cybersecurity club: 101 from inception to installment and
TRANSCRIPT
Cybersecurity Club: 101 From Inception to Installment
and Beyond Dustin Gardner and Vitaly Ford (Tennessee Tech University)
Kelly Luk and Lindsay Hefton (Texas A&M University)
WiCyS 2016
Who Are We?
• Dustin Gardner
• President of the CyberEagles club
• Vitaly Ford
• One of the founders and Vice President of the CyberEagles Club
• Kelly Luk
• Representative of the club (member)
• Lindsay Hefton
• Vice President
2
What’s on the Plate?
• Ideas on how to create a club
• Ideas on club activities
• Ideas for how to pursue funding
< Our final goal is to help you establish a community where you can
learn together and support each other >
3
Outline
• Establishment
• Need
• Faculty support & Students
• Constitution and WhiteHat agreement
• Sustainment
• Funding & Budget
• Activities
• Promotion
• Web presence
• News articles
• Competitions
• Conferences
4
What is a Club?
5
Why a Cybersecurity Club?
• Increase awareness about cybersecurity
• Learning collaboratively
• Share technical knowledge
• Network with peers and mentors
• Have fun!
6
Why you should be a part of it?
• Use Club as a Community
• Great networking
• Club can help you get a job!
• Use Club as a Learning Platform
• Classroom cannot teach you everything
• More rules than tools
• Learn practical skills together
• More tools than rules
7
Inception
• How to start?
• May the advisor be with you (faculty support)
• Get students involved (AND their signatures)
• Go to the Student Government Association and ask what needs to be done
• Paperwork…
8
Constitution Walkthrough
• General rules of thumb
• Comply with University’s security policies and… firewall• Become friends with the CISO :)
• Put disclaimers where needed
• WhiteHat agreement
• Here’s CyberEagles’ constitution…
• Activity #1: make your own constitution!
9
Sustainment
10
Sustaining Your Club: First Steps
• Students
• Leaders
• Participants
• Activities
• Funding
11
(CyberEagles) Leadership Roles
• Activity #2: what leadership roles your club will have?
• President
• Vice President
• Secretary of Infrastructure
• Secretary of Fundraising
• Treasurer
• Secretary of Records
• Press Secretary
• Event Manager
12
Student Participants
• How to spark interest in students?
• Security is a trending topic! => Show it
• Anybody interested can join
• Security touches every aspect of our lives
• What if I am a Psychology major? => Welcome to social engineering
• Pizza…
13
Activities (The Fun Stuff!)
• But first… plan out your agenda
• Officer + faculty meeting
• Reserve rooms
• Flyers (A&M samples)
• First & last meetings of the year are the most important
• Make sure you have as much put together as possible for these meetings
• Be (act) professional
14
Activities
• Lunch & Learn series: by students and for students (wide audience)
• During “dead hour”
• Technical seminars
• Live demonstration
• BurpSuite and OWASP ZAP• IDA Pro Free & ollydbg• Metasploit• Bettercap• SQL and XSS injections• Wireshark• Hashcat & John The Ripper
15
Activities
• Special topic series (More advanced/interested groups)
• More of a “Hands-on” approach than lunch & learn
• Topics we’ve done
• Basic networking (topology, protocols)
• Python
• Raspberry Pi
• Mobile development
• Capture The Flag
• Competition preparation
16
Activities
• Speakers
• Industry connections through networking
• Advisor’s connections
• Security specialists
• Peers who graduated or had an internship
• NSA, Improving Enterprises, FrogSlayer, State Farm, CapitalOne
• Professors
• We also use speakers for Lunch & Learns
17
Activities
• Club logo and t-shirt design contest!
18
Activities
• Campus-wide event sponsored by a Student Government Body
• How to NOT get hacked in the Internet
• Safe practices using public Wi-Fi
• Phishing and how to avoid it
19
Activities
• Activity #3: plan your own social event!
• Social events
• Game night
• Jeopardy
• Cookout
• Bowling
• Ice skating
• Laser tag
20
Activities for a Semester
• Activity #4: plan out your club’s semester
• Tips
• Think of all the meetings you want to have
• Think how often do you want to have those meetings
• Take into account your advisor’s schedule, test days, and holidays
• Think of competition days
21
Fundraising Events (oh joy)
• Internal university support for clubs
• Industry connections
• Volunteer at security conferences and network with professionals
• Sell off portions of your club or competition T-Shirt
• Sponsorship template
22
Fundraising Events (the joy continues)
• Book selling
• Cheap lunch (2 slices of pizza & drink for $3 ???)
• Club fee
• The more you can get from other avenues, the less this can be!
• Activity #5: ideas?
• Once you have funds, need to use it wisely (budget)
23
Budget Making
• Example
• Let’s say your club REALLY likes pizza (its cheap)
• And you have on average, two events per week for to get food for
• Approximately how many people per meeting?
• Approximately how much per pizza? Drinks? Napkins? Plates? Etc.
• Sometimes the old tried-and-true does it best… excel
• Optimize your clubs budget to maximize events with food and/or the type of food (or brand of
pizza) you can afford
• Activity #6: make a budget
24
Promotion
25
Promotion
• Organizational tools
• Conferences
• Competitions
• News Articles
26
Organizational Tools: Website
• Ask CS peers to help http://blogs.cae.tntech.edu/cybereagles/
27
Organizational Tools: Social Media
• Facebook and emails
Good news everyone!
It’s that time of the week again; time for python and dinner with the cybereagles!Our next meeting will be on Wednesday, November 17 in Bruner 207 at 7:00pm.In this meeting we will focus on functions as well as list comprehensions.
Hope to see you there!
Bad news everyone!
I meant to attach this google form link so you can RSVP, please fill it out if you plan on attendinghttps://docs.google.com/forms/d/1W_hEe5PcltNYa9qFNVDGX3wxIyKU-YwFoSI-BSrlYgo/viewform?usp=send_form
Thanks again!
Worse news everyone!
Today is the 17th, there is an error in the first email. The meeting will be on November 18th, at 7:00pm in Bruner 207.
Sorry about the miscommunication.
Your faithful officers.
28
Organizational Tools: Email List
• Set this up at the first meetings of the semester
Name Email DuesInterested in volunteering
Alice [email protected] $ 10 Oh yeah
Bob [email protected] $ 10 Why not?
Eve [email protected] $ – 10 Uhm, seriously?
29
Organizational Tools
• Doodle polls
• Useful for smaller meetings
• Surveymonkey/google forms
• Feedback about meetings
• RSVP if coming (helps plan food!)
• Activity #7: make your own!
30
Conferences
• WiCyS
• InfoSec
• Derbycon
• Bsides
• Defcon
31
Competitions
• Collegiate Cyber Defense
Competition
http://www.nationalccdc.org/
https://seccdc.org/
SECCDC promo: https://www.youtube.com/watch?v=HXxOCOst9Io&feature=youtu.be
32
Competitions
• Capture The Flag
http://www.nationalcyberleague.org/index.shtml
https://ctftime.org/event/list/upcoming
Search for CTF write-ups like: http://www.gilgalab.com.br/sqli/security/2013/10/27/Write-up-NotSoSecureCTF/http://blog.ioactive.com/2012/08/stripe-ctf-20-write-up.html
Practice: https://hack.me/http://www.root-me.org/?lang=enhttp://www.hackthissite.org/https://sb2.threatspace.nethttps://microcorruption.com/login
33
https://picoctf.com/
https://csaw.engineering.nyu.edu/
http://bostonkey.party/
News Articles
34
The Struggles
35
Struggles
• Keeping students interested
• Communication
• Planning semester ahead
• Different levels of expertise
• Officers time constraints and motivation
36
Free Learning Resources
• Security training for developers: https://www.hacksplaining.com
• Learn metasploit: http://www.offensive-security.com/metasploit-
unleashed/Main_Page
• Metasploitable 2 Exploitability Guide: https://community.rapid7.com/docs/DOC-
1875
• Vulnerable Web App: http://www.dvwa.co.uk/
• Vulnerable IOS application: http://damnvulnerableiosapp.com/
• Social Engineering Toolkit: http://www.social-engineer.org/framework/se-
tools/computer-based/social-engineer-toolkit-set/
37
Staying up-to-date
• https://www.reddit.com/r/netsec
• https://www.reddit.com/r/netsecstudents
• https://www.reddit.com/r/blackhat
• http://krebsonsecurity.com/
• http://www.wired.com/category/threatlevel/
• http://securityweekly.com/
• https://heimdalsecurity.com/blog/best-internet-security-blogs/
38
Thank you!Dustin Gardner: [email protected] (@drgardner42)
Vitaly Ford: [email protected]
Kelly Luk: [email protected]
Lindsay Hefton: [email protected]
http://www.taroticallyspeaking.com/wp-content/uploads/2015/04/questions.jpg
Search for “cybereagles cybersecurity club”http://blogs.cae.tntech.edu/cybereagles/
39