JeffRumanyika
Jan 18, 2016
Scholarship / 'Theory of reverse engineering and vulnerability analysis'. SOP for a DPhil in Cyber Security [2]
PERSONAL STATEMENT
Cyberspace has become the environment in which new forms of crime are committed, as well as the economic and military battlefield where conflicts of all kinds are being played out. The control of information and telecommunication infrastructure, with the ability to respond to cyber-attacks and to ensure cyber security, offers real power and is already one of the most significant political, economic and technological issues of the twenty-first century. Cyber security has become the newest means for organisations, both legitimate and criminal, to demonstrate their capabilities. Information and communication technologies (ICT) have grown to become a critical part of our society's infrastructure, and their potential misuse affects us all, from the individual citizen to private and public organizations and to states.
My research interests lie primarily in the area of Cyber Security spanning both computer and digital forensics, penetration testing and ethical hacking. I have developed a keen interest in cyber security over the last 7 years. As a result, I find myself drawn to the strong Cyber Security DPhil programme, the University of Oxford's Cyber Security (EPSRC Centre for Doctoral Training) offers. Furthermore, it has been my lifelong dream to study at the prestigious University of Oxford. I was particularly interested in the Understanding Insider Threat: A Framework for Characterising Attacks research project by Jason Nurse and I was thrilled to read that the project addresses the threats that insiders pose to businesses, institutions and governmental organisations. I would also relish the opportunity to work under the supervision of Professor Sadie Creese as I am certain that she will help me find professionals at the Department of Computer Science at the University of Oxford interested in advising me in pursuit of those interests.
My passion for computers began when my father bought a home computer when I was 8 years old. I was instantly drawn to it, as if by a gravitational pull, it was something that made sense to me. When you grow up with an insatiable curiosity as to how things work, the delight you find upon discovering something as elegant as a circuit, where all connections have to complete their loops is profoundly thrilling. It fired up my imagination, it was surely like an Aladdin's lamp to me - rub it, and it would do your bidding. So, I tried to learn more about the field all through primary school, tinkering with computer parts and I entered science project competitions and contests and went to places that people of my ilk aspired to.
During my high school days, I developed a fascination for computer games which later gravitated towards programming. It began one day when I picked up a manual that someone had discarded, a manual for an obscure form of computer language for doing calculations. Something about the orderliness of the computer instructions appealed to me. I got acquainted to basic programming languages like HTML, PHP, Free Basic and Visual Basic. The kick I got out of seeing some simple lines of code produce these shapes and objects was heart-warming. I took a Computer Science as a major during my second year of high school. This involved learning basic computer knowledge i.e. computer architecture, word processing, spreadsheets, presentations, databases and fundamentals of computer science. I worked on minor projects like School management systems and did a Hotel Management System for my final high school project for a period of 9 months.
It was during one of my library excursions that I found Kevin Mitnick's book 'Art of Deception'. The book was an eye-opener and introduced me to the beautiful world of Computer Security. Something about the white-hat hacker ethic resonated with me, I could only describe the feeling as the same kind of eerily transcendent recognition that an artist experiences when he discovers the medium that is absolutely right for him. This is where I belong. I maintained a good scholastic record and enrolled into a Business Information Communication Technology undergraduate degree at Mount Kenya University after completing my high school degree.
The Bachelor of Business Information Communication Technology degree programme prepared me to work in the fields of software development, database administration and networking. It is a modern course that brings together two key aspects of computer training, that is, the link between Information Technology and the business environment. The course equipped me with a broad knowledge of artificial intelligence, computer architecture, computer programming, database systems, web design, computer graphics, data structures and algorithms, data mining, objected oriented analysis, design and programming, software engineering and network engineering and management. It was during my 7th Semester that I undertook an intensive course in Computer Security and Cryptography which introduced me to ethical hacking, ciphers, computer forensics and implementation of cryptographic algorithms etc. This further propelled my interest in Cyber Security.
I worked on minor projects in undergraduate school i.e. corporate websites, university guide application that took you on a virtual tour around the campus. This involved deeper learning of newer programming languages like Android, Ruby while expanding on my knowledge base of languages like HTML, PHP, Java, JavaScript and C+. I also experimented with Python and MatLab for artificial intelligence projects that involved using Arduino and Raspberry Pi. For my final undergraduate project, I developed an Online Dating System/Website, the first of its kind in the country. This required me to carry an intensive 8 month research on online dating sites applying research techniques I learnt at school. My thesis was titled "Online Dating Inception in Rwanda" as it was the pioneer dating site in the country.
My undergraduate experiences, while equipping me with a broad understanding of Computer Science, also opened my eyes to the necessity of advanced learning in the area of my specialization. I was fortunate enough to be chosen as part of the core team in Knowledge Lab (KLab), the first technology hub in Rwanda. Here I was able to apply all the skills taught in school, working with teams dedicated to the fulfilment and enhancement of organizational mission, vision and goals. I did routine network maintenance of servers and initiated the gathering of a Cyber Security community within the KLab community. I chaired Cyber Security information sessions where we briefed the public about cyber security principles and strategies. We hosted Cyber Security professionals from all over the world who advised me on how to pursue a Cyber Security career.
During my tenure, I began subscribing to newsletters, publications and slick sheets from organisations like NIST, NSA, NICE, ENISA, NASCIO and DOD to keep up to date with cyber security happenings. This is where I began experimenting with Kali Linux and Back box, penetrating systems on a virtual pen-testing Lab. I am currently studying for my Certificate of Ethical Hacking exam that is slated next month. This has been one of the most rewarding experiences of my life learning about networks, hacking web servers, web applications, malware, wireless networks, cryptography, denial of service attacks and how to detect evasion. It also involved a hands on approach working with tools like Metasploit, Nessus, Nmap, Nexpose, Burpsuite, Dradis, Webgoat and the OWASP framework. I have devoted the vast majority of my time analysing vulnerabilities and reading information security books and watching DefCon, SummerCon and Black Hat conferences online.
I wish to pursue a DPhil. In Cyber Security with the ultimate goal of becoming a Cyber Security professional and researcher. In the year that I have spent researching about Cyber Security I have discovered a strong passion for sharing my knowledge and fostering enthusiasm for my field in others. I have thrived in the rich intellectual climate of academia and I want to contribute more actively to it. I have strong interests in the field of reverse engineering and vulnerability analysis which compel me to pursue further research in that area.
I hope by researching these issues, I will contribute to a generalized theory of reverse engineering and vulnerability analysis. I know there is a lot to be done in this area and I intend for my D.Phil. work to delve deeper into these issues. Cyber Security is fascinating because it is such an open field. It has been done for a couple of years, but most of its security has been based on security through obscurity and there is no framework for proving the security of any schemes out there, let alone determining properties like the capacity of a channel.
Finally I would like to take this opportunity to thank you for enabling me to express myself through this personal statement and I look forward to my admission into the graduate program of your esteemed university.
Please remember: non-valuable comments will be rewarded with suspension
PERSONAL STATEMENT
Cyberspace has become the environment in which new forms of crime are committed, as well as the economic and military battlefield where conflicts of all kinds are being played out. The control of information and telecommunication infrastructure, with the ability to respond to cyber-attacks and to ensure cyber security, offers real power and is already one of the most significant political, economic and technological issues of the twenty-first century. Cyber security has become the newest means for organisations, both legitimate and criminal, to demonstrate their capabilities. Information and communication technologies (ICT) have grown to become a critical part of our society's infrastructure, and their potential misuse affects us all, from the individual citizen to private and public organizations and to states.
My research interests lie primarily in the area of Cyber Security spanning both computer and digital forensics, penetration testing and ethical hacking. I have developed a keen interest in cyber security over the last 7 years. As a result, I find myself drawn to the strong Cyber Security DPhil programme, the University of Oxford's Cyber Security (EPSRC Centre for Doctoral Training) offers. Furthermore, it has been my lifelong dream to study at the prestigious University of Oxford. I was particularly interested in the Understanding Insider Threat: A Framework for Characterising Attacks research project by Jason Nurse and I was thrilled to read that the project addresses the threats that insiders pose to businesses, institutions and governmental organisations. I would also relish the opportunity to work under the supervision of Professor Sadie Creese as I am certain that she will help me find professionals at the Department of Computer Science at the University of Oxford interested in advising me in pursuit of those interests.
My passion for computers began when my father bought a home computer when I was 8 years old. I was instantly drawn to it, as if by a gravitational pull, it was something that made sense to me. When you grow up with an insatiable curiosity as to how things work, the delight you find upon discovering something as elegant as a circuit, where all connections have to complete their loops is profoundly thrilling. It fired up my imagination, it was surely like an Aladdin's lamp to me - rub it, and it would do your bidding. So, I tried to learn more about the field all through primary school, tinkering with computer parts and I entered science project competitions and contests and went to places that people of my ilk aspired to.
During my high school days, I developed a fascination for computer games which later gravitated towards programming. It began one day when I picked up a manual that someone had discarded, a manual for an obscure form of computer language for doing calculations. Something about the orderliness of the computer instructions appealed to me. I got acquainted to basic programming languages like HTML, PHP, Free Basic and Visual Basic. The kick I got out of seeing some simple lines of code produce these shapes and objects was heart-warming. I took a Computer Science as a major during my second year of high school. This involved learning basic computer knowledge i.e. computer architecture, word processing, spreadsheets, presentations, databases and fundamentals of computer science. I worked on minor projects like School management systems and did a Hotel Management System for my final high school project for a period of 9 months.
It was during one of my library excursions that I found Kevin Mitnick's book 'Art of Deception'. The book was an eye-opener and introduced me to the beautiful world of Computer Security. Something about the white-hat hacker ethic resonated with me, I could only describe the feeling as the same kind of eerily transcendent recognition that an artist experiences when he discovers the medium that is absolutely right for him. This is where I belong. I maintained a good scholastic record and enrolled into a Business Information Communication Technology undergraduate degree at Mount Kenya University after completing my high school degree.
The Bachelor of Business Information Communication Technology degree programme prepared me to work in the fields of software development, database administration and networking. It is a modern course that brings together two key aspects of computer training, that is, the link between Information Technology and the business environment. The course equipped me with a broad knowledge of artificial intelligence, computer architecture, computer programming, database systems, web design, computer graphics, data structures and algorithms, data mining, objected oriented analysis, design and programming, software engineering and network engineering and management. It was during my 7th Semester that I undertook an intensive course in Computer Security and Cryptography which introduced me to ethical hacking, ciphers, computer forensics and implementation of cryptographic algorithms etc. This further propelled my interest in Cyber Security.
I worked on minor projects in undergraduate school i.e. corporate websites, university guide application that took you on a virtual tour around the campus. This involved deeper learning of newer programming languages like Android, Ruby while expanding on my knowledge base of languages like HTML, PHP, Java, JavaScript and C+. I also experimented with Python and MatLab for artificial intelligence projects that involved using Arduino and Raspberry Pi. For my final undergraduate project, I developed an Online Dating System/Website, the first of its kind in the country. This required me to carry an intensive 8 month research on online dating sites applying research techniques I learnt at school. My thesis was titled "Online Dating Inception in Rwanda" as it was the pioneer dating site in the country.
My undergraduate experiences, while equipping me with a broad understanding of Computer Science, also opened my eyes to the necessity of advanced learning in the area of my specialization. I was fortunate enough to be chosen as part of the core team in Knowledge Lab (KLab), the first technology hub in Rwanda. Here I was able to apply all the skills taught in school, working with teams dedicated to the fulfilment and enhancement of organizational mission, vision and goals. I did routine network maintenance of servers and initiated the gathering of a Cyber Security community within the KLab community. I chaired Cyber Security information sessions where we briefed the public about cyber security principles and strategies. We hosted Cyber Security professionals from all over the world who advised me on how to pursue a Cyber Security career.
During my tenure, I began subscribing to newsletters, publications and slick sheets from organisations like NIST, NSA, NICE, ENISA, NASCIO and DOD to keep up to date with cyber security happenings. This is where I began experimenting with Kali Linux and Back box, penetrating systems on a virtual pen-testing Lab. I am currently studying for my Certificate of Ethical Hacking exam that is slated next month. This has been one of the most rewarding experiences of my life learning about networks, hacking web servers, web applications, malware, wireless networks, cryptography, denial of service attacks and how to detect evasion. It also involved a hands on approach working with tools like Metasploit, Nessus, Nmap, Nexpose, Burpsuite, Dradis, Webgoat and the OWASP framework. I have devoted the vast majority of my time analysing vulnerabilities and reading information security books and watching DefCon, SummerCon and Black Hat conferences online.
I wish to pursue a DPhil. In Cyber Security with the ultimate goal of becoming a Cyber Security professional and researcher. In the year that I have spent researching about Cyber Security I have discovered a strong passion for sharing my knowledge and fostering enthusiasm for my field in others. I have thrived in the rich intellectual climate of academia and I want to contribute more actively to it. I have strong interests in the field of reverse engineering and vulnerability analysis which compel me to pursue further research in that area.
I hope by researching these issues, I will contribute to a generalized theory of reverse engineering and vulnerability analysis. I know there is a lot to be done in this area and I intend for my D.Phil. work to delve deeper into these issues. Cyber Security is fascinating because it is such an open field. It has been done for a couple of years, but most of its security has been based on security through obscurity and there is no framework for proving the security of any schemes out there, let alone determining properties like the capacity of a channel.
Finally I would like to take this opportunity to thank you for enabling me to express myself through this personal statement and I look forward to my admission into the graduate program of your esteemed university.
Please remember: non-valuable comments will be rewarded with suspension