Speakers
Description
What is it about?
As NRENs we have the next generations of security experts just one arm length away. At SURF and Switch, we engaged students and university employees in a meaningful way while benefiting educational institutions at the same time. Our concept is simple: bring them together with institutions that volunteer as a target to have them find vulnerabilities in the institutions and do Coordinated Vulnerability Disclosure (CVD, also known as Responsible Disclosure). We created an event format that provides an opportunity for students to identify vulnerabilities in predefined scopes provided by participating educational institutions. With the guidance of NRENs, these events create a safe, collaborative environment for skill-building, research, and institutional security improvement.
This presentation shares insights and experiences from successful ethical hacking events organized by SURF and Switch. The presentation aims to inspire other organizations to implement similar initiatives, and fostering a stronger cybersecurity ecosystem by encouraging CVD.
A proven concept
HALON , the SURF version, has been done for the last three years and has been a huge success. Switch with its equivalent ROESTI has joined the hype for the first time. Both formats yielded lots of verified vulnerabilities with some even rated as critical.
HALON and ROESTI prove that vulnerabilities can be found by students and that educational institutions can profit from their members in a meaningful way. It brings together NRENs, educational institutions and their staff and students.
Besides the direct benefits of identified vulnerabilities we see this results in enthusiasm amongst students and staff that are new to the field of cybersecurity, and a feeling of appreciation for those already active in hacking on their own. We also use this opportunity to point out the value of having CVD policy and using security.txt at institutions.
... which you can do as well
We believe this type of event is an accessible opportunity for other NRENs to make an impact with relatively little time spent. To make this model extra accessible, we present an event kit with playbooks, marketing material, etc. with which other NRENs should be able to kickstart this on their own with the least amount of effort.
So, join us as we share the journey of HALON and ROESTI and explore how you can bring this innovative and impactful concept to your own community. Together, we can build the next generation of ethical hackers while strengthening our own institutions' defenses at the same time.