Summertime. The moment to get in shape. Jogging. Step aerobics. CrossFit. Push-ups. Shadow-boxing. Zumba. Pilates. Whatever. Or to just stay as you are ─ fit and healthy ─ that would do too! And as summer comes to an end, here some suggestions for mental workouts. Cerebral challenges. Massaging your mind.
Just like your summer exercise regime, computer security requires permanent training to stay fit and healthy. Like for a marathon, it is not enough to know how to walk or run; training and exercising are a must. The body and mind need to be in sync and fit enough to take up the challenge. Again and again. Below you will find three (hundred) suggestions for refreshing and improving your skills in computer security. Whether you are a computer engineer, physicist, engineer, lawyer, or work in HR, communication, etc.
The Zebra Alliance for everyone
The Zebra Alliance hands-on training is a computer security incident simulation bringing together many different stakeholders of an organisation (here, the Zebra Alliance) to jointly respond to a critical computer security problem, including webmasters and security experts as well as PR, lawyers and HR[1]. Only through teamwork can the origin, the culprit, be identified and contained. The last Zebra Alliance was run at the end of May and was so successful that we decided to run another one on 13 September. No IT knowledge beyond standard computer use is required. Some places are still available.
The WhiteHat Challenge for newcomers in penetration testing
If you want to become a real “hacker”, learning vulnerability scanning and penetration testing, and dig deep into computer security practices, attend the WhiteHat Training in October. Only a laptop, some basic knowledge of web technologies and a curious mind are required. Session #1 on 2 October will give you an introduction to ethical hacking and the ground rules of the WhiteHat Challenge before delving into the use and abuse cases of web applications.
Afterwards, trained with the right tools, knowledge and strategies, you can pit yourself against our inherently very vulnerable Movies website. This capture-the-flag challenge has many levels, starting with the easy ones and then allowing you to dig deeper and deeper ─ until either you crack the website completely or your level of expertise is reached. Session #2 is held two weeks later, on 16 October, designed to resolve the riddles of this capture-the-flag so you can verify your findings or marvel at how to break into a web server. Are you ready to become a penetration tester?
SecureFlag’s hands-on courses for software developers, programmers and IT service managers
For software developers, programmers, web administrators, IT service managers and anyone else who regularly touches code, we strongly recommend subscribing to the SecureFlag training platform. It provides hands-on courses, exercises and virtual environments for you to improve your skills in secure software development in any of your favorite programming language(s); to securely configure your systems, virtual machines and containers and securely operate your web and computing services (watch the demo video). The licence scheme is “all-you-can-eat”, meaning that with a valid licence you can access all 30 labs (see image below) and hundreds of security-dedicated courses. Licences can be requested via CERN's Learning Hub and are valid until 31 May 2025 – so the earlier you sign up, the more food for your brain.
Thank you very much for participating in our training sessions, for understanding what to do in the event of a security incident, for improving your code, your application, your IT service. And for helping to secure the Organization!
____
[1] In a previous training session we even had participants from the Geneva police and the Pays-de-Gex gendarmerie.
____
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.