Promoting Cybersecurity Education
Cyber Encryption: A Hands-On Experience
Recommended for everyone, especially students and educators. This is a fun workshop demonstrating the basic concepts of simple encryption (using a secret decoder ring). This introduction will show how these concepts are used to create the complex encryption methods that (when properly implemented) can assure online privacy, confidentiality, data integrity, and non-repudiation.
September 20th was USC Aiken science education and STEM day. This is a Fall tradition for 40 years at the University and has grown from 10 tables at the Ruth Patrick science Center to over 70 exhibits all over campus.
With the help of an Aiken high School volunteer, Logan, I staffed the exhibit for CYBESEC while Thomas Scott ran a booth for the University science and engineering and cybersecurity awareness programs.
Our booth used a really neat device called Makey Makey and a program called Apple Piano that allows you to connect apples as triggers for your keyboard demonstrating the difference between a conductor and an insulator, and how to complete a circuit.
We made over 100 presentations to almost 400 people during the 5-Hour event. While this is geared towards elementary and Middle School students, the parents seemed just as excited to learn about how your body and other items are conductors while wood and plastic are not.
It was particularly rewarding to do the demo for one group of children and then another group would come up and they would demonstrate to the new kids what they had just learned.
The parents were also thrilled to see vintage computer parts and explain to their children how they used to have to save data on floppy disks and the computer screens only had words, but no pictures.
Here are the slides and an annotated copy of the NIST CSF 2.0 in spreadsheet format.
It’s been another busy summer with the DOE cyber workforce development program. I had nine of the most outstanding students I have ever taught. This is like a dream team classroom. Despite being from seven different states from all over the country they have bonded like a cohesive team and are hungry to learn, and I have plenty to feed them.
The first course was introduction to cybersecurity, and I used most of the core material for the ISC2 Certified in Cybersecurity course, supplemented with numerous work experience stories and an extra focus on NIST documents and working in the federal environment.
At the end of the first class all nine students took the ISC2 CC exam and far exceeded the 50% national average pass rate. The students also built their 3-d printed enigmas.
At the end of July, we wound down in our 10-week program that consists of four cybersecurity classroom courses as well as numerous field trips and lab exercises. We made our way around Aiken, ate out together a few times, did a cyber audit for a small insurance company in town, had guest speakers on OT, heard from one who had experienced disaster recovery, our annual cyber Jeopardy with CIOs from SRS, and the women in cyber panel.
The students presented summaries of their work and experience in a poster session to over 100 colleagues at the end of the summer. Their two posters, entitled “Behind the Breaches” from Intro. to Cybersecurity, and “Hack, Trace and Testify” from Digital Forensics were well received and demonstrates their thorough understanding of the material in the real world.
I am pleased that my students are leaving Aiken this Summer with a certification as well as familiarity with NIST 800-53 and CSF 2.0. I am so happy to see these capable people are going to replace all of us old folks in cyber security. I’m glad I’m retired, because I wouldn’t want to be looking over my shoulder for competition from this young bunch of folks.
I want to thank SRNS IT/Cyber for hosting a Capture the Flag for my interns. Also, over a dozen other professionals from SRS, military, local businesses, and former students are contributing to the enrichment and encouragement of my current students. I cannot emphasize enough how these acts of kindness are remembered by my students, even years later. You can change the cyber and IT world, one person at a time. Read more about our program at
https://www.usca.edu/news/2024/cyber-interns-educate-aiken-rotary-on-data-safety
Well it’s another summer in my retirement and I seem to be teaching classes every time I turn around.
In addition to DOE workforce development internship, I was offered the chance to share teaching a week-long summer camp with Thomas Scott for high school students at the Ruth Patrick science Center at the University of South Carolina Aiken.
The Ruth Patrick Center is a hidden gem in Aiken. here’s more about their camps If you’ve never been to the planetarium or seen telescope you are missing something great. Dr. Gary Senn is an unbelievably creative and dedicated educator.
https://www.usca.edu/rpsec/departments/student-programs/summer-programs/discovery-camps/
Over the five six-hour classes, we covered a wide range of IT and cybersecurity topics. We watched YouTube videos on how scammers work, learned the risk management framework from CSF 2.0, conducted a phishing exercise on their friends (and they all failed), learned binary and ASCII, and then scratched the surface on one of my favorite topics, cryptography.
We started with a secret decoder ring, watched the video on the Enigma and then built our own enigma simulators from 3D printed parts that my son graciously provided to the class.
Being designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations (regardless of their degree of cybersecurity sophistication), Cybersecurity Framework (CSF) 2.0 is the tool for you. It outlines key items for organizational and management priorities as well as technical considerations for secure implementation.
CSF 2.0 identifies a complete framework in just 32 pages, and recommends 108 essential controls. Imagine this: you can implement just 2 controls per week and change your security posture from a slouch into a rigid attention.
Once you realize that it is not an unsurmountable challenge, you can start the trip on your road to a secure future.
This workshop will guide participants though navigation of the CSF 2.0 spreadsheet to create their own Top-10 list of goals using the leader’s methodology for identifying and ranking the priorities among the 108 goals.
Implementing a Classroom Based College Cybersecurity Internship
Lucy Tyrteos
We have just completed the second summer of a classroom-based internship sponsored by the Minority Serving Institutions Partnership Program (MSIPP) at Department of Energy, Savannah River Site in Aiken, SC. A goal of MSIPP is to encourage students from over 500 universities nationwide with significant underrepresented populations to gain the skills needed for employment in the system of DOE National Labs or operating contractors, Federal Government, or graduate school.
The classroom-based program at USC Aiken, and includes numerous interactions with cybersecurity entities in the Aiken-Augusta area. In addition to classroom time, students take field trips, engage in projects, study for certifications, and perform case studies in their field. Students are paid and live in provided housing, and receive 12 transferrable college credits.
This presentation will discuss the experiences of a former intern-turned Teaching Assistant and how a classroom-based internship can be more beneficial than an on-the-job internship and how we plan to expand the program in 2025.
We completed the program at the end of July with a presentation to the Aiken Rotary Club. The topic was Protecting Your Personal and Online Privacy.
Read the writeup at the University website.
https://www.usca.edu/news/2024/cyber-interns-educate-aiken-rotary-on-data-safety
The National Institute of Standards and Technology (NIST) released the final version of the Cybersecurity Framework (CSF) 2.0 on February 26, 2024. While the gold-standard in Federal Agency Cybersecurity is the onerous and complex NIST SP 800-53A Rev5 (Assessing Security and Privacy Controls in Information Systems and Organizations), the CSF is aimed at helping ALL organizations to manage and reduce risks.
CSF 2.0 boils the 733 pages of NIST 800-53 down to just 32 pages (plus some appendices), and the 287 NIST Moderate controls down to just 108 essential controls. Imagine this: you can implement just 2 controls per week and change your security posture from a slouch into a rigid attention.
Be prepared for the inevitable wave of growing risks and threats invading our businesses, governments, and personal IT infrastructures. It is cliché, but true, it’s not “If” but “When”.
Use the easy-to-navigate websites and online documents to get familiar with the scope and the quick start guides. Once you realize that it is not an unsurmountable challenge, select a preconfigured “community or small business profile”, and start the trip on your road to a secure future.
The Four Books that every cyber security expert should read
Can you be a cyber security expert without knowing the fundamentals and history of cybersecurity?
What will be the next life changing event in Cybersecurity? Will you be able to help prevent it or will you be the one to help clean up afterwards?
The cyber wars started 50 years ago and who knows how it will end?
Have all the easy problems in Cyber been solved and the next generation will be faced with an onslaught of Unknown Unknowns?
Others faced the unknowns and they succeeded. Will you be ready?
These four non-technical books (plus a Bonus Pamphlet) might make you reconsider your heavy reliance on technology and recognize the basic principles employed by those that came before you and ponder the hypothesized future.
.. NBS/ACM 1974 Executive Guide to Computer Security. (Bonus Pamphlet)
1. The Cuckoo’s Egg. The true adventure of Cliff Stoll creating forensics and cybersecurity infrastructure on the fly and from scratch in the 1980s
2. The Hut Six Story: Breaking the Enigma Codes. What happened at Bletchley Park by one of the co-inventors of traffic analysis.
3. The Fifth Domain by Richard A. Clarke. An outline for how to defend our national infrastructure and online economy from an attack, written from the perspective of using military defense strategies.
4. One Second After. What the world might look like the first year after an attack on our national infrastructure and online economy.