For the Fontys Cyber security minor, together with a team of 6 other students, I am doing research on cybersecurity in combination with methodical work and communication.
The way it worked was that each student had a list of projects they could choose from and from there they could choose a top three, from which the teacher would assign the students to their team.
IL&T (Inspectie Leefomgeving & Transport)
The project I was allowed to participate in was a government project
The research question was: “How to automate and secure the checks for regulatory supersvision of taxi drivers?”
The description of the project was: “Instead of manual registrations by taxi companies and drivers an app will be developed (this is not part of the project) which needs to be very secure, using good but easy authentication, and secure interconnectivity to other systems (RDW, Kiwa, DigiD). The result of this project is an analysis and advice, and a proof of concept implementation of the authentication, the secure connections to relevant systems and the data flows for this automated solution.”
The project seemed very interesting to me because data is processed in different ways. It would be a good project to investigate security.
Unfortunately, the project was canceled by the ILT (government) and the assigned students had to do another project.
Student training environment
A week later after the rejection, Casper came up with the idea of doing a cybersecurity training project with the aim of educating the new semester of cybersecurity students.
Because the project was still in the idea phase, we did not have a product owner, which did not make the first phase easy.
There was also another group that had a project that did not start, so Casper decided that we could do a project together, also because it is quite a big job.
The first week of the project was dedicated to the research plan itself. What are we going to investigate, how are we going to investigate these topics, team composition, etc.
At this stage we didn’t have a product owner yet, so our document was validated by the teachers: Martin & Casper
Communications & Team lead: Ruben van Osch Scrum master: Yassin Samuels Quality control: Martijn van den Berk Researchers: Rens van der Linden, Ibrahim Durmus, Freddy Gomes en Rene van Vliet
I indicated that I wanted to look more at the offensive side of cyber security. For the project I was working on an automated attack.
I have been working on a ransomware attack.
In a small research to apply ransomware I worked according to the dot framework with the literature and lab study to find out which ways of holding computers hostage are widely used and if they are useful for this project.
Communication & Work methodology
As a team we use the Agile Scrum working method, this ensures a more effective and flexible way of working. Every sprint (a period of three weeks) a working product is delivered with a presentation.
At the end of each sprint, we look back on how it went and what we can improve.
Every project day there is a daily scrum in which we briefly discuss what everyone is doing and whether there are challenges.
Our scrum master is Yassin Samuels. He leads the daily scrum and inquires about problems.
Peer review received Tips & Tops
Each sprint gives each group member a tip and a top to the other group members to grow further.
|Ruben||Laat je werk zien aan anderen. Ookal vragen ze er niet naar.||Calm, Werkt door, Gemotiveerd|
|Yassin||Mag wel meer van zich laten horen||Zeer vriendelijk, behulpzaam en werkt goed door|
|Martijn||-||Works well in the team. Knowledgable on specific cyber security related subjects.|
|Freddy||-||Motivated to learn new concepts. Hardworker.|
|Rens||Probeer tijdens een discussie jou mening te geven||Altijd aanwezig, voltooid de taken die aan hem zijn toegewezen|
|Rene||Een actievere houding in besprekingen||Leergierig - Zoekt zelf dingen uit|
The feeback I received is very positive, I will try to improve the recieved tips in the coming period.