Sometimes a student is all that stands between a hacker and sensitive UW data.
For UW–Madison, that student could be one among 15, hired to help monitor the university network and devices through the UW Cyber Security Operations Center, or CSOC (SEE-sock).
Zach Schramm is one such student who helps keep prying eyes and code off of UW data. A junior majoring in Legal Studies and Criminal Justice, Zach joined the team two years ago after starting with the DoIT Help Desk. His shift to Cybersecurity began by doing security authorizations, granting access to those approved for it within the UW community. He heard about job through the Student Job Center.
“I love the work,” said Zach. “Like a police officer on a beat, no two days in cybersecurity are the same. Sometimes we (students) will go pick up a device to do forensic data analysis. Other times we’ll investigate cases of reported phishing. We get to see all aspects of a case, and not just sit behind a screen.”
“The primary purpose of the CSOC is to lower campus information technology risk in support of the University mission,” adds Jeffrey Savoy, the Assistant Director of Cybersecurity Operations. “One of the benefits from additional staff is to ensure that we have the staff resources to ensure that our cyber analysis and intelligence review procedures are carried out consistently.”
Though work shifts are far from typical, they usually begin by logging in and checking the queue of requests for service or questions filed by members of the UW community. This ticketing system is the back-end of what happens when an Office 365 user notices a strange email and reports it by clicking on “Junk” in the pull-down menu. One can either block or submit it as a phishing attempt. Phishy mail can also be forwarded to email@example.com to join the investigation queue. The team handles up to 2000 inquiries per day, primarily from students.
Cybersecurity staff determine the threat and scale of a possible network or system vulnerability. They consider what the phish is attempting. Is the sender trying to access credentials? Compromise research? Plant monitoring software? Team members check for similar issue patterns, huddle with colleagues, or contact the UW Police Department or the UW Office of Legal Affairs to help determine next steps.
Cybersecurity isn’t just about reacting to things that have already occurred. Much of the CSOC work involves educating the campus. Education can come as an alert to what might have happened without protection.
Zach and his colleagues use specialized software to monitor for “injection attempts”—probing that is done on department networks from suspicious sources.
“Sometimes we’ll use open source or shared tools to test what we think is a vulnerable (unprotected) UW access point or device,” said Zach. “I contact the owner or admin and let them know I was able to gain access. I explain where the vulnerability is, and how to fix it. It’s a great feeling to know I helped prevent something that could have been much worse.”
UW Cybersecurity also belongs to several communities that monitor and share information. Like a global Neighborhood Watch, they alert each other to the latest schemes and trends discovered by state, UW System and Big Ten peers, and national cybersecurity organizations.
“The team meets daily to review known cases, and what’s been reported among peers,” adds Zach. “From there leadership determines threat levels, and what we should look out for in the coming day.”
According to the non-profit information security advocacy group ISACA, demand for cybersecurity professionals has never been higher. While many in the CSOC have a computer science major or background, others approach the field from a variety of specialties. These include business, cryptology, device diagnostics, or even policies, and best practices.
Much more assistance is needed to keep pace with the latest methods and number of incidents. That’s where prevention and end-user assistance comes in.
“I teach people that, when you want to do anything well, it’s important to remember and practice the basics,” says Zach. “From a cybersecurity perspective, that means don’t accept friend requests from strangers. Keep IT systems clean and up to date. Remember the potential hacker audiences when posting online. Be wary of suspicious links. And don’t use the same password for multiple accounts.”
“We need everyone’s help to prevent cyber threats.”
Thanks, Zach, and the rest of the CSOC team.