Educause Security Discussion mailing list archives

Re: Cybersecurity Students


From: Rob Milman <rob.milman () SAIT CA>
Date: Fri, 5 Apr 2019 14:18:03 +0000

I've met with our cybersecurity students numerous times and they have always asked the same question, can we practice 
on your network? The answer has always been no. This is reinforced by them having to sign a document that outlines the 
repercussions for doing so. We do provide them with air-gapped labs so they can attack as hard as they want. Recently 
they started asking a new question, would you consider putting up a bug bounty? That has got me thinking, if the big 
guns (Google, Microsoft, Apple) can trust their millions of users to report bugs and not attack why can't we trust our 
students to do the same? I'd still have to keep some very sensitive areas out of scope like research and health, but I 
would like to know if there is an exploitable vulnerability in any of our student facing systems. In the back of my 
mind, I think that they have already found some weakness and the bug bounty question is a veiled attempt at telling me.

Rob Milman

[cid:image004.png@01D18F19.9217E950]

Rob Milman
Associate Director, Information Security
Information Technology Services

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 - 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca<mailto:rob.milman () sait ca>





From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Pete, Andrew
Sent: Thursday, April 4, 2019 11:45 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cybersecurity Students

Hi Everyone,

I was brought on a little over a year ago to help improve the organization's overall security posture and build out an 
information security program.  Historically, we have authorized our faculty to let students evaluate the security 
posture of our infrastructure as part of their teaching efforts.  I have started an internal discussion around ceasing 
these types of activities by faculty and students for security reasons.  I was curious what other institutions are 
doing in regards to this area?

Thanks,

Andrew Pete
Information Security Architect

New England Institute of Technology
One New England Tech Boulevard
East Greenwich, RI 02818-1205
401-780-4460 (Direct)
apete () neit edu<mailto:apete () neit edu>

[NEIT_Full_Stack_H_White_BG_PNG1]



Current thread: