How can I help?
How can I help?

Tom Shaw

Lecturer

Tom is a Lecturer in Cyber Security and Ph.D. candidate with a keen interest in practical hacking challenges and software development.

Orcid Logo 0000-0002-7406-5697
Thomas Shaw

About

Tom is a Lecturer in Cyber Security and Ph.D. candidate with a keen interest in practical hacking challenges and software development.

Tom is a Lecturer in Cyber Security and Ph.D. candidate with a keen interest in practical hacking challenges and software development.

Tom has studied and worked in various capacities at Leeds Beckett since he began his undergraduate study on the BSc. Computer Forensics and Security course in 2013. During this period he worked briefly for the university app studio as a software developer and security tester. In 2016 Tom started work on the SecGen project, a framework for automatically generating randomised computer security scenarios. This project laid the groundwork for his PhD research project, which involved the design and development of further innovations within the automatic problem generation space.

Tom has been part of the Cyber Security teaching team throughout his Ph.D. candidacy in 2017 and was recently hired as a full-time Lecturer in Cyber Security. Tom played a key role in the organisation of various Capture The Flag (CTF) events. Numerous events targeting students from introductory high-school level to university and graduate level competitions have been supported by practical challenges using SecGen.

Research interests

Tom's research interests include the design and development of practical cyber security scenarios, applications of randomisation and automatic problem generation, the real-time detection of progress through cyber security scenarios and innovations in the integration between a game environment, which models cyber-physical security problems, and real virtualised systems.

Innovations in this area, including dynamic scenarios generated via the SecGen project, have been used across the computer security modules for teaching, assessments, and extra-curricular competitions and activities here, and by others at other institutions. The research outputs provide a framework for event organisers, educators and researchers interested in tool and challenge design.

Publications (3)

Sort By:

Conference Proceeding (with ISSN)
Hacktivity Cyber Security Labs: A Platform for Cyber Security Education with Randomised Challenges, Virtualisation Infrastructure Management, and CyBOK Integration
Featured 28 December 2024 CSE 2024: Advances in Teaching and Learning for Cyber Security Education Lecture Notes in Networks and Systems Legg P, Coull N, Clarke C Bristol, UK Springer
AuthorsAuthors: Schreuders Z, Shaw T, Editors: Legg P, Coull N, Clarke C

We present Hacktivity Cyber Security Labs, a novel technical framework and hosted lab infrastructure platform. Hacktivity uniquely addresses limitations in traditional cyber security education methods, particularly through extensive incorporation of randomisation of cyber security and hacking challenges, integration of automated chatbots, provisioning and managing of VMs and datacenter clusters, and integration with the Cyber Security Body of Knowledge (CyBOK) for curriculum alignment and individualised tracking of knowledge and experience. In this paper we present the technical design details of Hacktivity and our open-source backend framework, SecGen, and reflect on our experience of integrating it into security courses. By leveraging the SecGen framework for automatic problem generation, Hacktivity provides randomised challenges and hands-on tasks, enriching experiential learning for students. The close integration with CyBOK enables students to better understand the alignment of modules with knowledge areas and monitor and reflect on their learning progress. We present our experience of the platform’s effectiveness in teaching a wide range of technical cyber security topics. This paper introduces our innovative approach to teaching computer security, leveraging SecGen, an open-source software, multiple virtualisation data centres, and Hacktivity, a new virtualisation management and virtual learning environment.

Conference Proceeding (with ISSN)
Hackerbot: Attacker Chatbots for Randomised and Interactive Security Labs, Using SecGen and oVirt
Featured 12 June 2018 2018 USENIX Workshop on Advances in Security Education 2018 USENIX Workshop on Advances in Security Education Baltimore, MD, USA USENIX Association
AuthorsSchreuders ZC, Shaw T, Mac Muireadhaigh A, Staniforth P

Capture the flag (CTF) has been applied with success in cybersecurity education, and works particularly well when learning offensive techniques. However, defensive security and incident response do not always naturally fit the existing approaches to CTF. We present Hackerbot, a unique approach for teaching computer security: students interact with a malicious attacker chatbot, who challenges them to complete a variety of security tasks, including defensive and investigatory challenges. Challenges are randomised using SecGen, and deployed onto an oVirt infrastructure. Evaluation data included system performance, mixed methods questionnaires (including the Instructional Materials Motivation Survey (IMMS) and the System Usability Scale (SUS)), and group interviews/focus groups. Results were encouraging, finding the approach convenient, engaging, fun, and interactive; while significantly decreasing the manual marking workload for staff. The cloud infrastructure deployment using SecGen/oVirt was a success, generating VMs with randomised challenges, and enabling students to work from home.

Conference Contribution
Security Scenario Generator (SecGen): A Framework for Generating Randomly Vulnerable Rich-scenario VMs for Learning Computer Security and Hosting CTF Events
Featured 14 August 2017 2017 USENIX Workshop on Advances in Security Education (ASE'17) USENIX Vancouver, BC, Canada USENIX Association
AuthorsSchreuders ZC, Shaw T, Shan-A-Khuda M, Ravichandran G, Keighley J, Ordean M

Computer security students benefit from hands-on experience applying security tools and techniques to attack and defend vulnerable systems. Virtual machines (VMs) provide an effective way of sharing targets for hacking. However, developing these hacking challenges is time consuming, and once created, essentially static. That is, once the challenge has been "solved" there is no remaining challenge for the student, and if the challenge is created for a competition or assessment, the challenge cannot be reused without risking plagiarism, and collusion. Security Scenario Generator (SecGen) can build complex VMs based on randomised scenarios, with a number of diverse use-cases, including: building networks of VMs with randomised services and in-thewild vulnerabilities and with themed content, which can form the basis of penetration testing activities; VMs for educational lab use; and VMs with randomised CTF challenges. SecGen has a modular architecture which can dynamically generate challenges by nesting modules, and a hints generation system, which is designed to provide scaffolding for novice security students to make progress on complex challenges. SecGen has been used for teaching at universities, and hosting a recent UK-wide CTF event.

Current teaching

  • Digital Security Landscapes
  • Incident Response and Investigation
  • Advanced Digital Security
  • Advanced Exploitation
  • Production Project

Teaching Activities (5)

Sort By:

Course taught

Incidents Response and Investigations

22 September 2025

Course taught

Digital Security Landscapes

September 2020

Course taught

Cyber Security Landscapes

22 September 2025

Course taught

Ethical Hacking

22 January 2026

Course taught

Web and Network Security

22 January 2026

{"nodes": [{"id": "13359","name": "Dr Cliffe Schreuders","jobtitle": "Reader","profileimage": "/-/media/images/staff/lbu-approved/beec/cliffe-schreuders.jpg","profilelink": "/staff/dr-cliffe-schreuders/","department": "School of Built Environment, Engineering and Computing","numberofpublications": "46","numberofcollaborations": "3"},{"id": "23040","name": "Tom Shaw","jobtitle": "Lecturer","profileimage": "/-/media/images/staff/lbu-approved/beec/thomas-shaw.jpg","profilelink": "/staff/tom-shaw/","department": "School of Built Environment, Engineering and Computing","numberofpublications": "3","numberofcollaborations": "3"},{"id": "20874","name": "Dr Mohammad Shan-A-Khuda","jobtitle": "Lecturer","profileimage": "/-/media/images/staff/dr-mohammad-shan-a-khuda.jpg","profilelink": "/staff/dr-mohammad-shan-a-khuda/","department": "School of Built Environment, Engineering and Computing","numberofpublications": "9","numberofcollaborations": "1"}],"links": [{"source": "23040","target": "13359"},{"source": "23040","target": "20874"}]}
Tom Shaw
23040