Author Archives: Joseph Philip Berube

About Joseph Philip Berube

Cyber Forensics and Information Security Student, Class of 2016

Top 5 Skills Employers Look For

1 Reply

If you are anything like me, the job hunt following graduation is one of the top stressors currently on your mind. Finding a position that pays well and is what you truly love to do takes a backseat to just getting your foot in somewhere. I often worry that I do not possess the technical knowledge to land even an entry-level position. According to Zachary Scott, NRI Secure Technologies’ VP of business security, “soft skills” are oftentimes just as important to employers as “hard skills.” The following are the top 5 skills that companies look for in entry level computer security employees:

1. Troubleshooting
Troubleshooting skills are vital in all potential candidates. Any detected problem or anomaly can be viewed as something that troubleshooting skills can be applied to. Security pros with exceptional troubleshooting skills can figure out where things are broken, what’s still working, and how to fix the problem. This is vital in the field.

2. Innate Curiosity
Innate curiosity refers to a person’s willingness to dive deeper into a subject. Companies look for potential candidates who want to get deep into an issue and discover not just how to fix it, but what is causing it and to learn the best method to deal with said issue. “This is a trait that can not be learned, but is a monster that needs constantly fed.”

3. Knowledge of the Latest Attack Trends
Computer security is constantly changing and evolving. It is important that candidates have a rudimentary knowledge of how attacks are being perpetrated and who/what the common targets are.

4. Knowledge of the Latest Vulnerabilities
Knowledge of modern vulnerabilities helps employees determine the path that was taken by the hacker pre-breach, and where in the system hackers could be heading. In short, it increases awareness and helps to get a foot up on hackers to help prepare the system against them.

5. Data Analysis and Visualization Creation
In short, candidates who are able to create and implement systems that monitor and parse the vast arrays of data that enter a system. This is part development and part visionary in the sense that it helps to be able to plan the system and also how to create it.

I can’t stress enough that this is not a be-all/end-all definitive list, but these are areas that graduates and really anyone in the hunt for a job in the IT security field should look into and become familiar with. As I mentioned earlier, as a soon-to-be graduate still looking for a job in the field, tips like these are always helpful. Hopefully they will be of aid to you!

Best of luck!

Internship Opening with Dominion Energy (Richmond, Virginia)

Leave a reply

There is currently an internship opening in the Richmond, Virginia office of Dominion Energy Company in their Computer Forensics department. This opening is for Criminology and Computer Science students. The intern will be responsible for working with Dominion’s Security Computer Forensic specialist in various facets of the security field. Assisting with research and analyzing automated systems are two key components of the position, along with processing electronic storage devices for evidentiary reasons.

The qualified candidate will fulfill the following requirements:
-General knowledge and understanding of security concepts, and sophisticated security technologies, to support computer forensics.

-Experience with the following operating systems; DOS, Macintosh, Linux, Android, and MS Windows is preferred.

-Experience with office products such as Word, Outlook, Powerpoint, Access, Excel, email is highly preferred.

-Consistent demonstration of strong, critical thinking and decision making skills, applied in a security environment.

-Ability to assess security incidents and take appropriate action.

-Demonstrated ability to manage the flow of sensitive information.

-Ability to coordinate and manage multiple work processes.

-Experience with Encase Forensic Software, Encase, FTK, Autopsy, Magnet is a plus.

NOTE: A valid driver’s license is also required for potential candidates.

Interested candidates can find application information at: https://www.myinterfase.com/rmu/Job/Detail/Ly9DOEN5eUhZdG9WVGJ3bzNERDJtdjlaUjZGc2lHYWY3NVB4Y21OQWdQST01

Dollar Bank Currently Hiring Programmers

Leave a reply

Do you graduate in December? Are you still looking for a job? Do you have an interest in programming, specifically Cobol? If you answered yes to these questions, Dollar Bank may be the right fit for you. Dollar Bank is currently hiring entry-level programmer analysts. This is a full-time position focused on “producing programs which contribute to the solution of business problems or needs of the Bank.”

Objectives of the position include:
•Codes Cobol programs and tests for accuracy.
•Prepares documentation for Systems and Programming
•Implements program changes.
•Tests programs for accuracy.
•Designs systems and performs associated tasks involved with the system’s design, including running tests and implementing new development and existing projects.
•Solves problems that tend to arise in the normal course of business, including off-hours calls.
•Communicates accurate task status to supervisor and peers.

Qualifications include:
•Graduate from an IT Technical school or college degree with concentration in Information Technology required. Will consider commensurate.
•Must have course work or knowledge of programming.
•Must possess excellent analytical skills as the candidate will be required to determine what changes are necessary to accomplish project requirements.
•Must have excellent verbal and written communication skills.
•Candidate must be able to work under pressure and have proven ability to meet deadlines.
•Cobol classes or knowledge of Cobol is a plus.

Interested applicants can apply online at https://www.dollar.bank/Company/Careers and by searching for the position by its title (Programmer Analyst) or job reference number (1412BR).

Inspiring Improvement in the Field of Automotive Cybersecurity

Leave a reply

A few weeks ago, I submitted a post about cybersecurity in the automotive industry, specifically about Volkswagen’s foray into invested into cybersecurity for automotive computers. Earlier today, the U.S. National Highway Traffic Safety Administration (NHTSA) suggested that automakers should “make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life.” These are not enforceable rules, but strong suggestions from one of the government institutions that are partially responsible for the creation of future regulations that will more strictly govern the automotive industry as a whole.

The NHTSA poses many potential security upgrades in their proposal, entitled “Cybersecurity Best Practices for Modern Vehicle.” Some of these suggestions are moves that manufacturers, like Volkswagen, are already putting into place. Most of the proposals made in the proposal are becoming standard operating procedure for automotive companies, while other suggestions are less likely to be taken into consideration. One proposal in question relates to the disclosure of proprietary information about critical components of electrical and data systems within vehicles. Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, explained in an interview that this section of the industry is incredibly competitive and that companies will probably avoid disclosing this information until they are required to.

As I mentioned in my last post, the threat of automotive hacking, while still extremely small, is becoming an increasing threat. As companies begin to offer significant vehicle upgrades through wireless data links, much the same as Tesla has been over the past few years, the need for secure connections will continue to grow. Massachusetts Senator Ed Markey agrees with this sentiment and stated in an interview today that “if modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.” I couldn’t agree more with this sentiment. As technology continues to impact our lives in increasingly different ways, the need for knowledgeable cyber security experts will continue to grow.

Spotify Services Hit by Malicious Advertisements

Leave a reply

Over the past few weeks, users have been reporting that advertisements inherent in the free version of Spotify have been leading to malware links and even automated malware downloads on a handful of user’s devices. For those who are unaware, Spotify provides its free music streaming service by interrupting streams between songs with commercials and clickable links. The ad revenue generated by this practice makes up for the money lost in allowing the option of free usage of the service.

This practice, known as “Malvertising”, has hit numerous companies since the inception of “free” subscriptoin options became popular a few years ago. Yahoo, the New York Times, and BBC are three major entities that have been hit by malware-infected advertisements. The problem is relatively common because ad space is typically sold via third-party auctioneers to the highest buyer. If malicious code makes its way through the auctioning process, then it can potentially bypass the screening of the site that it will be advertised on.

Spotify claims that it has looked into the situation and has removed the malicious advertisements but the safest bet for users is to fork over the cash to unlock the premium service.

Work Opportunities with the Department of Homeland Security

Leave a reply

If you are a student or upcoming/recent graduate who is looking to get their foot in the door with a government institution, the Department of Homeland Security (DHS) is looking to fill a variety of positions. These positions are primarily in the Human Resources, Finance, Readiness, Security, and Acquisition fields. DHS is “committed to building a diverse workforce that includes millenials who bring enthusiasm, innovation, and unique perspectives to the workplace.”

The following positions are open for application by students and recent graduates:

· Student Trainee (Human Resources), GS-0299-4/5
· Human Resources Specialist, GS-0201-7/9/11
· Student Trainee (Administration and Programs), GS-0399-4/5
· Administrative Specialist, GS-0301-7/9/11
· Student Trainee (Financial Management), GS-0599-4/5
· Financial Management Specialist, GS-501-7/9/11
· Security Specialist, GS-0080-9/11/12

Interested students and alumni can apply at http://www.dhs.gov/pathfinder. The deadline to apply for these positions is October 24, 2016. If approved for an interview, the DHS Pathfinder Hiring Event will be on December 5th and 6th, 2016.

If you have any further questions, please send an email to: DHSPathfinderJobFair@hq.dhs.gov

Australian Meteorology Bureau Breach

Leave a reply

“You’re only as strong as your weakest link.” For the Australian government, this phrase is extremely relevant today. The Australian Cyber Security Center confirmed yesterday that a 2015 attack on servers at Australia’s Bureau of Meteorology was initiated by a foreign intelligence service. You may be thinking, “What could hackers want with weather data?” The answer is nothing. By hacking into the weakest part of the Australian government’s network, the hackers were able to work their way throughout the system by breaching the poorly protected meteorology division.

Various reports have stated that China is behind the attacks but the Australian government states that it will not be naming a source. The Australian Cyber Security Center (ACSC) noted that the security controls in place “were insufficient to protect the network from more common threats associated with cybercrime.” They also estimate that every password on the Meteorology Bureau’s network was already compromised by the time that the investigation into the matter began.

Technology has allowed governments around the world to better store data and control their resources; unfortunately, as an entity’s cyber footprint increases, so does the type and number of potential risks that threaten them. It is vital that modern-day governments around the world put in place the countermeasures to protect their systems and data.

Ransomware Dundee: A Report on Cyber Crime Down Under

Leave a reply

Taking advice from the internet and using it in real-life situations is not usually a lifehack that I would advise; that being said, I am here to offer a bit of advice. If you ever open your mailbox and find a USB flash drive, please do not insert said drive into your computer unless you know who put it there and why they didn’t just deliver it to you directly. This may seem like common sense to most people, but residents of a Melbourne, Australia suburb did not seem to possess this rudimentary level of technological knowledge.

Police in Pakenham, Australia are currently investigating reports from numerous residents that mysterious USB drives have been appearing in mailboxes throughout the community. When inserted into a computer, the flash drive runs a program offering a free Netflix subscription. Once the user initiates the process of signing up for the service, ransomware installs itself onto the machine. For those unfamiliar with the technology, ransomware has become a relatively common method of predatory cyber activity. Ransomware works by encrypting files stored on the user’s computer, then charging the user a fee to unlock their personal files. The ransomware forces the user to pay the fee in Bitcoin so there is no trace as to where the funds are going to or who is receiving them.

So far, only three residents have stepped forward and admitted to being duped into installing the application, though police believe that others have been impacted and are too embarrassed to step forward. Over the past few years, large-scale organizations have been impacted by ransomware and have paid extreme amounts of money to unlock their files. One of the more popular targets of ransomware purveyors are healthcare organizations. One prominent example of this is an attack earlier this year on the Kansas Heart Hospital. Ransomware forced the hospital to pay over $17,000 (miniscule compared to the original request of $3.4 million) to unlock patient and personnel files and then demanded a second payment to unlock the rest of the files that were still being held captive. Experts claim that the ransomware problem will “get worse before it gets better.”

As students, and as humans in general, we love free stuff. Next time you come across a free flash drive in your mailbox, take a second to think of the potential costs that this “free” piece of technology may bring on you. Personally, I’d much rather pay the $10 for a new flash drive than run the risk of obliterating my computer’s integrity for free.

Cybersecurity in the Automotive Industry

2 Replies

Over the past decade or two, RMU has grown into a rather diverse university in regards to the variety of degrees available. With the influx of new technology during this time period, the need for cybersecurity has risen exponentially. RMU’s cyberforensics and information security program has done nothing but grow since its inception. If you were to ask students in the program where their dream job would be, most would probably respond with a government, law enforcement, or financial institution of some sort. If you happen to ask the same question at some point in the near future, you may be surprised to discover students who are looking for work in the automotive industry.

As I mentioned before, the growth of technology and integration of tech into our everyday lives has created new weak points for cyber criminals to exploit. Computers are increasingly being used in vehicles to control and operate basic functions and a number of features, such as remote engine start, can now be controlled through the use of smartphone apps. To combat the risk that modern vehicles are threatened with, Volkswagen is teaming up with Yuval Diskin, the former head of Israel’s intelligence agency. The joint venture was created with the goal of protecting the next generation of cars from hackers. The new company, called CyMotive Technologies, will be primarily run by acting chairman, Diskin, while Volkswagen will possess a 40% stake in the company.

This may be the first time you have heard of a cybersecurity firm dedicated specifically to automotive security, but it won’t be the last. IBM and Harman are two other major companies that have previously invested money in other Israeli firms focused on automotive security. These companies are hoping to restrict and limit automotive hacking while it is still in its infant stages. While we do not know what automotive advances will look like in the future, or what kind of features will become the new standard, one thing can be assumed for sure: the need for competent cybersecurity professionals will continue to increase.

Galaxy Note S7: Is It Safe?

Leave a reply

Unless you’ve somehow been able to avoid social media and the news over the past few weeks, there’s a good chance that you’ve heard about the two hottest (literally and figuratively) pieces of recent tech news. I, of course, am referring to the announcement of the iPhone 7/7s and the spontaneous combustion of Samsung Galaxy Note 7 batteries. I won’t waste your time by touching on my opinion of the new iPhone in this article but will instead give you a summary of what is going wrong with the Note 7’s.

When I first heard about the exploding Note 7 batteries, my immediate reaction was along the lines of “just like those hoverboards!” I’m sure we all remember the emails from last year informing students that they were no longer allowed to ride or even store hoverboards on campus grounds. It turns out that the Note 7’s are having the same exact issue as some of the cheaper hoverboard models did.

Much like hoverboards, cell phones utilize lithium ion battery packs as their primary power source. The science behind lithium ion battery packs is fairly simple and has been around for many years. Issues arise when the thin piece of plastic separating the positive and negative ends of the battery becomes punctured. This forces the battery to short circuit and, in turn, forces the point where the separating plastic was ruptured to become the path of least resistance for the electrical current. When this happens, the liquid electrolyte, which makes up most of the battery internals and also happens to be very flammable, heats up. If the electrolyte solution heats up too quickly, it can cause the phone to heat up to an extreme temperature or even explode in rare cases.

As I mentioned before, the Note 7 is by no means the first phone to encounter this issue. The reason that it is affecting Note 7’s in particular is because of too much external pressure during the manufacturing process. The pressure plates used during the manufacturing process squeezed the battery too tightly and forced the positive and negative poles of the battery to come into contact. These poles can only come into contact if the piece of separating plastic is punctured, thus creating the path of least resistance directly between the two poles.

The phone industry is well aware of the potential risks that lithium ion battery packs can cause but most likely will not move away from the use of the packs until a better (affordable) technology comes along. Frankly, the lithium ion route is cheap and relatively safe, so advancement in terms of power supply will only happen when alternatives can be produced cheaply. Samsung is not the only company to have had issues with lithium ion battery technology. Nokia and Apple have both had issues with dangerous batteries in the past (in 2004 and 2009 respectively).

The risk of your battery exploding is very small but it is better to be safe than sorry. Independent analysis states that less than 1,000 of the 2.5 million Galaxy Note 7’s (.01%) that were previously manufactured have experienced issues.  Samsung is offering refunds to users who have purchased the faulty Galaxy Note 7’s and has already switched battery suppliers. If you happen to have a Galaxy Note 7, it is within your best interest to return the phone as soon as possible to eliminate potential risk. You will either receive a full refund or you can trade it in for a different Samsung smartphone.