NYC's First Cyber Academy Cohort Looks Back

For New York City’s Department of City Planning (DCP), phishing attempts, Trojan horses and other threats are an everyday menace. Protecting the department’s systems, data and roughly 450-person workforce of employees, consultants and interns is largely the responsibility of one staff member, working in collaboration with the city’s Office of Technology and Innovation.

But now that person — the network engineer — isn’t so alone anymore. Thanks to a nascent citywide cybersecurity upskilling program, DCP infrastructure support engineer Antonio Caceres said he’s been able to share more of that defensive work. Caceres was one of the first cadre of students to go through the Cyber Academy, graduating in April. Since then, he’s homed in on identifying and educating his department about phishing threats.

With Academy experience under their belts, graduates “can be the first responders, when we suspect a threat or an intruder getting access to our organization,” Caceres said.

The first run of the Cyber Academy drew students from across city agencies, ranging from the police department to the public library. It graduated 21 participants after training them on “incident response, network security and cyber threat intelligence,” per the city.

The academy is now in the midst of teaching its second cohort of students, using some lessons learned from the first go-round to tweak the material, and it looks to enroll a third class in the fall, said NYC CISO and Cyber Command leader Kelly Moan.

Some graduates from the first run of the program have also returned to learn materials added in the second iteration, and some who didn’t complete the first program are returning to attend classes they’d missed, she said.

Other graduates are enrolling in follow-up courses to keep learning.

“They contacted us with two new offerings for the summer. I immediately said yes,” said Cesar Cabrera, director of infrastructure, data center and IT operations for the NYC Administration for Children’s Services (ACS), and a Cyber Academy graduate.

EXPANDED SKILL SET

NYC launched its Cyber Academy program to upskill and reskill employees from across city agencies on cybersecurity.

Participants retain their main jobs and responsibilities while attending the academy. After graduating, they typically “continue in their current roles with that more fulsome skill set,” Moan said. The trainings ensure agencies have someone on staff who both has cyber skills and deeply understands their operations. Graduates also can be an extra source of support for agencies’ CISOs.

“They have another set of hands that can assist them in performing investigations and have the technical understanding to be able to execute a different task, as part of a security program,” Moan said.
Since Caceres graduated, he’s been working to prevent phishing messages and educate users in his department about the ways that malicious emails and texts can masquerade as legitimate ones.

“I’m going to start working, most of the time, with phishing emails, preventing them within our organization … updating our web browsers, and informing users … of steps they need to do in order to be safe before they click on a link or forward emails,” he said.

He also said he was able to work with a variety of cybersecurity tools in the academy, like network protocol analyzer Wireshark and Kali Linux, a Linux distribution, or operating system, that provides tools and supports for pen testing, security auditing and digital forensics.

A common refrain in cybersecurity is that it’s impossible to be completely secure, and Caceres and Cabrera both said they were particularly interested by trainings about what to do if an attack does make it through.

“We were taught, specifically, what we need to do in the event that a security incident occurs — from the beginning to the end,” Cabrera said. “When we receive a notification that a security incident has happened [we were taught] who we should contact, what we need to do, what steps we need to apply to remediate and what we need to do after the fact to document the situation.”

CYBER LIAISONS

Graduates also become “cyber liaisons” between their agencies and the city’s cybersecurity unit, Cyber Command, helping with incident response, said Moan. This builds closer relationships between Cyber Command and participating agencies — and does so before something goes wrong. That foundation of trust can then help both parties work together more smoothly when responding to or investigating an incident.

Cabrera said becoming a cybersecurity liaison tightened the relationship between his agency and Cyber Command, giving them a “direct channel of communication.”

“Cyber Command now keeps us updated on all the cybersecurity threats that are affecting not only the public, but also when those are specifically targeted to the city or city agencies. We get that privileged information directly into our inbox,” Cabrera said. “We are also part of other implementations like incident response, and that will help us to keep our agencies safe. And for me, in my particular case, to keep the people above me up to date on these types of threats.”

Students have come to the program from a range of technical backgrounds, with some holding postgraduate degrees while others had gotten started at help desks. Cohort sizes are kept to roughly 25 students, to allow for more personal attention and collaboration. The program looks to have each class composition reflect a mix of the 16 different critical sectors, to capture a diversity of perspectives, Moan said.

“We wanted to make sure that we didn't leave a sector out,” Moan said. For enrollment, “we prioritized our agencies based upon what sector they were in, how big the agency is, how big their security team is, how small the agency is, but, also, really impactful in terms of the services they deliver to New Yorkers. So that's how we prioritize the first cohort. And going into the second cohort, we're continuing to build on that, to make sure we're getting that cross-sector slice of New York City.”

The program brought together peers from across agencies — and they’ve stuck together. Cabrera said his cohort created a LinkedIn group through which they stay in touch and discuss different trends.

After that first class, the Cyber Academy made some changes for its second iteration. The program involves cybersecurity for Windows operating systems — the OS that Moan said “most incident responders interact with” given its widespread presence — as well Linux OS. Now the program is going more in-depth on Linux, based on students’ requests, and inviting back the first cohort to sit in on those additional trainings.

For any city debating launching a similar program, Moan’s advice is full-steam ahead: “Investing in cybersecurity skills is one of — if not the — most important thing to do in 2023,” she said.