When Elias Marcet and Diego Tibaquirá founded CySec MDC at Eduardo J. Padrón Campus in the Fall of 2019, they had one goal in mind—bring awareness to the importance of cybersecurity.
With that in mind, the club participated in the 2020 Summer Cyber Games: CyberXL & IT Policy Hackathon, a month-long competition organized by the National Cybersecurity Student Association that took place in July.
The team’s hard work paid off—CySec MDC placed second overall at the competition and first in the second weekly challenge involving remote access policy
“This is the club’s first time competing nationally and we are so proud to represent [Miami Dade College] and the Padrón campus,” said Tibaquirá, CySec MDC’s adviser and a cybersecurity professor at the College. “It was challenging for them; they had to do everything over Zoom, Skype and [pass] documents around to each other.”
Each member of the team contributed different skills. Elias Marcet and Mauricio Alejandro Martinez Quintero contributed cloud infrastructure and solutions, Jawary Prieto and Margarita Diaz provided in-networking solutions and best practices, and Rigoberto Zamora Lopez supplied security aspects.
The competition consisted of two parts—CyberXL and the IT Policy Hackathon.
The IT Policy Hackathon was a team-based event that allowed students to solve and produce control policies, network infrastructure topologies and expense reports.
The teams were tasked with designing a cybersecurity business plan for a faux university with more than 3,000 students. They had to update its network infrastructure and create a remote access policy, a disaster recovery policy, and a business continuity plan for the university.
“There is a lot of research to be done and you need to put yourself into the place of the client and the attacker,” said Marcet, who serves as president of CySec MDC. “We realized we were researching things during the hackathon that we didn’t know and it kind of built up at the end. We became more knowledgeable about how it would work.”
CyberXL tasked participants with completing four individual weekly challenges including cryptography, network traffic analysis, stenography, and open-source intelligence.
The first challenge involved updating the university’s network infrastructure, so the club proposed the use of industry standards and applicable laws. They created a high-cybersecurity plan, designed a budget, and wrote a policy proposal.
In the second challenge, students were tasked with creating a remote access policy. The club proposed using Cisco Webex for video-teleconferencing, paired up with two virtual private networks to provide secure access—Pulse Connect Secure for desktops and Hexnode for mobile devices. Norton Antivirus then created a strong antivirus solution to the network.
The third challenge was creating a recovery plan in case of a cyber-attack or natural disaster. CySec MDC’s evaluations showed that flooding, tornados, high winds and cyberattacks would have the biggest impact on the network.
They proposed setting up a firewall, segregating networks, using at-rest and in-transit encryption, and installing anti-malware and anti-ransomware tools. They also planned for an employee password policy and the use of multi-factor authentication for users.
The last challenge involved putting everything together in a business continuity plan and presenting it to the board of directors. CySec MDC included a risk assessment and business impact analysis, as well as how to strategize, develop, implement and maintain their proposal.
“The most challenging part was [conveying] the information that we wanted into a human-readable format,” Marcet said. “You needed to be able to transfer your knowledge into something that somebody with non-technological skills [can] understand.”