Programs and Curriculum for Students to Participate in Real-World Cyber Training

Transcript

Opening

Hello everybody, and welcome to What's the Problem, the show that explores problems, issues, concerns, or just situations in the world of cybersecurity.

Today we are bringing back for the second time, making this trial and returns to show, Selby LeBert.

Conversation

Mike Krass: Selby, say hello again to our listeners.

Selby LeBert: Hi everyone. Glad to be back again. Little about myself since leaving active duty Air Force after eleven years, I'm now back in the guard and I have just started my Ph.D. program at North Central University in cybersecurity and emphasis on secure cloud computing.

Mike Krass: I love it. Shelby, normally we ask our guest experts. Let's explore a problem. Tell us about a problem. If she'd like to bring it up, you and I have actually been talking about this for a little bit. The issue that you are going to bring up, and we'll talk to our listeners today, is: how you get when you talk about these different programs that folks can get into to develop their security skills and resumes. How does that feedback relationship work so that these programs teach their participants what they need to know? Can you tell me a little bit about the program you're in now and how feedback is delivered back and forth between the participant and the program provider?

Selby LeBert: Absolutely! This is something I love. One of the reasons I chose to work at Textron is that we have students at the local college, Wichita State University. They are doing their cybersecurity program right now, or they're doing applied computing or something within the computer sciences field. And so while they're doing their full-time course load, they're working part-time with us. In between taking care of different tickets and work orders, we're also providing feedback, not just on how to do things better or get some context on things they may have learned in class. They don't understand how they're applied. We also provide feedback to their board, which writes the curriculum. So my director is on that board, so we go and directly apply that feedback, and that's what we do. And again, tying it all back into the community to help these students get better—it's that simple.

Mike Krass: Tell me a little bit about the board. What's their cadence for meetings and for reviewing and then applying feedback? Because I can't imagine that every single time they get a piece of feedback, they scurry off to the computers and rewrite the curriculum. Am I right in assuming or not?

Selby LeBert: That's correct. My director meets at least once a year, officially, but he is tied into multiple different communities. We have a SEC around here and our own ISC-squared community. He's tied into a lot of those different things. There is some overlap between the instructors, because some I know are from the prior Air National Guard, which is also here in Wichita, and we have McConnell Air Force Base. So, officially, at least once a year; unofficially, probably multiple times a year.

Mike Krass: Got it. What do you hear about the feedback process from the students or the participants? Do they give you any feedback about the process of giving feedback?

Selby LeBert: Yes, we get feedback on the feedback. A lot of our students that's part of the reason work with us if we do see strengths or weaknesses. We try to help out with it, making sure that they're getting an adequate education that prepares them for the real world. I've only been at Textron since November of last year, a little less than a year, but I have seen them appreciate that we provide feedback to their courses. And then there are also additional tools that WCU has. They have LinkedIn Learning, so we'll find other courses and resources to augment that learning.

Mike Krass: Got it. So, through the program's curriculum and third-party learning opportunities like LinkedIn Learning, all kinds of learning are blended together.

Selby LeBert: About twelve or 15 years of server rack right now, and it's full with just some older hardware. But eventually, when we get the time and the bandwidth, we are going to develop our own lab to do things and just experiment and essentially break things and then put them back together. That's the easiest way I learned: to make a mistake, break it, and then just have to fix it before my parents found out or something. I'm really excited about that.

In the future, we're going to be teaching them how to set up things like Security Onion Proxmox as our main hypervisor for that and just fun things I learned to do too. I wanted to set up my own land party. I'm a little older, so that's what we used to do before we had high-speed internet. Internet is everywhere, and showing them how you can set up your own land party on a single machine using Docker or something, and teaching them technology in a way that can be applied to them also helps reinforce that learning.

Mike Krass: For some of our younger listeners, a "land party" was a wild experiment where people would physically pick up their tower computers. They would drive them to effectively a big room, put them all together with WiFi or not WiFi with the plug into ethernet, and then we would play. When I did it, it was like StarCraft on occasion, and it was a massive Age of Empires thing, too. But you're talking about Windows 95 and putting CD-ROMs in here. In today's world, that was roughly 25 or 30 years ago. In today's gaming environment, it's a different planet of what's available today versus what a land party was 25 or 30 years ago.

Selby LeBert: The lab I'm building right now is some of it to experiment with things we might want to deploy on the Textron network. The other thing is that most of them will just have a basic Proxmox operating system installed, an open-source version of ESXI type one hypervisor. They say, "Hey, I found this image of Cali Parrot OS or Metasploitable, and I want to play around with it." Just load the image onto the Proxmox, and it fires right up. Once they break it or they're done playing with it, you can just shut it down and delete it, and it never existed for the most part. That's the plan. If they want to do something and learn about it or just experience it, that's what it's there for.

Mike Krass: That's incredible. For our listeners who might be tuning in, this is for the future. Can they help you set up this lab? Are you looking for outside folks to be engaged with you, either in the Wichita area or outside of the area, or do you think that you've got a pretty good vision of it and you're good to go?

Selby LeBert: Basically, I'm asking if you need help. Now is a great time to ask our listeners for help. We're pretty well set up. We have the physical hardware set up. It's just getting the time to go back there and wire it all together and get PSN set up properly. We're also putting in a request for a 220 outlet, so we can power it all.

Mike Krass: But it's all there.

Selby LeBert: It's just time and money. You can only have one of them.

Mike Krass: Absolutely. Awesome. Selby, I'm so grateful to have you back on the show. Any parties or words you want to leave our listeners with as we've discussed feedback on building lab environments? Anything else as we talk about creating spaces for the next generation of security professionals?

Selby LeBert: My advice is don't be afraid to break stuff, especially with some of our operating systems and everything. If you break something, you can just reimage it, reflash it, and it'll be back to normal and start from scratch. Many people are frozen by that fear of, "Oh, my God, if I break something, then I'm going to get in trouble, or it's going to be a waste of time." I'm going to lose all this data. A lot of enterprise hardware today is old, but it's still good enough to learn on. I bought a Gen8 HP server with 24 cores and about 200 gigs of RAM, which I have in my server rack at home, and I paid $450 for it. And that's my box for breaking stuff.

Mike Krass: I love it. Thank you again, sir, for joining the show and dropping a little bit of your experience and knowledge with our listeners.

Outro

Thank you again for the loyal listeners tuning into What's the Problem, the show that explores problems, situations, environments, and concerns in the world of cybersecurity.

We'll catch see you on the next episode.