Course Description
Computer network operations (CNO) software development is very much like traditional software development: code needs to be modular, reliable, and well-documented, with one major exception - there is an adversary.
Logistics
We provide all equipment and software for training. Each student will receive a computer and all necessary software access during training.
Prerequisites
Students are presumed to have a background in software development. Some may have a background in Linux, some in Windows, some in C, and some in Java. Still, they all need the ability to think logically and methodically about software development. In this CNO Development course, we leverage the software development mindset to train students in effective, suitable, and survivable capability development practices. Note that there is an emphasis on leveraging provided access primitives instead of focusing on vulnerability research and exploitation.
Capability Evaluation
Weapon systems are evaluated based on operational effectiveness, Suitability, and Survivability. We create requirements sheets for each exercise with criteria for each metric.
Operational Effectiveness
The operational effectiveness of each capability will be exercise dependent. For example, some exercises will require data collection and exfiltration, and others will require effects on the target.
Survivability
Survivability is a pervasive theme in our courses. It is the adversarial model through which solutions are evaluated, and choices are made.
Adversary Capability Implant Metric
Collection Stealth
Detection Camouflage
Correlation Independence
Attribution Anonymity
Removal Persistence
Suitability
Suitability metrics for implants are how well the implant is documented, can be transitioned to other team members, is modular or upgradeable, and is autonomous or interactive.
About Boston Cybernetics Institute
Boston Cybernetics Institute, PBC was created by former MIT Lincoln Lab cybersecurity researchers to give meaningful niche cyber instruction to a new generation of cybersecurity professionals.
We avoid the normal style of teaching with PowerPoint and lectures, opting to provide instead real-life engaging instruction that takes place in a customized environment. We have given our style of instruction to multiple DoD agencies, US commercial companies, and international companies.
Instructors at Boston Cybernetics Institute
Jeremy Blackthorne
President of the Boston Cybernetics Institute
Jeremy Blackthorne is a Lead Instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. Blackthorne is the co-creator and instructor for the Rensselaer Polytechnic Institute (RPI) courses: Modern Binary Exploitation, Spring 2015 and Malware Analysis, Spring 2013. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps and is an alumnus of RPISEC. He holds a BS and MS in computer science. Blackthorne was an active member of the Student Security Club and CTF team, RPISEC, from 2012 to 2015, where he taught seminars on Reverse-Engineering, Exploitation, and various other Cybersecurity topics.
Clark Wood
security researcher and instructor
Clark Wood is a security researcher and instructor at the Boston Cybernetics Institute (BCI), focusing on Reverse Engineering, Exploitation, and CI/CD. He recently built a Reverse-Engineering and Exploitation platform for a DoD customer and is the Lead Engineer for BCI’s Government Services. Clark was formerly on the technical staff at MIT Lincoln Laboratory where he was a member of the Cyber System Assessments Group. Clark holds a BA in Economics from the University of Florida, a BS and MS in Computer Science from Florida State University, and a Master’s in Technology and Policy from MIT.
Rodolfo Cuevas
security researcher and instructor
Rodolfo Cuevas is a security researcher and instructor at BCI, where he focuses on understanding how design constraints can be used to limit the impact of an attacker on a system. His research combines the adversarial mindset with approaches influenced by Systems and Control Theory. Rodolfo was a staff member at MIT Lincoln Laboratory and began his career as a RADAR and Ballistic Missile Defense System (BMDS) analyst. Later, Rodolfo transitioned to evaluating and Red-Teaming tactical and commercial cyber systems in support of DoD and other government programs. Rodolfo holds a BS, M.Eng., and M.S. in Electrical and Computer Engineering from Cornell University.
Reed Porada
security researcher and instructor
Reed Porada is a security researcher and instructor at BCI, focused on getting to the "so what" of both defensive and offensive cyber measures. Reed also leads BCI training in Cyber Systems Analysis, focusing on developing systems-thinking skills of developers up to managers. Reed was a staff member at MIT Lincoln Laboratory for ten years, where he was responsible for Test and Evaluation, Test Automation Research, Red-Teaming of Cyber Systems, and Blue System Architectures. Reed was a computer scientist at the Naval Research Laboratory focused on wireless communication systems. He holds a BS in Computer Science from the University of Maryland, College Park and an MS in Software Engineering from Carnegie Mellon University.