As a Sinclair College student in 2018 Brett Ewing was one of the first people to use Sticker Heist—a problem-solving game that Sinclair Professor Mike Libassi created to give students hands-on experience with cybersecurity tasks.  

Brett Ewing explains the workings of the Sticker Heist box at a Hack Dayton meetup.

Testing the prototype as a member of Sinclair’s Hacking Team added to Ewing’s excitement about defending computer systems. Libassi’s teaching had already sparked Ewing’s interest in cybersecurity. And the game’s scenario, which requires players to decode the lock of the sticker storage box called the “heist box,” ignited a new career passion in Ewing. He changed his major from computer engineering to cybersecurity.

Now as the leader of two cybersecurity companies and the nonprofit Hack Dayton, Ewing is an industry partner of Libassi’s Advanced Technological Education (ATE) grant.  The project’s full title is Implementing Game-Based Learning to Recruit a Diverse Cybersecurity Workforce and Enhance Training for Technicians, but it goes by Sticker Heist as well.  

Ewing uses the Sticker Heist game at Hack Dayton’s in-person monthly meetups and at industry conferences for both cybersecurity newbies and seasoned hackers to develop their skills.

“Utilizing the Sticker Heist allows us [at Hack Dayton] to always have a challenge that especially the new members really love ... The Sticker Heist acts as a great way to expose them to a whole different set of the tools that we utilize every day in the real-world jobs and the kind of experience that you're going to get, testing real infrastructure.

“ So the Sticker Heist allows us to both train up individuals as well as give the more senior ones newer and harder challenges that they can accomplish, and also help them contribute [by answering], What would you add to the Sticker Heist? How would you make it better?”

Libassi wrote in an email that it is “awesome” to have his former student as an industry partner on the grant. “Brett is top tier,” Libassi added.     

Cybersecurity Degree Leads to Startups

After completing his associate degree in 2020, Ewing became “salaried employee number two” of Strong Crypto Innovations thanks to Libassi introducing him to the company’s founder, Alex Fry, who Libassi worked for as an independent contractor.

Ewing is currently the chief operating officer of Strong Crypto, which now employs 30 testers or hackers.

He is also chief executive officer of Axe.ai, which he and Fry started. The company’s website states it is “the world's first AI-driven Cloud Native Offensive Platform designed to provide expert penetration testing capabilities to all IT specialists.” Ewing said it employs 12 software developers.

Ewing and Fry also founded Hack Dayton as a nonprofit to raise awareness among Dayton residents about “offensive security” careers.  

“Sticker Heist will always be at a Hack Dayton meet-up,” Ewing said, explaining, “Most of our events are more targeted towards everyone developing their own hands-on skills and meeting people where they are in their careers, whether they’re just starting that first day or they’re already a seasoned veteran,” Ewing said.

Mike Libassi, a professor of computer information systems at Sinclair College, is using an ATE grant to improve Sticker Heist, a cybersecurity problem-solving game he created.

This welcoming, encouraging approach to cybersecurity is one of the things he learned from Libassi, who Ewing and other current and past students call Dr. Mike.  

“He really taught in a way that made everyone feel like they could work in cybersecurity even though it is a very demanding and kind of tough job and tough market to get into. He approaches his education from a non- gatekeeper perspective. He really wants everyone to have the same kind of passion and drive that he does, and he's very warm and welcoming in the way he interacts with the students,” Ewing said.

Sticker Heist’s Development

As the principal investigator of an ATE grant, Libassi continues to use an inclusive approach. For example, he gathered input from students, employers, other educators implementing the Sticker Heist, and Hack Dayton participants to refine the Sticker Heist’s hardware and software.

The project’s website includes Libassi’s hand drawn sketches of the heist box and photos of its various iterations.

When an educator asked him at HI-TEC about creating his own heist box, Libassi gave him access to his source code, labs, guides, and designs.

In addition to improving the design of the heist box, Libassi has used his ATE grant from the National Science Foundation to align the game’s challenges with the National Initiative for Cybersecurity Careers and Studies (NICE) Workforce Framework for Cybersecurity.

Libassi uses Sticker Heist in his security+ and penetration testing courses.  

As part of the ATE project, Libassi offers “Heist School” to K-12 educators who want to implement Sticker Heist in their classrooms.

A Tool for Various Skill Levels

In October 2018 Brett Ewing (on the right) and other students who were members of Sinclair College’s first Hacking Team use what Professor Mike Libassi calls his very first “home DYI” Sticker Heist.

Libassi promotes Sticker Heist’s hands-on activities as a way to “bring textbook concepts to life, encouraging creative thinking, problem-solving, and teamwork. Sticker Heist not only introduces students to cybersecurity, it offers medium and hard levels to help more advanced learners sharpen their skills.”

Ewing agrees and says Sticker Heist has served the various skill levels of Hack Dayton participants and helped build a sense of community among them. He thinks having an actual box is a “great bridge” that is missing from virtual hacking competitions and capture the flag contests.

Since the core Hack Dayton participants have worked through all the Sticker Heist challenges, they, rather than Ewing, have become the guides who help newcomers get started.

“So now they're also the senior ones learning how to educate others in what they know, which is another great way to accelerate their own learning. Teaching another person how to do something is as beneficial in your own learning as learning the thing itself,” he said.

Ewing also takes a Sticker Heist box loaded with a gift card whenever he goes to a conference for one of the businesses.

“So the first person to crack the hard mode will win something. So that kind of gets people interested in it. And it's always a great conversation piece, even though it has something to do with our companies, but it's not directly. But it shows the community and the environment that we're building that it's interactive, it's communal and fun and exciting, and it is like a lightning rod for conversations,” he said.

High Praise for Sinclair’s Program

When recruiting and hiring, Ewing looks for people with strong cybersecurity skills and passion for the work. The company’s interns sometimes have bachelor’s or master’s degrees, while a recent full-time hire has no college credits but has excelled in cybersecurity competitions for years. The company covers the costs for full-time employees to attain industry credentials and degrees, if they do not have them.

“The biggest problem we see is that especially colleges—and I'll say outside of Sinclair—you don't get nearly as much hands-on keyboard experience. That is what we're looking for. There's a lot of theory and a lot of things that we feel like don't assist us in having an effective cybersecurity engineer on staff.

“So in our company, cybersecurity is a never-ending learning game. You should always be actively gaining new skills in learning new tools, tactics and procedures. And so if someone comes to us and they want to work with us and they don't have an associate's degree, we send them to Sinclair's Secure Systems Administration program.

“As far as we can tell it's the best in the nation that we've been able to find,” Ewing said.

Sinclair is designated as a National Center of Academic Excellence in Cyber Defense by the U.S. National Security Agency.