NRC Flashcards
Conducted and presented research on threats to electrical smart grids, evaluating the effectiveness of
countermeasures such as virtualized honeypot systems.
As part of my research, I analyzed cybersecurity threats targeting electrical smart grids, particularly focusing on the limitations of traditional honeypot-based defense strategies. While honeypots are commonly used as countermeasures to detect and deceive attackers, we found that most implementations rely on static defense mechanisms, making them ineffective against dynamic, adaptive cyber threats.
Our team explored how attackers identify and bypass static honeypots using anti-honeypot techniques, which allow them to detect the VM and bypass an initial defence.
To address this, I presented research advocating for dynamic defense strategies, where honeypots can adapt based on attacker behavior, arguing for game theory-based solutions and integration with machine learning.
Assessed the effectiveness of security awareness training programs, analyzing assessment metrics and incident
reporting trends to refine content and improve engagement.
In my role, I** worked closely with security teams to evaluate and improve cybersecurity awareness training for researchers and engineers**. Our goal was to determine the most effective way to educate employees on security best practices and reduce risky behavior.
To do this, we compared different training methods, including classroom-style training, mandatory web videos, and interactive modules. We analyzed key metrics such as completion rates, post-training assessment scores, phishing simulation results, and incident reporting trends to gauge their effectiveness.
One of our key findings was that mandatory video-based training had high completion rates but low engagement and retention, whereas interactive, scenario-based training led to better long-term security awareness.
specific role in programming proof-of-concept software solutions in C
my role within the team was to develop proof-of-concept software solutions in C to demonstrate how honeypots could dynamically adapt to attacker behavior. I worked on** implementing low-level system interactions and network simulation features to create a more resilient honeypot framework capable of modifying its characteristics** in response to detected intrusion patterns.
Using inotifywait in Linux
if (detected_access_to_critical_files == TRUE) {
// Modify honeypot behavior to increase logging and deception
enable_extended_logging();
create_fake_critical_files();
redirect_attacker_to_fake_system_environment();
}
else {
// Normal operation, minimal logging
maintain_standard_honeypot_behavior();
}
What specific metrics did you find most useful when assessing the effectiveness of security awareness training?
The most useful metrics were phishing simulation click rates, which gave us direct insight into user susceptibility, and post-training assessment scores to measure knowledge retention. We also tracked incident reporting rates before and after training, as an increase in reports often indicated better awareness.
How did you collect and analyze the data from these training programs
We used a combination of** built-in LMS (Learning Management System) reports and a SQL table** to collect data on completion rates and assessment scores. For phishing simulations, we analyzed logs from tools like KnowBe4 (or whatever platform was used) to see which users clicked on links or reported suspicious emails.
Can you give an example of a time when your analysis led to an improvement in the training program?
One key improvement came after analyzing phishing simulation data. We noticed that users often fell for well-crafted emails mimicking internal communications. Based on this, we added a module specifically focused on identifying spoofed internal emails. In the next simulation, click rates dropped, showing that targeted training made a significant difference.
What challenges did you face when developing the proof-of-concept software in C, and how did you overcome them?
One of the biggest challenges I faced when developing the proof-of-concept software in C was having to learn so many new concepts at once—but that’s also what made it fun and interesting. While I had a strong foundation in programming, the project required me to understand how attackers infiltrate virtualized environments, which meant diving into areas I wasn’t as familiar with, like **network security, and anti-VM detection techniques.
**
I found myself:
Exploring networking fundamentals to understand** how attackers scan for open ports, fingerprint systems, and pivot within a compromised network**.
Studying security research papers and MITRE ATT&CK to break down different infiltration tactics.
Instead of feeling overwhelmed, I saw this challenge as an opportunity to connect programming with real-world security research, which made the process deeply engaging.
How did you ensure that your honeypot was not easily detected by attackers?
I implemented techniques such as randomizing system identifiers, using real-time environment changes, and mimicking legitimate user behavior. For instance, the honeypot periodically altered its system clock, MAC addresses, and network configurations, making it difficult for attackers to fingerprint the environment. Additionally, I used polymorphic code techniques to ensure that even the honeypot’s internal processes did not follow predictable patterns
