Skills

Essential Work Habits

  • Ability to work methodically and is very detail-oriented
  • Eagerness to dig into technical questions and examine them from all sides
  • Enthusiastic and highly adaptable
  • Strong analytical and diagnostic skills
  • Skills in innovation and collaboration
  • Keep a current understanding of vulnerabilities on the Internet
  • Maintaining awareness and knowledge of contemporary standards, practices, procedures, and methods
  • Ability to get the job done
  • Ability to provide detailed documentation of workplace tasks or issues.

Soft Skills

  • Ability to calmly De-escalate a high-stress situation.
  • Excellent presentation and communications skills to effectively communicate with management and customers
  • Ability to clearly articulate complex concepts both written and verbally
  • Ability, understanding, and usage of active listening skills especially with customers

Solid Technical Foundation

  • Understand architecture, administration, and management of operating systems, networking, and virtualization software
  • General programming/software development concepts and software analytical skills
  • Proficiency in programming in Python and HTML
  • Understanding of how Cisco network routers and switches work
  • Evaluate and design systems and network architectures

Detailed Knowledge of Key Technologies

  • Open Source Applications
  • Linux Operating Systems
  • Microsoft Technologies
  • Wireless Technologies
  • Network Implementation (Operational and Security)
  • Telephony Technologies (Analog and IP)
  • Social Engineering
  • Physical Security
  • Website building
  • Video editing

ePortfolio Term Project for IDS 493: ePortfolio Project

Self-reflection: Reflecting on my time at University

Cole Sandelin

IDS493

10/12/2024

Introductions

I have gained valuable skills and experiences for my future career in cybersecurity while attending Old Dominion University. The program has helped me build my technical knowledge improve my networking and communication skills, and interact with customers. These skills are crucial for working with others and addressing client concerns in the cyber field.

I faced various challenges that caused me to solve critical issues and develop problem-solving skills. I have done hands-on labs and independent research, each experience has played a role in my growth. In the following paragraphs, I will show some key experiences that show my understanding of cybersecurity and prepare me to handle the challenges I will face in my future career.

The Art Of War

During my time at university, I often heard my professors referencing the ancient text The Art of War by Sun Tzu, drawing parallels between its lessons and practicing cybersecurity. A few quotes stand out to me the most  “O divine art of subtlety and secrecy! Through you we learn to be invisible, through you inaudible; and hence we can hold the enemy’s fate in our hands” (Tzu, 2005). This resonated with me, in the context of hacking. The media often depicts hackers as flashy figures or troubled or edgy adults, using things like red laughing skulls with flashing text, but the reality is different. Malicious users typically operate quietly, infiltrating networks without drawing attention to themselves before stealing data or planting backdoors and leaving. 

Cybersecurity analysts must adopt a similar approach when conducting audits or setting up honeypots to detect these threats. “Attack is the secret of defense; defense is the planning of an attack” (Tzu, 2005). This reflects my understanding of the importance of anticipating attacks to protect data effectively. By envisioning how I might infiltrate my networks, I can better address vulnerabilities and enhance my defenses. Therefore ensuring the overall safety of my users. 

Before studying Sun Tzu, I had a limited understanding of the attacker-defender mindset, aside from experiences in games like Capture the Flag. I never thought a text over 2,000 years old would influence my strategic thinking in such a modern cyber field. My growing understanding of data structures and research methods has fueled my desire to “win” in this domain. Sun Tzu’s wisdom has made grasping cyberwarfare made it more accessible for me.

Cryptography Is Complex 

However, I still struggle with the mathematical aspects of cybersecurity, particularly in cryptography. Learning about AES (Advanced Encryption Standard) was a revelation. I was surprised by the complexity of the algorithm required to secure traffic. This challenge underscores the ongoing learning process I face as I navigate the technical side of cybersecurity.

AES is a result of a cooperative effort made by several US industries including the government. The standard encryption at the time called DES (Data Encryption Standard) was found to be breakable by a machine called Deep Crack within 56 hours. So an effort to make better encryption was launched having several teams work on it (Smid). They wanted it to be unclassified and public for anyone to use, what resulted was a very compelled algorithm that would shuffle numbers in a complex sequence over 10-14 times depending on the bit size. But due to the complexities of knowing how it worked. Getting an encrypted message without knowing the key to decrypt it would take a very long time to brute force (Smid). Honestly when all the complex algorithms were being told to me I felt confused and a bit frustrated and I did space out a bit once the diagrams came out. Yet, understanding this gave me a deeper appreciation of the care and logic behind each system we use daily. We use AES daily when we use Facebook or even Google. 

Firewalls Are Like A Fortress

A common theme In my Cybersecurity networking classes was the discussion of where the best place to set firewalls would be. When I was still attending Virginia Peninsula College I took serval Cisco courses to learn how the systems worked so I could pass the CCNA. when most people think of a firewall for a network they would often think of the wall separating the outside world from the internal network and the server. While this is true and it is implemented like this on a small scale I have learned that the best method of protecting secure data. Is to use multiple firewalls (DeCarlo, 2024). In the CCNA course, I took I got to set them up on granted outdated Cisco routers physically. I loved setting up and breaking down the equipment so much that I bought my own Cisco network switch to practice with. The best kind of defense when it comes to firewalls is to set up a demilitarized zone using two(DeCarlo, 2024). Outside of the whole network is the World Wide Web, after a filtering firewall that blocks known bad traffic. The DMZ between the two firewalls is where the web server and the mail server are (DeCarlo, 2024). This would be a customer-facing area. Past this would be the internal firewall that has strict protections on it. More often than not implementing a VPN to help determine who does or does not enter the internal network(DeCarlo, 2024). Placement is key as I learned in CS 464/564: Networked Systems Security a firewall placement prevents the possibility of a denial of service attack from shutting down the web server from traffic overflow as a firewall can simply block all incoming traffic during a flood and come back online soon after the attack is over. Only letting in known sources coming from the outside. 

Nmap And The Fun Side of Cyber (Lyon, 2010).

Some of my favorite things to learn about during my classes for CS 464/564: Networked Systems Security, MSIM 570: FOUNDATIONS OF CYBER SECURITY, and CYSE 250-BASIC CYBER PROG AND NETWORK. Was the introduction of the very powerful mapping tool Nmap. The idea of being able to map out and scan a network and see what kind of computers were connected to it was always appealing to me. However, it is not very legal to do when you’re doing an invasive scan of a network you don’t have permission to mess with. With my own home lab, it’s a fun way to practice using hacking tools that come with the Linux distribution KALI that we had to constantly use in our classes.  Nmap itself is a free and open-source book developed for network developers and now cybersecurity professionals(Lyon, 2010). Because of my interest, I took a look at the book that was published by the programmer who made it and found to my surprise it was featured in several movies including Matrix Reloaded, and Die Hard (Lyon, 2010). Though I am still a novice at the program myself I hope to continue learning about it and be able to use it as proficiently as I  would just speaking. I remember the first time I had successfully scanned a network, Seeing all my classmates’ devices and mine all mapped out and connected to the local network filled me with a sense of pride. 

Security Hygiene In The Work Place

For my internship course CYSE368: CYBERSECURITY INTERNSHIP I decided to work at the college ITS Help Desk. This job has helped me with my problem-solving skills by how quickly I can troubleshoot and figure out user problems. During my time there I have determined much to my amusement and despair that the general public lacks little to no security awareness. We are constantly resetting emails because people click on links that they think are official emails. Reading these emails it’s painfully clear they lack any sort of structure or grammar, or the task they want you to perform is so out of the ordinary. For example, getting 5000$ in Visa gift cards and sending the pins for a giveaway. Even clicking a link to claim unpaid vacation time. When I first ran into these kinds of emails I laughed them off wondering who would fall for these kinds of emails. Now I’m just scared of the public’s lack of awareness as I have to keep doing more and more forced resets of student and faculty accounts. I learned about Social Engineering growing up from TED talks and from my cyber classes here. Social Engineering is best described as people hacking when someone pretends to be someone else like a boss a colleague or even a concerned citizen(Gillis,2024). Only to pull a less-than-elaborate scam on those who are the most trusting. These attackers can use Facebook and other social media to get info about a target to do an attack targeted specifically for a single individual(Gillis,2024). Other than that working there had been a fun learning experience as even though it was a low-level help desk. I feel more prepared for any future jobs where I am managing tasks for a company. Truly enjoy working there as I get along with my coworkers and it’s an overall very chill environment. 

After College

With the experiences and the working conditions I have gained over my time going through this degree path, I feel I am prepared for the workforce. However, adjusting from bookwork to an actual environment might be a bit difficult. I’ll still have the notes and textbooks to use as research material as well as the skills taught to me on how to do proper and thorough research on the internet from what I’ve asked my friends who are already working in the field. Any job I get will still train me to work it. The college will make that training easier as it has prepared me with the basics for the career I hope to start soon. 

Sources

DeCarlo, A. L. (2024, July 22). Where to place a firewall in an enterprise network: TechTarget. Security. https://www.techtarget.com/searchsecurity/tip/Where-to-place-a-firewall-in-an-enterprise-network

Gillis, A. S. (2024, February 29). What is phishing? how does it work, prevention, examples. Security. https://www.techtarget.com/searchsecurity/definition/phishing

Lyon, G. (2010). Nmap network scanning official NMAP project guide to network discovery and security scanning gordon “fyodor” lyon. Insecure.Com LLC.

Smid, M. (n.d.). Development of the advanced encryption standard. Development of the Advanced Encryption Standard. https://nvlpubs.nist.gov/nistpubs/jres/126/jres.126.024.pdf

Tzu, S. (2005). The Art of War (S. B. Griffith, Trans.). Oxford University Press. (Original work published ca. 5th century B.C.E.)