Through a carefully designed blend of hardware/software engineering and ethical hacking, Weapon of Mass Disconnection (WMD) is able to deliver an engaging and fruitful learning experience on cybersecurity and systems programming, two fields that bear utmost importance in today's connected and digital information world. WMD is built with an audience of diverse age and interest in mind and tailors to individual learners and classrooms alike. WMD furthers cybersecurity outreach and offers approachable embedded engineering education to create knowledge that will increase cybersecurity awareness and inspire many for their careers and passion in electrical, computer engineering or information sciences.

Facing the growing need for cloud computing system protection to prevent financial loss and private information breaches, many companies are manually writing policies to fight against attacks. However, such procedures are repeated and slow. With support from Deloitte, this project created sample codes that could prevent such fatiguing and tedious work by automating the whole implementation process. More specifically, it built a sample code pipeline for cloud computing system policies with Amazon Web Services(AWS), Rego and AWS Cloud Development Kit (CDK).

Microsoft supports over a billion users whether it be with a product or a service. Maintaining information confidentiality is a top priority along with data integrity. By conducting research and analysis, we can take the necessary steps to ensure those priorities are met. We have developed an all-encompassing web page to act as a one-stop-shop for our two main solutions, an in-depth security analysis report translating our findings into a clear story and an interactive classification search in order to quickly research failures, find out why they occur, and obtain recommendations on remediation and prevention measures.

Joe, a partner at a VC shares a password with a team of 35 but paid for one seat with PitchBook. This is a violation of the terms of use, poses a security risk, and adds friction to account managers day to day. We implemented an intuitive interface built on a machine learning foundation by finding significant attributes in the user login data that will detect a password-sharing event. The valuable insights on usage data revealed strong correlations between a suspicious session with various types of usage that would help account managers monitor accounts with unusual usage on the platform.

Cybersecurity is a fast-paced, ever changing field, with new threats around every corner. As a newcomer, learning complex topics such as network traffic analysis, forensic skills, and more presents a steep learning curve that pushes away prospective students. Combining data visualization with Capture The Flag style challenges, SecViz aims to reintroduce the fun in learning the fundamentals, and break through the barriers of entry for cybersecurity students. Students will gain the confidence and investigative thought patterns required to thrive in the world of cybersecurity, mastering the core skills that will remain relevant no matter how the field changes.

Unlike most major tech companies and public institutions, DOL does not have a standard privacy or data maturity assessment form for program-level use. DOL has studied models from cities like Seattle and commercial enterprises but found that none of the existing models fit their needs. The final deliverable of our project is the survey tool designed for review and adoption by Washington DOL. The survey tool will act as a preliminary check for current data governance practices at DOL, help DOL reinvent data privacy and stewardship standards, and serve as a foundation for WA DOL's future Privacy Impact Assessments.

Microsoft’s Mixed Reality team needs to integrate a document management system (DMS) into their organization for managing policy documents. Due to the sensitive nature of the team, the DMS must meet functional needs and baseline security requirements. Team Infognito developed a security review process and evaluated the security posture of multiple platforms. We recommended ServiceNow GRC based on our evaluation. The process provides the necessary tools for Mixed Reality to evaluate any third-party platform without having to create a new process each time. It is a scalable process which standardizes the procedures for application approval and saves the organization’s resources.

The security industry is rapidly developing and changing, creating a knowledge gap and skills shortage due to the challenging learning curve. Analysts and students struggle with the overwhelming amount of data that typical network analysis tools display, which leads to a time-consuming investigation process. The SecViz tool allows SecOps analysts to read and dynamically visualize packet logs, leading to faster identification, investigation, and mitigation of KPIs. In addition, the tool helps expedite the speed of identifying security gaps that may have been missed or taken a significant amount of time to come across.

The current quarterly access review process at Smartsheet comes with a myriad of challenges. Smartsheet’s access reviews are time-consuming and draw upon a lot of resources. There’s a large company-wide communication effort to track changes in employee structure. Our Identity and Access Management Dashboard presents the Smartsheet Compliance team with employee change metrics tracked with custom automation, a report containing highlighted daily employee changes, and visualizations used to present a historical timeline of changes in employee structure. With our dashboard, Smartsheet’s Compliance team will be able to save time and resources and have key actionable insights to employee changes.

ElectionGuard is an open-source solution not intended to be administrated by Microsoft but instead empowers organizations and voters. The ElectionGuard toolkit can be used in new and old voting systems alike and enables voters to check on their own if all votes that were cast are valid and accurately tallied. Being open-source, it does not compromise security or secrecy and does not rely on one particular software. How this solution works is a voter casts a ballot and is presented with a tracking code. At home, they can use said code to verify online that their vote was counted.