Become a Digital Shield: Student Opportunities at Illinois in Cybersecurity
By Colin Worden, Organizational Psychology ‘20
We live in an increasingly interconnected world thanks to the rapid advance of technology. This rapid advance allows us to do things like find a picture online in seconds, order a pizza through an app, or even do research for a class without getting out of bed. All of this is possible because behind the scenes many privacy and security experts, some here at this University, make it possible for us to do it safely. These unsung heroes work in the field of Cybersecurity, which has the mandate to protect us from bad actors who would do our data, and therefore our lives, harm. As technology becomes more advanced this field is only likely to become more complicated. Of course, this complication also presents an opportunity for the future.
I interviewed Jeremy Watson, Manager of the Cybersecurity Operations Center here at Technology Services to get insight into the professional world of cybersecurity at the university. We spoke about different opportunities students have to learn and work in Cybersecurity, what Cybersecurity at Illinois looks like, and lastly what anyone can do to help protect their data and that of others.
Colin: What do students working with the privacy and security team do?
Jeremy: We have multiple positions that do different things. In the case of our student hourly workers, it really depends on their skill set. They’ll do ticket triage first thing in the morning, which is just checking through the ticket queue for spam, things that shouldn’t be in there, or things that have been escalated. If time permits or if the hourly employees have interests outside of ticket triage we’ll come up with other items that ideally align with their interest in security.
All of our student focus is first and foremost the student. We want to give them applicable experience that they can put on their resume to say they actually worked in a security environment. That experience can go a long way. The independent study class, CS397, is our other offering for student employees. With this program, students learn programming, Splunk, and other tech skills like data forensics. Cybersecurity is a very broad topic so ideally, we stay more focused in key areas, but we try to provide opportunity where we can. Fortunately, with the independent study classes like CS397, it’s independent, so if the student has something that piques their interest but we don’t have experience with it, we work with them and set expectations upfront. Sometimes our students get to do more fun stuff than we do.
Lastly, we’re starting an Internship program. Our hope is that we can pull in, for lack of a better word, “problem-solvers.” People that aren’t necessarily within the cybersecurity realm. There’s a lot of things in security that don’t require someone with a cybersecurity background. If someone likes puzzles or piecing together different things to come to a conclusion they don’t necessarily have to have that background. In fact, there are many people in IT who don’t have degrees in engineering.
Colin: What led to this program being created?
Jeremy: One of my coworkers had made the observation with a guest lecturer that there were classes that existed that touched on or focused to some extent on the realm of cybersecurity but ultimately it was all theory. So this program came about from the thought “oh, it’d be really nice if students could take a class which exposes them to an operational state of what security has to deal with and gives them some experience as well.” With us, you won’t exactly get the kind of experience you’d get in a bank or another corporate setting but you’ll at least get a toe in the water on what some of those environments could be like.
Colin: What does a student leave this position knowing?
Jeremy: It varies based on the interest area. It’s wide but it’s been ultimately successful. For example, we had a student who had phenomenal skills in Python programming. They came on in the independent study class and really liked coding so we came up with some basic projects that focused on our scripting. Due to their interest, their independent study ended up being more infrastructure-based. This was a recipe that got repeated five or six times. For example, we’d have a student start off in independent study but then they became ingrained in a project we were working on and because of that, we asked them if they wanted to continue working on that in future semesters. Of all the students we’ve had, one has gone on to work at Facebook, two have gone on to Capital One, and another went on to work for Splunk.
Colin: What’s the most common Cybersecurity threat to the University?
Jeremy: Phishing campaigns are always occurring and ultimately lead to compromised accounts. Some of the phishing has become more targeted. We see student compromised accounts all the time; the volume is quite astounding. Fortunately, we have the means to automate the scrambling of their credentials when we detect it. The use of Duo [Two Factor Authentication] or multi-factor authentication has made this better.
Colin: Do students in this program help prevent any of that?
Jeremy: We’ve had students work on some of the scripts that are involved in the automation portion for compromised accounts. We’ve even had some of them work on the queries that can help identify that. One of the queries we look for is geolocation. If you log in on this campus, we’ll see that in the logs. Now let’s say you’re logging in again from Ukraine five minutes later. We’ll look at that and say “wait a minute.” An analyst isn’t actually looking at this; we’ve built logic into the system, and it knows that if you login where it’s geographically impossible for you to have gone in five minutes, it’s not you. Sometimes it’s just people sharing credentials with people back home or someone using a VPN. These are some of the cases where it triggers a false positive in the system. We’ve built additional logic into the system to rule out those false positives. Sometimes though, it is people actually being compromised and they just don’t know it yet.
Colin: My last question is more open-ended, is there anything else you’d like people to know that I maybe didn’t ask?
Jeremy: Protect your data. If you really care about it, protect it. It starts off with physical security. If a person with the right skills has physical access to your device, it’s only the next few steps to where they can access other things you potentially value most. We lock the doors on our homes and we lock the doors on our vehicles. While there are means to get through these locks, it’s still the first deterrent, so take care of the basics first. Other than that I’d say look out for each other. If you observe someone doing a behavior that isn’t advisable like, for example, leaving their laptop unattended -- first off, it wouldn’t take any time for someone to steal it. Beyond that, it wouldn’t take any time for someone to sit down, plug in a USB stick, run something with a keystroke, and unplug that USB. After that, that machine is compromised and the person doesn’t even need physical access to your device anymore because they can access it remotely. If you see someone doing a behavior that’s unsafe, it’s probably fair to say “hey, you probably shouldn’t do that - the risks are great.”
The last thing I’ll say is security gets a bad wrap sometimes for telling people what they shouldn’t do, but a lot of it comes from the perspective of protection. We’re trying to protect University resources or even people’s life’s work. Often there are controls that go along with security that make it hard to implement. We want to have better correspondence with the campus that these controls are recognized by larger organizations as good security tools. Some of these tools can be too restrictive, so we’re looking to strike a balance. Duo or multi-factor authentication is a good example. People have to click a button on their phone once or twice a day that verifies who they are and some people will complain about that; however, there is a layer of security added from using Duo.
Thanks to Jeremy Watson for lending his time and expertise for this piece. If you’re interested in taking advantage of student opportunities in Cybersecurity, sign up for the independent study course, CS 396, or keep an eye out for the security internship being offered in the future.