‘Hack NDSU’ Event Project

Additional Info

Job title of nominated professional (or team name)'Hack NDSU' Event Project
Company (where nominated professional or team is working)North Dakota State University
Websitendsu.edu/cybersecurity
Company size (employees)5,000 to 9,999
CountryUnited States
Headquarters RegionNorth America

Overview

In 2019, NDSU launched the cutting-edge ‘Hack NDSU’ program. Hack NDSU gives students real penetration testing experience by allowing them to perform authorized ethical hacking of the NDSU network and server systems. Students had the option of performing testing on their own, under the supervision of the professional penetration testers and NDSU IT staff, or following along with the penetration testing professionals.

Two professional penetration testers, Mike Saunders from Red Seige and Tim Jensen from AppSec Consulting, each led one day of the event, demonstrating professional penetration techniques for students and suggesting and supervising their ethical hacking activities.

NDSU’s Information Technology Division provided the professionals and the students with a scope of work that constrained what areas of the network they were allowed to test. The professional penetration testers and the students conducted reconnaissance and scanning activities. Then, from the potential targets identified, multiple attacks were conducted to test various servers and networking equipment. The professional penetration testers and the students used both tool-automated attacks and several manual attacks. Students got to demonstrate their existing skills, developed through coursework, and learned several new techniques that were demonstrated by the professionals during the event.

The event was organized by NDSU Chief Information Security Officer Enrique Garcia and NDSU Computer Science Asst. Professor and Cyber Security Institute Associate Director Jeremy Straub. Garcia spearheaded the initial development of the program and attained the necessary buy-in from information technology and general university leadership. He secured funding, from NDSU Information Technology, for food for the student participants and also coordinated the legal arrangements and non-disclosure agreements for participants. Straub organized facilities, equipment and student participants, in addition to coordinating the day-of-event activities. NDSU Senior IT Security Analyst Jeff Gimbel also helped organize day-of-event activities and prepare students.

Accomplishments

* Students got real-world, hands-on penetration testing experience.
* Students got to demonstrate their existing skills, developed through coursework, and learned several new techniques that were demonstrated by the professionals.
* Event was led by professional penetration testers Tim Jensen and Mike Saunders (from AppSec Consulting and Red Seige, respectively).