A few weeks ago I took part in the Cyber Summit in Fredericton. My day started off at 5:30am so I could catch the bus to Fredericton. At about 8:30am I arrived at the Summit. It was held in a large room with round tables, a few podiums, and some screens. We got there when hosts were saying their opening remarks, and NB Power announced their new Internship program.
After the opening remarks the room was split in half, one half was Cyber Patriot and the other half were just students who wanted to attend the conference. I was one of the students who wanted to attend. Our half of the room started off with a Big Data workshop. I learned what big data is and its importance. The people presenting also gave a small demo on how you can collect data from Twitter to see what people are talking about.
Next up they gave us a small nutrition break where we could stretch out legs, and talk to some people with booths. Personally I started with NB Power and asked a few questions. Then I spoke to a few universities that were being represented there finishing up and prepared for the next workshop.
The next workshop was a lot more hands on then the Big data one was. We were programming LED's with Arduinos, which was pretty easy, but still pretty fun. We had to place wires into the correct spots on the bread board and make two LED's blink at different speeds. In the end a student beside me actually had managed to program a RGB LED to flash in many different colours. The workshop ended pretty fast and it was lunch time. Our lunches were boxed lunches provided by the event. Mine was a veggie rap with some cheese and crackers.
After lunch there was a panel with 5 or 6 people in it. I can't remember everyone but I know Jamie Rees from NB Power as well as Dennis Ryan from Bullet Proof solutions were there. People asked questions and they answered, as well as Bulletproof announced a internship program. This panel was quite informative and I feel It helped me strengthen my understanding of Cybersecurity.
The last event of the day was pitching ideas for a book. The idea was a children's novel for school students to teach them about cyber security at a young age. We had a professional artist in so we could mull over ideas with him. I found that was a fun activity, but didn't really help out with my understanding of Cybersecuity. Our group had to leave before we finished however and left the other groups to finish it up.
On February 1st in the evening I was hit with some bad news. The CISSP exam that I had been studying for 8 months was now going to change. (ISC)2 released the information that on April 15th 2018 the exam would be based off a new blueprint, and the study material would be changing. This was bad news for me as before now we had planned to take my exam in June. Our first reaction was "Well let's keep going, and get the new material when it comes out." Which would have been fine, however my mentor told me that the new content takes months to actually come out, and I may have graduated before I ever I had the new material. So now instead we have pushed up my exam time. it went from June, to early in April. Now I need to work harder, and study more than i have before, but I am still ready, and determined to get that certification. I publish this blog just before taking the CISSP exam. My next blog will reflect on the exam process and my results.
Before I can Walk the Walk I was asked to Talk the Talk! Here's my presentation at BSides Fredericton in late November 2017. It was an update on progress so far and my goals for the future.
Let me start by saying that the organizers of the first ever BSides Cybersecurity Conference in Fredericton, New Brunswick are all class! Two gentlemen from local company Bulletproof and another experienced professional from NB Power executed a vision for a sharing conference that was well attended and kept a serious topic like cybersecurity fun and inviting even for those not directly in the industry. I had the pleasure of being a chauffeur and chaperone for Liam as he presented his experience in K-12 New Brunswick Cybersecurity Education for the first time. The following is a brief recap of the event from my teacher perspective and as a cybersecurity enthusiast and advocate.
After arriving at the hotel which covered two rooms from a tech award I received the previous year, Liam and I had local pizza delivered and then headed out to visit the venue. When we entered the hotel conference space Liam recognized Curtis (The Organizer) from Bulletproof and his colleague and supervisor setting up the venue. These two professionals spent nearly an hour chatting with Liam and sharing industry tales and hobby adventures. This in my opinion was the first time that a career in cybersecurity became real for Liam. These experienced Bulletproof staff members were both encouraging and inspirational in their dialogue focussed on aspects of cybersecurity and the training necessary to join the field. By the time the venue was locked for the night I sensed Liam was as sure as ever that these gentlemen represented exactly where he saw himself in short order. Liam headed to his room to practice his presentation and rest before the big day.
The conference started early and Liam was spooked by the suits and ties entering the venue. He must have felt under dressed for the event until the attendees who were not executives arrived. That's the beauty of BSides as it brings together company leaders, thought leaders and those who get the job done daily. The cybersecurity experience and talent in the room by 9am was impressive. The first presentation was from GNB and addressed cybersecurity from an accounting framework which seemed very logical and was digestible by those of us not in the industry. Liam then presented his experience in New Brunswick education both in personalized learning and cybersecurity education. His talk highlighted his past successes and passions, current efforts and future goals with some humour and example media included. He was followed by a tremendous presentation about using Honey Pots as a proactive cybersecurity method designed to gather intelligence that could be used by the industry to better protect data. You could tell as an outsider that these speakers were respected and valued by the audience. CyberNB also gave a welcome to the event that morning and I must personally thank them for covering the cost of my guest teacher for the day allowing this to happen. Sometimes that is what's needed to inspire years of cybersecurity effort in our K-12 schools.
After a wonderful lunch the heavy topic of machine learning in antivirus detection and cybersecurity added to the wealth of knowledge sharing and there was a cool talk about sparking engagement in cybersecurity and how that might happen best. Liam and I had had a full day and yet there was a long drive home ahead of us. We ducked out but not before I won a door prize called a Bash Bunny. To quiet the distaste of a non-industry winner I quickly handed off the tool to Liam and told him he could have it only if he would never use it against myself or CRHS or NBED. Deal! I'm so pleased I got to go to this event and though only a part of the $600 cost was covered I feel it is money well invested in personalized learning and thank those who helped wholeheartedly.
On Tuesday November 21st I had the opportunity to speak at the first annual BSides at Fredericton NB. BSides is a annual Cybersecurity conference, this particular one was run by Curtis Slade, an employee at Bulletproof aka the company that is doing the virtual Co-op. This event had multiple speakers from many companies, all with the goal of sharing the latest In Cybersecurity. In my case I was sharing educational experiences in cybersecurity.
Because this event was far away from where I live Mr. Kelly and I drove in the night before, and got a hotel. We had some pizza, ran over my presentation once or twice, but the best part of the evening was when we went down to the ballroom that BSides was held in and had the opportunity to meet Curtis Slade and Peter MacPherson. Peter MacPherson is the director of the security operations centre (SOC) at Bulletproof. Meeting him was amazing, he spoke about his different experiences, his hobbies relating to cybersecurity, and some of his tech. Hearing him talk about his experiences really energized me and it was inspiring me to try out some hacking.
The next day was BSides. I went down in the morning before Mr. Kelly, I found this frightening as I didn't know anyone there, I was the youngest person there and I have no real experience in cybersecurity. I had no idea how to talk to the people and I was really under dressed. I showed up wearing a Black T-Shirt and jeans and the room I walked into was full of men in suits and ties. I learned later that the way someone dresses doesn't necessarily represent the role they play in an organization.
After what felt like forever the Opening remarks started, then it was time for the speakers. First up was Rick Roulette, to be honest i don't overly remember what he was talking about, I was pretty nervous as I was scheduled after him. Once he was done I was up, I was pretty nervous. Of the 20 minutes i had available to me I probably only spent ten.
Next up was Peter Morin, and his presentation was about honey pots. Honey pots are essentially fake servers you mix in with your real ones, but they are left vulnerable. They are used to lure a malicious hacker in. They help alert the security team of their presence and will allow the security team to watch to see how they are attacking. This information can then be used to further security in the other servers. It's like having a second house meant for someone to break into so you know there's a bugler, and you can figure out the best way to prevent them from entering your real house.
. After Peter there was a lunch, It was soup and sandwiches, with cakes for dessert, however the bonding with the people there was much more valuable than the food. I got to meet more people in the cybersecurity profession, and grow my knowledge. After lunch they started to pull for prizes, there was Penetration testing tools made by hak5, and a few Raspberry Pi's, and a drone. I think there was more but I wasn't around for when they got drawn. I never actually won anything, but Mr.Kelly did, he won a Bash Bunny (more info here -www.hak5.org/gear/bash-bunny- ). Before I left we also listened to Sylvain Dumas, he spoke about machine learning, but we didn't have time to listen to the last one, and went home instead. It was a great experience, and if you are into cyber security I definitely recommend Bsides.
Last Friday, November 3 The Cyber Patriot team had its first round in the Cyber Patriot X Challenge as part of Cyber Titan. For those of you who don't know, the Cyber Patriot Challenge is a competition where teams of students are given badly corrupted operating systems and it is their job to correct them. Teams are made of up of 4 students and a coach. To actually do the competition, we use virtual machines, which allow you to essentially run a second computer from your regular desktop, We were using a software called VMware. Once the virtual machine is opened the clock starts ticking and you have to find as many security issues as you can in 6 hours. A simple Read Me file guides your team through the overall problem but rarely helps locate the specific corruptions. Forensics questions are also embedded making this more than a scavenger hunt.
The timer started at 9 am EST; we had to wait until 10am due to our Atlantic Time Zone. This was actually helpful as it gave us time to prepare for what was to come. Ten o'clock hit and we got the email giving us our passwords and any other tools we needed before starting. First we booted up the Linux image, then the Windows 7. We had one team member in charge of Linux, 2 in charge of Windows, and I worked on the Cisco Networking part of the challenge.
It started off quite well, Windows and Linux were getting points left and right, changing passwords, weeding out unwanted users, checking for updates, and much more. While overseeing those systems, my additional task was to do a quiz on networking. I had about two days experience before hand so most of the test was answered based on life experience and my current understandings. I finished with a score of 39.15 out of 50 and earned my team 20.5 out of the 22 points for Cisco Networking.
We worked until lunch, when our coach did something amazing, and showed up with pizza. In my opinion there is nothing better than pizza after a long time working. After pizza we got back to it. After you find the initial issues it gets more difficult to find the well hidden problems. As a team we fought hard and finished with about 150pts of the possible 220 in round 1. Round two happens December 8th!
I have been at work for the past few weeks, and I have gotten through the first few chapters (Page 151 to be exact) of my Official (ISC)2 Guide to the CISSP CBK. These chapters are about Security and Risk Management, which is domain 1 of the 8 domains in CISSP.
The first topic it talked about was the CIA triad. CIA stands for Confidentiality, integrity, and Accessibility, These three are rather self explanatory but are very important and will be used later, so its important to know about them. After the CIA triad it went to Security Governance, this was more complex, but it basically was talking about what someone in the role of a CISSP and what their role and responsibilities are when it comes to the Governance of security. Over all the content of the book isn't hard to understand, and I believe that anyone with dedication will be able to read, and understand its content. I still have much more to learn from it though, as I have only made it to page 151 out of over 1000 pages. Reading is an essential skill for this program!
If you thought a student ambitious enough to attempt CISSP certification in high school would take his time starting you'd be wrong! Liam is unlike most teenagers as his eyes are focussed directly on the goal of obtaining enough experience and certification to enter the cybersecurity workforce directly out of grade 12. It has been done successfully in markets such as San Antonio so why not New Brunswick? Why not Caledonia Regional High School? Why not Liam?
Using Microsoft's Touch Develop software Liam set his mind to coding cryptography programs. He first successfully coded an encryption program for which only he knew the key. He found this task to be a breeze and immediately started coding the decryption program for his encryption program. It should be noted that Liam decided to do this when the first communications with Bullet Proof Solutions in his Virtual Cooperative Program were delayed. This was not an assignment but rather independent effort to understand cryptography better by doing.
Liam is working with Bullet Proof Solutions out of Fredericton New Brunswick. He has 2 hours every day of this school year to study CISSP certification training materials, work on authentic tasks and communicate with real professional in the industry. It is expected that Liam will find his way to a few conferences this year to talk about his experience in New Brunswick’s K-12 cybersecurity education system.
My final High School year has begun!
This Year I have taken up the challenge
of learning Cybersecurity through a
Virtual Coop-Ed course with a company
called Bullet Proof Solutions.
My goals this year are to graduate with enough certification to be employed
in the field of cybersecurity and to be hired as soon as possible. Right now I know very little in the field of cybersecurity, but I feel with the aid of Bullet Proof Solutions' mentors I will be able to achieve my goals. Both the experience and over 350 hours of dedicated grade 12 time will prove very beneficial in supporting my goals.
Over the summer I have used several online tutorials and resources to help me prepare for this years challenges, I also read the Official (ISC) ² Guide to The CISSP CBK. These resources (Even though some ended up being more complicated than I could handle) have been very beneficial to my goals.