CyberSecurity Internships The Path to Meeting Industry Need

Transcription

1 CyberSecurity Internships The Path to Meeting Industry Need Room Seacliff A Tuesday October 17 Bruce Maas Emeritus Vice Provost for IT and CIO University of Wisconsin-Madison Innovation Fellow Internet2

2 CyberSecurity Internships: The Path to Meeting Industry Need CONTENTS The Need Accelerating Supply Environmental Context Wisconsin Experiences Why Internships? Wisconsin CSOC Context Scalable Model Discussion Questions Table of Contents (! [ 2 ]

3 Why This is Necessary??? Estimated M cybersecurity jobs by 2024 Supply side has not caught up! [ 3 ]

4 Ways of Accelerating Supply New Academic Programs Expanded Tech and Community College Programs Expanded K12 Programs Private Sector Development Programs Private Sector Certification Programs Governmental Programs Internships [ 4 ]

5 Some Important Context All Cybersecurity jobs not technical Lack of diversity in the profession Virtually no coordination between K12, tech and community colleges, HE, private sector, government, within states [ 5 ]

6 Steps being taken at UW-Madison and in Wisconsin K12, state, higher ed, and private sector now coordinating Madison Creating entry point in higher ed with minor, certificate 8 Internship FTE funded in CyberSecurity Operations Center [ 6 ]

7 About Internships UW-Madison Internships either stand alone or stage one Some corporations say that having a first internship on campus beneficial Lots of interest on corporate side to expand their internship opportunties Lots of interest on corporate side to diversify cybersecurity [ 7 ]

8 Why Campus Internships? Eating our own dog food Highly complex environment Information School is 80% female and provides channel for diversity Convenient for students We have the gear (Cisco, Palo Alto) used at many corporations WE NEED THE HELP!!!! [ 8 ]

9 University of Wisconsin CSOC CSOC supports all UW- Madison Colleges and Departments + [ 9 ]

10 CSOC Capabilities Detect and mitigate the cyber threats Create and enhance shared situational awareness Machine to Machine data exchanges Develop actionable cyber threat intelligence and integrate into live feeds and detailed reports Cyber intel sharing and support with extended communities [ 10 ]

11 Tiered Tier Cybersecurity 3 Managed Incident Servis Response Services Draft/communicate interim/final reports Cyber Intel analysis and External Reporting (WISIC, REN-ISAC, FBI, etc.) Report / Analyze Tier 2 * Develop rules for alerts * Intel correlation * Review Tier I reports take/defer action * Metrics Analysis GRC/TCD Interface test scheduling 15 Min Identify / Triage Tier 1 * Communicate Alerts * Cyber Intel Triage review sources * Run simple protocols / observe testing / quicklook reports * Metrics Collection and Reporting * Process certificate requests (server/code) * User Provisioning Tier 0 Maintain single operational picture, conduct research (*), first response * = Hand offs between tiers

12 Sample Internship PD Use and improve I am a fan of all things open Our country has a challenge that is best addressed through collaboration [ 12 ]

13 Sample Internship PD The University of Wisconsin-Madison Office of Cybersecurity provides a variety of IT Security services for UW-Madison and UW-System. These services include Governance, Risk, and Compliance (GRC), Security Testing and Cyber Defense (TCD), Monitoring and Incident Response, Enterprise Systems Security, and Security Education, Training, and Awareness (SETA). Under close supervision, this position will carry out the duties in support of the University of Wisconsin Cybersecurity Surveillance and Operations Center (CSOC), reinforcing the functions of all cybersecurity domains, and working closely with CSOC and domain leadership. By engaging and excelling in their assigned duties, the CSOC Intern will be given the opportunity to learn important fundamentals of cybersecurity and eventually transition into a practitioner role under one of the UW- Madison Office of Cybersecurity domains. Job Duties: Wisconsin Cybersecurity Surveillance and Operations Center (CSOC) Responsibilities (40%) Perform cybersecurity data collection and analysis. Provide ERP provisioning and de-provisioning support enterprise business applications. Review, analyze, and report on details captured in event logs. Implement, automate, and monitor system configuration changes. Monitor intrusion detection and prevention systems and assess findings. Operate, support, and configure the processes and tools for the endpoint security suite. Conduct vulnerability scanning process to include analysis and distribution of reports. Execute network traffic surveillance, analysis, and reporting. Support UW-Madison Cybersecurity Team Domain Functions (30%) Provide assistance in monitoring and incident response activities. Implement policies and controls with direction from GRC domain leadership. Facilitate digital forensics efforts by identifying systems and securing the crime scene. Complete assignments delegated by UWisCSOC leadership. Assist with security education program development and campus outreach. [ 13 ]

14 Sample Internship PD Handle incoming communication via various channels regarding Security Incidents (20%) Troubleshoot and remediate Tier One cases. Triage reported issues using developed processes and technology. Escalate reports to Tier two or Tier three using established guidelines. Office of Cybersecurity Communications and Professional Development (10%) Stay current with industry trends and events. Attend training sessions and workshops to increase knowledge of information security, enterprise systems, written and oral communications, and project management. Work with DoIT technologists to gain knowledge of new and developing technologies. Required Skills and Training: Experience in prioritizing tasks and communicating in an efficient and professional manner. Basic understanding of established process workflows. Capable of working collaboratively with team members and other University colleagues. Can quickly adapt in constant-changing and diverse environment. Basic analytic and strategic thinking skills. Preferred Skills and Training: Pursuing degree in information technology, computer science, or other pertinent field. Training in basic information security practices and controls. [ 14 ]

15 Scaleable Model Including Outside Higher Education RON experience would be different from university experience RON s could play a unique role, perhaps with HS student internships K12 and small companies may be satisfied with HS talent [ 15 ]

16 Discussion Questions for Audience What is it like in your state? Does anyone see collaboration going on across K12, Community and Tech Colleges, higher education, state & Federal government, and the corporate sector? What is your relationship like with your I-School and Computer Sciences in particular? Specific questions and comments from the audience [ 16 ]

17 Thank you for joining in this initiative! CyberSecurity Internships The Path to Meeting Industry Need Bruce Maas Emeritus Vice Provost for IT and CIO University of Wisconsin-Madison Innovation Fellow Internet2