Categories
Security Tampa Bay What I’m Up To

The Undercroft and their cybersecurity course, UC Baseline

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.One of the silver linings of my job evaporating due to the pandemic is that I suddenly had a lot of free time to try some new things. The best of those new things by far was my five weeks in The Undercroft’s inaugural UC Baseline cybersecurity course.

What is The Undercroft?

The Undercroft was recently featured in the Tampa Magazine article, The Latest on Tampa’s Tech Scene. Here’s the relevant excerpt:

Over the past year, a number of notable out-of-state tech companies have chosen to open offices in or relocate to Tampa. Last December, Tampa beat out other up-and-coming tech hubs like Denver and Atlanta as the new home of Boston-based Drift, a marketing technology platform. Information technology training franchiser New Horizons moved its headquarters from Pennsylvania to Tampa in January. And that same month, D.C.-based technology company TheIncLab expanded to Ybor City. TheIncLab opened an “Artificial Intelligence Experience Lab” in The Undercroft, a cybersecurity incubator that launched last summer with the hopes of turning the historic Ybor into a tech industry hotspot.

“At The Undercroft, we’re focusing on the supply side of cybersecurity,” says CEO Adam Sheffield. “How do we support more talent in this community and more people who have passion for the field?”

Initially conceived as a co-working type space where startups and members could connect, The Undercroft launched a training program, UC Baseline, in response to layoffs during the coronavirus shutdown. The UC Baseline program is designed to help educate people moving into the cybersecurity workforce or transitioning from traditional IT roles. Ten participants have signed up for the six-week program that offers courses in networking, software, and hardware, according to Sheffield Incubators and accelerators are behind much of Tampa’s recent tech growth, as nonprofits like the Tampa Bay Wave and Embarc Collective offer resources and networking opportunities for local startups, including two recent programs that focus on boosting the  representation of women and diversity in the tech industry.

To describe The Undercroft as Tampa Bay’s security guild and cybersecurity coworking space is fair, but that description doesn’t capture the spirit of the place.

A better way to paint the picture would be to call it the 21st-century cybersecurity counterpart of coffeehouses in 17th- and 18th-century England. Like those coffeehouses of old, The Undercroft is a place in a beautiful old building that functions as the home for the (often boisterous) exchange of ideas, the advancement of specialized fields of knowledge, a little deal-making, and if you pay attention, a great place to learn.

(Thankfully, The Undercroft departs from those old coffeehouses in one important way: Women are welcome in The Undercroft.)

How I ended up in UC Baseline

Back in mid-July, I’d heard about scholarships for The Undercoft’s then-upcoming cybersecurity class. I posted an article about it, which ended with this quip:

(I’ll admit it: Although I’m not likely to qualify, I applied.)

I applied, and to my surprise, I qualified, which meant that I was in this classroom a couple of weeks later:

What I did in UC Baseline

And thus began five intense weeks, which comprised the following…

Hardware 101 — Gain a thorough understanding about the devices on which all our software runs and through which all our information flows:

Networking 101 — Learn how our systems are connected and the ways in which they communicate through these connections:

Tap to view at full size.

Linux 101 — Covers the foundations of security in Linux environments, the OS on which the internet runs:

Tap to view at full size.

Windows 101 — Here’s a big challenge — learn the foundations of security for Windows environments:

Tap to view at full size.

Information Security 101 — Covers everything from core IT concepts, to cybersecurity principles, methods, and practices:

Tap to view my set of links from Infosec Week at UC Baseline.

Python 101 — If you’re doing security, you should have some coding skills to automate your work and build tooling, and Python’s an excellent language for that task:

Tap to view at full size.

 

This is not for someone who’s casually curious about cybersecurity. It’s a lot of work. As I wrote midway through the course:

If you take The Undercroft’s five-week cybersecurity course, UC Baseline, you will have to absorb a lot of material.

After one particular day, I felt like the cat in this video:

The course was taught by a team of instructors who work in the security industry when they’re not teaching. They’re also a personable bunch, and all of them went above and beyond in their efforts to ensure that we students were getting the most out of our classes.

The course ended with a career fair featuring presenters and recruiters from local and national cybersecurity organizations…

and then a Capture the Flag competition and socially-distanced barbecue:

The payoff

Did it pay off to devote 5 weeks, 5 days a week, 8 hours a day, to attend UC Baseline? I think it did.

I’m really a programmer and developer evangelist by training and experience. There’s a tendency in both these lines of work to think of security as an afterthought. Attending UC Baseline, learning from actual security professionals, getting my hands on the actual hardware and software used by the pros, and even just being in The Undercroft helped me refine my security mindset.

That in turn helped me bring my A-game when it was time to apply for a job at Auth0 and then go through their rigorous interview process (which I wrote about here).

I’m not alone — 8 out of 10 of the inaugural UC Baseline class got work around a month or so after completing the program.

My thanks to the instructors for the excellent courses:  , Koby Bryan , Michael Dorsey , George Bilbrey , Jon B , Zoran Jovic, as well as my fellow students, who made the classes more enjoyable: Hawley , Danielle True ,  , Melissa Bloomer , Alyssa Kennedy , Nicolas Claude , Ryan Butler, and Anthony Davis!

And of course, special thanks to Team Undercroft, for making such a special place — the Tampa tech scene just wouldn’t be same without you: Joy Randels, Adam Sheffield, and Chris Machowski!

Another UC Baseline in 2021!

If UC Baseline sounds interesting to you, and if you think you’re up to the challenge, there’s another one taking place in early 2021. Visit the UC Baseline page to find out more!

Find out more

Categories
Humor Security

Cybersecurity can be stressful

Just ask this practitioner…

Categories
Humor Security

I’ll admit it: This Facebook trick question impressed me.

Look at that stat: 87,672 shares. I wonder how many people posted an answer.

I should come up with a list of the other common security questions, cleverly re-phrased.

Categories
Reading Material Security Tampa Bay

My list of links from class discussions during UC Baseline’s InfoSec week

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.During the Information Security week of the UC Baseline cybersecurity program, the instructors asked us a lot of questions whose answers we had to look up. As a way to maximize participation, we were encouraged to share lots of links of the class’ Slack channel, which also functioned as a backchannel, as well as a way to chat with the students who were taking the course online.

The links that we shared in class were valuable material that I thought would be worth keeping for later reference. I’ve been spending an hour here and there, gathering them up and even organizing them a little. The end result is the list below.

Since these are all publicly-available links and don’t link to any super-secret UC Baseline instructional material, I’m posting them here on Global Nerdy. Think of this list as a useful set of security-related links, something to read if you’re bored, or a peek into what gets discussed during the InfoSec week of the UC Baseline course!

The links

  • U.S. Department of Health & Human Services: Cyber Security Guidance Material
    A collection of “educational materials specifically designed to give HIPAA covered entities and business associates insight into how to respond to a cyber-related security incidents.”
  • DFIR — Digital Forensics and Incident Response
    “Digital forensics and incident response is an important part of business and law enforcement operations. It is a philosophy supported by today’s advanced technology to offer a comprehensive solution for IT security professionals who seek to provide fully secure coverage of a corporation’s internal systems.”
  • Understanding RPO and RTO
    “Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two of the most important parameters of a disaster recovery or data protection plan. These are objectives which can guide enterprises to choose an optimal data backup plan.”

  • The 3-2-1 backup rule
    “For a one-computer user, the VMware backup strategy can be as simple as copying all important files to another device – or, ideally, several devices – and keeping them in a safe place. However, for multiple computer systems, things can be (and usually are) much more complicated, especially when it comes to virtual environments containing thousands of virtual machines. To protect physical machines, you would need to perform Windows Server backup or Linux Server backup, which might be difficult without effective backup tools. In these cases, a comprehensive data protection plan should include the 3-2-1 backup rule.”

  • Evaluating Risks Using Quantitative Risk Analysis
    “Project managers should be prepared to perform different types of risk analysis. For many projects, the quicker qualitative risk assessment is all you need. But there are occasions when you will benefit from a quantitative risk analysis.Let’s take a look at this type of analysis: What is it? Why should we perform it? When should it be performed? And how do we quantify risks?”

  • Buffer/stack overflows
  • Here are six basic human tendencies that are exploited in social engineering attacks:
    1. Authority: An attacker may call you pretending to be an executive in order to exploit your tendency to comply with authority figures.
    2. Liking: An attacker may try to build rapport with you by finding common interests, and then ask you for a “favor”.
    3. Reciprocation: An attacker may try to do something for you, or convince you that he or she has, before asking you for something in return.
    4. Consistency: An attacker might first get your verbal commitment to abide by a fake security policy, knowing that once you agree to do so, you will likely follow through with his next request in order to keep your word.
    5. Social Validation: An attacker may try to convince you to participate in a fake survey by telling you that others in your department already have. He or she may have even gotten some of their names and use them to gain your trust.
    6. Scarcity: An attacker may tell you that the first 10 people to complete a survey will automatically win a prize and that since some of your co-workers have already taken the survey, you might as well too.
  • Social Studies – A Lesson in Social Engineering Basics
    As we have become more and more vigilant against clicking on malicious links in suspicious emails, some social engineers have gone back to the classic person-to-person approach. Their basic strategy is to prey on vulnerabilities in human nature.