Computer Security: Food for your brain

One of the four missions of CERN is to “train new generations of physicists, engineers and technicians” in a broad area of subjects, topics and themes directly and indirectly linked to their interests, profession and duties. Any good training should make you grow intellectually and grow your skills, should allow you to advance in your career and pimp up your CV for any future professional direction you might strive for. “Food for your brain” is therefore the greatest nutrition for your intellect besides a good morning coffee and an Italian-native Hawaiian pizza. Here is the menu provided by the Computer Security Office.

Starting with the obvious: the all-you-can-eat offerings of the “SecureFlag” online training, whose training platform provides hands-on courses, exercises and virtual environments for improving your skills in secure software development in any programming language(s); for securely configuring your systems, VMs and containers; and for securely operating your web and computing services (demo video). These courses come in many levels of easiness, starting with general beginner sessions and delving deeper for the more experienced and advanced software developers, system administrators and service managers. The Computer Security Office has identified a list of must-do and recommended courses that will assist you in reviewing and/or developing your secure coding practices further. However, “all-you-can-eat” rightly offers you many more courses in the vast “SecureFlag” portfolio for a flat annual fee of less than 500 CHF so you can nurture your brain again and again until next year.  Remember that these courses are mandatory for all relevant people as per these two OC5 Subsidiary Rules, so please check out the CERN Learning Hub for full details and to sign up! Enjoy your feast!

This all-you-can-eat buffet is complemented by the very delicious WhiteHat training, which is aimed at webmasters, web application developers and anyone else regularly or irregularly setting up, configuring, managing, publishing or posting dynamic contents on CERN-hosted web servers (and beyond). This two-session training course, the first for the basics and the introduction of homework challenges, and the second to resolve and discuss that homework, is supposed to bring your mind closer to all the traps and pitfalls that make a website insecure, vulnerable and eventually broken – and teach you how to avoid them. New sessions are supposed to come soon, so keep an eye on this Indico agenda or follow our Monthly Report to avoid missing the announcement.

For the more security gourmets among you, the Computer Security Office also provides the “the best technical training that I have ever received at CERN _by far_. I want to warmly thank the teachers/experts very much, _excellent_ work.” –  according to one senior staff who participated in the second Forensics & Incident Response training. And the next one is already scheduled: for sysadmins and security professionals managing CERN IT services, involved in the experiments’ IT administration or in WLCG computing, we are offering another hands-on training in Linux digital forensics. Participants will learn techniques for identifying, collecting and analysing digital evidence using open source tools. Through practical exercises and interactive table-top scenarios, attendees will gain confidence in handling security incidents, from initial detection to effective containment and recovery. This two-day event on 11 and 12 June offers an opportunity to explore realistic security incidents and develop the skills for effective response. A few spots are still available…

And, finally, for dessert: the “Zebra Alliance” incident response table-top with an interesting and challenging computer security breach scenario to be solved. This scenario is based on a real incident and will introduce you to the real technical and social challenges when handling large-scale computer security incidents worldwide. The next one is scheduled for Friday, 22 May. Seats are limited, so reserve soon here on Indico. Bon appétit!

_______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.