Security Practices and Research Student Association
The Security Practices and Research Student Association (SPARSA) is a Rochester Institute of Technology student-run organization that addresses security-related issues and how these issues affect multiple majors and disciplines. The ultimate goal of this organization is to provide students with experience in information security and job opportunities in information security (infosec) related fields. This includes aiding members in the search for both cooperative education (co-op) and full-time employment opportunities.
To meet this goal, SPARSA hosts and participates in research and development of security tools and policies. In addition, SPARSA provides consulting for organizations in need of improved security. SPARSA also seeks to build and maintain relationships with local and national security related organizations. This includes social networking with security professionals and hosting conferences, symposia, and other security-related events to spur growth in this area.
As security becomes progressively more important in our increasingly global world, SPARSA will help students remain on top of their game and up to date with the latest security issues, practices, and research. "Today individuals, families, organizations, communities and our nation face unprecedented combinations of cyber and physical security threats to both cyber and physical assets. The challenge is to enhance security capabilities at all levels of society by developing better security technologies, and by providing education and training in the use and management of security technologies" (Dr. Samuel McQuade)
SPARSA was founded in the wake of 9/11 by RIT students Jared Campbell, Eric Linden and Matt Hile. The initial faculty advisor was Dr. Samuel McQuade - Program Chair of The Center for Multidisciplinary Studies, with additional coordination from Kimberley Laris - Director of Business Process & Audit, and Jim Moore - Information Security Officer.
SPARSA recently wrote and published an article on information security in a security journal. The future vision of SPARSA is to expand our research capability through both technical and non-technical publications.
SPARSA is in talks with one or more institutions about the possibility of creating additional SPARSA Chapters at other Universities and Colleges in the United States.
SPARSA hosts and co-hosts a wide variety of events that involve computer security. In the past, this has included the Information Security Talent Search (ISTS) and the McAfee Security Competition.
To help achieve SPARSAs goals, SPARSA hosts an annual computer security competition called the Information Security Talent Search (ISTS). ISTS challenges teams to diagnose security vulnerabilities on an administrated network. The competition offers students the opportunity to set up and secure their own network services from intrusion, network with fellow security-minded students and professionals in the field, as well as attack other teams network services ISTS.
- ISTS1 took place on May 9, 2003. ISTS1 was sponsored by Crowe Chizek.
- ISTS2 took place on Oct 18, 2003. ISTS2 was sponsored by Crowe Chizek.
- ISTS3 took place on Jan 8, 2005. ISTS3 was sponsored by the IT Department and by GCCIS at RIT.
- ISTS4 took place on January 28, 2006. ISTS4 was sponsored by SunnKing Electronics Recyclers, SMP, VarData, and the Network, Security and Systems Administration Department, the Information Technology Department, Computer Science Department and GCCIS at RIT.
- ISTS5 took place on March 24, 2007. ISTS5 was sponsored by Crowe Chizek, Information Technology Department, NVidia, and ThermalTake.
- ISTS6 took place March 28–29, 2008 with Jolt Cola, Ebaums World, Crowe Chizek, RIT IT Department, RIT CS Department, NSSA department, and GCCIS as the sponsors and took place at RIT.
- ISTS7 took place March 19–21, 2010 and took place at RIT.
- ISTS8 (the ocho) took place April 1–3, 2011 with Cisco, ShmooCon, Perimeter E-Security, Arnold Magnetics, RIT CS Department, RIT NSSA Department, Wegmans, No Starch Press, and Syngress as the sponsors and took place at RIT.
- ISTS10 took place March 22–24, 2013 with Google, Dell SecureWorks, RIT's GCCIS, MIT Lincoln Laboratory, No Starch Press, Palantir, Syncurity Networks, and University of Rochester Medical Center as sponsors and took place at RIT.
- ISTS11 took place February 28–March 2, 2014 with Cisco, Intrepidus Group, Red Hat, Akamai Technologies, Cobalt Strike, Google, Dell SecureWorks, RAGE, Syncurity Networks, MIT Lincoln Laboratory, Ponte, RIT's GCCIS, Salesforce.com, and Shmoocon as sponsors and took place at RIT.
- ISTS12 took place March 6-8, 2015 with OG Systems, FireEye, Cobalt Strike, Cisco, Mitre, FactSet, Syncurity Networks, Dell SecureWorks, Schmoocon, RIT's GCCIS, Google, RIT's CSEC department, Cisco Meraki, NCC Group, and Box as sponsors and took place at RIT.
McAfee Computer Security Contest
In spring 2005, McAfee approached SPARSA to host a Computer Security Contest ("Secure and Defend Your Digital Fortress"/"Secure Computing Contest"). This contest came following a generous donation of McAfee products to RIT. The competition took place on May 13, 2005. McAfee sent 5 employees to take part in the attack portion of this contest. Students signed up in teams and attempted to build a secure network infrastructure. Teams used McAffe IntruSheild IDS/IPS (NIDS) devices, McAfee Entercept (HIDS), McAfee AV, Cisco 29XX switches, and Cisco 29XX routers. An Extreme Network Alpine multi-layered switch powered the network core. Each team was given 3 networks they were responsible for maintaining connections to. This ultimately proved to be too difficult for teams, and the network was flattened into a single network. For OS's, teams ran Windows 2000 Server, Debian/KNOPPIX Linux and FreeBSD. The winning team placed a great deal of faith on FreeBSD and it paid off. McAfee used a software product known as Core Impact to penetrate and autoroot team boxes. While this tool worked reasonably well, it also crashed the network by confusing the multi-layer Extreme switch. The SPARSA attack team was less fortunate, and used WHoppiX (now WHAX) and BSD variants with such tools as nmap, netcat, nessus, and the metasploit framework.
The Executive Board ("E-Board") is SPARSA's leadership. Members can be nominated to these positions as the SPARSA constitution allows. Nominations normally take place during the Spring quarter at RIT.
As SPARSA is a relatively young organization, its network of alumni is fairly small and is growing constantly. As of July 2006, SPARSA alumni members work for a multitude of organizations ranging from Microsoft, Lockheed Martin, Crowe Chizek, and Merck, to various entities of the U.S. Government.
With the growth of SPARSA's alumni network, locating jobs for new and younger members will be easier. Some alum members work in incredibly unique and ever evolving fields that deal with information security as well as national security. These relationships can provide incredible opportunities for new members to evolve into information security professionals.
- SPARSA.org – Official site