic confines. most people that have gone through university for computer science or information security or similar subjects share the opinion that the knowledge is often outdated, or out of touch with the “real” world, and this was my chance to give students a taste of what exists out there, for one semester, 2 hours a week (excluding assignments).

the lectures ended up covering, both offensively and defensively, in no particular order:

  • systems and networks
  • injection vulnerabilities
  • access control and authentication
  • phishing
  • osint
  • forensics
  • enterprise risk management
  • exploitation
  • human security / opsec
  • lifecycle of information
  • gdpr / ccpa / fadp (switzerland) / data protection legislation and strategies
  • privacy and security by design approaches
  • shift left approaches to systems development

we also have 2 lectures that for the past few years have been held by external actors:

  • a threat modelling session held by James Bore, invited by me
  • a “practical applications of forensics” session held by Patrick Ghion (Chief Cyber Strategy Officer for Geneva’s State Police), invited by our faculty director

(incidentally, i remember when i was following this class in 2022 i asked many uncomfortable questions of him, specifically making him dodge specific named technologies they may or may not use for forensics)


oh, a butterfly!

but here’s the first wrinkle: i have to talk about all of these things, which - depending on the subject - if brought about incorrectly can be extremely boring, which didn’t help when the seminar was held primarily remotely.

i can’t blame the students, i very much did the same at the height of COVID, where i was attending lectures remotely and absorbing information but i was also doing other things such as developing my skills (the perks of having multiple monitors).

in my case it worked out and had no impact on my studies, but that may be more on how i was still tuned into the class because i was forcing myself to actively respond and interact (superimposed on some combination of unmedicated AuDHD, general interest in the course material, general fleeing of other issues in my life, and required projects which benefitted from wanting to do things somewhat perfectly).

after 3 iterations, this year i decided to move the seminars from being fully remote, to seminars held “in meatspace” (with a remote viewing url for recording and remote participation purposes).


moving to meatspace

but i had another change in store this year. every other year, students would only be graded on practical assignments, and this would be their end of year grade.

because of how “good” (intentional airquotes here) AI has gotten at third-party thinking, and that receiving fully prompt-generated assignments from 30% of the class was irritating me excessively, i decided this year to remove the grading of 80% of the assignments, and to add an oral exam to compensate.

third-party thinking had at that point gotten somewhat ridiculous, as the 2 “poisoned” assignments i gave had 50-70% hit rates, with one being made to trigger very on-topic analogies to canaries in coal mines (this is very much an ongoing problem in academia).


maya isn’t a scary lecturer / examiner, i promise

the modalities of the oral exam were - in my opinion - extremely forgiving:

  1. students would be given 2 questions (both in english and french) about things that were talked about in the class.
  2. they could choose one of these two questions and discard the other.
  3. they then had 15 minutes of preparation, where they had access to an offline computer which had all of the text-searchable slides of the class (i very much opted to bring one of my trusty NUCs that i had pulled the network card out of).
  4. they would then come to the desk where my co-evaluator and myself were sitting
  5. they then had about 8-10 minutes to deliberate and provide answers to the question, in either english or french.
  6. afterwards, we would have about 5 minutes of Q&A where we would either ask questions related to the topic at hand, or my co-evaluator would ask one of his “bonus” questions, or if the situation warranted it, we would ask “rescue” questions.

this worked out nicely for evaluating 18 students in the span of a day, although until the results are posted to the students by the faculties i will not share the statistics here.


testimonials, or something

screenshot of an email from a redacted student, to me, titled 'Unimportant email'. it reads: 'Hello Prof.,

I just wanted to share with you a very recent incident response from [REDACTED]; step-to-step everything we were taught by you in the course. lol 😄

Thank you!!!' is always nice to hear that i'm not actually saying nonsense

side note: i’m not legally classified as a professor, nor do i claim that title, and i do push back against people that use it, because it is a protected academic title