Cybersecurityin Action

A Holistic Approach to Cybersecurity CurriculumVickie McLain

Cybersecurity Workforce Education Grant (NSA)

S-004-2017

1.2.1. Integration of hands-on learning experiences into cybersecurity curriculum.

This grant was for “the purpose of integrating hands-on experiences into cybersecurity curriculum. Since it’s primarily focused on growth and professionalism of the nation’s cybersecurity workforce, proposals supporting this initiative should contribute to a student’s ability to apply knowledge to cybersecurity practice”

2

What can you do to help students learn cybersecurity?

What are students going to be doing in their job?

Isn’t that what students need to learn how to do?

What is the best way to help them learn job skills?

What is the best way to help them learn anything?

3

5

Old Style My Style Tests Learning irrelevant information Memorization Teach tools

Performance Learning what students at least have a possibility of

using in their future career Learning terminology because you are using the

things you are talking about Use tools in their natural environment

Personal Educational PhilosophyI am often told I “think outside the box”. I’m pretty sure that not only was I never thinking in a box, I was never even close to one.

My Observations• Being brilliant does not ensure that you will be successful or even a good worker.• Having a photographic memory does not ensure you understand what you are memorizing or that

you could use it.• Figuring out how to be successful on tests, does not mean you are the most prepared person to

enter the workforce.• It’s more important to have a good work ethic, communication and troubleshooting skills.

6

You can see an animal in a cage, but the choices, behavior and capabilities of the animal will be completely different in the wild.

Students learn tools, but when faced with a situation where there are no steps or rules it takes them a long time to decide which tool would be appropriate.

Thoughts on Tools

It’s like a zoo.

7

Are they going to be doing these things when they take a professional cybersecurity position?

What was most valuable to you in really learning cybersecurity skills?

Typical Current Student WorkTestsLabsAssignmentsWorksheetsMemorizationCrossword puzzles

8

Internship Apprenticeship Entry level jobs Competitions like Collegiate Cyber

Defense and Cyber Patriot that simulate working in a business

One Word“Experience”

How can you actually get experience when still in college?

Unfortunately, not all the students are able to compete and internships/jobs are usually at the end of their education and not available in all locations.

Let’s put them to work!Cybersecurity on the job…..at school

Finance – Exploit Bank Healthcare – Hackistan Regional Hospital Government – Hackistan Manufacturing – Cyber Flash Transportation – Aircrack Airlines Education – Hackster High School and

Crypto College Red Team- Sophomore hackers and

penetration testers9

Room Layout

11

Our Equipment

Students manage servers, firewalls, wireless access points, switches and routers for whichever organization that hires them.

12

13

September – Got the grant signed 3x, funds deposited in appropriate cost centers. Finish plans and got equipment requoted.

October – Finalized room layout plans, got necessary permits, ordered equipment, started construction on rooms

November- Wiring. Yes, it took them six weeks to do this, because they needed to install an additional piece of equipment for the entire building. Unknown to us, adding this maxed out the current building electrical capacity

December – Carpentry was able to finish in December and we were finally able to install some of our equipment. However, we discovered they had installed the wrong type of receptacles for our UPS units – so that all had to be rewired. And we have winter break until Mid January, when we theoretically don’t work.

Timeline

September 15, 2017 – September 15, 2018

14

15

January – Faculty and student workers installed all the equipment. We used Trello to keep track of everyone’s duties.

February – Software, OS’s and services were all installed. Students were able to start using the space. Curriculum and projects were used for the space.

March – All of the technical work was supposed to be finished in March.

April – Student workers finish writing manuals and directions for equipment.

May – Finished cleanup and working on signs June – GenCyber campers were able to use the space and

get hacked! July – Sept – Finish curriculum and manuals

Timeline Continued

Electrical was finally finished…at the end of January.

16

Timeline Issues

We only had two issues. The first was that we had no way of knowing that our building electrical was almost maxed out and that we would have to wait for a new bigger building unit to be installed.

The second issue was that we would qualify for the Midwest Wildcard Competition and our entire workforce would need to be involved in competition.

Student Reaction

17

I took them to the new space for class in the morning and when I went to check with student workers at 5 almost the entire class was still there because they liked it so much!

“Everything makes sense to me now”.

“I feel like I can finally try some of the things I’ve learned”.

“I’m able to try to make changes to a business and make mistakes, without worrying about getting fired!”

18

Classes

Computer Support – Interview assignment, teamwork, computer repair Computer Security – Risk assessment, incident

response Cisco – Cisco networking with network

hardware Network Forensics – Forensics cases Web programming – Make websites for

businesses Unix – Manage Unix web servers A+ Software – Install and configure OS’s,

setup antivirus and backups

Curriculum

How is it being used?

19

They needed to write a job description for a job in the NIST document, a resume they could use to apply to one of our available jobs and then interview their classmates for a job in a particular sector

Submit a job description that can be used for a business in our CNAP lab (finance, healthcare, transportation, government, education). Use the description of KSA's you can find in the NIST documentation in the Content section. Write your resume so that it shows all your knowledge and abilities that would make you appropriate for the job and submit the resume.

Computer Support Interview Project

Instructor assigns students to a “workplace” and list of available jobs from NIST SP 800 - 181

20

Conduct an inventory of your business Map your network Develop a risk assessment for your business Create policies that your business must adhere to Research all applicable laws for your business and make sure your

business is in compliance

Welcome to Your New Workplace

You have been assigned your job roles. Now you need to have a look at your network.These are the first tasks you are assigned at your new workplace.Make a network map for your organization.Make a list of regulations and policies you will need to follow in your organization.Login to your equipment and make a list of your vulnerabilities.

Computer Security Projects

They just have been hired by a business. The only information they get are the passwords … or at least most of them.

21

Assets, Threats, Vulnerabilities and Risk

Asset identification - Identify the assets in your organization using a spreadsheet. Include appropriate information about assets such a price, serial number, etc.

Threat evaluation - Complete a threat evaluation for your organization. Identify potential threats and their potential impact.

Attack tree - Design an attack tree for your organization Vulnerability appraisal – List the vulnerabilities your organization has Risk assessment – Score your risks using a scale you create Risk mitigation plan – Determine how you will handle your risk

Computer Security continued

It didn’t take them long to figure out they had more vulnerabilities than assets.

22

Physical – They can just walk into the “business” and connect Hak5 tools, place flash drives etc.

Hak5 Tools – Using Rubber Ducky, Packet Squirrel, WifiPineapple, LAN Turtle and Bash Bunny

Software Exploits – Kali Linux and Metasploit

Red Team

Sophomore hackers and penetration testers

23

Curriculum ModulesContent tailored to the business

24

Services

25

There will always be new software and services that can be added to the organizations.

Students will need to decide which version of software or what type of software is the best fit for their organization. They will need to install it and secure it.

If things break, they will need to fix them.

Students will need to research and keep up to date on the newest policies and laws that apply to their organization.

There is no end to the project, because things keep changing and will need to be added or changed.

Services are added continuouslyJust like in real life…

26

Infrastructure Manufacturing Healthcare

- Monitoring – Icinga -Website – Ecommerce site via Joomla Website - Wordpress- Backups – Duplicati -Network Storage – Samba, SCP/SFTP Management- AMPPS- Email – iRedMail -Customer Relationship Management (CRM)/ERP - Dolibar Patient Management-- Logging – Splunk -CAD Workstation – OpenSCAD on Fedora HospitalRun

Education Transportation Red Team-Website – Drupal -Order processing - WordPress Hak5 tools-Web learning - Moodle -Fleet Tracking – OpenGTS Kali Linux-Web Docs – HackMD Metasploit

GovernmentFinance -Accounting software – GNU Cash-Website – Wordpress blog -Archiving/Digital Preservation - WAIL-Stock and Asset Data – Price Tracker -Communications - Text communications service

-Website - DokuWiki

Services For Organizations

27

Vision1. Freshman write job descriptions and

resumes, then interview for “jobs”2. They install OS’s, software and

troubleshoot their “workplace”.3. Second semester freshman start network

mapping, risk assessment and asset inventories. They run day to day operations. Programming students design and troubleshoot websites.

4. Sophomores monitor their workplace network, as well as having network forensics cases. They optimize the firewalls and make ACL’s, as well as use a IDS/IPS. Near the end of the semester, they get to hack the freshman. Hopefully they have made a backup!

5. Second semester sophomores practice their Ethical Hacking skills on freshman. They can create databases for the organizations.

6. Student organizations will need to find a way to work with the telecommuters (online students).

28

Computer Support repair area GenCyber camp slice of reality CyberPatriot teams can try their skills Cisco networking lab

And Extras

The space is has additional uses.

29

The best part about this project

It helps students find and develop a passion for cybersecurity!

THANKYOU!

Vickie McLain

Phone218-733-7763

Emailv.mclain@lsc.edu