Letters of Support for Proposal: Virtual Environment for Information Security Education and Exploration
As of this time, the following letters of support for this Student Tech Fee Proposal have been received:
From: kkewlani
To: Joseph N. Wilson
Subject: support for RAVE proposal
Hello
I think its a great idea for student tech fees to buy this system. It
will be very helpful from academic as well as competitive perspective.
-
Kushal Kewlani
From: Sullivan Beck
To: Joseph N. Wilson
Subject: Re: Student Tech Fee Proposal
Working as a systems administrator, it is easy to see that security is
a major concern, and will only continue to increase in importance.
On a daily basis, we receive many emails sent by spammers and phishers
from compromised accounts. We hear of companies who have been hacked
allowing access to customer data. Terms such as identity theft,
phishing, and similar terms are now part of our everyday language.
In order to combat this, computer security must be a strong presence
in every computer department. Every company that develops software, or
has an IT team managing computers where sensitive data is stored
needs to have people trained in all aspects of computer security...
and for that to happen, computer security must be taught in computer
science departments in the same way programming or database design or
any of the other core disciplines are taught.
Creating an infrastructure where computer security could be taught
is definitely a goal to be desired.
--
--------------------------| Sullivan Beck |---------------------------
Subject: RAVE Proposal Support
From: Ashley Sarver
To: jnw@cise.ufl.edu
Hello Prof. Wilson,
I wanted to write you in support of the RAVE proposal. As a student
interested in cyber security (and also interested in not being arrested),
going to a university doesn't prepare you for learning in this kind of
field, and trying to learn on your own seems very daunting (and risky).
Having something like RAVE would make a career (possibly working for the
NSA) much more feasible, and much more realistic. Also, as one interested
in taking such classes as Computer Security, Cyber Security, Ethical
Hacking, etc. something like RAVE seems almost essential. Without it, we
are merely learning theory, and while theory is beautiful, we need to learn
how to implement these theoretical applications.
I am strongly in support of the RAVE proposal, as it would greatly benefit
me, and make my dream career more realistic.
Thank you,
--
Ashley Sarver
From: Vasquez,Carlos
To: Joseph N. Wilson
Subject: RAVE proposal
RAVE definitely sounds like a great idea and a good use of student tech
fees. From the looks of it, this will not be a one semester thing (as it
seems that the security classes will become recurring classes).
Furthermore, I understand the the INFOSEC club (and potentially other
student organizations) will have access to this system. The equipment
itself could also be re purposed should the need arise. I fully support
this initiative.
Carlos Vasquez
From: Ashish
To: Joseph N. Wilson
Subject: Re: Student Tech Fee Proposal
Sir,
I read through the proposal and it did appeal to me and I think
it's a great idea. I'd certainly like to support this project. It'd
really help more than one course CISE offers.
Regards,
Ashish
Subject: Re: Student Tech Fee Proposal
From: Christa Wimberley
To: Joseph N. Wilson
Hi Dr. Wilson,
I think the purchase of a RAVE would be a great use of the fee. Computer
security is an important topic that seems a bit under-taught at UF at the
moment; I would love to see regular courses about it. An investment in
equipment specifically for such classes seems like a good motivation to
have them. Also, the best way to learn that sort of thing is by doing-- a
purely theoretical class about computer security would probably be
dreadful.
Have a nice day,
Christa Wimberley
From: Andrew Silver
To: Joseph N. Wilson
Subject: RE: Student Tech Fee Proposal
To Whom it May Concern:
I'm a freshman Computer Science major. Dr. Wilson gave a brief presentation
during one of my COP3502 (Java Programming) lectures this past semester and
I attended one of the Student InfoSec Team--aka the "hacking club"--
meetings out of curiosity. I had no command line experience, no Linux
experience, and certainly no networking/hacking experience. I was interested
in hacking when I was younger, but I was worried I would end up breaking the
law if I played around with security tools.
There are many great things about the InfoSec Team. The collaborative
environment is inviting, the things we are doing are "cool," and there's a
sublime sense of "danger" waiting at every corner. On the other hand, the
environment right now is extremely limiting. Among other things, we can't
perform pen testing directly on the network because we could harm the
machines/servers on it. The past few InfoSec meetings -- where we go over
the relevant hacking toolsets -- have been primarily lecture-based with
minimal hands-on exercises. I participated in the UCSB iCTF competition a
couple of months ago and I felt unprepared - mostly because I did not have a
realistic environment to experiment with. The real hackers are hacking real
machines - to outsmart them, we've got to be one step ahead, not three steps
behind.
In a curriculum full of required courses (Physics, Chem, Calc), hacking --
which is accessible to undergraduates of any major without any background in
computer science -- is an invaluable hands-on experience. If UF wants to put
its graduates on the cutting edge of CS (security), then the committee needs
to approve this student tech fee proposal. Information security is an up and
growing field. Without the RAVE system, I fear that the hacking courses
would be--for lack of a better expression--a waste of time. We wouldn't
stand a chance against other universities' hacking teams. I'm sure the
department will discover many more usages of the RAVE system in the future
and get more than their money's worth out of it.
Best Regards,
-Andrew
----
Andrew Silver
Student Infosec Team TNG
Gainseville, FL
Subject: Student Tech Fee Proposal
From: Vincent Moscatello
To: Joseph Wilson
I would like to submit my support for Dr.Wilson's plans for allocations of
funds from the student tech fee.
In a world where cyber security is playing a increasing roll in our
everyday lives, for example the recent denial of service attacks that
occurred against chase bank in early march, it is impertinent not to invest
in infrastructure that helps students prepare for careers in such fields.
I know from personal experience that trying to learn how to build safer
software is extremely difficult given the current infrastructure available
to students. For example, under Dhnet's current internet policy, students
aren't even allowed to host a simple TCP server on their machines. With the
proposed virtual environment students like me would have the invaluable
chance to learn innovative security practices and carry that innovation
into a future career.
Vincent Moscatello
Subject: RAVE Proposal
From: Neeti Pathak
To: jnw@cise.ufl.edu
I support the RAVE proposal.
As a Computer Science Engineering student here at UF, I have had many
experiences and troubles with installing/running multiple VirtualBoxes on
my personal computer. Different projects I join on campus require different
Operating Systems, and each OS is a new learning process. Making these OSs
easily available to the students to work with will not only increase their
knowledge of said systems but also allow them to discover ways to
navigate/protect them from viruses.
Thanks,
Neeti
From: Brian Nezvadovitz
Subject: RAVE - Student Tech Fee Proposal
To: Joseph N. Wilson
Dear Dr. Wilson,
I am definitely in favor of your tech fee proposal. I cannot imagine
how it would be possible to have this class without a "network in a
box" to do labs on, especially after reading the topics listed in the
syllabus.
Sincerely,
Brian Nezvadovitz
Subject: Letter supporting RAVE
From: David Moore
To: Joseph N. Wilson
I'm on a pretty tight schedule this week so I don't have much time to write
a very long letter, but I think getting a Remotely Accessible Virtual
Environment (RAVE) to assist in the teaching of penetration testing and
information security is a fantastic idea. I took the undergraduate Cyber
Security tech elective (CIS4930) last fall (Fall '12) and while it was an
interesting class, my biggest disappointment with that class was that there
was very little hands-on learning. Sure, we got to do a project that
allowed us to explore various topics in Cyber Security, but I really wish
we had the opportunity to practice common security techniques. If we had a
RAVE in our class, we would have been able to (safely and legally) recon a
system (i.e. the virtual environment), determine what portions of the
system were vulnerable, and practice both attacking and patching the
vulnerabilities. All of those would have been great skills to learn,
especially considering how large of a field information security is
becoming. To keep up with the growing demand for security professionals,
the Computer Science and Computer Software Engineering majors need to
evolve beyond being strictly software developers. Knowing how to exploit
and strengthen the security of software is rapidly becoming just as
important as writing the initial source code itself, and I think providing
students with a RAVE would help them to develop the skills they need to
make themselves a valuable asset in today's technology-driven economy.
David Moore
From: Daniel Gollahon
Subject: Re: RAVE Proposal
To: jnw@cise.ufl.edu
Dr. Wilson,
I think that it would be an excellent idea to pursue this proposal. By
participating with the UF SIT I have learned lots about network and
application security. At the beginning of *this* semester, I had absolutely
no idea how any kind of security exploit worked. Many approaches I've
learned about formerly seemed impossible--like something out of a movie.
Since then I've learned about stack overflows, brute force attacks,
password hashing methods, network protocols & handshakes, the existence of
numerous security threats we face, etc. I plan to continue expanding my
currently limited knowledge, but from talking to fellow computer
engineering majors, it's clear that most of them have an even poorer
understanding of network and application security than I do and no plan to
improve that understanding. I think that, in light of the ever-evolving
security threats we experience, understanding this side of computing is
critical for future software developers and network professionals. As it is
right now, however, there are only limited resources available to students
for such pursuits. UF should expand and accommodate this type of learning
via Dr. Wilson's proposal.
Thanks,
Daniel Gollahon
From: Christian von Kleist
Subject: Re: Student Tech Fee Proposal
To: Joseph N. Wilson
Dear Dr. Wilson,
As a professional pen-tester and UF alumnus, I fully support your aims
of teaching security classes, preparing students for
CTFs (security competitions), and educating UF faculty and staff on
critical security concepts.
Computer security is a growing field which will shortly employ a large
workforce. Students who master computer security in school will find
themselves in high demand when they enter the job market.
Sincerely,
Christian von Kleist
From: Rakaczky, Christopher A
To: Wilson,Joseph N
Subject: Student Tech Fee Proposal
If the RAVE proposal is funded, I believe it will benefit UF's
Computer Information Science Engineering department by providing a lab
of virtual machine networks so that students can simulate real-world
exercises and challenges in the Penetration Testing, Ethical Hacking,
and Network Security classes that UF's CISE department will be
offering. Other UF students will also be able to utilize the lab as
part of UF's Student Information Security club, too. The lab can also
be used for future computer network/security related courses, which
will help contribute to the CISE department's ABET accreditation
effort and the University of Florida becoming an NSA/DHS National
Center of Academic Excellence in Information Assurance Education and
Cyber Defense accredited university.
-- Chris Rakaczky, 5th year B. S. Computer Science Undergraduate Student
Subject: Support for RAVE proposal
From: hubert lin
To: jnw@cise.ufl.edu
Dear Dr. Wilson,
I have read your proposal of a Remotely Accessible Virtual
Environment (RAVE) .I think it is really a good idea and will benefits us a
lot in different aspects.
(1) As a member of Student Info-sec Team, I think it will helps a
lot in promoting our skills and raise our competitiveness in contests. We
can not only save a lot of time in setting up the environment before every
meeting, but also practice our skills in a much better virtual environment.
(2) Also, I will take the course CIS 4930/CIS 6930 Penetration
Testing and Ethical Hacking next semester. And I believe RAVE can be used
to illustrate theories and provide students with a better view in course,
thus contribute to the absorption of knowledge. And definitely RAVE will
play an important role in many other courses.
(3) As a computer engineering major students, I always need to
test projects on different systems. It really bothers me a lot to install
different systems, especially when I need to test my project on at least 5
of them. But RAVE will make this problem much simpler. Students in CISE
really need this !
This is really a good proposal that worth spending money on it.
Thanks.
Sincerly,
Wei LIn
From: James,Dennis C
Subject: RAVE support
To: SIT-L@LISTS.UFL.EDU
Hello Dr. Wilson,
I support your efforts in trying to obtain a RAVE. I think it would
be an extremely useful teaching and learning tool. I look forward to
seeing how you make use of it!
-Chris James
From: Jim Hranicky
To: Joseph N. Wilson
Subject: RAVE Proposal
Dr. Wilson,
The average home PC user is well aware of the problems with
computing as nearly every home user runs some sort of anti-
virus to combat attacks.
However, software is being utilized increasingly in nearly
every other industry and has found its way into more and more
everyday commodities such as phones, automobiles and TV sets.
Software in these items often exposes consumers to
vulnerabilities which have vectors of attack unknown not
only to them but to security researchers as well.
As our society further incorporates digital technologies
into everyday living, it's critical that those creating any
type of software component have a strong understanding of
what it means to program with security (a.k.a correctness)
in mind as well as the consequences of failing to do so.
The RAVE system proposed will be a valuable tool to help
students understand the fundamentals of secure computing
as well as the dangers of failure. This type of hands-on
approach is what is needed to prepare students for our
new digital world.
--
Jim Hranicky
IT Security Engineer
UF Information Technology
105 NW 16TH ST Room #104 GAINESVILLE FL 32603-1826
352-273-1341
Office of Information Security and Compliance
From: Jordan Wiens
Subject: Re: Student Tech Fee Proposal
To: Joseph N. Wilson
As a UF alumnus and current hiring manager for a large defense
contractor, I'm very excited to see the proposal put forward by
Dr. Wilson on the Remotely Accessible Virtual Environment. I worked as
a full-time staff member of the university for many years and spent
nearly a decade on campus. During that time, I was continuously
disappointed by the lack of academic support for security research and
training within the university. Now that I'm overseeing the hiring of
dozens of security researchers per year, it's even more apparent to me
which schools take an active interest in security education and which
do not.
Unfortunately, even having an interest and some coursework isn't
enough. Many schools are funding the wrong efforts. Getting students
hands-on practical experience with both defending and attacking live
computer systems is absolutely one of the most crucial skills that is
needed, not just for myself as an employer, but for this nation as a
whole as are facing a well-publicized [1,2,3] national crisis.
I look forward to a time when I can hire researchers whose skills have been
developed by just such an environment as one described in this proposal.
While I hope that it is at UF, if it doesn't happen there, I'm sure it will
happen elsewhere. Obviously we'd all prefer it be Gators getting those jobs!
Jordan Wiens
[1]
http://www.nationaldefensemagazine.org/archive/2011/August/Pages/Government,MilitaryFaceSevereShortageOfCybersecurityExperts.aspx
[2]
http://articles.latimes.com/2012/apr/15/business/la-fi-cover-cyber-hackers-20120415
[3]
http://www.nbcnews.com/technology/technolog/u-s-seeks-patriotic-computer-geeks-help-cyber-crisis-1C6782914
Subject: Re: Student Tech Fee Proposal
From: Andrew Kerr
To: Joseph N. Wilson
Good afternoon Dr. Wilson,
I am writing to give my support for a RAVE. Here at the University of
Florida, there is currently a need for a security-focused course as there
is both interest from students and industry. A RAVE would allow students to
practice the theory that they would learn in these courses and, as in most
of my classes, the application is much more meaningful than theory.
As of right now, it is near impossible for most students to get this hands
on experience in various forms of ethical hacking unless a student risks
legal trouble to do it. A RAVE would allow students a legal environment to
practice their skills on rather than an actual system and risk getting in
trouble.
With that said, I believe that a RAVE would be a splendid addition to the
resources that the University of Florida offers both students and faculty.
~ Andrew Kerr
From: "Ochoa,Tatiana N"
To: jnw@CISE.UFL.EDU
To Dr. Wilson and To Else this may concern,
In my opinion, the benefits of a RAVE is vast.
This brings in something that is priceless and that's for the students
to be able to practice computer security without issues or limitation.
It's an academic and competitive edge for students and the university
overall. The application of everything a student learns is important and
I think anyone who has ever tried using any application or software or
has tried any form of code can understand the importance and the
benefits that comes along from hands-on work and practice, practice,
practice. Did I mention practice? This would be a great use of the fee
and I hope that is clear.
Thank you for your time.
~ Tatiana Ochoa