Ravitej V's Senior Project Blog
 |
Project Title: Phish and Chips BASIS Advisor: Chris Jordan Internship Location: Alamo Regional Security Operations Center Onsite Mentor: Sivaji Vemu |
Project Abstract
Cybersecurity is paramount in our interconnected world. Organizations face evolving digital threats, from malware to phishing, compromising data and disrupting operations. A proactive approach is crucial. This project, "Phish and Chips," strengthens defenses against phishing and online threats. The name alludes to phishing attacks, with "chips" representing targeted data. The project equips organizations to safeguard information while maintaining operations. This project is highly relevant given increasing cybersecurity challenges. It leverages regional resources and expertise, including potential collaboration with security operations centers and IT departments. These connections offer real-world context and application of skills within established frameworks. The project emphasizes proactive vulnerability identification via risk assessments and robust incident response plans. These plans are rigorously tested via realistic scenarios, ensuring preparedness. Critically, the project addresses third-party risk management, acknowledging vulnerabilities often stemming from vendors. Established frameworks are utilized for a structured approach. This hands-on experience in risk assessment, incident response, and third-party risk management provides invaluable skills for a cybersecurity career. The project teaches practical application of best practices, understanding threat intricacies, and developing mitigation strategies. The project demystifies cybersecurity, making it accessible for teams enhancing defenses. This experience is instrumental, providing practical skills and understanding of real-world cybersecurity challenges.
Week #10 Phish and Chips
Day 1: Outlining the Vision with Dr. Vemu Today, I met with Dr. Sivaji Vemu to lay the groundwork for my senior project presentation. Instead of diving straight into slides, we discussed the story behind the project, not just the facts. Dr. Vemu encouraged me to think beyond what I did and focus on what... Read More
Week #9 Post-Phishing Protocols
Day 1: Reviewing Post-Compromise Protocol for Active Directory Accounts Today, I studied the ARSOC procedure for handling compromised Active Directory (AD) accounts following a phishing incident. The process is designed to ensure that compromised accounts are recovered safely and that users are educated on what happened. Key takeaways: The protocol begins by collecting the user’s... Read More
Week #8 Remote Service Management
Day 1: Understanding Remote Access Procedures Today, I reviewed the ARSOC Security Standard Operating Procedure titled "Edit Services via Remote Access." This document outlines how IT Security Division (ITSD) analysts remotely access and manage services on CoSA devices using admin tools. Key takeaways: Remote access is typically done using Bomgar or a similar tool, often... Read More
Week #7: Observing the Path from Threat Intelligence to Network Protection
Day 1: Introduction to MS-ISAC IOC Reports Today, I spent time learning how cybersecurity teams use MS-ISAC IOC (Indicators of Compromise) Reports to stay ahead of emerging threats. These reports provide updated lists of suspicious IP addresses, domains, and file hashes that could be tied to malicious activity. Key things I learned: Purpose of... Read More
Week #6: Mastering Security Tools and Incident Response
This week marked a significant advancement in my understanding of cybersecurity operations, with hands-on experience in managing security tools, interpreting web traffic data, and configuring remote access systems. Day 1 (Monday): Introduction to IronPort and Email Security On Monday, I focused on IronPort, Cisco’s security appliance that is used for email security. My task... Read More
Week #5: Investigations & Compromised Devices
Day 1: Investigating with Insight IDR Today, I explored the Insight IDR platform by Rapid7, a powerful tool used for investigating potential cybersecurity incidents related to users or devices. The SOP I reviewed—SSOP-1.4—walks through everything a Security Analyst needs to do when investigating suspicious activity tied to a specific asset (like a laptop) or a... Read More
Week #4: Learning Real-World Threat Removal
Day 1: Reviewing SSOP-1.4 – Email Threat Removal To kick off the week, I reviewed SSOP-1.4, a Standard Operating Procedure titled "Email Threat Removal from Exchange Server." This nine-page document explains how security professionals find and delete suspicious or harmful emails from a Microsoft Exchange Server, which is used by many organizations to manage their... Read More
Week 3: Deepening My Cybersecurity Knowledge
Day 1: Reviewing Disaster Recovery and IT Asset Management The week began with a deep dive into disaster recovery planning and IT asset management. I examined how organizations prepare for potential disruptions, ensuring continuity through structured recovery plans. From backing up critical data to identifying key assets that need immediate restoration, I learned how... Read More
Week #2 : Breaking into Cyber
Day 1: Uncovering a New Phishing Scam As I enter my second week at ARSOC, I can already feel my confidence growing. This week started with an eye-opening lesson on phishing scams, specifically one that’s targeting students and teachers. The scam involves an email with a QR code, claiming to be for updating contact information... Read More
Week #1 : Inside a Cybersecurity Internship: My First Week in IT Policy Camp; Security
Hey everyone! My name is Ravitej Vemulapalli, and I’m excited to share my experience from my senior project internship this past week. Over the course of the week, I had the opportunity to dive into real-world cybersecurity operations, learning about policies, protocols, and best practices to protect an organization's information systems. Day 1: Getting Set... Read More