Category Archives: Study blog
Addition
ISMPC-6
This competence in its own is quite empty to even mention. I am quite certain that I already show that I am capable of writing in decent English, and that my previous period(s) have shown that I can work in an international environment. Aside of this, the whole course was in Dutch, with a few small English side components. Other than that the absence of international organisations and the experience on how to act in such organisation, makes this competence irrelevant to the course as it was given to us as students
ISMPC-12
During the project I’ve had to decide to put my own personal study growth before the results of the group. This has damaged the time that I had available to study the theoretical aspects of the course.
ISMPC-14
Uncertain where in this period this has been a very relevant aspect, especially as the subject hacking and hardening was way too thinly measured out. There’s no basis to support this competence within the course from my perspective.
ISMPC-17
I have not yet experienced any ethical dilemma’s in this project so it is not possible to judge this.
ISMVC-2
During the project I’ve had to decide to put my own personal study growth before the results of the group. This has damaged the time that I had available to study the theoretical aspects of the course.
ISMVC-6
I’ve shown this competence by preparing the lawsuit against the defendant.
Aside of this, it is really hard to “prove” this competence when the description itself does not really match anything with the real course.
ISMVC-8
In order to be able to participate in the course, you were required to enable the use of Pretty Good Privacy, a tool that encrypts messages towards other recipients. You have to share your public key with people in order to be able to receive encrypted e-mails.
ISMVC-16
During the research I’ve mostly focused on determining the process of describing how the attacks on the system of our fictional company were used. I’ve made a major chart which chronologically describes all events that were conducted during the break-in. Aside of that I’ve attempted to make a list of network components and open ports, although this didn’t work well due to the environment which was used, had too many flaws to make it believable.
ISMVC-18
This competence has not been adressed in this period. Hence why I am unable to answer this fully.
Update on my Blog
Note: This post is about education. It has nothing to do with an actual hack. It is all a case posed for studying by my course’s curriculum.
I’ve had the request to shortly blog about the input that I’ve had in the project for ISM5. During this project I’ve mainly focused on the fact that I had to show that I was a good addition to team-based work since I’ve shown some trouble in that in the past before I started to improve on that.
During the work in the group, I’ve tried to be the technical “expert” as a role. I’ve focused myself on the network aspects of the various stages, aswell as being the document manager within the group. This last function really doesn’t fit too well with me as I am way too individually minded to do this properly. I definatly will look into not getting this role in a group unless I start in that group at the first day.
Eventually when we had the evidence for the hack, from the case given by our tutors, we decided as a group that we would not enter the lawsuit with a full team of 5 officers. Instead as a group we decided to change this setup and have two officers, and one expert in the case. Sadly I personally feel that the performance of one of the members wasn’t optimal and a lot of pieces in the lawsuit were dropped while they were a very solid point to stop the defendant’s attorney from properly formulating a defense.
One of these is the fact that the defense attorney claimed that the officer who issued a speed ticket towards the defendant, could testify that it was indeed happening. Sadly our team of officers did not jump into this argument, especially due to the fact that the DA was unable to present a witness while he did claim he could. This was a very solid point that our team did not capitalize on, and which I felt I would’ve spotted if I was in that position. Alongside the other points, we didn’t put our best leg forward and didn’t capitalize properly on the weak points of the opponent.
Overall if I look at the lawsuit and the preparation, I think I should have put a little bit more of time and effort in. Some of the results weren’t satisfying and I feel that I would’ve managed if I did take part in the process.
One thing I have to say personally, I find it hard to work with a specific person, which for the sake of anonymity we’ll call “Jack”. I’ve had two periods with this person now and I get more and more annoyed by the lack of understanding of others that he displays. This goes from criticizing the lack of business attire, towards unwanted tips. If you brush him off in a nice way because you’re unable to process his “advise” then he’s peeved and throws it on you that you need to adapt. I am really unsure what to do with this guy except request a lack of team-focused work with him from this point on. So.. Jack. Please leave me alone and I’ll leave you alone.
ISM-5: Worst period ever
Seriously.
I won’t even be so nice to put this in a shiny view. As always this is my personal blog and I reflect the way I see the world. This period has been nothing but a waste of time with an incompetent coach and tutor, which not only lacks the mental capability to understand how things work in a school environment, but also lacks the sense to stop talking and LISTEN to the student as opposed to pretending to be a waterfall of BS. Colleges given in this period were utter useless, with contradicting and incorrect information from the same tutor. We eventually hit up the course coördinator, and change was promised. Except everything got worse.
The man has no idea when people are busy that THEY DO NOT WANT TO BE DISTURBED. Absolutely has NO sense when people are too busy to be able to talk to his random rambling and BS. So yes, I am very very VERY pissed off with the lack of competent people as the coaches that did have the skill to bring this information in a proper way, were too busy because of other commitments (which I do not blame them for).
With that said, I will shortly summarize the requested points as with such coaching I do not deem it neccesary to have a boatload of text that beats around the bush.
Highlights of this period
The only really enjoyable thing in this course was the workshop by Certified Secure. It was great to finally see some people with actual skills teaching us things. It was interesting, you learned of it and please get Certified Secure to just fill that whole section of 10 weeks. Atleast then people will actually gain knowledge as opposed to losing it due to the incapabilities of our dear tutors. *coughs*
Things to change personally
From this period I noticed one thing that was quite important and that was the ability to focus on the theory. I’ve been so busy making sure that I could pass my propedeuse that my theoretical knowledge started to lack a bit. This problem has now been resolved and I tried to catch up with the rest which was quite hard. We’ll see the results of this soon enough.
Two important choices
The first decision is that I focused on being a group member as opposed to focusing on the theoretical part. This I have described above already.
The second decision was to rally fellow students in order to try and get the course on the rails at the beginning of this period. We’ve had good talks with Leo about it and some things shortly changed even though on the long run it was all for naught, I feel.
Greatest learning experience
That sometimes you need to ignore the roads posed by the tutors and figure it out yourself because you will conclude that 90% of the taught curriculum is incomplete or incorrect. And that you may be better off by making your own study groups as opposed to listening to this tutor.
ISM-5 – Week 01
Finally! I thought I never could get to this period in my studies. The first throught that crossed my mind about the fact that I could start with ISM-5 – Cybercrime. It really was going to be great, and then I heard how we were supposed to be using the Labs. It seems nice, you’ve got a server running with VMs which emulate three(?) servers and a few desktops. When you want to acces this, you can only do this through school, and only at specific cubicles with specific ports requiring specific hardware to manage. Wireless is not an option, and people with a weaker laptop that can not handle the program are left behind.
It really frustrates me to see that the Labs are focused on the more wealthy students who are able to buy proper new laptops, while I can only try to borrow a laptop at the servicedesk. I am unable to connect remotely to the system, and I am required to use these systems in order to do this period. I ask you now. How the fuck am I supposed to work if I can not afford new hardware, and I am dependant on the school’s available material.
Even worse, one can not use the desktop PC’s that are present in the building, to complete this lab.
When I confront the teacher about this, I basicly get a really cold and unclear reply. I am sure this teacher has a lot of knowledge and skill with the Security branch, but his coaching and teaching capabilities are worth crying about at times. He does not listen, does not focus on what you actually mean and then when you argue about it he puts you down and claims he “gave you time” aswell. It’s a hit and miss, like asking a blind man to read what’s on the sign across the street. It just isn’t working and it’s kind of rude / uncomfortable aswell.
