The Department of Computer and Mathematical Sciences took home the Third Place trophy at the State of Illinois Collegiate Cyber Defense Competition (IL-CCDC) on Saturday, February 18. The eight students who represented Lewis Computer Science were all undergraduate Computer Science majors who have been working since early September to bolster their skills as cyber security professionals and to improve their teamwork. Some of the students started in the club last year, and others are freshmen or just joined the team this year. The student participants who won Third Place are Joey Casalino, Cody Cosentino, Gabe Diaz DeLeon, Johnny Kegaly, Ryan Meeker, Bryon Nush, Randle Ross, and Brian White.
We sat down with the three members of the team to get their thoughts on the importance of the Cyber Defense Club, what they’re working on now, and why having a Computer Science background is important for cyber security professionals.
Congratulations on taking third place in the State at the CCDC. How do you prepare for competitions like that one?
Johnny Kegaly: The Cyber Defense Club prepares for competitions as a group to emphasize that teamwork is key. A majority of the time members pick the area/field that they are most comfortable with handling in the competitions e.g. Firewalls, FTP, DNS, etc.
Joey Casalino: Most competitions provide either a practice portal or means to perform configurations on the network. On each computer, we look over system files, configuration files, and any other files on the system to understand what is happening on the system as well as ensure no malware has been planted. As for competitions that provide no practice or setup portal, we assess what the goal of the competition is and possible subjects that could appear during the competition.
Bryon Nush: Practice, practice, practice. We setup different systems that emulate what one would find in the competitions. From here, we work on understanding how the underlying services work and how they can be configured. Where we tend to struggle in competitions isn’t in the configuration of a single system, but in how all the different systems communicate and work with each other. So currently, we are working on setting up a network with this in mind.
What have been the benefits of participating in the Cyber Defense Club?
Bryon Nush: Cyber Defense Club allows students to get hands on experience with different systems and hardware they probably wouldn’t have at home. It also gives students a chance to find out what does and does not work in terms of security. You might think you know how to secure a server, but you don’t really know for sure until there is a red team trying their best to find that one oversight you made in a config file to bring your system down.
Joey Casalino: The Cyber Defense Club provides a means for students to engage in real life simulations of enterprise cyber security operations through cyber security and networking infrastructure competitions. It also helps students understand the importance of teamwork, which is an extremely valuable skill in the real world.
Bryon Nush: The members in Cyber Defense Club are diverse in their computer interests to where you can learn something from everyone. Some of us specialize in Linux while others specialize in Windows, firewalls, or networking. That doesn’t mean we only know that one system, but we do have our particular areas of interest.
Johnny Kegaly: I have had the competitions attended by the Cyber Defense Club be brought up in multiple interviews and have been able to use that as a talking point. Not only is it useful in the sense of getting a job but I have met a few people of interest who have many useful connections. Also, the main benefit is to be able to practice the art that is cyber security, from offensive material to defensive measures. You only do it because you love it.
Bryon Nush: The other benefit of Cyber Defense Club that comes to mind is that we are family. Granted we are a dysfunctional family that goes to no end to annoy each other with endless memes and other nonsense, but we are a tight knit group none the less. If you want to learn about computer security, but don’t know what exactly you are interested in, come to Cyber Defense Club. We know a little bit of everything and are always willing to teach.
What have been the benefits of studying Computer Science as someone interested in cyber security?
Joey Casalino: Studying computer science provides the ability for students to understand the basis behind computer security by studying the science behind how a computer functions. Attackers will use any means necessary to find a vulnerability; Whether it be on a hardware level or a software level. Vulnerabilities in both are inevitable. But a lack of understanding on how the vulnerability was exploited is what will allow attackers to always have an advantage.
Johnny Kegaly: I would have never really thought how much coding would be a part of me wanting to know more about cyber security. The ability to analyze code and further understand the depths of computers and their systems makes the cyber security program more well rounded and applicable to other areas if needed.
Bryon Nush: Computer Science gives students the ideas and theory behind how a system works, is secured and how it can be broken into. This in conjunction with studying Cyber Security allows one to go to any system, and have a general idea of how it works and how to secure it. While the specifics of how a particular service operates differs from environment to environment, the general ideas still remain the same.
What are you working on currently as part of the club?
Joey Casalino: Currently, the club as a whole is working on updating the lab topology as well as infrastructure. Before, server resources were not pooled together efficiently and were used as separate entities. Now, server resources have been pooled together in order to maximize efficiency as well as manageability. This allows the club members to easily create their own virtual environments to perform whatever tasks they wish.
Bryon Nush: The particular VM’s we setup are going to simulate what one would see at competitions and enterprise environments (AD, LDAP, Web apps, databases, firewalls, DNS, DHCP, etc). These won’t just be one off servers doing their own thing either. They will be networked systems communicating and relying on each other to provide services and authentication.
We’re getting to a point where we have a sandbox where we can do pretty much whatever we can think of (within reason). If we want to setup clustered filesystems, or do work on containers, we can do that. If we want to setup an enterprise environment full of old operating systems and try to exploit them, we can do that. If we want to try to hack into each other’s virtual systems to practice pen-testing, we can do that.
Johnny Kegaly: And, or course, our long-awaited t-shirts.
What things could help improve the club?
Joey Casalino: The club is currently limited to the resources that are donated to us. If the resources given to us were more diverse and up-to-date, I believe we would be able to achieve much more.
Johnny Kegaly: It would really be excellent if we had our own room to use and not have to occupy the back of an active class room. Perhaps create a Cyber Defense Lab. With extra space, the club would have room to expand and we could then more comfortably operate and grow over time.
Bryon Nush: And a deck of UNO cards for those moments where we are just mentally done and tired of staring at computers.
The Computer Science Cyber Defense Group meets on Tuesdays and Thursdays at 3:30 pm in AS-104-A. This is a completely student-run group. Dr. Jason Perry serves as its faculty mentor. For more information contact Dr. Perry at email@example.com.