The second round of our Security Internship Program has ended and we are pleased to congratulate Ilona Ozmon and Kris Beltran for graduating from the program.
I sat down with Kris to talk a little bit about his experience going through the Program and any words he would like to pass on to future applicants.
Casey: Kris, thank you so much for talking with me. You and I have known each other for several years, but for those reading, can you tell us a little bit about the work you do in your “normal” job at Berkeley?
Kris: Of course! I share Team Lead responsibilities for the ITCS “Campanile Zone” and have primarily supported Haas Faculty, Staff, and PhD students since 2011. During COVID shelter-in-place, our zone model temporarily changed and we switched to providing support remotely for various campus departments. In March, I joined the ITCS ESC team helping to prepare laptops for in-person deployment appointments at our 4th Street office. In August, we made the switch to remote-login setups limiting our in-person contact and instead offering pick-up or shipping of their computers.
Casey: So, having a global pandemic occur right in the middle of your internship was unfortunate, to say the least, but did that have any impact or insight into security or securing systems as our whole workforce transitioned to working from home?
Kris: This is a great question. Prior to the pandemic, the various zones of our ITCS organization were doing their best effort for Windows 7 abatement for most of the desktops and laptops across campus. (FYI - Windows 7 went End of Life in January 2020). This effort had to take a completely different approach. In most cases, departments shifted to providing laptops for their staff and faculty members which are setup and deployed by the ITCS ESC team that I’m a part of. These computers have the latest campus EOS images for Windows 10 and MacOS Catalina.
Casey: I can't imagine how much work it must have been to pivot during shelter in place. It's hard to even remember life BC (before COVID). If you can try, do you remember what attracted you to the internship? Or What types of skills were you looking to develop through this program?
Kris: There are a number of reasons that I was attracted to the internship. I’ve been a part of ITCS’s Security SME group since I joined CSS-IT back in 2015 and we’ve been meeting quarterly at Warren Hall headed by Lois Wareham and Micah Bot-Miller. I’ve attended system wide UC Security Symposiums and partnered with security staff in the past to provide support for the Energy Institute at Haas. I’ve worked with the previous security intern, Ryan Tran, at Haas/ITCS Campanile Zone. So over my career at Berkeley I’ve always had an eye on security and wanted to learn more. I really did not have an agenda coming into the internship and wanted to absorb as much knowledge that I could from the various groups and great staff at ISO.
Casey: Keeping an open mind and learning whatever new things you can is always good practice! So what skills have you developed since coming to ISO or what types of projects did you work on here?
Kris: I assisted in refining documentation for users on the security website and worked with CalNet to create a process for using Zoom for remote ID verification. I attended weekly policy group review sessions and now understand policy differences between the Minimum Security Standards for Electronic Information (MSSEI) and the Minimum Security Standards for Networked Devices (MSSND) as I helped (and am still helping) align these Berkeley Standards with IS-3 - the UC system wide Information Security Policy. I completed the SANS Security Essentials Bootcamp course, which was a feat in and of itself. I worked with CalNet to learn about the CalNet Admin Tool which will eventually become part of the ITCS Service Desk duties. I worked with the NetReg team to learn more in-depth NetReg functionality and lookup features that have proven very useful. And lastly (!) I’ve been working with the Security Assessments team gathering info for a preliminary assessment of Boxcryptor.
Casey: Wow, it sounds like so much when you list them all out like that! All your help and insight has been really valuable to us as well. Getting outside perspectives is one of the most important lessons we take back to our team. Do you think the work you have learned here will help you in your “normal” role?
Kris: Absolutely. I’ve gained valuable insight and knowledge in approaches to information security through both the hands-on work with ISO and through the SANS course. At ISO I was able to play around with the tools that are used here at Berkeley and the SANS course covered a range of security software tools that I intend to use and share with colleagues and incorporate into our practices. Plus, getting to know the various members of the teams at ISO will help reinforce the partnership with ITCS.
Casey: Building connections is a core of this program! Would you recommend others to apply for this internship?
Kris: Most definitely! It’s a great opportunity to get to know the members of the ISO department and their respective roles such as CalNet, SecOps, Assessments, and Information Security Policy. The teams function well together and attending the meetings in-person (or virtually) have provided valuable knowledge from a security perspective on-top of my current role in desktop support.
Casey: Okay we went through the list of all the things you worked on during your time here. What’s the coolest thing you learned or did while you were here?
Kris: One of the first things that opened my mind up to how InfoSec is handled on campus was getting to see the “other side” of ISP/SNS tickets through the RT Ticketing System. Up to that point I was the recipient of these ticketing emails from Security and learning about the other side: how tickets are generated, how items are prioritized, the breadth of issues that come into ISO - was eye opening and insightful. This team deals with a lot!
Casey: We definitely do - but as you have shown in all the work that ITCS does, security is a team effort and together we secure campus. Kris, thank you so much for speaking with me.
Kris: Thank you for this opportunity and it’s be a valuable experience for me during these past 6 months of being a part of ISO- a fantastic team to work with!