Get best of the week

Contrary to quarantine: how we transferred our internships to a remote format

Udalenka is a forced trend of this spring. By the end of March, when universal self-isolation began, in our regional centers for monitoring and responding to Solar JSOC cyber attacks, traditional internships were in full swing. We were sure that we were ready for everything, but ...



- He presses too hard, this is not according to plan.
- Plans are changing.
Carroll Shelby, Ford vs. Ferrari

What does Shelby have to do with it, you ask? The famous race car driver and designer Carroll Shelby was always ready to take a gamble and could come up with a non-trivial solution in a difficult situation. We have much more in common than it seems. Because of the situation around COVID-19, plans have really changed. We had to do a tremendous job of rebuilding the infrastructure so as not only to provide remote access for employees, but also not to lose potentially interesting interns in the conditions of training in the style of HomeOffice. How we managed this, and what interns themselves think about working from home, read below.

Usually, our internship course begins with a theoretical block, where children are told about the latest trends in information security, ART, Threat Intelligence and basic monitoring skills. After that, they consolidate the acquired knowledge into practice - they connect to the SIEM system and participate in the investigation of incidents. At the end, the trainees perform several test tasks with generated attacks. We invite the best to work with us. When it became clear that it was impossible to hold face-to-face meetings, we began to transfer interns to a remote format.

There was no discussion about canceling or postponing internships. Training should continue, no matter what! I won’t go into details of the work done to switch to the remote format, I’ll just show some statistics on the number of remote connections in March:

image
Sometimes any words ... they ... are useless. And the tools are useful, because they can fix something.
Carroll Shelby, Ford vs. Ferrari

For conducting online classes, we chose two sites - Zoom and Skype. A fairly simple and effective solution. But if everything was clear with the theoretical course (here, in fact, we did not lose anything), then with practical exercises a rather fascinating trip awaited us. Starting from the provision of remote access to the test bench (thanks to the IT team, which responded with lightning speed and ensured almost catastrophic access to the servers due to the rapid change of hardware) and ending with a significant expansion of licenses for remote access.

Not without such important banalities as transferring credits for VPN trainees. Someone might have reacted to this either rather negligently and simply - for example, sending a password-protected archive with credits, and informing the password with a personal video call. But for the best students (and we are looking for just such) it was too easy. Therefore, in order to get the password, the guys had to solve the problem.

We sent all credits to VPN to all interns. Each such archive was password-protected, and a certain number was written in the letter. The logic is this:

  • we take this number and add to it the sum of the numbers of the personal phone number that the interns indicated in the first lesson,
  • add the sum of the numbers of a personal phone number to the received amount,
  • before the resulting combination of numbers, write S0l @ r.

Yes, the task is simple, but fascinating :)

But it is one thing to set up the system, another thing for people, because not everyone is ready to work in a remote format. It would seem that there are many advantages in the distance: you don’t need to go in crowded vehicles or stand in traffic jams, you can start a working or school day right out of bed and save a lot of money on coffee and rolls on the way to the office. But, you must admit, it’s difficult to concentrate when during a videoconferencing in the background a relative appears in the “home” or a favorite cat breaks into the frame, and household affairs are constantly distracting from work. And our coaches are used to getting real feedback when interacting with the guys in the audience: to feel their mood, to see inspired (or, misunderstood) looks. In a word, we stood still ...

And then rolled up their sleeves and rushed into battle! The participants in this adventure, trainees and mentors, tell how everything turned out and what has changed.

What format do internships usually take?


Mentor Artemy Saransky, engineer of the second monitoring line of Solar JSOC in Samara : “The theoretical course is usually divided into three blocks: networks, operating system and security. In practical classes, we show the work of monitoring engineers using the SIEM platform. Then the trainees conduct independent investigations of the generated test incidents. ”


But at home, you can create your own atmosphere.

Mentor Artyom Shurkhovetsky, Technical Director of Solar JSOC in Rostov-on-Don : “We provide a base in all areas from monitoring to forensics, but more emphasis is placed on monitoring. For practice in the SIEM system, we take real events from which we remove sensitive data and give them to the guys for analysis. ”
How did you get an internship?

Trainee Igor Maslov, a graduate of the Don State Technical University : “In winter I graduated from the university with a degree in computer security, and representatives of Rostelecom Solar came to defend my diploma and invited me for an internship. The classes began in February, we already went through the whole theory and are now doing it directly in ArcSight: we connect to the remote desktop, watch incidents and analyze them. ”

How did you switch to the remote format?


Mentor Artemy Saransky: “The transition to the distance learning program had almost no effect, because the guys and I managed to complete the theory and already started to practice. I am glad that I even managed to show them the SIEM platform, and they can work with it. And in March, the interns were just supposed to switch to independent test investigations. The only problem was issuing remote accounts, but we quickly dealt with it. ”

Mentor Artyom Shurkhovetsky : “When we announced the transition to a remote format, we already started practical exercises. And this means that it was necessary to organize the interns' access to the test bench, and quickly, literally in a couple of days. I prepared VPN logins and passwords for everyone, and the guys had to figure out a way to transfer this data as safely as possible.

There were also team tasks in terms of the internship - we managed to do one of them in the full-time format, but how to organize it remotely until we came up with. Therefore, we changed the program a bit and at online conferences we began to ask the guys more questions in order to get feedback from them. ”

Trainee Vladimir Kondratyev, 5th year student of Samara National Research University named after S.P. Koroleva: “When we were told that everything would continue in a remote format, I was very surprised. Many companies that have now been forced to move to a remote location, first think about how to organize work for employees, and internships fade into the background. But at Solara, everything was well organized. This is not the first time I have been taking a full-distance internship: in the ninth grade I had a similar experience, so I was even a little nostalgic.

We started an internship in December: we went through the whole theory and managed to conduct two practical classes. Then we were given VPN accounts that you can use to connect to the ArcSight booth. Now we need to complete three practical tasks and send a report to the mentor. In general, we are doing the same thing as in the office, only from our laptops. ”

Intern Igor Maslov: “When we were transferred to the remote format, I took it for granted, because it’s better to stay out at home. We were given accounts, but we had to come up with a safe transfer of login and password. Offered various options - from cryptography protocols like Diffie-Hellman to ordinary Telegram. As a result, we settled on the archive with a password, which each intern had to pick up on their own. ”


It seems that during the quarantine we got new trainees

What is the peculiarity of this format, and what difficulties are there?


Mentor Artemy Saransky : “Now I, as before, give assignments, and the guys answer me in any available form. Some write at two in the morning. Moreover, many interns are still students, and universities also have a lot of work, but they all try very hard.

I myself am for personal communication, because it is better to see who is more interested, who have eyes burning and have a desire to learn something new. Although even in a remote format, a person who has a fuse will not be shy to ask. It helped me a lot that we had known the trainees for more than a month (the classes started in December), but the final grades will probably be harder this time. I hope the video interviews help. ”

Mentor Artyom Shurkhovetsky: “Now the problem is that not all trainees have the opportunity to access the Internet in good quality. Sometimes Zoom falls off, sometimes a VPN ... But still, those guys who are drawn to knowledge have not lost their grip. Of course, when you sit in the audience and see the eyes of each intern, it becomes clear whether he understands or not. It’s a pity that those guys who don’t understand something and are embarrassed to ask, in a remote format, probably get even more pinched and move away from me as a lecturer. ”

Trainee Vladimir Kondratyev: “The most difficult thing is to organize yourself. Unlike the office, the house is very soothing. At the same time, the remote format requires more time, because you cannot promptly ask a question to the mentor and get a prompt answer - you have to find some information yourself. There are still difficulties with the tasks that we receive: you do not always quickly get to the bottom of the matter. Remotely this takes more time than if you came to a lesson where you can consult with colleagues - the collective mind is still stronger. ”


In Zoom, the main thing is to choose the right background

Trainee Igor Maslov: “From the first days it became clear that there wasn’t that working environment at home, and we had to force ourselves to sit comfortably and prepare a workplace. You can, of course, take a laptop to bed, but then the information will be perceived in a completely different way. Then you need to ask that you not be distracted, otherwise people think that if you are sitting at home, you can tell something or ask you to do something. At first, they distracted me at home, but over time it became clear to everyone that we were engaged, and not just chatting on Skype. ”

Can I refuse full-time internships?


Mentor Artemy Saransky : “Definitely not. The remote format, of course, can be, especially if there are no other options. But even when conducting remote internships, you need to understand that you not only give knowledge online, like Wikipedia, but you also have to do something good in people's heads as a mentor. ”

Mentor Artyom Shurkhovetsky: “If the purpose of the internship is simply to provide knowledge, then the material can be read remotely. If the task is to select the best, then, of course, you need to somehow implement team tasks, which is difficult to do remotely. In any case, this internship will not pass without a trace, we will get a unique experience, and this is always good. I want to wish the guys not to treat the internship as a lecture at the university. A mentor is not a professor, but a person who primarily shares his experience, and not knowledge from the Internet. ”

Intern Igor Maslov: “In my opinion, it’s possible to completely switch to the remote format, but it will still be difficult. At home, you no longer want to do something than you want - it’s cozy, warm and relaxed. Although a lot depends on the person - if he wants, he can read various manuals and study at home. Remote work has its advantages - you spend more time at home with family and friends. Therefore, I think the quarantine will end soon, and everything will be fine. ”


Even at home you can be on top - the main thing is not to go too high in front of a webcam

Trainee Vladimir Kondratyev: “It is probably possible to completely switch to a remote internship format - this is more related to the technical side of the issue. If companies are ready to develop training manuals and allocate employees, then everything will be organized without problems. But still, it’s better when you can come and talk directly with your mentor. And although I have no particular problems with the remote, when I went to the office, it was somehow calmer. The atmosphere of the JSOC office, in which we managed to spend several months, was remembered by everyone and really want to return there. I hope that after the internship we will have work, but without quarantine. ”
Only those who are willing to fight can win.
Peter Stolypin

Indeed, now every business is struggling with the situation. So we do not give up and do not stop, just as our interns do not stop. I want to believe that we will soon see each other not in the webcam window, but in real life.

All health and endurance!

More articles:


All Articles