Cyber Security: Offensive Mindset - Exhibition
Introduction
That’s a wrap on Midas Summer Studio 2019.
Today all the studios have official ended and all the students showcased what they have worked on during the February session. The expo started at 1pm in room 11.5.101 for our studio showcase and approximately ended at 4:00pm. It was highly encouraged to seek and learn from other students what they did their studios.
Everyone during the studio presented a snippet of their experience of Cyber Security to students, academic leaders and subject staff from other studios. It was a great opportunitiy to be able to learn Cyber Security and share my passion with everyone else.
Planning
We planned our presentation on microsoft team’s kanban board to overview the order of topics. Unfortunately, this did not follow through like we thought as it was much better if we focused and learnt the key points of about security to help us better engage with our audiences at a high level.
Screenshot of Microsoft Team’s Kanban Board
Sumary of the Exhibition
My presentatation was a co-joint effort between me and another student, Max Caminer. The idea of our expo was showing ‘What is cyber?’ to people whom may not know what information security is about. We divided the presentation into 6 sections: introduction to cyber, highlights, lowlights, insights, live demonstration and conclusion to cyber.
Introduction - What is cyber?
Thanks you for coming to our studio expo.
Our studio is all about cyber security developing an offensive mindset.
This presentation will explore our experiences of this studio and will we show a demo why cyber security should be important to everyone.
So, what is cyber?
Cyber is encompasses many aspects of the securing technology.
The studio promotes learning aspects of red and blue team of the industry. Red team focuses on learning web application penetration testing and reverse engineering, while blue team revolved around mitigation and finding solutions to problems.
In addition, we undertook web development lessons to showcase our progress throughout the studio.
Highlights - What did we like about cyber?
This studio has been extremely challenging however was highly rewarding when you succeed. This 4-week bootcamp has been beneficial for myself to develop my technicals skills at a greater pace than normal. In addition, this subject is creditable and will be displayed on my academic transcript. As a software engineer who does is not taking any networking subjects this will help my employers see my initiative and progress learning cyber security for years to come.
Although have some experience participating apart of the Cyber Security Society and the Cyber Challenge Australia ((CySCA) I have little to no knowledge to able to break boxes involving penetration. It was challenging to get user priviledge and root access but to achieve this feat has been very satisfying.
Lowlights - What did we struggle with?
As challenging this studio can be this was only possible due to amount of lack sleep sacraficed to progressive learn and keep at a pace with studio outlines. Quite new to some of the tools it became frustration to find fixes to problems you have never encountered before or do not know how to approach them. This was evident in sprint 1 and 2 where my static website will not correctly display the style of the .css file correctly resulting in graphic interfacing errors and unable to locate the certain files.
This was eventually solved through asking other students whom have web development knowledge but unable to solve this issue makes me aware how incompetent I can be to effectively find solutions efficiently and quickly.
Insights - What was exciting to know?
Awareness of Cyber
Sprint 2 deliverable explored the blue team aspects of cyber security researching and finding vulnerabilites. A popular modern technique to solve finding and fixing vulnerabilities are through bug platform form like BugCrowd or HackerOne whom awards individuals for help them identify vulnerabilites. This includes writing extensive reports for vulns and accepting policies, guidelines and responsible disclosures to mitigate the finiancial risk of a bug.
Although the awareness and importance of cyber security in the industry is grabbing the attentions of big organisations, the users of these systems are not knowlegable enough to fix these systems themselves. This requires extensive training and creating new programs to educate users from a young age such as learning a computer for the first time in primary school. This allows future generations to be mindful of knowing how to protect themselves and the future generations to come.
Industrial Professional Talks
We are extremely fortunate to have industrial professionals from GitLab, Deloitte and Symantec to present their passion and career in the cyber security community. The information they provided were extrememly valuable and will be used to help our further pursue our own career, whether in maybe in the security world or IT related.
Transparency and safe learning environment
Comparing between this new format of a subject to a traditional 12-week semester subject, I value the transparency of the academic leaders that they have provided to disposal. The 4-week bootcamp-like-subject allow me to grow at an exponential rate due to high engagement levels between students and studio tutors.
Live demonstration
Recorded video of the live demonstration.
Conclusion - What do cyber?
The main aspect of cyber security is about practicing safe policies and guidelines that help organisations or individuals reduce the impact of a vulnerability through any exploit. Only through this we can build trust and reputation between people to secure their digital data. In an era where technology is advancing at an exponential rate as users of modern devices such as smart phones and computers we need to understand the fundamentals of the internet to protect your future self from risk.
Group photo of everyone and I watching Brendon and Cameron's Presentation
Conclusion
The exhibiton of our studio was a bit awkward you had to man your station at all times to present your project while encouraged to look at other student projects from the other studios. However excluding this issue, presentating our experiences of the studio and our drive for cyber security made this exhibition extremely fun to share. It was great to interact with other students and tutors whom may not know much about cyber security but have definately left with a new discovery after we showed them our time during the studio. I also made my way down to the other studios and learnt about all the interesting projects that students have completed. One of my favourite was from the IoT studio where a particular student created a IoT that allows students to monitor traffic of the FLP (Faculty Learning Precint). Using a sensor install on all the seats, a student can look on their phone how many seats are available.
Although I will not be able to take another Summer Studio due to the current remaining free credits in my study planner, I highly recommend anyone to join any of these studios as they extremely engaging and rewarding.
A fun timelapse of the Cyber Security Studio in room 11.5.101. Filmed and edited by me.