InfoSec Community

Last updated: August 3, 2024

An important part of our mission is to promote a culture of cybersecurity in the UW community. See the sections below to find out more about collaborative and educational opportunities:

Information Security Advocates

Members of the UW Information Security Advocates group have a desire to learn about and promote a culture of cybersecurity throughout the UW community. We are interested in both the technical and the human-driven aspects of information technology and ways to identify and manage risks.

Objectives

  • Work with the Office of Information Security to develop and promote cybersecurity best practices and awareness materials
  • Develop and foster relationships that allow for the two-way exchange of information that can help us reduce cybersecurity risk
  • Participate in forums for the communication of cybersecurity issues to share expertise
  • Collaborate in problem solving, and foster collaboration and cooperation

Meetings

  • InfoSec briefings are the 2nd Thursday of each month, 1:00-2:00
  • Contact help@uw.edu for meeting notifications and location
  • RSVP required for meeting participation
  • Other meetings as needed

Want to join?

Contact help@uw.edu with “OIS Security Advocates” in the subject line
Also see our workshops.

Events

The Office of Information Security hosts a series of monthly briefings intended to share information, provide education, and stimulate conversation on a wide range of topics.

Information Security Briefings

Members of the UW community share the responsibility to safeguard personal and UW data.

In support, the Office of Information Security hosts a series of monthly briefings intended to share information, provide education, and stimulate conversation on a wide range of topics.

Contact help@uw.edu with “OIS notifications: subscribe” in the subject line to be added to the list for monthly notifications. (UW staff, faculty, and students only, please)

Monthly Briefings

Scheduled through December 2024

  • 2nd Thursday of each month
  • 1:00-2:00
  • Location: TBD. (email Melissa Albin at malbin@uw.edu for info)

Also see our workshops.

Workshops

Workshops are for members of the UW community and are taught by OIS staff. See registration information under each course description.

Workshops

  • Get hands-on experience hacking a vulnerable web application
  • Explore common vulnerabilities such as XSS, SQL injection, and web parameter tampering
  • 3 hours

Course requirements

  • Your own laptop (Mac or Windows) with Firefox browser installed
  • A basic understanding of HTML and JavaScript
  • A basic understanding of HTTP
  • Familiarity with Developer Tools in Firefox

This course will incorporate hands-on exercises throughout, including modifying server configurations to learn how to put the above techniques to use.

Click the following link to register: https://ois.uw.edu/101-reg

After having gained a foundational understanding of some common web app vulnerabilities from Web App Security 101, you’ll move on to explore the browser security model, as well as features of the modern browser you can leverage right now to reduce the overall risk to your web applications. This is a 6-hour course, including an hour break for lunch.

Topics we’ll cover include:

  • Same Origin Policy
  • CORS
  • Content Security Policy
  • HTTP Strict Transport Security
  • Subresource Integrity
  • Explicit MIME Types
  • Safer Cookies

Course requirements

  • Your own laptop (Mac or Windows) with Firefox browser installed
  • A basic understanding of HTML and JavaScript
  • A basic understanding of HTTP
  • Familiarity with Developer Tools in Firefox

This course will incorporate hands-on exercises throughout, including modifying server configurations to learn how to put the above techniques to use.

(Please note that Web App Security 101 is a prerequisite for the 102 course.)

Click the following link to register: https://ois.uw.edu/102-reg

Join other admins and IT professionals to detect vulnerabilities that can be exploited in the Windows environment. We will learn together as we explore the Mitre ATT&CK framework for understanding the techniques and tactics used by adversaries. We’ll also talk about Sophos EDR and Sysmon for detection.

  • You will receive a AWS CloudFormation template to spin up Windows Server for practice after the workshop.
  • Workshops are offered the 3rd Tuesday of each month (time of day TBD)

To sign up, email help@uw.edu with “OIS workshop: Bad Things on Windows Server” in the subject line, preferably a week in advance.

  • We’ll focus on creating a Hunting, Elasticsearch, Logstash, Kibana (HELK) to move your Sysmon logs to central logging. We’ll also talk about Sophos EDR and Sysmon for detection.
  • Offered 1×1 or in small groups on an as-needed basis

To sign up, email help@uw.edu with “OIS workshop: Open Source Logging & Detection” in the subject line, preferably a week in advance.

If the current month’s workshop is full, you will be added to the list for the next one.

Join other Domain Admins and IT professionals to learn together as we explore BloodHound for understanding your Active Directory operational environment and potential exploits.

Part 1:

  • Step by step install of BloodHound (Graphing GUI) on Kali and how to run SharpHound (data gathering) on your Windows machine and talk about a few queries to find info.
  • Typically workshops are offered the 3rd Tuesday of each month (time of day TBD).
  • Offered 1×1 or in small groups on an as-needed basis.

To sign up, email help@uw.edu with “OIS workshop: BloodHound Part 1” in the subject line, preferably a week in advance.

If the current month’s workshop is full, you will be added to the list for the next one.