A group of students conducted scans, probing the networking for vulnerabilities that hackers can exploit (an outdated version of Windows, for example, or services that were not patched), and delivered a comprehensive report including all vulnerabilities that were found, along with the references and solutions.
These capstone projects, which directly benefit the most vulnerable nonprofits, are directly aligned with our Jesuit mission and are a common theme across our graduate programs.
— Andres Leonardo Carrano, PhD Dean, School of Engineering
The introduction of Connecticut’s Safe Harbor Law in 2021 propelled Chris Gillespie, senior director of technology services for the Catholic Diocese of Bridgeport, to get serious about instituting a more structured cybersecurity program. “The new law safeguards organizations from suffering punitive damages in the case of a security breach, as long as that organization has created and maintained an approved cybersecurity framework,” explained Gillespie. “We don’t have a big IT staff, but I knew the students in the graduate level Cybersecurity program at Fairfield University could help us.” He contacted Mirco Speretta, PhD, director of the master’s program in Cybersecurity, who quickly created a capstone project around the needs of the diocese.
The resulting project involved seven graduate students. After analyzing several protocols for best practices, the students chose to implement the National Institute of Standards and Technology (NIST) 800-53 framework, a protocol that allows for customization and was a good fit for the diocese’s 80 parishes and 29 schools.
“These capstone projects, which directly benefit the most vulnerable nonprofits, are directly aligned with our Jesuit mission and are a common theme across our graduate programs” said Andres Leonardo Carrano, PhD, dean of the School of Engineering.
To properly implement a cybersecurity framework, one needs to be familiar with the organization, including all the procedures and the operational activities that handle data, explained Dr. Speretta. “The students started by interviewing stakeholders, such as the chief financial officer, the human resource director, and also those on the technical side,” he said, “to understand how the organization works and identify key areas where security governance should be applied.”
A group of students conducted scans, probing the networking for vulnerabilities that hackers can exploit (an outdated version of Windows, for example, or services that were not patched), and delivered a comprehensive report including all vulnerabilities that were found, along with the references and solutions.
Students used a Kali Linux Virtual machine to run Nmap scanning software, allowing them to virtually scan the various servers, phones, printers, computers and even PlayStations connected to the network at each school. They then created a visual representation of the data collected from the scans using Tableau.
“It was great real-world experience,” recalled John Shashaty ’21, who will complete the graduate program in December. “There was a lot of learning on the fly, and once we got into it, we could see that it was a very involved assignment. This is a multi-year project, and we set the groundwork.”
Subsequent capstone students will continue the work this year, said Dr. Speretta.
Equally important, the capstone experience is likely to be a valuable asset when it comes to finding a job. “When I have job interviews, most people are very intrigued by the research and the application of tools used for this project,” said Shashaty. “Plus, the NIST framework we used is relevant to industries today, and they’re pleased to hear that I’m familiar with it.” lS