Cybersecurity Capstone Projects Benefit Bridgeport Diocese

Next Article

School of Engineering Opens Innovation Annex

The introduction of Connecticut’s Safe Harbor Law in 2021 propelled Chris Gillespie, senior director of technology services for the Catholic Diocese of Bridgeport, to get serious about instituting a more structured cybersecurity program. “The new law safeguards organizations from suffering punitive damages in the case of a security breach, as long as that organization has created and maintained an approved cybersecurity framework,” explained Gillespie. “We don’t have a big IT staff, but I knew the students in the graduate level Cybersecurity program at Fairfield University could help us.” He contacted Mirco Speretta, PhD, director of the master’s program in Cybersecurity, who quickly created a capstone project around the needs of the diocese.

The resulting project involved seven graduate students. After analyzing several protocols for best practices, the students chose to implement the National Institute of Standards and Technology (NIST) 800-53 framework, a protocol that allows for customization and was a good fit for the diocese’s 80 parishes and 29 schools.

“These capstone projects, which directly benefit the most vulnerable nonprofits, are directly aligned with our Jesuit mission and are a common theme across our graduate programs” said Andres Leonardo Carrano, PhD, dean of the School of Engineering.

To properly implement a cybersecurity framework, one needs to be familiar with the organization, including all the procedures and the operational activities that handle data, explained Dr. Speretta. “The students started by interviewing stakeholders, such as the chief financial officer, the human resource director, and also those on the technical side,” he said, “to understand how the organization works and identify key areas where security governance should be applied.”

A group of students conducted scans, probing the networking for vulnerabilities that hackers can exploit (an outdated version of Windows, for example, or services that were not patched), and delivered a comprehensive report including all vulnerabilities that were found, along with the references and solutions.

Students used a Kali Linux Virtual machine to run Nmap scanning software, allowing them to virtually scan the various servers, phones, printers, computers and even PlayStations connected to the network at each school. They then created a visual representation of the data collected from the scans using Tableau.

“It was great real-world experience,” recalled John Shashaty ’21, who will complete the graduate program in December. “There was a lot of learning on the fly, and once we got into it, we could see that it was a very involved assignment. This is a multi-year project, and we set the groundwork.”

Subsequent capstone students will continue the work this year, said Dr. Speretta.

Equally important, the capstone experience is likely to be a valuable asset when it comes to finding a job. “When I have job interviews, most people are very intrigued by the research and the application of tools used for this project,” said Shashaty. “Plus, the NIST framework we used is relevant to industries today, and they’re pleased to hear that I’m familiar with it.” l S “These capstone projects, which directly benefit the most vulnerable nonprofits, are directly aligned with our Jesuit mission and are a common theme across our graduate programs.”

Andres Leonardo Carrano, PhD

Dean, School of Engineering

School of Engineering Unveils New Security Operations Center

The School of Engineering and Information Technology Services have jointly launched a new Security Operations Center (SOC) in Bannow Science Center.

The Security Operations Center is designed to monitor the University’s network, guard against cyberattacks, and to look for potentially critical vulnerabilities.

“This center will be run by computer science students. They will monitor data through dedicated software, identify potentially critical vulnerabilities, and raise alerts to the security team of the ITS department,” explained Mirco Speretta, PhD, director of the School of Engineering’s Cybersecurity program.

The state-of-the-art lab is equipped with 11 computers and five 65” TV screens. Six of the computers are used by security technicians and the remaining five are used to cast information on the TV screens.

The partnership between the School of Engineering and Information Technology Services to launch a student-run SOC lab began several years ago while collaborating on cybersecurity projects in the existing Cybersecurity Lab, which is used by undergraduate and graduate students.

Said Dr. Speretta, “We wanted to offer our undergraduate students a more involved and meaningful cybersecurity experience. For this reason, the security team — led by Fairfield’s Chief Information Security Officer Henry Foss — and the School of Engineering explored the idea of opening industry-standard tools to students in a professional environment.”

Through hands-on experience in the SOC lab, students will learn how to use industrystandard software such as Splunk, CrowdStrike, and Proofpoint while monitoring data and identifying potential threats in a controlled environment.

“A SOC lab represents an essential component for the security of a modern organization,” noted Dr. Speretta. “The activities carried out by the students working in the SOC will greatly increase the overall security infrastructure of the University.” l D