WGU - Capstone frustrations

Not with WGU itself, with my current ideas for the capstone.
Looking at the Capstone archive, it's pretty clear there is a wide variety of directions I can go (which is great for my OCD you know...)

Some of them look super simple, some pretty complex.

I felt lately like the education of end users training/security awareness was a big problem (at least in my workplaces) but I'm having difficulty coming up with a workable problem/solution.

Any chance anyone has any input on this issue? I feel like the current workable business solutions really don't address the root issue that end users just have no clue what they are doing on a computer (despite using it for 8+ hours a day for years...)

I posted a longer post on reddit in case anyone has a minute to read and provide any input/thoughts.
Your opinion requested please : AskNetsec

(Trying to think outside the box a bit, perhaps I'm stupid and should just do something really easy and get it done and over with)

Thanks!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

NetworkNewb

I think its a good topic, but alot of the problem is not that users have no clue what they are doing, the problem is that end users just don't care enough to learn anything more than they have to. I know there are end users at my company that keep asking me the same thing over and over no matter how many times I show them how to fix a problem.

The solution would be to find a way so the end user cares enough to learn and consistently use the solution/information your trying to convey to them. Which is alot easier said then done. Most users see an email from IT and put it right into the trash... Sorry I know that isn't very helpful

srabiee

I recommend keeping it simple. For example, for my BS: ND&M capstone, I fabricated a scenario in which a small business had no backup infrastructure in place and hired me to resolve the issue. A fairly simple concept but I found plenty to write about.

For the MS: ISA, you could do something where a small or medium-sized business is lacking in some type of aspect of security and hired you to fix the problem. Similarly, you could be hired to be a penetration tester. Keep it simple and not only will you finish more quickly, you will save yourself lots of headache.

cyberguypr

While looking at previous capstones I came across a couple that were focused on solutions for SMBs. Although I can't specifically recall what topics they covered I remember one of them focused on implementing solutions with zero budget, mostly based on open source products. If you want to tackle the Security Awareness topics you could easily come up with something incorporating the work of Lance Spitzner at securingthehuman.org. There are some documents that talk about metrics and measuring the impact of the awareness campaign with activities such as phishing exercises, social engineering, security surveys, physical desktop checks, and others.

cshkuru

I did my capstone on establishing a wireless test network for testing mobile devices based off a contract I had completed. leverage previous work if you can. for your particular subject maybe do something on implementing a 2 factor authentication scheme at work or training on avoiding social networking attacks but something small and manageable.

da_vato

I can tell you in retrospect I wish that I just did something easy to pass and get it over with. I did original research based on technology my company employs at work... I feel like the time and effort I wasted conducting the research was all for nothing. I suppose that is a bit extreme as it did allow me to graduate, however, I could have graduated with a simpler project based on small business my family owns, spent a third of the time and still received the same results... graduation.

If there is a project that interests you but is more time consuming and difficult, then I recommend doing it because it interests you. If there is no specific subject within InfoSec that interests you in particular, then take the easiest route to graduation.

Remember, at the end of the day all that employers ask is "does the candidate/employee have a degree [yes | no]?"; not how well was their thesis/dissertation/capstone written or its quality.

Danielm7

NetworkNewb wrote: »

I think its a good topic, but alot of the problem is not that users have no clue what they are doing, the problem is that end users just don't care enough to learn anything more than they have to

At my job we do an annual security awareness day with speakers, events, prizes, etc. We really tried to focus on teaching the users about security at home and why it is so important. If you can teach them to care about their own stuff it might be more likely to change the way the handle themselves at work too. It was nice for a few days after to have random people coming up to ask me about password managers, unsafe wifi, etc.

Mike-Mike

for my BSIT capstone I went overboard. I was running out of time on the MSISA so I tried to keep it simple.

I converted a small business from an office to to a cloud based telecommuting company. Moving from outdated Microsoft equipment to all Chromeboxes and Chromebooks and Google Apps. It was much more interesting subject matter for me, and it made it a little bit easier. in the end I was still at like 45 pages and 10 thousand words.