How attending SecTor led to the configuration of centralised systems at Cardiff University

17 February 2020 - How attending SecTor led to the configuration of centralised systems at Cardiff University

 

In this short blog, Garin Hughes reflects on the benefits of attending SecTor through the ucisa bursary scheme. Since applying for the bursary, Garin has changed roles from an IT Service Delivery Engineer to a Systems Engineer at CUBRIC, Cardiff University’s Brain Research Imaging Centre

Professional development

Following my attendance at the SecTor conference in Canada, I spent some time learning particular technologies and tools to become more efficient at my job. Many attendees recommended using the LinuxAcademy online platform which covers a wide range of courses geared around Linux, DevOps, Security and so forth. The style of learning is extremely useful for all kinds of learners as it caters for those who learn best by watching a video and those who prefer step-by-step instructions.

I set aside some time during the week to study specific security/Linux concepts and get some hands-on practice. I also worked with my mentor to develop a plan to incorporate these new skills and technologies into my role. These actions will feed into the annual performance development review that Cardiff University undertakes.

Institution

I have given formal presentations at the University IT staff conference, CUBRIC’s departmental operational meetings and to CUBRIC’s IT management team. I discussed my trip in the staff conference, highlighted the outcomes and encouraged colleagues to apply for the bursary. I have also passed on any relevant knowledge to CUBRIC’s Compute and Data Team. The feedback received so far has been exceptional which has resulted in new products for the team and new collaborations with central teams. As mentioned, I conveyed my ideas to CUBRIC’s IT management, proving essential to prioritise which work should be taken care of first.

Having the opportunity to explain what type of work our department carries out and what our aspirations are, has been beneficial to ensure we are adequately catered for when new services are rolled out. We are also a good use-case for many of these services due to CUBRIC’s complexity in certain areas i.e. APIs provided by the Development and Integrations team.

My mentor works for the IT Security Team and much of what I have learnt has fed into the roll-out and configuration of centralised systems such as the Elastic Stack, GitLab and Cobbler. In a more specific example, we now make use of GitLab’s Static Application Security Testing (SAST) feature to ensure the code of an internally developed web application has no vulnerabilities before being made public to the Internet. We used the same functionality provided in SonarQube before discovering this, allowing us to decommission such single-use systems.

There are upcoming discussions focused on technologies like Kubernetes and OpenStack that we have been invited to. I have automated a high percentage of tasks that normally appear as service desk calls, meaning we can work in a proactive fashion but also react far quicker when problems arise.

HE and FE IT community

I spoke to numerous IT apprentices and newer colleagues regarding the UCISA bursary scheme and advocated it where necessary. I am still part of the higher education mailing lists and follow the discussions when they arise. Many people who work in the HE/FE IT communities now follow me on Twitter and we feel that is an easy way to share relevant information.

As previously mentioned, we have received invites to meetings and discussions within Cardiff University that will provide a great platform to share ideas on how the future physical and virtual IT estate may look. One in particular targets data storage, security and sharing; we deal with sensitive and personal data so this is very important to us in order to comply with legislations and regulations such as GDPR.

We were very close to trialling Qualyssecurity-focused product, although after several discussions with internal colleagues we decided that we were able to achieve the same goals with existing services or open-source tools. Nevertheless, the conference talk given by Qualys inspired a stream of ideas that were immediately presented to management.