Author: Barry Hudson

Another summer is coming and I get to put on my teaching hat again. USCA will be hosting students in a summer class-room based cyber program again. But due to funding cuts, we will not hold the usual four-course residential program. We will be hosting two 2-week classroom-based bootcamps from June 8 to July 2.

For the first session, we have enrolled 18 local and nearby students in a free 2-week bootcamp with the goal of teaching the material and paying for the ISC2 Certified in Cybersecurity and CompTIA Security+ exams. Acceptance was based on a brief essay expressing their goals, rather than hard prerequisites. As a result, I have 13 students from 5 universities, 3 high schoolers, and two non-traditional students. Some students have 2-3 years of experience in SOC or field work, some are members of Cyber Competition Teams, and others are just curious about the profession.

I envision a conversation-based experience where we debate scenarios, learn from each-others’ ideas and perspectives, host guest speakers, a CTF, and (unfortunately) cover over 400 PowerPoint slides. The course includes practice tests and an ebook. I also have a “fishbowl” of 120 questions that I will pose to get the conversations and tabletop exercises started. And of course, my war stories from 20+ years in IT and Cyber. (Like what do you do with an iPhone you find in a bathroom stall).

The second 2-week class is the EC-Council Digital Forensics Essentials (DFE) class with certification exam. Taught by my friend Ernest Momoh MBA, CISSP, CISM . Ten of the students from Session 1 will attend.

Looking forward to a great month of June.

Cyber Encryption: A Hands-On Experience

Recommended for everyone, especially students and educators. This is a fun workshop demonstrating the basic concepts of simple encryption (using a secret decoder ring). This introduction will show how these concepts are used to create the complex encryption methods that (when properly implemented) can assure online privacy, confidentiality, data integrity, and non-repudiation. 

September 20th was USC Aiken science education and STEM day. This is a Fall tradition for 40 years at the University and has grown from 10 tables at the Ruth Patrick science Center to over 70 exhibits all over campus.

With the help of an Aiken high School volunteer, Logan, I staffed the exhibit for CYBESEC while Thomas Scott ran a booth for the University science and engineering and cybersecurity awareness programs.

Our booth used a really neat device called Makey Makey and a program called Apple Piano that allows you to connect apples as triggers for your keyboard demonstrating the difference between a conductor and an insulator, and how to complete a circuit.

We made over 100 presentations to almost 400 people during the 5-Hour event. While this is geared towards elementary and Middle School students, the parents seemed just as excited to learn about how your body and other items are conductors while wood and plastic are not.

It was particularly rewarding to do the demo for one group of children and then another group would come up and they would demonstrate to the new kids what they had just learned.

The parents were also thrilled to see vintage computer parts and explain to their children how they used to have to save data on floppy disks and the computer screens only had words, but no pictures.

A NIST Cybersecurity Framework for Everyone: Presenting CSF 2.0

Here are the slides and an annotated copy of the NIST CSF 2.0 in spreadsheet format.

It’s been another busy summer with the DOE cyber workforce development program. I had nine of the most outstanding students I have ever taught. This is like a dream team classroom. Despite being from seven different states from all over the country they have bonded like a cohesive team and are hungry to learn, and I have plenty to feed them.

The first course was introduction to cybersecurity, and I used most of the core material for the ISC2 Certified in Cybersecurity course, supplemented with numerous work experience stories and an extra focus on NIST documents and working in the federal environment.

At the end of the first class all nine students took the ISC2 CC exam and far exceeded the 50% national average pass rate. The students also built their 3-d printed enigmas.

At the end of July, we wound down in our 10-week program that consists of four cybersecurity classroom courses as well as numerous field trips and lab exercises. We made our way around Aiken, ate out together a few times, did a cyber audit for a small insurance company in town, had guest speakers on OT, heard from one who had experienced disaster recovery, our annual cyber Jeopardy with CIOs from SRS, and the women in cyber panel.

The students presented summaries of their work and experience in a poster session to over 100 colleagues at the end of the summer. Their two posters, entitled “Behind the Breaches” from Intro. to Cybersecurity, and “Hack, Trace and Testify” from Digital Forensics were well received and demonstrates their thorough understanding of the material in the real world.

I am pleased that my students are leaving Aiken this Summer with a certification as well as familiarity with NIST 800-53 and CSF 2.0. I am so happy to see these capable people are going to replace all of us old folks in cyber security. I’m glad I’m retired, because I wouldn’t want to be looking over my shoulder for competition from this young bunch of folks.

I want to thank SRNS IT/Cyber for hosting a Capture the Flag for my interns. Also, over a dozen other professionals from SRS, military, local businesses, and former students are contributing to the enrichment and encouragement of my current students. I cannot emphasize enough how these acts of kindness are remembered by my students, even years later. You can change the cyber and IT world, one person at a time. Read more about our program at

https://www.usca.edu/news/2024/cyber-interns-educate-aiken-rotary-on-data-safety

Well it’s another summer in my retirement and I seem to be teaching classes every time I turn around.

In addition to DOE workforce development internship, I was offered the chance to share teaching a week-long summer camp with Thomas Scott for high school students at the Ruth Patrick science Center at the University of South Carolina Aiken.

The Ruth Patrick Center is a hidden gem in Aiken. here’s more about their camps If you’ve never been to the planetarium or seen telescope you are missing something great. Dr. Gary Senn is an unbelievably creative and dedicated educator.

https://www.usca.edu/rpsec/departments/student-programs/summer-programs/discovery-camps/

Over the five six-hour classes, we covered a wide range of IT and cybersecurity topics. We watched YouTube videos on how scammers work, learned the risk management framework from CSF 2.0, conducted a phishing exercise on their friends (and they all failed), learned binary and ASCII, and then scratched the surface on one of my favorite topics, cryptography.

We started with a secret decoder ring, watched the video on the Enigma and then built our own enigma simulators from 3D printed parts that my son graciously provided to the class.

A NIST Cyber Framework for Everyone. Presenting CSF 2.0

Being designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations (regardless of their degree of cybersecurity sophistication), Cybersecurity Framework (CSF) 2.0 is the tool for you. It outlines key items for organizational and management priorities as well as technical considerations for secure implementation.

CSF 2.0 identifies a complete framework in just 32 pages, and recommends 108 essential controls. Imagine this: you can implement just 2 controls per week and change your security posture from a slouch into a rigid attention.
Once you realize that it is not an unsurmountable challenge, you can start the trip on your road to a secure future.

This workshop will guide participants though navigation of the CSF 2.0 spreadsheet to create their own Top-10 list of goals using the leader’s methodology for identifying and ranking the priorities among the 108 goals.

Implementing a Classroom Based College Cybersecurity Internship

Lucy Tyrteos

We have just completed the second summer of a classroom-based internship sponsored by the Minority Serving Institutions Partnership Program (MSIPP) at Department of Energy, Savannah River Site in Aiken, SC. A goal of MSIPP is to encourage students from over 500 universities nationwide with significant underrepresented populations to gain the skills needed for employment in the system of DOE National Labs or operating contractors, Federal Government, or graduate school.

The classroom-based program at USC Aiken, and includes numerous interactions with cybersecurity entities in the Aiken-Augusta area.  In addition to classroom time, students take field trips, engage in projects, study for certifications, and perform case studies in their field.  Students are paid and live in provided housing, and receive 12 transferrable college credits.

This presentation will discuss the experiences of a former intern-turned Teaching Assistant and how a classroom-based internship can be more beneficial than an on-the-job internship and how we plan to expand the program in 2025.

We completed the program at the end of July with a presentation to the Aiken Rotary Club. The topic was Protecting Your Personal and Online Privacy.

Read the writeup at the University website.

https://www.usca.edu/news/2024/cyber-interns-educate-aiken-rotary-on-data-safety

Presentation to Secure Carolinas Conference 2024 (10/9/2024)

Presentation to CyberSC Lunch and Learn Webinar (12/17/2024)

The National Institute of Standards and Technology (NIST) released the final version of the Cybersecurity Framework (CSF) 2.0 on February 26, 2024. While the gold-standard in Federal Agency Cybersecurity is the onerous and complex NIST SP 800-53A Rev5 (Assessing Security and Privacy Controls in Information Systems and Organizations), the CSF is aimed at helping ALL organizations to manage and reduce risks.

CSF 2.0 boils the 733 pages of NIST 800-53 down to just 32 pages (plus some appendices), and the 287 NIST Moderate controls down to just 108 essential controls. Imagine this: you can implement just 2 controls per week and change your security posture from a slouch into a rigid attention.

Be prepared for the inevitable wave of growing risks and threats invading our businesses, governments, and personal IT infrastructures. It is cliché, but true, it’s not “If” but “When”.

Use the easy-to-navigate websites and online documents to get familiar with the scope and the quick start guides. Once you realize that it is not an unsurmountable challenge, select a preconfigured “community or small business profile”, and start the trip on your road to a secure future.