Cybersecurity Club: 101 From Inception to Installment

and Beyond Dustin Gardner and Vitaly Ford (Tennessee Tech University)

Kelly Luk and Lindsay Hefton (Texas A&M University)

WiCyS 2016

Who Are We?

• Dustin Gardner

• President of the CyberEagles club

• Vitaly Ford

• One of the founders and Vice President of the CyberEagles Club

• Kelly Luk

• Representative of the club (member)

• Lindsay Hefton

• Vice President

2

What’s on the Plate?

• Ideas on how to create a club

• Ideas on club activities

• Ideas for how to pursue funding

< Our final goal is to help you establish a community where you can

learn together and support each other >

3

Outline

• Establishment

• Need

• Faculty support & Students

• Constitution and WhiteHat agreement

• Sustainment

• Funding & Budget

• Activities

• Promotion

• Web presence

• News articles

• Competitions

• Conferences

4

What is a Club?

5

Why a Cybersecurity Club?

• Increase awareness about cybersecurity

• Learning collaboratively

• Share technical knowledge

• Network with peers and mentors

• Have fun!

6

Why you should be a part of it?

• Use Club as a Community

• Great networking

• Club can help you get a job!

• Use Club as a Learning Platform

• Classroom cannot teach you everything

• More rules than tools

• Learn practical skills together

• More tools than rules

7

Inception

• How to start?

• May the advisor be with you (faculty support)

• Get students involved (AND their signatures)

• Go to the Student Government Association and ask what needs to be done

• Paperwork…

8

Constitution Walkthrough

• General rules of thumb

• Comply with University’s security policies and… firewall• Become friends with the CISO :)

• Put disclaimers where needed

• WhiteHat agreement

• Here’s CyberEagles’ constitution…

• Activity #1: make your own constitution!

9

Sustainment

10

Sustaining Your Club: First Steps

• Students

• Leaders

• Participants

• Activities

• Funding

11

(CyberEagles) Leadership Roles

• Activity #2: what leadership roles your club will have?

• President

• Vice President

• Secretary of Infrastructure

• Secretary of Fundraising

• Treasurer

• Secretary of Records

• Press Secretary

• Event Manager

12

Student Participants

• How to spark interest in students?

• Security is a trending topic! => Show it

• Anybody interested can join

• Security touches every aspect of our lives

• What if I am a Psychology major? => Welcome to social engineering

• Pizza…

13

Activities (The Fun Stuff!)

• But first… plan out your agenda

• Officer + faculty meeting

• Reserve rooms

• Flyers (A&M samples)

• First & last meetings of the year are the most important

• Make sure you have as much put together as possible for these meetings

• Be (act) professional

14

Activities

• Lunch & Learn series: by students and for students (wide audience)

• During “dead hour”

• Technical seminars

• Live demonstration

• BurpSuite and OWASP ZAP• IDA Pro Free & ollydbg• Metasploit• Bettercap• SQL and XSS injections• Wireshark• Hashcat & John The Ripper

15

Activities

• Special topic series (More advanced/interested groups)

• More of a “Hands-on” approach than lunch & learn

• Topics we’ve done

• Basic networking (topology, protocols)

• Python

• Raspberry Pi

• Mobile development

• Capture The Flag

• Competition preparation

16

Activities

• Speakers

• Industry connections through networking

• Advisor’s connections

• Security specialists

• Peers who graduated or had an internship

• NSA, Improving Enterprises, FrogSlayer, State Farm, CapitalOne

• Professors

• We also use speakers for Lunch & Learns

17

Activities

• Club logo and t-shirt design contest!

18

Activities

• Campus-wide event sponsored by a Student Government Body

• How to NOT get hacked in the Internet

• Safe practices using public Wi-Fi

• Phishing and how to avoid it

19

Activities

• Activity #3: plan your own social event!

• Social events

• Game night

• Jeopardy

• Cookout

• Bowling

• Ice skating

• Laser tag

20

Activities for a Semester

• Activity #4: plan out your club’s semester

• Tips

• Think of all the meetings you want to have

• Think how often do you want to have those meetings

• Take into account your advisor’s schedule, test days, and holidays

• Think of competition days

21

Fundraising Events (oh joy)

• Internal university support for clubs

• Industry connections

• Volunteer at security conferences and network with professionals

• Sell off portions of your club or competition T-Shirt

• Sponsorship template

22

Fundraising Events (the joy continues)

• Book selling

• Cheap lunch (2 slices of pizza & drink for $3 ???)

• Club fee

• The more you can get from other avenues, the less this can be!

• Activity #5: ideas?

• Once you have funds, need to use it wisely (budget)

23

Budget Making

• Example

• Let’s say your club REALLY likes pizza (its cheap)

• And you have on average, two events per week for to get food for

• Approximately how many people per meeting?

• Approximately how much per pizza? Drinks? Napkins? Plates? Etc.

• Sometimes the old tried-and-true does it best… excel

• Optimize your clubs budget to maximize events with food and/or the type of food (or brand of

pizza) you can afford

• Activity #6: make a budget

24

Promotion

25

Promotion

• Organizational tools

• Conferences

• Competitions

• News Articles

26

Organizational Tools: Website

• Ask CS peers to help http://blogs.cae.tntech.edu/cybereagles/

27

Organizational Tools: Social Media

• Facebook and emails

Good news everyone!

It’s that time of the week again; time for python and dinner with the cybereagles!Our next meeting will be on Wednesday, November 17 in Bruner 207 at 7:00pm.In this meeting we will focus on functions as well as list comprehensions.

Hope to see you there!

Bad news everyone!

I meant to attach this google form link so you can RSVP, please fill it out if you plan on attendinghttps://docs.google.com/forms/d/1W_hEe5PcltNYa9qFNVDGX3wxIyKU-YwFoSI-BSrlYgo/viewform?usp=send_form

Thanks again!

Worse news everyone!

Today is the 17th, there is an error in the first email. The meeting will be on November 18th, at 7:00pm in Bruner 207.

Sorry about the miscommunication.

Your faithful officers.

28

Organizational Tools: Email List

• Set this up at the first meetings of the semester

Name Email DuesInterested in volunteering

Alice alice@whitehat.com $ 10 Oh yeah

Bob bob@whitehat.com $ 10 Why not?

Eve eve@blackhat.com $ – 10 Uhm, seriously?

29

Organizational Tools

• Doodle polls

• Useful for smaller meetings

• Surveymonkey/google forms

• Feedback about meetings

• RSVP if coming (helps plan food!)

• Activity #7: make your own!

30

Conferences

• WiCyS

• InfoSec

• Derbycon

• Bsides

• Defcon

31

Competitions

• Collegiate Cyber Defense

Competition

http://www.nationalccdc.org/

https://seccdc.org/

SECCDC promo: https://www.youtube.com/watch?v=HXxOCOst9Io&feature=youtu.be

32

Competitions

• Capture The Flag

http://www.nationalcyberleague.org/index.shtml

https://ctftime.org/event/list/upcoming

Search for CTF write-ups like: http://www.gilgalab.com.br/sqli/security/2013/10/27/Write-up-NotSoSecureCTF/http://blog.ioactive.com/2012/08/stripe-ctf-20-write-up.html

Practice: https://hack.me/http://www.root-me.org/?lang=enhttp://www.hackthissite.org/https://sb2.threatspace.nethttps://microcorruption.com/login

33

https://picoctf.com/

https://csaw.engineering.nyu.edu/

http://bostonkey.party/

News Articles

34

The Struggles

35

Struggles

• Keeping students interested

• Communication

• Planning semester ahead

• Different levels of expertise

• Officers time constraints and motivation

36

Free Learning Resources

• Security training for developers: https://www.hacksplaining.com

• Learn metasploit: http://www.offensive-security.com/metasploit-

unleashed/Main_Page

• Metasploitable 2 Exploitability Guide: https://community.rapid7.com/docs/DOC-

1875

• Vulnerable Web App: http://www.dvwa.co.uk/

• Vulnerable IOS application: http://damnvulnerableiosapp.com/

• Social Engineering Toolkit: http://www.social-engineer.org/framework/se-

tools/computer-based/social-engineer-toolkit-set/

37

Staying up-to-date

• https://www.reddit.com/r/netsec

• https://www.reddit.com/r/netsecstudents

• https://www.reddit.com/r/blackhat

• http://krebsonsecurity.com/

• http://www.wired.com/category/threatlevel/

• http://securityweekly.com/

• https://heimdalsecurity.com/blog/best-internet-security-blogs/

38

Thank you!Dustin Gardner: drgardner42@students.tntech.edu (@drgardner42)

Vitaly Ford: vford42@students.tntech.edu

Kelly Luk: kelly_12azn@tamu.edu

Lindsay Hefton: clhefton@tamu.edu

http://www.taroticallyspeaking.com/wp-content/uploads/2015/04/questions.jpg

Search for “cybereagles cybersecurity club”http://blogs.cae.tntech.edu/cybereagles/

39