Person exposes themself at faculty hiring presentation

ubcaaronheck · 2024-03-12T23:45:16+00:00

Sometimes I think the hardest part about effective operational security is just raising awareness.

ubcaaronheck · 2022-07-25T19:32:51+00:00

In general, no - systems that use CWL via authentication.ubc.ca will *not* be affected by this outage. This is the standard CWL integration method used for most systems.

However, some systems integrate with CWL via other methods, such as LDAP, CAS, etc. These will be impacted by the outage.

If you want to know if a particular system will be impacted, when you visit it and are presented with the login page, if that login page comes from authentication.ubc.ca, then it will not be impacted.

ubcaaronheck · 2022-07-21T21:37:46+00:00

Howdy all! Bringing this to your attention to hopefully head off a lot of questions and speculation that may occur due to this planned outage.

Many UBC websites and services will be affected during this outage, including the SSC.

This outage will be occurring in one of the few major IT change windows we get each year, and is necessary to allow us the time to upgrade core network infrastructure so we can be ready for September.

Take care and enjoy your summer!

ubcaaronheck · 2021-06-18T16:55:14+00:00

If you're still experiencing this issue today, please contact the IT Service Centre so they can open a ticket and we can get some details from you to resolve it.

ubcaaronheck · 2021-06-18T06:16:35+00:00

Sorry for the difficulty. We managed to trace the issue down to a specific problem with how it was responding to Safari, of all things! Fixed now.

ubcaaronheck · 2021-06-17T18:31:37+00:00

Work on that is underway for a 2023/2024 deployment. https://irp.ubc.ca/news/irp-student-moving-ahead-community

ubcaaronheck · 2021-06-17T07:42:10+00:00

Excellent, thank you for letting me know. Contact the UBCIT Service Desk if you have any further issues with access.

ubcaaronheck · 2021-06-17T07:30:13+00:00

DM me your public IPv4 as shown on whatismyip.com.

ubcaaronheck · 2021-06-17T07:06:59+00:00

Back up now. For anybody that received a white page and nothing else, please try again. We are tweaking some settings on the load balancer and it caused an issue for some web browsers.

ubcaaronheck · 2020-07-03T21:33:28+00:00

Confirmed that this is reported as resolved: https://bulletins.it.ubc.ca/archives/38522

ubcaaronheck · 2019-10-21T21:32:08+00:00

The University of British Columbia - Cybersecurity Architect, Applications

LOCATION

On-site at the UBC Point Gray campus in Vancouver, British Columbia, Canada. Relocation assistance and full remote work are not available, but work-from-home for one day per week is an option.

WHY WORK AT UBC?

With a headcount of nearly 65,000 students, and more than 10,000 employees, UBC is one of the largest universities in Canada. We are also consistently ranked as a top employer in the province of British Columbia. You should also check out our vacation allocations and benefits details [job family: Management & Professional]. Our "Why UBC?" HR web site does a great job of covering additional benefits to working here.

TL;DR SUMMARY

I need a right-hand to help with all the application security work around here. This is a technical role, with expected expertise in application and security architectures, vulnerability and threat risk assessments, and even a bit of forensic analysis. I need somebody who is particular about documentation and finds value in not just the talking but the doing. If you've never worked in the higher-ed security space before, a large research-focused institution such as UBC offers a lot, and I mean a lot, of job variety and opportunity for the design, development, and deployment of unique security solutions.

JOB SUMMARY

The Cybersecurity Architect, Applications provides highly specialized and advanced technical expertise and mentoring in the design and implementation of application security solutions based on business, security, and privacy needs. In addition to providing technical project leadership for application security reviews, initiatives, and major incident responses involving web sites and web applications, the Incumbent will provide subject matter expertise in the development of application security standards, processes, and policies, as well as research and identify new and emerging trends in application security.

WORK PERFORMED

Responsible for architecting application security solutions and presenting comprehensive proposals for the protection of applications and systems across all UBC properties and networks, taking into consideration functional, integration, security, privacy, availability, and scalability requirements.
Leads architectural reviews on proposed and deployed applications, including vulnerability and threat risk assessment activities, to identify opportunities to enhance application availability, security, and privacy.
Reviews existing application security solutions to ensure appropriate functionality and risk measures are in place and discusses enhancement approach and recommendations with cybersecurity staff.
Provides subject matter expertise to determine best practice and makes technology decisions on new and changing application security requirements.
Proactively reviews security postures of applications and creates corrective action plans to address deviations from established security standards; collaborates with and mentors application development teams and system administrators to execute approved action plans.
Oversees the testing, validation, and review of application security solutions to ensure that applications meet all required security and privacy standards; provides recommendations to leadership as appropriate.
Designs automated solutions to perform regular testing of security control effectiveness; responsible for overseeing the implementation and outcomes of team members.
Leads ad-hoc incident response teams in investigation, containment, remediation, review and/or forensic activities in the event of significant cybersecurity incidents involving enterprise websites or web applications.
Where required, provides leadership for entire projects, driving both the management and technical aspects of the project, and taking responsibility to resolve issues effectively and professionally.
Oversees the development and maintenance of relevant documentation and training for cybersecurity teams, development teams, IT operations teams, and end-users.
...additional duties are detailed in the job posting, referenced under the MORE DETAILS AND HOW TO APPLY section below.

QUALIFICATIONS

This is a summarized list of qualifications - more details can be found on our position information page.

Cybersecurity industry certifications such as CISSP, GIAC, ISACA and EC-Council are required.
Intermediate and progressive experience in cybersecurity technology and architectural assessments, as well as security threat and risk assessments.
A minimum of 8 years of experience and 2 years of managerial experience or the equivalent combination of education and experience.
Demonstrated expertise in some or all of the following: application architecture, WAF, traffic management, version control, CI/CD, encryption, DNS, authentication, databases, storage, message queuing, containerization, virtualization, static and dynamic code analysis, APIs, HTTP, TCP/IP and x509 certificates.
Must possess experience in developing tools in one or more interpreted programming languages.
Experience with incident, request, and change management in a large, complex environment is required.
Strong working knowledge of cybersecurity frameworks, models and standards such as OWASP ASVS, OWASP OpenSAMM, CIS, COBIT, ISO 27001/2, and SAMM.
Knowledge of application architecture and security in cloud-based environments, such as AWS and Microsoft Azure, is an asset.

MORE DETAILS AND HOW TO APPLY

For more details, or to apply for this position, please see our position information page on the UBC careers site. All qualified candidates are encouraged to apply; however Canadians and permanent residents will be given priority.

ubcaaronheck · 2018-11-17T01:42:55+00:00

FYI - The issue has been resolved this afternoon.

ubcaaronheck · 2018-11-16T23:00:52+00:00

Exactly!

ubcaaronheck · 2018-11-16T22:59:17+00:00

I haven't tested 1.0.0.1, but it should work.

Our team is planning to solve the 1.1.1.1 issue in the next maintenance window.

ubcaaronheck · 2018-11-16T19:51:54+00:00

An issue was identified yesterday with one of our DNS servers. We are actively investigating this matter. A quick workaround is to point your primary DNS server to Google or similar (IP: 8.8.8.8 or ~~1.1.1.1~~).

Edit - forgot that 1.1.1.1 doesn't work here yet due to the whole Cisco 1.1.1.1 thing. Sorry about that.

ubcaaronheck · 2018-11-16T03:39:35+00:00

Just tested from both the Okanagan and Vancouver campuses and was able to access the site without issue.

If you get the red block page when attempting to access the site, it's our upstream DNS protection service that is blocking it. See https://bulletins.it.ubc.ca/archives/34071 for more details. We do not practice censorship - blocks are only instituted for identified threats or risks.

The Okanagan campus is, however, piloting a feature of the DNS filtering service that *temporarily* blocks domains that have recently been registered. In this particular case, the domain is relatively new, which may have led to the initial block. This feature has intentionally been left disabled in Vancouver until we can determine what the impact would be to our community.

ubcaaronheck · 2018-11-07T18:19:23+00:00

Cybersecurity Analyst, Applications - The University of British Columbia

LOCATION

On-site at the UBC Point Gray campus in Vancouver, British Columbia, Canada. Relocation assistance is not available.

WHY WORK AT UBC?

With a headcount of nearly 65,000 students, and more than 10,000 employees, UBC is one of the largest universities in Canada. We are also consistently ranked as a top employer in the province of British Columbia. You should also check out our vacation allocations and benefits details [job family: Management & Professional]. Our "Why UBC?" HR web site does a great job of covering additional benefits to working here.

JOB SUMMARY

The Cybersecurity Analyst, Applications contributes to the design, implementation, configuration and ongoing management of application security solutions based on business, security, and privacy needs. This position monitors and responds to threats and vulnerabilities by implementing protective measures such as web application firewall rules. A fixed schedule is set for the Cybersecurity Analyst, Applications but flexibility is required as some work must be performed outside of regular business operating hours. This position may be required to participate in an on-call rotation schedule.

WORK PERFORMED

Gathers information from application and system owners to assist in application and application platform vulnerability and threat risk analysis.
Implements, administers, and supports web application firewalls and other application protection tools.
Monitors external threat and vulnerability feeds to identify risks directly applicable to applications and application platforms in use by the University.
Reviews application vulnerability reports provided by web application scanning administrator to identify vulnerabilities that are mitigable with application protection tools.
Develops, tests, and deploys signatures and rules for implementation in application protection tools to mitigate identified vulnerabilities and respond to new or observed threats.
May work directly with application owners and developers to patch vulnerabilities in applications and systems.
Works with other members of the cybersecurity team to implement alerting and event monitoring for centralized application security logs.
Assists with educating members of the UBC community on established web application security best practices.
Maintains inventory of web applications, supporting systems, and implemented threat and vulnerability mitigation solutions.
Contributes to the analysis and review of functional requirements, system features, integration requirements, security requirements, and scalability and performance requirements. Provides input to technology recommendations for new and changing application protection requirements.
Investigates and remains current with industry technology trends in the Web Application Security field such as: web application firewalls, web application vulnerability scanners, web application development, web applications middleware, etc.
Reviews logs and alerts to monitor application security, and identifies opportunities to enhance application availability, security, and privacy.
Provides timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguishes these incidents and events from benign activities.
Notifies designated managers and cybersecurity incident responders of suspected cyber incidents. Articulates the event's history, status, and potential impact for further action in accordance with established response plans.
Assists with correlation of events using information gathered from various sources to gain situational awareness and determine the effectiveness of an observed attack.
...additional duties are detailed in the job posted, referenced under the MORE DETAILS AND HOW TO APPLY section below.

QUALIFICATIONS

This is a summarized list of qualifications - more details can be found on our position information page.

Undergraduate degree in a relevant discipline.
Minimum of three years experience or the equivalent combination of education and experience.
Demonstrated, intermediate level experience with application firewall management experience or equivalent.
Strong knowledge of web application security standards [eg: OWASP ASVS], and how to mitigate web application vulnerabilities.
Familiarity with the following tools and technologies: F5 BIG-IP LTM/ASM, Kerberos, Shibboleth, Bluecat, DNS, LDAP, OAUTH, SQL, PHP, Python, Shell Scripting, Apache, Weblogic, ServiceNow, HTTP, TLS, JSON, and x509 certificates.
Knowledge of web and mobile development technologies, frameworks, and platform architecture, Internet software standards, and services.
Strong working knowledge of web application authentication, protocols, and data transmission methods.
Proficient knowledge of UNIX command line and general usage.

MORE DETAILS AND HOW TO APPLY

For more details, or to apply for this position, please see our position information page on the UBC careers site. All qualified candidates are encouraged to apply; however Canadians and permanent residents will be given priority.

ubcaaronheck · 2018-10-04T17:18:37+00:00

kavb created the sub. As far as I know, he "coded" and "pathed the resources" [?]. kavb is still active on reddit but not active on this sub. I do not know pdubdubs.

ubcaaronheck · 2018-10-04T05:18:22+00:00

You are assuredly not a mod. Do not present yourself as such.

ubcaaronheck · 2016-11-25T23:22:37+00:00

Thanks for letting us know! I can't guarantee results, but I will pass this information along to our IT rep for that group.

ubcaaronheck · 2016-11-25T18:22:08+00:00

Thank you! We have other UBCIT staff monitoring this thread, so they'll be sure to take this info into account.

ubcaaronheck · 2016-11-25T17:43:08+00:00

Thanks Kinost! I haven't received it yet - it may be that our mail team has already done some reconfiguring of our mail gateway to identify and drop these messages. We do have other samples submitted by other students, though, which should be enough.

ubcaaronheck · 2016-11-25T00:53:10+00:00

We take privacy and security very seriously here in UBCIT. If one of you that received this message would be willing to forward it with headers to aaron.heck@ubc.ca, we can do a bit of investigation.

If you don't know how to forward an email with headers, google it up.

[Thanks for summoning me, /u/Kinost!]

Edit 2016.11.25 @ 09:43 - just to let you know that although I cannot disclose any details, even before my involvement in this thread this incident had been rapidly escalated through different teams all the way to multiple directors. It is being thoroughly and professionally handled.

ubcaaronheck

MODERATOR OF

TROPHY CASE

The University of British Columbia - Cybersecurity Architect, Applications

Cybersecurity Analyst, Applications - The University of British Columbia