IT Security is an essential part of life in the "Information Age." But while students can attend regular classes to learn about computer engineering, information architechture, and programming, where can they go to legally and safely learn the skills needed to become IT Security experts?

In order to address this need, two members of the UF IT Security Team, John Sawyer and Jordan Wiens, have started a project called the UF Student InfoSec Team (SIT). Quoting from the SIT web site, "The more security on campus the better -- SIT students will probaby help other students on campus (if you're at all the computer geek we're expecting) as well as work in departments part-time, or even graduating and staying at the university. The better educated you are for those roles, the better UF's security posture is."

The SIT team meets on campus twice each week to learn the methods hackers use to compromise computer systems and networks and the techniques used to defend against those attacks.

All participants are required to read and sign an Ethics Agreement before being allowed to participate. And all SIT activities are conducted under the supervision of Sawyer and Wiens, both of whom are certified IT security professionals, and who provide oversight and guidance in addition to instruction.

Stack-o-Hack
The "Stack-O-Hack" -- Ready To Roll

One of their most valuable tools in this endeavor is what Sawyer refers to as his "Stack-o-Hack." Starting with a rolling steel cart, Sawyer scavenged cast-off PCs and other computer equipment from some UF departments, added some personal equipment from his home, and built a portable "hacking-lab" which SIT-members use as a self-contained "micro-internet" on which to practice their craft.

Using virtualization technology (VMware), Sawyer and Wiens can rapidly build many different computers, with different operating systems, and different configurations, which the team-members can use as a "practice-field." Using "virtual computers" allows them to have many different systems which can be quickly loaded, taken down, and reloaded, as needed, providing a never-ending supply of "fresh" systems on which the team can work.

Recently, the group was visited by a recruiter from IBM's Internet Security Systems (ISS) division who explained the types of jobs available in IT security and the skills needed for those careers.

In the future, they are looking forward to participating in "Capture-The-Flag" type competitions with teams from other universities as a way to test and sharpen their skills and gain some experience in the type of real-time incident-response challenges they may confront as security experts in the work-force.

While it's called the Student Infosec Team, and it's primarily for students, non-students may apply to participate as well. If you are interested, please visit the team web site at http://infosec.ufl.edu/sit/.