DriveTime Cyber Security Intern

My first internship was with DriveTime where I joined the Cyber Security team at the corporate office. DriveTime has over 5,000 employees and sells used cars with financing options and has locations across America.

The Project

The security team wanted a website. Other departments, like purchasing, had websites holding information and documents so that anyone in the company could get the information they needed without bothering the team members. My task was to make a website like this for the Cyber Security team.

Results

Once I built the site (in Microsoft Sharepoint), the team reported a 10% decrease in inquires! I uploaded all compliance documents and other paperwork to the site so that anyone could easily find and access it on their own. I also used python and Power BI to connect to REST API's from enterprise security software and display status dashboards. Let me explain.

DriveTime purchases a number of enterprise security solutions to protect primarily its employees. These are the major ones:

      • Cylance Protect: anti-virus, detects malware already on your computer
      • ZScaler: web filtering and management, shows us how much Netflix you're watching
      • Proofpoint: malicious email protection, the nigerian prince won't get through
      • AlienVault: threat detection across Office 365, Amazon Web Services, Microsoft Azure, and more
      • KnowBe4: simulated phishing training, more on this later

Each of those security solutions has a "threat dashboard" where it displays important stats like the number of threats it's found, emails blocked, or websites blocked in the last day, week, or month. Logging in to each of those sites individually is tedious, so to make things more convenient I used python and Power BI to connect to their REST API's to display the same information on one page on the new website! This saved time for the Cyber Security team, and allowed them to be more informed.

On my own accord, I threw up some webpages that I thought would be useful. I made educational pages that informed people about phishing emails and secure passwords. I suggest everyone to use a password manager like LastPass, and check for hacked accounts at HaveIBeenPWNED.

Phishing 🎣

The most fun I had was phishing the other 25 interns. Email phishing is a technique used by hackers. It's like spam email, but a more targeted attack to steal your passwords. I made the test moderately difficult, and many of the interns failed! They went to a phony website that I created to "update their password" when in reality their username and password was sent to the fake website (we didn't really collect their passwords). After the test was over, I gave a presentation to everyone about phishing and how to identify a phishing email. I hope I taught them a lesson before a hacker does.

What I Learned

  1. Hacking - I learned about many malware attacks like keyloggers, cross-site scripting, packet sniffing, and DNS hacks. My boss let me install Kali Linux on my work PC where I learned how to create malware and test the anti-virus software (strictly testing purposes😉).
  2. Software - I learned what Power BI and tableau are and thoroughly used Power BI to create security dashboards. Sharepoint was also a new tool that I learned the insides and out. Basically lots of Microsoft products.
  3. Software as a Service (SAS) - Most of the enterprise security solutions listed above like KnowBe4 are cloud solutions meaning there is no program that is installed on your computer. The software is used in a web browser. I got to learn about all the SAS security solutions listed above. My favorite was zscaler because I could see how much Netflix everyone was watching.
  4. REST APIs - Until this internship I didn't really know what an API was. But I quickly figured it out while using Postman and json to test https API calls.

Conclusion

DriveTime was a perfect introdcution to the corporate work lifestyle. I played ping pong everyday at lunch and tried out virtual reality for the first time with the HTC Vive! I learned alot about cyber security, both on the technical programming side and on the legal compliance side. I'm glad that I got to create something that the team loved and made their lives easier.