|Security Practices and Research Student Assoiciation|
|Advisor||Sam McQuade and Gary Scarborough|
The Security Practices and Research Student Association (SPARSA) is a Rochester Institute of Technology student-run organization that addresses security-related issues and how these issues affect multiple majors and disciplines. The ultimate goal of this organization is to provide students with experience in information security and job opportunities in information security (infosec) related fields. This includes aiding members in the search for both cooperative education (co-op) and full-time employment opportunities.
To meet this goal, SPARSA hosts and participates in research and development of security tools and policies. In addition, SPARSA provides consulting for organizations in need of improved security. SPARSA also seeks to build and maintain relationships with local and national security related organizations. This includes social networking with security professionals and hosting conferences, symposia, and other security-related events to spur growth in this area.
As security becomes progressively more important in our increasingly global world, SPARSA will help students remain on top of their game and up to date with the latest security issues, practices, and research. "Today individuals, families, organizations, communities and our nation face unprecedented combinations of cyber and physical security threats to both cyber and physical assets. The challenge is to enhance security capabilities at all levels of society by developing better security technologies, and by providing education and training in the use and management of security technologies" (Dr. Samuel McQuade)
SPARSA was founded in the wake of 9/11 by RIT students Jared Campbell, Eric Linden and Matt Hile. The initial faculty advisor was Dr. Samuel McQuade - Program Chair of The Center for Multidisciplinary Studies, with additional coordination from Kimberley Laris - Director of Business Process & Audit, and Jim Moore - Information Security Officer.
SPARSA recently wrote and published an article on information security in a security journal. The future vision of SPARSA is to expand our research capability through both technical and non-technical publications.
SPARSA is in talks with one or more institutions about the possibility of creating additional SPARSA Chapters at other Universities and Colleges in the United States.
SPARSA hosts and co-hosts a wide variety of events that involve computer security. In the past, this has included the Information Security Talent Search (ISTS) and the McAfee Security Competition.
To help achieve SPARSAs goals, SPARSA hosts an annual computer security competition called the Information Security Talent Search (ISTS). ISTS challenges teams to diagnose security vulnerabilities on an administrated network. The competition offers students the opportunity to set up and secure their own network services from intrusion, network with fellow security-minded students and professionals in the field, as well as attack other teams network services ISTS.
In spring 2005, McAfee approached SPARSA to host a Computer Security Contest ("Secure and Defend Your Digital Fortress"/"Secure Computing Contest"). This contest came following a generous donation of McAfee products to RIT. The competition took place on May 13, 2005. McAfee sent 5 employees to take part in the attack portion of this contest. Students signed up in teams and attempted to build a secure network infrastructure. Teams used McAffe IntruSheild IDS/IPS (NIDS) devices, McAfee Entercept (HIDS), McAfee AV, Cisco 29XX switches, and Cisco 29XX routers. An Extreme Network Alpine multi-layered switch powered the network core. Each team was given 3 networks they were responsible for maintaining connections to. This ultimately proved to be too difficult for teams, and the network was flattened into a single network. For OS's, teams ran Windows 2000 Server, Debian/KNOPPIX Linux and FreeBSD. The winning team placed a great deal of faith on FreeBSD and it paid off. McAfee used a software product known as Core Impact to penetrate and autoroot team boxes. While this tool worked reasonably well, it also crashed the network by confusing the multi-layer Extreme switch. The SPARSA attack team was less fortunate, and used WHoppiX (now WHAX) and BSD variants with such tools as nmap, netcat, nessus, and the metasploit framework.
The Executive Board ("E-Board") is SPARSA's leadership. Members can be nominated to these positions as the SPARSA constitution allows. Nominations normally take place during the Spring quarter at RIT.
As SPARSA is a relatively young organization, its network of alumni is fairly small and is growing constantly. As of July 2006, SPARSA alumni members work for a multitude of organizations ranging from Microsoft, Lockheed Martin, Crowe Chizek, and Merck, to various entities of the U.S. Government.
With the growth of SPARSA's alumni network, locating jobs for new and younger members will be easier. Some alum members work in incredibly unique and ever evolving fields that deal with information security as well as national security. These relationships can provide incredible opportunities for new members to evolve into information security professionals.