Team Reflection: BCM Security
CYSE 368 Fall 2024
Clyde C., Mohammad S. & Bilal M
In your team reflections, tell us about your client (a quick synopsis of the business and leadership).
We Insure Things is part of the financial industry, offering insurance policies to customers. Because the client is involved with the insurance industry, which is an integral part of the global economy, they aid people in mitigating risks, very similar to the objective of cybersecurity. Insurance companies are known as risk mitigators for individuals and organizations, providing contracts for clients that result in financial compensation (directly or indirectly) in the episodes of mishaps, disasters, accidents, etc., as outlined in the contract.
We Insure Things is a trusted insurance provider that delivers innovative and reliable solutions across multiple locations, including Las Vegas, Nevada; Norfolk, Virginia; Marshall, North Carolina; and Atlanta, Georgia. With a commitment to exceptional service and long-lasting client relationships, We Insure Things aims to protect and support every facet of its customers’ lives. The company provides comprehensive coverage options tailored to individual and business needs, ensuring peace of mind and security through adaptable, forward-thinking insurance solutions.
Founded and run by the owner himself, Logan Wease does a commendable job of managing his small business. He manages all of the IT functions, despite not having much secondary education knowledge, a B.S. in Political Science. He puts his best effort, through educating himself in areas that are unfamiliar that are critical to the operation of his business. Very personable, and his aptitude and desire to learn made him a great client to work with.
Discuss the client engagement with your team. How often did you communicate? Were there barriers that you were able to resolve or not able to resolve?
Upon our initial meeting, we as a team were more than ready to not only meet our client but to soak in knowledge regarding the business tailored to their initial questionnaire sheet and questions of our own that aligned with our project’s objectives. Ready with questions, each of us paid careful attention to his answers to his questions and ours and took a lot of notes. Due to our strategic and carefully devised plan, there was not a call for a lot of communication. However, we did communicate through email on 3 occasions for clarification and a more thorough understanding regarding the LAN, data security measures currently in place, and a general understanding of the IT infrastructure of the business.
In your team reflection, what went right? What went wrong? If you could do the project over, what would you do differently?
More could have been done to thoroughly assess We Insure Thing’s business by utilizing free open-source tools like Tenable Nessus and Snort. Using vulnerability assessment tools like the aforementioned would have allowed us to get even more thorough results on their cyber risk posture. Possible earlier preparation and pre-emptive thinking would have allowed us to incorporate this in our deliverable/report.
The team overall gelled very well in regards to making sure that we were able to get things down promptly. We feel as if we complement each other very well in terms of understanding our strengths and weaknesses and picking up on one another’s shortcomings. We see now why they say everything happens for a reason and I am very grateful to be a part of this wonderful team.
Describe the most motivating or exciting aspects of the internship.
The first exciting aspect of the internship was our brief and knowledge gathering regarding the project itself, the main deliverable. Knowing that we could aid a local Hampton Roads business that sought help to address their cybersecurity concerns, made us feel important as scholars, that we could make an economic, academic, and personal impact.
Another highly motivating aspect of the internship for our team was the sense of collaboration and teamwork. Working together with peers and mentors brought different ideas, skills, and approaches to the table. Sharing knowledge, discussing strategies, and tackling problems as a group created a supportive and energetic environment. This collaborative approach not only motivated us but also led to better, well-rounded solutions, allowing each one of us to learn from one another and feel more confident in our roles.
Describe the most challenging aspects of the internship.
One of the most challenging aspects of the internship was understanding the overall pace at which the internship was moving. However, with proper collaboration and teamwork, we are probably one of the best teams for the job. It became much easier after we spoke to Logan because it paved the way for what needed to be done in that amount of time.
Another challenging aspect was solving complex problems related to cybersecurity. We Insure Things had many cybersecurity concerns, like phishing attacks, malware, data breaches, and ransomware. Analyzing these problems and finding solutions required a deep understanding of cybersecurity principles and practical ways to apply them. This was difficult because every situation was different, and we had to find the best approach for each issue.
To tackle this challenge, our team used the NIST Cybersecurity Risk Management Framework 2.0 as a guide. We first assessed the company’s current security posture and identified areas that needed the most attention. By breaking down each problem step by step, we could focus on specific risks and develop targeted solutions. We also used Design Thinking, which helped us be creative and consider different perspectives when thinking of solutions. This approach made it easier to understand the company’s unique challenges and think of practical ways to improve its cybersecurity.
Collaborating as a team was essential. We shared our ideas, discussed possible solutions, and made sure we all agreed on the best actions to take. This teamwork helped us stay organized and made sure that our solutions were both effective and practical for the company to use.
List your recommendations for future interns in this internship. What preparations do interns need before starting the internship?
Overall, the timeline and schedule were adequate for our team to meet the expected deadlines for all the assignments. If we were to recommend a change, it would be working with Virginia Cyber Range to allow access to their VMware which is equipped with a plethora of software and tools that allow for further in-depth vulnerability scanning and non-intrusive and intrusive penetration testing. Team Suffolk, through their business’ licensed software was able to get a good hands-on experience with the vulnerability scanning tool Teneable.io, which allowed them to experience job-sector exposure and knowledge for employment after graduation.
List your recommended changes to the course. What would you like to see added or removed or remain the same?
We wished David Price could have lectured. Though, all-in-all we thought the course was very well outlined and planned. The assignments and due dates were adequately timed and tailored to the project. Going out into the field to assess businesses per the Valor Top 10 Risk sheet helped us formulate and build the confidence needed when we presented our final report to our client.
Dr. John Baaki’s teachings on design thinking also helped us tremendously to strategically and collaboratively plan our approach to our project. His training exercises also aided us in overcoming our nervousness and anxiety, as well as building teamwork and camaraderie in our group.
Our lead professor, Mrs. Teresa Duvall, lecturing and introducing us to the NIST, was a critical backbone to our final project. Her course design, the gathering of professionals for their knowledge in cybersecurity, and her reputable experience allowed us to take away a plethora of knowledge in cybersecurity at an enterprise, organizational, large, medium, and small business level sale.
The overall ambiance of the internship was very good and we feel that little to nothing needs to be changed for the internship. However, we do feel that maybe better accessibility for the board for presentation and the ambient sound of the fan may need to change for the speaker to be heard.