ITS Sentinels: Students Defending University’s Network Digital Assets
In the last two years, Information Technology and Service (ITS) has ramped up the hiring of student employees for its Information Security (InfoSec) team. Called ITS Sentinels, these students work diligently to defend the University against online threats and security vulnerabilities. They have become integral and essential to ITS’s information security program.
The ITS Sentinels are interns and student employees, currently from the iSchool, the College of Engineering and Computer Science, the College of Arts and Sciences and Rochester Institute of Technology. Each starts with procedural work, then, by demonstrating their individual abilities, work ethic and trustworthiness earns responsibility for more compelling and complex tasks.
“ITS typically employed one or two students to help with information security,” says Christopher Croad, the University’s Information Security Officer. “As outside threats increased over the last few years, we increased our student employee ranks and added interns. They all report to Bob Davis, IT architect on our team, who manages the program.”
Sentinels enjoy hands-on work under the guidance of ITS’s professional security and technology experts. Their tasks and responsibilities include monitoring intrusion detection alerts, following known information security news and information resources for current threats and running the campus Vulnerability Assessment program. They also respond to malware infections and Digital Millennium Copyright Act violations, and contribute standards and guidelines to the Security Awareness campaign.
“The Sentinels enable faster and more effective reaction and defense against security threats,” said Davis. “They provide flexibility and efficiency and free up time for professional staff to tackle projects that move the InfoSec program forward.”
Even with heightened duties, Sentinels do not have access to confidential and protected information. Instead, InfoSec professional staff complete tasks and handle incidents that involve sensitive information.
Nearly all of the student employees have been Sentinels until graduation. After their ITS Sentinel experiences, many students have received offers and gone on to start their information security careers at Google, Citibank, Symantec, Mandient and other firms. Many of these graduates believe that it’s their experience as ITS Sentinels that distinguished them from other candidates.
While working toward his M.S. in computer science in the College of Engineering and Computer Science, Basava Channanagowda leveraged his position as an ITS Sentinel. “The experience I gained as a Sentinel helped me join Citigroup as a senior technical analyst in their Application Vulnerability Assessments department,” says Channanagowda. “I chose to work for ITS because of my interest in web applications penetration testing and learned to perform vulnerability scans on campus computing systems. The experience taught me much that I can apply on the job. In addition to technical skills, I improved my writing, verbal, research and interpersonal abilities. Being a Sentinel was a great learning experience, and I strongly recommend it to students interested in a career in information security.”
Ashley Graves was one of the first interns from RIT. “I was part of the Sentinels before we even thought to make a name for ourselves. It turned out to be an invaluable part of my career growth,” says Graves. “RIT taught me security fundamentals, but working here at SU allowed me hands-on vulnerability management experience in a small, tight-knit team with passionate mentors. I’m now part of the security team at Indeed.com, using the skillset the Sentinels supplied me with.”
Another Sentinel alum, who asked that his name not be used in this article, earned a job with the U.S. Department of Defense. He found being a Sentinel a worthwhile and unforgettable experience. “This opportunity exposed me to real-world problems that required my technical expertise and critical thinking skills. InfoSec staff took the time to shape my understanding of information security and helped me become a more effective IT analyst. From them, I learned new tools and security concepts which made my job easier, and have followed me to my current position. The internship made a difference in my career, and the experience will be useful anywhere I go.”
Casey Martin, who now works in Tampa, said he wouldn’t be where he is without the program. “I work for ReliaQuest, a managed services security provider, which engineers and monitors security solutions for a variety of customers in every major industry. Very soon after I was hired, I was able to apply what I learned as an ITS Sentinel. I quickly developed tools that we now use to track, manage and report on data for four of our customers.” Martin brought a wealth of knowledge from his Sentinel experience. “It’s crazy to think that eight months ago I was an intern and now I’m a lead engineer with a team of analysts that report to me. My other two internships don’t even compare to the hands-on experiences I had as an ITS Sentinel.”
InfoSec is looking to grow the ITS Sentinel program. “It has proved very successful, for students and ITS,” says Croad. “Right now, we’re developing more work space so we can bring on more Sentinels.”
Students interested in joining the ITS Sentinels are encouraged to watch SU JobOpps for openings.