WATCH | Local man helps expand UALR Cyber Arena

Andrew Bomberger discusses how he got involved in computer coding and hacking at The Sentinel-Record. - Photo by Lance Porter of The Sentinel-Record

Growing up in Lebanon, Pennsylvania, Andrew Bomberger never imagined working with computers the way he does now.

Even after moving to Hot Springs in his early teens, Bomberger wanted to go into farming like his uncles.

"Initially, I wanted to be a farmer," he said, noting his uncles had a dairy farm. "I don't remember the exact age. I think it might have even been up to 16. I tried it, and I didn't really care for it too much. After that, I just thought I wanted to go into maybe like surveying, engineering, kind of that direction, but that also kind of died out."

After graduating, Bomberger went to National Park College to complete the basic coursework he would need for any degree, and that was where his world changed.

"I didn't really know what I wanted to do until I was just getting prereqs done at National Park, and if I remember correctly, I saw a conference on -- it was like social engineering, cybersecurity," he said. "It was a talk, like a TEDx talk, and I thought that was really fascinating -- simply because that was the first time I knew that that was even possible."

Bomberger graduated from UALR in December with his master's degree in computer science with a focus on cybersecurity, but he was days away from a different path in 2017. He had enrolled at Henderson State University, but he had a change of heart before the start of classes.

"It was up until the final week, and I just didn't really feel comfortable about it," he said. "I can't really put down why I didn't feel comfortable going there because I don't really have a solid reason -- I just didn't. So I decided to go check out the UA Little Rock's computer science program."

Video not playing? Click here  

While waiting to meet with the department chair, Albert Baker, Bomberger saw several awards the university's Cybersecurity Club had won at different cybersecurity competitions.

"I thought that was pretty interesting, specifically, because I didn't see any kind of cybersecurity presence on Henderson itself. And so that was pretty much all it took," he said.

In 2019, Philip Huff was looking to start what would eventually be called Trojan Cyber Arena, an online program that provides free cybersecurity training and exercises for the state's middle and high school students.

"He knew that he wanted ... cybersecurity-minded people, so the first people he interviewed were people from (the Cybersecurity Club)," he said. "And I still don't really understand why I was picked because at that time, I really didn't know anything. It's really sad, but three years of college, I didn't know anything."

Bomberger's work within the program evolved significantly during his time at the university.

"I started off just making like simple web applications, just to do basic cryptography, like Caesar ciphers and really basic stuff," he said. "And then it kind of evolved from there to just doing normal software engineering."

During his master's program, Bomberger worked to expand the Trojan Cyber Arena's focus to include an emulated red team network, which provides more advanced training for both teachers and students. Red teaming consists of two facets -- a social side and a programming side.

"You would go in and you would test the integrity of your workers to see if they are doing their (due) diligence, 'Hey, why is this guy sticking the USB into your computer? Why is he just walking behind the teller booth for no reason, even though he looks like he knows what he's doing, but I've never seen him before?'" he said.

"So making sure that everyone's at the right place at the right time, and then also not giving up information that maybe is not really required for that person to know. So that would be more like the physical side, and then actually going into the computers themselves. Typically, they'll say, 'Hey, here's a scope, here's a range of networks that we want you to attack, just to test the security on. Don't go beyond that, but you can check all this,'" Bomberger said.

"And so then the red team's main responsibility would be going into there, see if there's any vulnerabilities and weaknesses that maybe the company should know about and try to patch."

The project Bomberger focused on during his master's degree led to the Cyber Arena expanding into other campuses of the University of Arkansas system.

"This upcoming spring semester, we're actually collaborating with the University of Arkansas system -- like Fayetteville, Pine Bluff, etc. -- to where they'll all be using the Cyber Arena to help supplement some of their course materials," he said.

"And that would be where, I guess, the component that I was working with (in my) master's project, that would be where that would come into play. So that the instructors that are teaching the courses, they could implement some of the logic that I was responsible for and can help simulate a more realistic ... environment for the students."

Bomberger said he is looking to earn some cybersecurity certificates to help him move out of the educational into the professional world, but he also plans to keep working with the Cyber Arena for a little bit longer.

"I don't have a definite time frame, but for sure while they still need help, I'll be there," he said. "I'm planning on trying to get some of the very basic cybersecurity certs, try to get those knocked out of the way while I have time, while I can. But from there I don't really have any plans -- I guess wherever the jobs take me."