John Hoyt - UpstateSC ISSA

so can everybody see that okay go Tigers yes go Tigers awesome so just a little bit about myself uh you know I am the CSO for Clemson University um this you know this is just an overview of the sea sock and this we call it sock for short really um how it got started how you know we kind of got to where we are how I got to um be able to be the stock manager and get involved with students and uh I hope you and you know hope you get something out of it and get encouraged um buy it next slide so um it's 1996 Summer of 1996. I'm 17. I'm just out of high school and I'm working at

Blockbuster video um I really enjoyed my time at Blockbuster Video but I'm talking to uh the store manager whose name is Jason this isn't the actual Blockbuster Video you know but it looked a lot like this and I'm talking to Jason and I'm asking him to share whatever he could about what he knew about computers he was to me a computer whiz and I had already decided that it and computers was the way to go I wanted to this is what I wanted to do um and Jason was interesting he was one of the fastest typers I've ever seen but all he used was his thumbs and his two first fingers it was weird but he was a

super fast typer but Jason had a side job doing computer work he was um yeah he knew about the internet all these things and I was begging kind of pleading with Jason teach me you know I want to learn from you because I this is what I want to do and unfortunately he didn't really take me seriously or really um help me out and and Mentor me and guide me uh you know it was just he was too busy basically fast forward to the year 2000 after Y2K we survived Y2K and this is my first job in it doing desktop support and computer support at for the City of Greenville um I was we were on the third floor of

City Hall and I'm talking to the system administrator whose name is Rex and I'm talking to Rex because he is the guy he is the system admin and he's the go-to he's the one that has all the answers and I'm trying to again get knowledge and seek information from him and you know this is pre you can Google everything right this is pre you can YouTube YouTube University right where you can go find a video for everything um and unfortunately Rex he like to be the keeper of all the he likes to be the guy that had all the answers um he really didn't want to share that because then he lost some of the glory

of being the hero and coming in and saving the day um but he hated Microsoft um so I was abutting Microsoft certified mcsc and he there's two windows servers and he was like hey here you go you know go mess with these uh I don't want anything to do with them you go fix them so I was able to at least get started down that path but it still kind of ran into a roadblock for looking for that Mentor that you know I needed and wanted um to help me out but an interesting thing happened while I was there one day at the office down the hall I heard them talking about a hacker that broke into the city of

greenville's systems and this is kind of back in that day where you know ethical hackers would break in and then they would send over a message or a report saying hey we've broken all your stuff um here's how we did it and hire me to help fix your stuff and I had had a semi-interest in cyber security but this really was like it was the black magic it was Voodoo nobody knew you had to be on the super secret IRC forums to learn this information right it wasn't readily available but this report even though it wasn't very sophisticated it was like uncloking of the techniques and how to do a lot of these things out of the tools that you

use and and some of that and that really kind of put me on the path to eventually you know get a job and secure or at least think this is something I could do like hey this is doable it's not just black magic so it took me another six years or so to land my first job in cyber security at Clemson and I used to work in the basement of p a I had an office in the basement it was a little bit of a dungeon um but I was full-time doing security loving it having a great time I I was I actually did have a job previously as assistant administrator so I was able to

do that and then migrate to security and while I'm there I'm talking to then at the time I see so Kevin McKenzie and they're talking about standing up this student sock and I'm a little confused because I'm like how how is this going to work what are we going to do what does it mean to have a student side a student run sock I mean it sounded super interesting I was just thinking we're barely we kind of have a shoestring budget as it is how are we going to afford to build a space and then what does that mean and who's going to run it and how's it going to be manned who's going to manage

students but I had had a few interns at this point and been able to see how cool it was to work with students and to be able to work with them and Mentor them and guide them and I kind of came to a realization of well I don't know what they're going to do but let me put my name in the Hat to say that I'm going to be the stock manager that this is what I want to do officially put put my name before they hire somebody else because I realized that I had really not had a had a mentor and really had never really identified him with a mentor and this is my chance to be that for

somebody else potentially at least teach them Lessons Learned things that I'd make mistakes with and so that's what that's what we did we came up the sock was built we came up with a mission statement to protect the university while educating and preparing students for careers and we didn't really have a a big game plan you know it was okay we build it let's build it and I hope that it works out right we hope that they come we hope the students come and so we got the word out to students through uh this CU Cyber Club which is a student Club for first to focus on security we told it you know every way we could

we try to get the word out I think even through Reddit and so we had eight students show up from different majors and they had no hands-on experience they had nothing right they had they were most of them were computer science but what was cool is we kind of I think initially right out the gate we were thinking you know especially I wanted to say to make these interns real analysts not just take it dude and ticketing and doing the grunt work um you know even though it was grunt work as an analyst but to throw them into the fire and really to work with us side by side and and to be there with

them side by side to help them help us and we didn't have a lot of tools we had but we had enough we had enough to respond to incidents to investigate things and to dive in and we had you know more data and logs than we could as me as really the primary person doing investigations um that I could handle for sure so we did have some challenges and you know something you kind of do have with students working with students is their schedules right they come in and you have to set up schedules every semester you got to kind of stagger that out you know they'll come in for an hour maybe work a couple hours and then go back to

class and then go back to you know come back to work and that presents challenges because you're trying to keep up with them and who's doing what who left off at where and what point things like that and then you're always recruiting new students you know there's a there's a pipeline of students that are graduating and then new students come in and you have to train them up and and get them up to speed so it's a little bit like football I would say I say sometimes because it feels like you're kind of always recruiting and trying to pull in new students unfortunately you know a lot of your your talent leaves because they're getting you know jobs

so but it's just you know part of the deal but we were able to see you know right away just how much of an impact this had on Clemson on incident investigations and and really I kind of call I've always called it a force multiplier so you know you would have this big investigation and you're trying to you could split it up right okay you you go here you look here you go here and then eventually I mean these students are super talented super smart they were able to pick up quickly and add to not just you know be there to do what I'd ask them to do but then add to with tools and and you know scripting

and other things and really work as real analysts and add to our program and they were able to you know kind of then start connecting the dots between stuff they were learning in the classroom and stuff they were getting in you know in the stock and even those that worked just for a semester we're finding you know better career opportunities and able to maybe even get interviews that they wouldn't have gotten before because they could put that on their resume and then a big part of it is as they're working with us we're able to kind of work we evaluate them and work with them and see who may be a good fit for us as

full-time and or as full-time staff and we've since hired several that have been interns previously and have worked and come on as full time then I'll talk about that a little bit more um so yeah it's huge success from that eventually we upgraded we moved from bar Hall over to the White Center on the fourth floor and it has more room and more space and we have more desks available to bring in more students is a big part of it we have Windows which we didn't have windows before um sometimes I kind of miss the dart area you know just being in the dark working through things but it is nice to see if it's you know raining outside

but but yeah so we upgraded to the space we have full-time folks we have full-time stock managers or a manager and we have full-time analysts and that is really ad been able to mature the song You Know It kind of started out with just me figuring things out along the way um and then since then with the full-time stock managers they have come through um it's really leveled up the sock and been able to add to the policies and procedures and just work as a real I mean it's a real saw you know it's just really matured along the way so benefits you know this is something that I preach to other universities and we have helped other universities

and kind of guided them gave them our lessons learned about what we've gotten out of this experience and how I'm an evangelist for this really I mean I'm telling all universities you should do this and they some of them have a hesitance to see hesitancies because they're worried about giving students data um they're worried about giving them access but you know we have and we have things we do but really we've not had ever had an issue um students have if they're looking for a career in cyber security if they do something to break that trust right they're really jeopardizing their career out the gate um so and we're there we're always there with them we're working with them we're

mentoring them they have oversight but we it's not a concern it's been great but we've been able to attract new students and um and help them you know they've come I've had high school students come and look at the sock and decide hey I think this is I want to come to Clemson because of this potential opportunity which is really cool and really ultimately the difference between before and after and how the sock has made a difference for protecting Clemson it's it's night and day just imagine being able to add all those you know analysts that can help you think of things differently have a different perspective but also tackle the problems tackle you know the

the events and and dive in and help you out and dig into those so this is just a few slides about students that have come through that have full-time jobs in cyber security this isn't all our students we've had over 44 students that have come through and worked in the sock um Steve figueretta you might recognize him he's on the call today but he was my very first intern and yeah I went to a class at computer science class and just kind of spoke about what we did and security and how we protect Clemson and this is I was I was given the permission to finally get an intern and and Steven I offered that up and

said hey I'm looking for an intern Stephen came up we met and he came on with me as as that intern and we had a great time we hit it off and uh and he then graduated and then when I was looking for a sock manager I hit him up and said hey I need a sock manager I can't do everything and so he came back as a stock manager and worked and did an amazing job you know leveling up the side then left again and did some things and then when I became CSO I was like hey I need to I need to I need a director I need somebody to did my job for security

and operations and infrastructure and and not even need a deputy CSO and that's what Stephen is for for me today for Clemson and Daniel um he was our intern in the side and he graduated worked um he worked somewhere and then now he's our he brought him back and he's our endpoint security engineer and a lot of these folks are out there killing it they're doing amazing um they're all over the nation and it's one of the coolest things to be able to keep up with these students see where they are now and what they're doing and how they're doing a great job and and helping make a difference in the community and in in security for

wherever they are whatever organization they're part of and we are hiring um so we are looking for a sock analyst we have a position open right now it's it's attempt to perm position but we you know we this the cool part about this and being part of the stock is it's not just like the manager's job to be part of this experience um it's actually everybody is part of this especially working in the SAG that's part of your job is to work and mentor and guide students and be with them to to help them out and and answer their questions um and it's a unique opportunity and it's really definitely one of the best career decisions I ever made was to say

yes to be the site manager and to have that chance and Steve and I have started up a side gig a business just just to do this outside of the sock to help others kind of you know mentorship and coaching for there's a lot of there's a lot of boot camps out there that are looking to people are jumping on board to get it change careers and get into cyber security and we're just doing you know our part to to help others so if you're interested you can check it out and that's it any questions I'm happy to answer questions about how we headaches we've had or things we would recommend or not recommend I'm looking through the chat

any interesting uh War Stories you can share with us oh man um I have had a student that um it wasn't somebody that worked in the saw but I we had it it was actually a student that showed up on Brian cribbs's blog one of our students our intern said hey I I think Clemson is on Brian Krebs is blocked and it's like what oh and so I went out to crabs you know crabs on security and looked and sure enough it was a computer science student that had interacted with Brian and maybe was involved with a massive DDOS attack that he had one of the first one at least that he had and and I was like wait a minute what's

happening is this person is this student doing this while they were here at Clemson right that was our biggest concern and um I actually reached out to Brian and just said hey you know I'm you know security at Clemson would um do you have any information that you can share about what you you suspect here and he you know he he called me and we chatted and it was a good conversation but ultimately you know we started digging into this student's traffic and activity to see if it had been doing you know this kind of attack a DDOS attack from Clemson because that was a major concern but one thing that was interesting was that this student we started kind of

searching through tickets and they had shown up before and and I thought they his their name his name looked familiar and he had submitted a ticket to our help desk saying that he had found a website that had SQL injection and you know it wasn't anything major it was like they found where you could list the tables there wasn't anything sensitive in it um but you know he didn't he didn't have permission to do that and I didn't I didn't go after him and throw the book at him or anything like that I just said hey okay hey you know you shouldn't be doing that um but just kind of blew it off because you would think at universities you kind

of had this happen a lot but really it doesn't happen that often because they can get in trouble um so I then this happened with cribs and I actually kind of let our cupd you know Police Department know like hey this kid may be involved with something illegal just letting you know and they kind of took it and ran with it and then when I told them that he had also been doing some things you know SQL injection attack type attacks they actually arrested him they show up kick in his door and um and arrest him and I'm like oh shoot okay and I was like listen we don't know anything yet we don't know that he

actually did anything here but I mean it's it's on you guys you can make that decision that that decision well it turns out he you know Homeland Security gets involved they show up at Clemson and they interview the kid and um basically he had already been kind of working with the FBI because it wasn't really it seems like this is you know allegedly um that he was working he knew the people that were doing the bad things more than he was involved although he was involved with some stuff that was kind of shady but he was kind of providing information to not get in trouble right and um and really kind of they ended up

I think he worked community service for Clemson just doing things and and really just kind of moved on from there and he ended up graduating but it was interesting just because you know since then uh you know he's gone on and I think he still has his own business but just having that experience that's not a normal way that's not a normal everyday day right and that's how the university university and I tell people it's like a small City um you have you know Water Treatment Plant you have a fire department a police department um you've got all kinds of things that are happening you get people living on your network and your all this stuff why while University

ultimately University wants to be open right they're not like a corporation they're like oh yeah close all the borders um they want to be open and share information while at the same time you have student data and Health Data research data that you're trying to protect um and people are showing up students are showing up with devices that are from all over the world that you have to worry about so it's definitely an interesting it's always interesting at working at a university it's a challenge but it's fun that was one war story that I could think of yeah that was interesting yeah thanks for sharing I think I said definitely not until not something you get a normal uh nine

to five yep that's funny anybody have any other questions for John hey John do you have any measurable feedback from for students on how this hands-on experience has helped them land a job or or in their career yeah measurable I don't know if I've measured it but it's really like keeping tabs on them ultimately they I try to ask feedback from them and say hey when you've interviewed or when you're talking and when you've landed this job we've got a student now who um I think she's going to be working with the NSA this summer or at least coming up and she said they are super interested in what the time they've spent with the hands-on experience and

without that has definitely made a huge contribution for her to even get an opportunity to to speak with them and then potentially intern with them so it's really more um anecdotal just asking and and then feedback after the fact like after they graduate when they're in there and they're working in the job like I will always ask them because I'm you know I'm really interested did do you think this made a difference you know do you think that your time working in the thought helped you and uh and I haven't had anybody say no they've all said yes that it really kind of opened their eyes to the experience and and I kind of tell them I was like

listen you don't really understand how much of a golden opportunity this is you know this is this is not something I ever had and I wish I had had it um but but yeah to answer your question question absolutely thank you

any other questions hey John it's bill um I wanted to know G's open source tooling and if you do RAF from down the security Rabbit Hole has noted that he sees more engagement and retentions among analysts so basically you're not constrained by a particular sock tool if you're using open source it's hey I found this new thing I want to detect on I write the detection I shove it into the framework and now we start having new data points yeah I mean we we've kind of we started out on a shoestring budget so it was everything was open source initially um like like bro at the time was a big part and it's still a big part

with Zeke and security onion um we have I think mostly I would say most of our tools now are probably commercial tools mainly because of the infrastructure management of the tools right they're free they're free but you have to have somebody that can manage it and set it up and maintain it I I'm I'm all for it I want whatever is simple but we can use and it gets the job done um I don't know that I've seen student feedback on we would rather have this tool that you know is more open that we can do things with um but I'm definitely not opposed to it and have been a big believer in it since

we've had this off but thanks that's a good question awesome thank you yeah and that's one thing that you know we don't have a huge budget but at a university we do have a lot of I would say Enterprise like tools um you know we're using things that's the cool part is that we're using tools that when they go out like Splunk and elastic they're they're able to show hey I've been using this tool and people are like oh you're already using Splunk as an analyst you're already using elastic as an analyst like tell me about that so see a question about chat GPT that's a good question we we like to um every time we use chat gbt we like to

tell it thank you or we appreciate you because we want the overlords to be to be kind to us um no I think uh I think it's cool I mean we're definitely keeping tabs on it and you know things like Microsoft I can't remember the tool that they're talking about now of being able to add that um AI capability uh I think it's going to be interesting I don't know what's gonna happen um but we have used chat GPT and probably some of you others have used it to write phishing messages that we you know selfish our people and they're actually pretty good so we tested it out at least just to kind of mess with it

but um yeah no it's okay I think it's it's interesting too yeah no it's very yeah it's a good point we're actually demoing the Microsoft version right now in our song and uh it definitely has a lot of potential it's definitely also not where it needs to be you could tell it's just it's just getting started uh so it's really good it was you know various specific kind of queries around Defender data but uh don't try and go too far out of that one specific niche but one day I think they're yeah definitely a lot of potential there I'll say I've heard it described as kind of like an intern like think about it as

like the internet hey in turn go do this for me and not the Microsoft one but just in general um and I can kind of see that now but if you want to kind of be paranoid about it if you listen to The Lex Freeman podcast about chat GPT open AI they can kind of take you down a rabbit hole of hmm maybe we should stop this thing like Elon says I I do like the point about not brutalizing the AI because you're creating these Psychopathic version of Tomorrow every time you do that so yes please thank yous be very very very nice that's funny um anybody else have any other questions I was curious so I thought I was really

interested in because I think yeah the first part of your presentation just talking about how you know you got into cyber security which I thought was really interesting because I didn't I hadn't heard that story before um so maybe others you know also be interested in learning more about you know how did you go from sock manager to now being the the CSO at closer yeah it's interesting so I still actually have that Rapport a physical paper copy I don't know how I've kept it um that for the guy who did the hacking for City of Greenville um it's interesting that like dog pile right like no you know is anybody ever heard of dog pile anymore

um some of some of the tools that he used but so for me you know I took that step to go be a sock manager not never intending like my goal wasn't to be a CSUB my goal was just to really be the best I could be at solving and solving problems and stopping bad guys um but as I brought in a full-time stock manager and then I was able to you know bring Steven in and then I was able to do more things to kind of make us better kind of focus more on those things as a director um and then things just kind of matured and I was able to move as a deputy

director I really wasn't officially a deputies he said I was like the deputy director which basically is a deputy C so even then I still really wasn't planning on being a c sub like I was like I don't want it to be a CSO there's too much politics too many things you have to worry about too many meetings and then you know 2023 I'm sorry 2021 hits and you know the great resignation hits everybody kind of leaves Clemson from the security team we lost like five people and it was it wasn't just that everybody left that I got the job but that's part of it like everybody left like this he's so he retired and uh

and I was had been really putting a lot of thought into it and thinking about do I want to be CSO and and I would go back and forth but this opportunity happened he's like hey I am retiring you need to kind of decide just what you want to do and I did I said you know what I'm gonna give it a run I'm gonna give it a try and I think this is where I can make the most impact to make to leave Clemson eventually one day better than uh you know than when I got here and uh and it really has been awesome um I'm not gonna lie I mean it's cool to

be able to there's not as many roadblocks to have to make to move the needle right um you know my boss is a CIO and we have a great relationship and so we're able to be on the same page and make things happen and he's as paranoid as I am about security which is awesome I don't have to convince him about all the things that are that we should be worried about um so it's really been interesting I've been see so a little over a year and a half now and it's cool it's really neat to be able to have that opportunity and to keep moving things forward for Clemson um yeah that's kind of how I got there

okay awesome man I appreciate you sharing thanks Brian for the link to Lex Friedman no problem that's a good one I'm surprised I'm surprised the bill didn't come up with that one either or you just beat him to it he he beat me too and I stumbled across that oh probably a week ago or so and it was just it was amazing absolutely it's really it's really interesting and a little bit scary so yeah so I can't it's probably a gibsonism um but there were there was a likening of AI right now to the internet in like 93 94 right before the summer that never ended and it's just that that radical shift and change that we're kind of at that

moment at that precipice to go hey the next 30 Years is going to be dominated by this like it's it's seeing the first Model T roll off the assembly line and having Henry come up and go everybody's going to have one of these in their driveway pretty soon and you go like no Henry I like my horse I get horseshoes on him give him some hay and oats and he's good to go and then fast forward what are we about a century and 10 years on and it's like sure enough everyone has one of these Horseless Carriage and probably two parked in the driveway right now so I for one am looking forward to my

Jarvis [Laughter] but is your Jarvis looking forward to you that's the best that's the the scary part right um I I have I have a fear that my Jarvis will find me redundant and and fix that that redundancy exactly that's that's the big question well John thanks again for uh coming out and and sharing with everybody I really appreciate that and I'm sure everybody found it really interesting so it's great it has great work it's really exciting to think I'm sure uh you get really excited to see you know where your students are I mean you saw some great companies out there and they're doing some pretty incredible things just uh and you gave them a huge launching

pad in their career so it's really really amazing and something to admire too so thanks for all you do out there thank you yeah thank you uh and then just real quick to let everybody knows so next month we're going to have uh Mr Kevin Johnson with secure ideas come back and it kind of comments every year and talks about web app security uh so he'll be back next month and then the month after that we'll have Mark Schreiber talking about uh physical security A lot's been changing especially in the the Drone space and and how things have kind of worked out since since uh covid um you know that was a big Focus I'm

sure for him for for a couple years there uh and now there's you know we're getting kind of back to the the more traditional space and and and conversations and and how AI potentially factors in and but again what's a big focus on on drones companies you know looking at how they protect themselves from from drone technology and uh some related topics so that'll be a great talk um and then that will actually bring us to then to our August meeting which is where we'll start leading back in person so for those of you that remember the uh the new Greenville Tech facility behind Clemson Eyecare that we're meeting at we'll be back there and that'll be the August meeting so I'm

still working on a particular um Team to come present then so I'll uh it's not 100 yet so I'm gonna hold on to that one for a little bit so so excited though that uh we'll have Kevin uh Johnson back next week and then Mark Schreiber uh the month after that I think everybody loves both of their presentations every time they come around so it's great to have them and then we'll be back in person uh in August so and then that gets us ready for again besides on October 28th so we will get uh tickets on sale like I said next week we'll get that link out to everybody on the ice and mailing list

first uh and then and we'll open it up for the the broader audience at the full price um trying to think of anything else but I think we covered everything else there um uh and uh plus anybody has anything else we'll uh we'll call it at that yeah all right well thanks everybody thanks again John and yeah talk to everybody soon all right take care everybody have a good one see ya all right bye thank you