Educause Security Discussion mailing list archives
Re: Cybersecurity Students
From: Rob Milman <rob.milman () SAIT CA>
Date: Fri, 5 Apr 2019 14:18:03 +0000
I've met with our cybersecurity students numerous times and they have always asked the same question, can we practice on your network? The answer has always been no. This is reinforced by them having to sign a document that outlines the repercussions for doing so. We do provide them with air-gapped labs so they can attack as hard as they want. Recently they started asking a new question, would you consider putting up a bug bounty? That has got me thinking, if the big guns (Google, Microsoft, Apple) can trust their millions of users to report bugs and not attack why can't we trust our students to do the same? I'd still have to keep some very sensitive areas out of scope like research and health, but I would like to know if there is an exploitable vulnerability in any of our student facing systems. In the back of my mind, I think that they have already found some weakness and the bug bounty question is a veiled attempt at telling me. Rob Milman [cid:image004.png@01D18F19.9217E950] Rob Milman Associate Director, Information Security Information Technology Services Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 - 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca<mailto:rob.milman () sait ca> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pete, Andrew Sent: Thursday, April 4, 2019 11:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Cybersecurity Students Hi Everyone, I was brought on a little over a year ago to help improve the organization's overall security posture and build out an information security program. Historically, we have authorized our faculty to let students evaluate the security posture of our infrastructure as part of their teaching efforts. I have started an internal discussion around ceasing these types of activities by faculty and students for security reasons. I was curious what other institutions are doing in regards to this area? Thanks, Andrew Pete Information Security Architect New England Institute of Technology One New England Tech Boulevard East Greenwich, RI 02818-1205 401-780-4460 (Direct) apete () neit edu<mailto:apete () neit edu> [NEIT_Full_Stack_H_White_BG_PNG1]
Current thread:
- Cybersecurity Students Pete, Andrew (Apr 04)
- Re: Cybersecurity Students Greg Williams (Apr 04)
- Re: Cybersecurity Students Zachary Yamada (Apr 04)
- Re: Cybersecurity Students Frank Barton (Apr 04)
- Re: Cybersecurity Students Zachary Yamada (Apr 04)
- Re: Cybersecurity Students Burns, Denis (Apr 05)
- Re: Cybersecurity Students Nicholas Garigliano (Apr 05)
- Re: Cybersecurity Students Pete, Andrew (Apr 05)
- Re: Cybersecurity Students Brian Basgen (Apr 05)
- Re: Cybersecurity Students Bob Mahoney (Apr 05)
- Re: Cybersecurity Students Pete, Andrew (Apr 05)
- Re: Cybersecurity Students Giacobe, Nick (Apr 05)
- Re: Cybersecurity Students Greg Williams (Apr 04)
- Re: Cybersecurity Students Rob Milman (Apr 05)
- Re: Cybersecurity Students Giacobe, Nick (Apr 05)
- Re: Cybersecurity Students Michael Duff (Apr 05)
- Re: [EXTERNAL]Re: [SECURITY] Cybersecurity Students Baillio, Aaron (Apr 05)
- Re: [EXTERNAL]Re: [SECURITY] Cybersecurity Students Michael Duff (Apr 05)
- Re: Cybersecurity Students Giacobe, Nick (Apr 05)