Category Archives: cybersecurity

The New #1 Cyber Security Threat

Student Editorial

Starting off on a quick personal note, I will be graduating this May with my degree in Cyber Forensics and Information Security.  Robert Morris University has provided more knowledge for me than I ever thought possible.  With regard to cyber security, I have learned that the number one threat / weakness is user error.  Uneducated people can cause more damage in the blink of an eye than almost any other weakness.  That being said, I have discovered that this is almost common knowledge now, even among non IT people.  Organizations have gone to great lengths to educate employees to prevent attacks.  Perhaps, the number one threat has changed because of this.

When a user sits down at a machine, what is the first thing that they do?  They open up a web browser of their choice and check their email, and often times social media as well.  These web applications are used billions of times a day by billions of people.  If a hacker wants to gain information from a company, planting a bug on these web applications is quite possibly the best way to go.  In this case, educating people can only do so much.  If you tell employees to not check their Facebook, how long before they break that rule?   So the next logical question becomes, why are these web applications so vulnerable?

The biggest reason is that they were not created with security in mind.  The world wide web was created with the idea that it would be a place to openly share ideas and information across the globe in an instant.  Security would defeat this original purpose.  The founders never could have imagined what their creation would become.  It is because of this that web applications have become the number one threat to companies today.  Hopefully those of us who are graduating in a few weeks will someday be able to make a difference in the cyber future.

For more information, check out the link below:

http://www.forbes.com/sites/sungardas/2015/03/12/cyber-security-threats-to-information-systems-today/

Careers with Cyber Forensics: Military, Law Enforcement, Corporate, and Executive – April 22

Leave a reply

Careers with Cyber Forensics: Military, Law Enforcement, Corporate and Executive

Wednesday, April 22, 2015
Wheatley Center Critique Space

Schedule:
3:45 pm – Registration
4:00 pm – Pizza will arrive
4:15 pm – 5:30 pm –  Security Presentation
5:30 pm – 5:45 pm –  Question and Answer period

Top Secret Colonials are sponsoring this event!  If you register at the registration table, you will be able to receive SET credit for attending.

Several distinguished speakers will present, including:

  • Christopher J. Mellen 
    Director of the Information Risk Management branch within the Office of the Chief Information Officer for the Executive Office of the President (EOP) of the United States
    His directorate consists of the Records Management Branch, Cyber Integrity (eDiscovery) branch, Information Assurance and Security Operations
  • David Coughanour
    VP, Director PNC-CERT
    Teams responsible for Network Security Monitoring, Cyber Threat Intelligence, Technical Insider Threat Mitigation, and Digital Forensics
  • Edward R. Villarreal
    Incident Response, Mobile Security, and Insider Threat Team Lead for ManTech International onsite at a Large Federal Law Enforcement Agency
    His team provides computer forensic and incident response support to State-sponsored attacks against the Agency’s networks, eDiscovery collections to the Insider Threat Section, and Mobile Security technical expertise to the IT Branch deploying over 30,000 mobile devices.

Online Gaming Hack

Student Editorial

Activist groups, regardless of which ones you are examining, have a message that they want to get across to the public.  Sometimes it is with regard to religion, or a political figure.  No matter the message, the ultimate goal is to convey this message in a way that gets the public’s attention.  However, there are so many activist groups out there these days that you have to get creative in order to stand out.  A few months ago, an activist group did just that.

It has been a few months since the activist group “Lizard Squad” took down both the PlayStation Network as well as the X Box Live Network.  Why target gamers for a message?  Stereotypically speaking, they do not worry to much about these kinds of things.  However when the number of gamers affected by taking down their networks is 56 million, I think it is safe to say that you have gained the attention of a huge population of people.  It is creative, effective, and depending on your perspective, devastating.  What was the message that was so important then?

In reality, this group of hackers are what is known as ‘White Hat’ hackers.  They infiltrate various networks for good intentions.  The Lizard Squad wanted to bring down the gaming networks to show how weak their security really was.  By doing this, it can become public knowledge that Microsoft and Sony, powerhouses in the technology world, still have a lot to learn in the area of security.  Eventually, there is going to be a cyber attack that is much more devastating than that of The Lizard Squad.  One with real consequences.  Hopefully major organizations become aware that there is a problem that needs to be addressed.

For more information on the attack that took place this past Christmas, you can check out the links below:

http://www.nytimes.com/2014/12/29/technology/playstation-network-returning-after-hacking-that-also-targeted-xbox-live.html?_r=0

http://www.independent.co.uk/news/world/americas/what-is-the-lizard-squad-and-what-does-it-want-9945949.html

CSC Webinars on Cyber Security and Big Data

CSC (Computer Sciences Corporation) is hosting two FREE webinars on the topics of cyber security and Big Data. For those unfamiliar with CSC, the corporation is one of the biggest IT companies in the world. They employ over 72,000 people in over 70 countries across the world and currently have main offices located in Sweden, Denmark, and Norway.

The first online seminar is on Tuesday, March 10th, from 6-7 PM. The presenter of the seminar is Robert J. Carey. Mr. Carey worked for the Department of Defense for over 31 years and recently retired in March, 2014. Mr. Carey championed the ideas of enterprise computing, improved military mobile solutions, and  advanced cyber security while working for the United States Navy. He currently holds the position of Vice President of Cyber Security at Computer Sciences Corporation.

The second online seminar offered is on Thursday, March 26th, from 6-7 PM. The presenter of this seminar is Hank Tseu. Mr. Tseu is the director and general manager of 42six. 42six develops big data and mobility software for CSC’s North American public sector. Mr. Tseu has over 15 years in the field applying cutting edge technology in mission critical environments in the areospace and defense industry.

To register for either (or both) webinars, simply click on the following link and fill in the following information:

  • Name
  • Email address
  • University currently attending/attended
  • Graduation year

Click Here to Register!

Resume Tips for Students Seeking IT Security Jobs or Internships

Leave a reply

On February 6, 2015, the Top Secret Colonials sponsored an IT Resume Writing Lecture.  This lecture was given by Al Wong of The MITRE Corporation.  The talk featured specific tips related to resume writing and interviewing for IT Security positions.  If you are planning to be in the job market for a security-related position, take a few minutes to review the slides from this lecture:

Resumes That Get You in the Door (PDF)

Sponsored by The Top Secret Colonials 

Dr. Karen Paullet Weighs in on Anthem Data Breach

Leave a reply

Dr. Karen Paullet spoke with KDKA news today regarding the recent data breach at Anthem, an Indianapolis-based Blue Cross Blue Shield insurance company.  See the interview here in case you missed it on tonight’s newscast:

Video:  Health Insurers, Hospitals Vulnerable to Cyber Attack, Say Experts

IT Resume Writing Lecture on February 6

Leave a reply

IT Resume Writing Lecture – Al Wong from The MITRE Corporation
Sponsored by The Top Secret Colonials

Friday, February 6th
2:00 pm – 3:30 pm in the Critique Space in Wheatley

Al Wong from The MITRE Corporation will be giving a lecture on how to write a winning IT resume. He will be showcasing before and after resumes from several CIS students. Did you know that when applying for an IT job  they are looking for a minimum of a 3-page resume?  The old 1-page resume standard does not apply to most IT positions. Join us to learn how to write a resume to impress.

Light refreshments will be served. 

Al Wong is a Lead Inter-disciplinary Systems Engineer at The MITRE Corporation, a non-profit organization operating 6 Federally Funded Research and Development Centers for the United States Government. He has 30 years of experience providing strategic guidance to the Federal Government with 10 of these years as a trusted advisor to United States Government Executives.

Mr. Wong holds a BS in Internetworking Technologies with a minor in Information Assurance and a MS in Management of Information Systems. In addition to formal education, Mr. Wong has held the following industry certifications.

  • International Information Systems Security Certification Consortium (ISC)2 – Certified Information Systems Security Professional – CISSP (2003 – 2011),
  • Microsoft Certifies Systems Engineer – MSCE (1999 – 2009), and
  • Cisco Internetworking Expert – CCIE (1995 – 2000).

Mr. Wong is also HR Certification Institute (HRCI) trained and certified (2009 – present) in behavioral interviewing and resume assessment techniques. As one of two certified behavioral interviewers at the MITRE Corporation, he has reviewed thousands of resumes and recommended candidates for hire. Mr. Wong has assessed resumes and interviewed candidates for the following positions:

Software Developers
Network Engineer
SOC Staff
System Administrators
Incident Response Engineers
Enterprise Architects
SOA Engineers
Cyber Security Tech
HIPAA Compliance Auditors
Security Analysts
IDS Engineers
Business Analyst
Forensic Engineer
Program Managers
Hardware Technician
QA Engineers
Technical Trainers

Grant Thornton Professional Information Technology Presentation – January 22

Leave a reply

Reminder:

Grant Thornton will be coming to RMU on Thursday, January 22nd to present on computing trends in their area, internships, and job opportunities.

Grant Thornton is the 5th largest CPA firm in the world, with over 6,000 employees, and has named RMU as an Academic Affiliate.  They are looking for “Competitive Intelligence” interns and new graduates for their Pittsburgh office.  Also, they will be looking for “Information Security” interns and recent grads for their Philadelphia office.  For both areas, they are looking at undergraduates and Masters students.

The Information Technology Presentation will be held at the Wheatley Center Critique Room, and will follow this schedule:

  • 4:15 PM  – Registration and free pizza begins. Students attending will be provided credit towards the Student Engagement Transcript requirements.
  • 4:30 PM- 5:15 PM – Presentation
  • 5:15 PM to 5:45 PM – Q & A session and closing

Please come out to attend — you will not be overwhelmed or bored!

2015 Data Privacy Day sponsored by CMU

Leave a reply

dpdOn Wednesday, January 28, 2015 Carnegie Mellon University is sponsoring an event celebrating National Data Privacy Day.

Data Privacy Day (DPD) is an international effort centered on Respecting Privacy, Safeguarding Data and Enabling Trust. Data Privacy Day is an international effort to empower and educate people to protect their privacy and control their digital footprint. For more information, please visit StaySafeOnline.org

Don’t miss the opportunity to attend an exciting seminar on Data Privacy. An event will take place at the Jared L. Cohon University Center on the Carnegie Mellon campus. For more information, please visit http://cups.cs.cmu.edu/privacy-day/2015/#schedule

P.S. RMU students can always earn SET credit for attending 😉

Spring 2015 CIS Professional Technology Presentations – Save the Dates!

Leave a reply

Each semester, the CIS Department brings a variety of companies and speakers to campus in order to provide Professional Information Technology presentations on computing trends, internships, and job opportunities.  The faculty highly encourage all CIS department students, from freshmen to seniors and grad students, to attend these events.  You will not be overwhelmed or bored.

The following Professional Information Technology Presentations have been scheduled so far for the spring semester:

  • Thursday, January 22, 2015 – Grant Thornton
    Grant Thornton, 5th largest CPA firm in the world with over 6,000 employees, has named RMU as an Academic Affiliate.  They are looking for “Competitive Intelligence” interns and new graduates for their Pittsburgh office.  Also, they will be looking for “Information Security” interns and recent grads for their Philadelphia office.  For both areas, they are looking at undergraduates and Masters students.
  • Thursday, January 29, 2015 – LANtek
    LANtek will discuss who All Lines/LANtek are and their current career opportunities, including a program at PPG.  They will also provide an introduction to “Interview Skill Building” aimed at information technology students.
  • Wednesday, April 8, 2015 – M&K Bank
    Additional details on the topic of the presentation by M&K Bank will be forthcoming soon.

Each Information Technology Presentation will be held at the Wheatley Center Critique Room, and will follow this schedule:

  • 4:15 PM  – Registration and free pizza begins. Students attending will be provided credit towards the Student Engagement Transcript requirements.
  • 4:30 PM- 5:15 PM – Presentation
  • 5:15 PM to 5:45 PM – Q & A session and closing

Save the dates!  These sessions can be truly valuable and eye-opening to students at all levels.