Cyber Camp 2023 Highlights

The Cybersecurity Education Program had the pleasure of hosting twenty-six high school students for our second annual Cyber Camp, June 12-14, 2023. Our goal for these three days was for each student to gain a solid understanding of the foundations for cybersecurity, to get a small taste of college life on Messiah’s campus, and to form friendships.

This year, we had several special guests join us from the cybersecurity industry. Ryan Donat, who works for Intuidex and is a Messiah Cybersecurity graduate, talked to us about web application pen testing. Evgueni Erchov, from Arete Advisors, spoke to us about ransomware incident response. We also had Messiah’s Director of IT Security, Allen Snook, give us a tour of the Security Operations Center, where our interns work each semester gaining real-world cybersecurity experience. Allen was joined by two of our cybersecurity students, Ben and Aiden, who spoke to us about their experience working in the SOC and guided us through several Graylog exercises to find network intruders. The Cyber Camp students loved getting this up-close exposure to working in a security ops environment.

Everyone seemed to really enjoy hearing from our guests, learning new concepts such as network mapping and intrusion detection, and working on picoCTF challenges. We also had a great time having lunch together each day as we navigated the wildness of summer camp season at Lottie Dining Hall! Students came away saying one of their favorite parts of the camp was meeting people and making new friends.

Thank you to the entire Cyber Camp staff for running the camp. Thanks also to the Events, Admissions, and Dining Services staff at Messiah for all they do to make camps like this happen each year.

A very special thanks goes to our students at Cyber Camp 2023 – you were what made this camp awesome. We enjoyed meeting you and look forward to seeing where your path leads you next!

We are already making plans for Cyber Camp 2024, so stay tuned to the blog and the Cyber Camp website for all the details once they’re available.

Cyber Camp 2023 students and staff
Cybersecurity Education Program Director Lynn Bigelow with Cyber Camp student.
Cyber Camp Counselor Emily helping a student.
Two Cyber Camp students.
Cyber Camp Director Vinny Sakore teaching on cybersecurity fundamentals.
Working hard on a picoCTF challenge.

Cybersecurity For Your Vacation, Part 3

This is the final installment in our series on how to stay cyber safe during your travels. Many thanks to National Cybersecurity Alliance for partnering with us to provide you with resources on this topic. Catch up on Part 1 and Part 2 of the series if you haven’t already!

In today’s post, we’re bringing you a webinar featuring speakers who work on the front lines of data protection in Southwest Airlines, Marriott, the Department of State, and AARP. You’ll hear their expert tips on keeping your identity safe when traveling, what to know about public wi-fi, and when to use your device’s location settings. They answer some great viewer questions at the end (such as what to do if the rented home you’re staying at has cameras everywhere). It’s a fascinating and informative discussion!

Featured Speakers:
  • Liz Buser, Senior Advisor, Fraud Prevention Programs, AARP
  • Nick MacDiarmid, Director, Cyber Incident Response, Marriott
  • Jessica Willingham, Senior Analyst, Cybersecurity, Southwest Airlines
  • Lindsey Carraher, Interagency Liaison, Office of Cyber Threat and Investigations, Department of State

Cybersecurity For Your Vacation, Part 2

We are linking up again with The National Cybersecurity Alliance to bring you a series of posts on remaining cyber safe as you embark on your next travel adventure.

If you followed our tips from Part 1 of this series, you know that there are steps you can take before you leave for vacation to help you remain cyber secure. This post covers best practices for keeping your devices, data and accounts safe during the travel portion of your journey, as well as once you’ve arrived to your destination. Here we go!

Actively manage location services

Location tools come in handy while navigating a new place, but they can also expose your location ‒ even through photos. Turn off location services when not in use, and consider limiting how you share your location on social media.

Use secure wi-fi

Do not transmit personal info or make purchases on unsecure or public Wi-Fi networks. Don’t access key accounts like email or banking on public Wi-Fi. Instead, use a virtual private network (VPN) or your phone as a personal hotspot to surf more securely.

Think before you post

We mentioned this in our last post, but it’s worth repeating. Think twice before posting pictures that indicate you are away. Wait until you getting back to share your magical memories with the whole internet. You might not want everyone to know you aren’t at home.

Protect physical devices

Ensure your devices are always with you while traveling. If you are staying in a hotel, lock them in a safe if possible. If a safe is not available, lock them in your luggage. Don’t leave devices unattended or hand them over to strangers. Using your device at an airport or cafe? Don’t leave it unattended with a stranger while you go to the restroom or order another latte.

Stop auto connecting

When away from home, disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. Bluetooth enables your device to connect wirelessly with other devices, such as headphones or automobile infotainment systems. Disable these features so that you only connect to wireless and Bluetooth networks when you want to. If you do not need them, switch them off. While out and about, these features can provide roving cybercriminals access to your devices.

If you share computers, don’t share information

Avoid public computers in hotel lobbies and internet cafes, especially for making online purchases or accessing your accounts. If you must use a public computer, keep your activities as generic and anonymous as possible. Avoid inputting credit card information or accessing financial accounts. If you do log into accounts, such as email, always click “logout” when you are finished. Simply closing the browser does not log you out of accounts.

In summary, below is a handy infographic from our friends at the National Cybersecurity Alliance that highlights their top five cyber safety tips for travelers. Hopefully this information, along with everything else we’ve covered in the last two posts, will help you enjoy your summer getaways even more.

Our final post in this series will be next week, when we bring you a webinar featuring speakers who work on the front lines of data protection in Southwest Airlines, Marriott, the Department of State, and AARP.

Cybersecurity For Your Vacation, Part 1

We are linking up again with The National Cybersecurity Alliance to bring you a series of posts on remaining cyber safe as you embark on your next adventure.

We’re coming up on peak vacation time in the Northern Hemisphere, so we wanted to send a checklist to help you remain cyber safe during your travels. In this first part of our series we’ll cover some tips for the preparation phase of your trip, as you’re packing and getting ready to go. Bear these tips in mind to keep your vacation plans free from cybercriminal meddling.

Travel lightly

Limit the number of devices you take with you on your trip. The more laptops, tablets and smartphones you take with you, the more risk you open yourself up to.

Check your settings

Check the privacy and security settings on web services and apps. Set limits on how and with whom you share information. You might want to change some features, like location tracking, when you are away from home.

Set up the “find my phone” feature

Not only will this feature allow you to locate your phone, it gives you the power to remotely wipe data or disable the device if it gets into the wrong hands.

Password protect your devices

Set your devices to require the use of a PIN, passcode or extra security feature (like a fingerprint or facial scan). This will keep your phone, tablet or laptop locked if it is misplaced or stolen.

Update your software

Before hitting the road, ensure all the security features and software is up-to-date on your devices. Keep them updated during your travels by turn on “automatic updates” on your devices if you’re prone to forgetting. Updates often include tweaks that protect you against the latest cybersecurity concerns.

Back up files

If you haven’t backed up the data on your devices, like photos, documents or other files, do so before heading on vacation. If your device is lost, stolen, broken or you otherwise lose access to it, you won’t lose all your data. You can back up your data on the cloud, on an external device like a hard drive or, preferably, both.

One More Thing

We’ll just let this image speak for us. 👇

Seriously. Think before you post.

Next time: Cybersecurity tips for when you finally reach your destination!

Messiah Competes in MACCDC 2023

This post was written by Ray Truex, Cybersecurity major and captain of Messiah’s CCDC (Collegiate Cyber Defense Competition) team.

Last Friday and Saturday (March 31 – April 1, 2023), students from Messiah University were given the opportunity to compete at the MACCDC (Mid-Atlantic Collegiate Cyber Defense Competition) regional event. Originally, the team had placed 12 out of about 30 teams, missing qualifiers by a few spots. The team still planned on attending the regional event as volunteers but thanks to a last-minute dropout of another team, Messiah was actually able to compete. In less than a few hours a team of six was assembled and on their way to Largo, Maryland.

The night before the competition the final team packet was sent, and we noticed that we had over forty systems to harden and ensure availability. The competition was scored on six categories: service availability, business injects, board meetings, orange team, red team activity, and IR reports. The team was very limited, half of us had not even competed in the qualifier, and this was our first CCDC event.

The initial plan once the competition started was to get into the systems and change the default passwords. After that, students broke into groups; some worked on injects while others worked on hardening services. As the team captain, I was tasked with responding to board requests which were very aggressive in their demands. Their main demand was to make sure that the hypothetical shipping company that we were running was accepting orders and getting packages shipped. Day one came to an end quickly. Everyone was very fatigued and there was still a lot to do. After a debrief at Applebee’s with our coach, Dr. Bibighaus, we made sure we had a more focused approach for day two.

At the start of Day two, we had a meeting with the board of directors, during which I got yelled at by them for not having shipped any packages yet. As soon as the meeting ended, we got back to work. Unfortunately, we were unable to prioritize their request for getting packages shipped as the team was busy putting out fires the rest of the day. We did, however, have a minor victory of getting the blog server up and running, and at one point even having the greatest number of services running. The rest of the day consisted of continuing to harden and ensure availability, as well as completing injects and incident response reports.

Day two was also April 1st, April Fools’ Day, so we started the day with the power strip turned off. This incident ended up being the highest scored incident report that we submitted, so it worked in our favor. An additional April Fool’s setback was the scoreboard being messed up the whole day, making it exceptionally hard to determine how we were doing on keeping our services online. After lunch on day two, the red team was given the green light to destroy everything, and we started noticing subtle signs like our webpage being defaced by power rangers. Within an hour or two left in the competition, services were dropping like flies. The last thirty minutes of the competition was dedicated entirely to filling our incident response reports due to the sheer number of attacks we were experiencing.

The competition ended and Messiah placed 6th out of 7 teams, beating out George Mason University for last place. The team was very happy to get anything but last place, since this was our inaugural year. Being able to compete at regionals was much more than we expected. We brought back so much more to learn, practice, and prepare for next year. We were also able to meet many new employers and other teams to partner with in the future. The team is very excited to prepare for next year and hopefully get back to regionals.

Messiah University Collegiate Cyber Defense Competition team members who competed in MACCDC 2023.

Cyber Camp 2023

Registration is now open for Cyber Camp at Messiah University this summer!

This day camp for high school students entering 9th through 12th grade is a fun way to dive into the world of cybersecurity. We’ll focus on the human factor of cybersecurity through topics such as cryptography, online behavior and privacy, data breaches, ethical hacking, and social engineering.

Students will learn through hands-on cyber labs, simulations, and interactive gaming scenarios. Plus, they’ll receive instruction directly from our cybersecurity faculty and industry experts, all while getting to experience an introduction to what college life is all about.

The camp takes place June 12-14. Space is limited, so register soon! Find all the details here:

Capture the Flag Event

Messiah University’s Computer Science Club and associated Women in Cybersecurity (WiCyS) chapter hosted their Spring CTF Night on February 24th. A CTF (Capture-The-Flag) event is a cybersecurity competition in which participants complete cyber-related challenges to find hidden strings of characters, called flags, that they submit to win points.

Our CTF included 24 challenges designed by our club leadership in areas such as cryptography, steganography, password cracking, web server vulnerabilities, and more. Many cybersecurity students participated and got the chance to learn new skills, hang out with friends, and potentially win Cyber Program hoodies!

We are grateful for our collaboration with the Games Club and Cybersecurity Program to provide pizza/snacks and a large group of students excited about this event. We hope to continue hosting a CTF Night each semester in the future and look forward to the events.

This post was written by Grace, a Cybersecurity student and leader of the WiCyS chapter at Messiah. We appreciate Grace’s hard work in spearheading and overseeing this event.

WiCyS Hosts “Women in Cyber Lunch”

The local WiCyS (Women in Cybersecurity) chapter, along with support from the Cybersecurity Education Program, hosted a Women in Cyber lunch for female CIS, Cybersecurity, and Business students on February 16 in the Messiah University Cyber Center. It was a time of making connections and learning from one another over a shared meal. Special guest Christina Martin, Cybersecurity and IT specialist at Highmark Health, spoke about the importance of having a healthy support network and of not being afraid to try new things in the industry. The event ended with a time of Q&A, followed by an extended time of fellowship and networking.

We are grateful to Christina for making time in her schedule to speak with our students. We’re also grateful to our students for their leadership of this event. We hope to do more events like this in the future that deal with the crossroads of cybersecurity, tech, and business, as well as women in leadership.

Special thanks to the Gender Concerns Committee for sponsoring this event!

A few of the attendees of the Women in Cyber Lunch, February 2023.

Messiah Students Participate in Cyber Defense Competition

On February 4, students from Messiah University participated in the collegiate cyber defense competition, a six-hour-long cyber security inherit and defend competition. This year’s scenario was to inherit a fictitious shipping company’s infrastructure and harden it before the hackers started attacking it. Students worked as a team to fix problems, harden the infrastructure, update, and ensure service availability all while being given business tasks from the company such as writing newsletters, acceptable use policies, and getting Graylog working.

This was the first year that Messiah University has participated in the competition. Led by coach Dr. Bibighaus and captain Ray Truex, a team was quickly formed and preparation started. The team roster included Luke Anderson, Justin Ayres, Chris Copeland, Ryan Donat, Delainey Gray, Aidan Hubly, Brandon Snook, Michael Stefanchik, Grace Taylor, Ray Truex, Shane Wahlberg, and Xavier Zepiora.  Each team member was assigned a certain machine to work on either apps, core, files, virtual, data, logs, and saas.

During the competition, the team was able to see a scoreboard showing which services were up and running and which were down, in addition to total score and place. After the competition, Xavier Zepiora said “we were not off to a great start, showing up as last place on the scoreboard at the start, but after a few hours of having all of our services up and running we slowly started climbing places passing other teams”. Messiah University went from last place to a high of thirteenth place. By the end of the competition the team was ranked 15th out of 29, which meant the team did not place in the top eight teams which move on to regionals. A few days after the event, the competition director notified the team of our final score, which was 11th out of 26. 

Ryan Donat, Michael Stefanchik, and Shane Wahlberg are seniors this year and will not be able to compete next year but are still excited for the future of the team. After the competition Shane Wahlberg said “I am so excited for the future of the team, this was the first year and we just wanted to see what the competition was like. I think we did pretty good for it being our first year”. After having one competition under the team’s belt, the team is ready to start recruiting and preparing for next year. The team has a large list of items that they now know they need to work on more in-depth. The main goal in training for the next competition include having a CCDC virtual environment where the team can practice during their meetings. Some team members hope to go to regionals as volunteers to gain more experience and talk to other teams to learn from how they prepare for the event. Just because the competition for this year is over for the team does not mean that practice and training is over, the team will continue training and recruiting until the next event.

*This post was written by Messiah Cybersecurity major Ray Truex. If you are a Messiah Cybersecurity student and you’re interested in joining the CCDC team, reach out to Ray for more information.

New YouTube Channel!

We’ve launched a brand new YouTube channel, where our goal is to showcase the stories of our students – why they’ve chosen cybersecurity as a career, how they ended up at Messiah, and even what cybersecurity is and why it’s important. We’re thrilled to be able to capture some of their experiences in their own words, and to have a platform where students can bring awareness to the importance of cybersecurity for individuals and corporations.

Watch the first videos and subscribe here >>