Meet Ryan Shannon
Get to know Ryan Shannon - Team Captain of the Pentesting Team
Awarded 2nd Place at the CPTC Nationals
Photo by our ECS Cyber
Behind the scenes
As summer of 2019 is finally here, the Offensive Security Society (OSS) club, hosted by the Cybersecurity Center at California State University of Fullerton (CSUF) closes with a great deal of accomplishments. The Spring semester of 2019 brought the Bugcrowd University, a one of a kind hacking event organized by the OSS in which CSUF students had the opportunity to either hack in a fictitious university or hack into a live target selected by Bugcrowd. The OSS continued with the Capture the Flag Engine (CTF) for CSUF students to find vulnerabilities in real case scenarios.
Our Pentesting Team, all members of the OSS, were awarded 2nd place at the National Collegiate Penetration Testing Competition (CPTC) competition in 2018. Our champions' names are:
Ryan Shannon, Rojan Rijal, Brandon Nguyen, Christopher Mills-Bowling and Jose Urrutia, and graduate student Shripal Rawal.
We had the pleasure to have Ryan Shannon with us on our channel. Ryan was the team captain at the CPTC Nationals Competition.
Everyone! Here is Ryan Shannon!
Introduction
ECS Cyber: Ryan is an honor to have you today on our channel. Tell us about you. Why have you chosen this field of cybersecurity?
Ryan: Originally, I was working in the IT Department in my community college while a student there and I had the opportunity to move into a cybersecurity role. This took over my life. I had originally planned in doing game design, but I enjoy cybersecurity so much that I decided to shift my focus.
ECS Cyber: Did you have any prior work on programming before CSUF?
Ryan: I had taken Java and C++ in High School, and many classes from OCC before transferring to CSUF in Fall 2017.
ECS Cyber: What is that project you feel proud of?
Ryan: I have worked on many projects, but my favorite one is at work where professors were assigned web servers or other machines without notifying our IT Department. I used a popular service to take an inventory of our whole network and if anything popped out that I had not seen before it will notify us.
ECS Cyber: What advice can you give to new students?
Ryan: Get involved with clubs! They are the best way to meet people with similar interests in your major. CSUF is a big commuter school, so it can be harder to meet people than schools with more active campus life.
Look for internship opportunities as soon as you can, even if you are a freshman. The first job is the hardest to get, but each one will be easier afterward. Interning for different companies will give you a good idea on the diversity of opportunities out there. If you do well, most companies will offer you a full-time position upon graduation.
Get involved with clubs! They are the best way to meet people with similar interests in your major. - Ryan Shannon
ECS Cyber: What made you join OSS ? What skills have you gained as an OSS member? Why do
you recommend other students to join?
Ryan: I had been doing CTFs before transferring to CSUF and was looking for people to do security competitions with. Since joining OSS, I’ve learned how different it is to work on a team compared to going solo in hacking competitions. I would say a large portion of our success was due to planning and strategizing beforehand. I would recommend OSS for anyone looking for mentoring or comradery while learning about cybersecurity.
ECS Cyber: What is the next skill or knowledge set you want to add to your repertoire to make you a better computer science/cybersecurity professional?
Ryan: I’m hoping to do a deep dive on web app pen-testing in the upcoming months.
ECS Cyber: What are your plans now? Where are you going to work or study next?
Ryan: I am moving to the East Coast very soon to begin work as a Penetration Tester.
CPTC NATIONALS
ECS Cyber: What is the CPTC?
Ryan: CPTC is The Collegiate Penetration Testing Competition. Each school’s team does a penetration test for a mock company. This goes far beyond just the technical aspect. The scenario includes communicating with the company as a prospective consultant, talking with IT employees, and creating a detailed report in a crunched deadline.
ECS Cyber: How did you prepare for this competition? How many days, weeks, or months in advance you start preparing for something like this?
Ryan: After receiving the results from regionals, we had about one month to prepare for nationals. In that time, we practiced as much as we could (sometimes to the detriment of our classes) using popular pen-testing practice platforms such as hackthebox. For next year, OSS is working on an even more in-depth process involving creating an official red-team with tryouts and scheduled training workshops.
ECS Cyber: What was your role in contributing to the participation and success of the OSS team?
Ryan: For CPTC last year, I worked as the Team Captain to organize and prepare our team for the competition. I helped delegate the roles for Nationals.
ECS Cyber: What were your obstacles and how did you overcome them?
Ryan: A lot of obstacles... the competition by itself is very crunched, you have about 8 hours to access the network and the report is due next day at 8 am. So both, regionals and nationals, have very little sleep. We were cramming to get that report as full as complete as we could in the small timeframe that we had. Besides that, scheduling everything along with taking a full course load was a little bit rough. A couple of classes may have missed a few assignments because we were busy practicing but it all worked out.
ECS Cyber: Did you have other mentors help? If so, how did they help you and the team in the Competition?
Ryan: Dr. Gofman is our advisor for OSS and gave advice for our team strategy and how to structure our report. He accompanied us to the competitions.
ECS Cyber: What was the main task in the competition?
Ryan: The task in the competition was to perform a penetration test for the fictitious autonomous car company “Wheelz”. The penetration test includes several features such as the proposal to become the consultant that does the test and then reporting afterward, and a Q and A with the executives after you are done after your report is presented.
ECS Cyber: What tools/resources were you given?
Ryan: We were given a Kali Linux virtual machine to perform the test. Each team in the competition was also given an identical copy of the Wheelz network.
ECS Cyber: What tools or resources you wish you have had?
Ryan: One thing we did well and perhaps we can improve in the future was we built our tool kit to be automated so we made some basic scripts and we loaded them up as soon as the competition started. We can start with that next time.
ECS Cyber: Are you planning on working on another project like this one?
Ryan: Unfortunately, I will be unable to compete with OSS now that I graduated but I would like to help as an advisor.
FUN STUFF!
ECS Cyber: After all this work and school and projects how do you find time for yourself and what do you do in your free time?
Ryan: I try to go out with my friends on the weekends. I like to go rock climbing with my friends. There is a nice place on the 57 Fwy called Factory Bouldering where I like to go. Just the usual. And my hobbies are basically I played videogames, one favorite is Rocket Ligue.
ECS Cyber: Where do you get your inspiration?
Ryan: I would say security is always so innovative that is really easy to get inspired when you see the work that people do. Whenever someone comes up with some new presentation, whether they are either vulnerability or pentester researcher, it seems that every year the techniques are newer, more innovative, and very creative.
Security is always so innovative that is really easy to get inspired when you see the work that people do. Whenever someone comes up with some new presentation, whether they are either a vulnerability or pentester researcher , it seems that every year the techniques are newer, more innovative, and very creative. - Ryan Shannon
ECS Cyber: What misconceptions people often have about you?
Ryan: CS is often seen as the introverted, shy, poor social skills... I don't think that is true about me.
ECS Cyber: What makes you laugh?
Ryan: (Laughing...) Well, I am not sure how to answer that. (The question made him laugh.)
ECS Cyber: Thank you so much, Ryan, for being with us in our channel and sharing a little bit or your personal life, your goals, your accomplishments, your cybersecurity expertise, your insights on hacking competitions at a national level and how you helped as a captain of your team to get there. We wish you the very best in your new job and new life on the East Coast.
Ryan: Thanks for having me.
