Preventing a Big Hack Attack

If you’re reading this story using an electronic device, you might be hacked before you get to the next paragraph.

Welcome to the 21st century, where new technologies and new vulnerabilities seem to be going hand in hand. The good news is, there are people on your side working and learning to protect you and your personal information. One of those people is University of South Alabama student Trinity Stroud, a junior in USA’s School of Computing.

And she acknowledges your cyber insecurities.

“It is my understanding that most systems and software start out with vulnerabilities,” Stroud said. “As black hat and white hat hackers alike attempt to exploit these vulnerabilities, the cybersecurity community’s knowledge of the causes for these vulnerabilities and the means to prevent or avoid them grows.”

For the uninitiated, a black hat hacker tries to exploit computer security for malicious reasons. A white hat hacker looks for computer security flaws that a black hat hacker could exploit.

“I think that as technology advances and new systems are designed and implemented, vulnerabilities are to be expected,” Stroud continued. “Though we may not be moving toward an environment more secure from hacking overall, I believe we are making progress toward ensuring security in areas where years ago such a level of security was not the norm.”

Stroud, who graduated from Mary G. Montgomery High School in Semmes, participated earlier this year in the nationwide Cyber FastTrack Competition and emerged as one of 100 finalists from an initial group of 13,289 college students. The month-long competition, which took place online, tested research techniques, security disciplines such as Linux, cryptography, programming, identifying security flaws, in-depth code cracking and how to dissect a cyber criminal’s digital trail. Of the more than 250 “challenges” presented to the students, Stroud completed 86 percent.

As a reward for her top 100 finish, Stroud received a Cyber Honors academic scholarship valued at $22,000 from the SANS Institute, which bills itself as “by far the largest source for information security training and security certification in the world.”

Dr. Todd McDonald, USA computer science professor, echoed that sentiment. “SANS certifications are very significant in both industry and government for security-related professionals,” McDonald said.

The SANS courses run 90 days at a time and all are offered online. Stroud will begin her first course, Applied Cybersecurity Security Essentials, in December. “I expect to begin a more intensive study into hands-on IT systems roles with respect to security tasks,” she said. “This course should expose me to defense, cryptography, network and endpoint security, and penetration testing, among other topics.”

She is scheduled to graduate in May of 2021. And after that? “I hope to later apply what expertise I have developed by that time to a career focused in computer science and perhaps cybersecurity in particular.”

Stroud was one of 17 South Alabama students who participated in the competition. USA’s Jarrod Carson was among 541 students to reach the semifinals. “Given the number of students who participated nationally and the prominence of USA and School of Computing students who participated among other colleges in Alabama, this is a very distinguished honor for Trinity, Jarrod and our school,” McDonald said.

McDonald is the faculty advisor for USA’s DayZero student organization, which promotes professional development in cybersecurity knowledge and awareness. Club members participate in capture the flag and red team/blue team competitions, similar to Cyber FastTrack, on a regular basis.

“These competitions lay the foundation for students to join the cybersecurity workforce in both government and industry after graduation,” McDonald said. “With only 1 in 4 cybersecurity jobs currently being filled nationwide, the club opens up incredible opportunities for USA students.”

DayZero students participate in three major national competitions yearly, among many others, including the Cyber Collegiate Defense Competition, or CCDC, the Cyber Penetration Testing Competition and the Department of Energy’s CyberForce challenge. In 2017, USA’s team made it to the national CCDC competition and placed fifth in the nation among some 300 university teams.