Tag Archives: cyber security

Three Rivers Information Security Symposium – Friday, October 28th

Leave a reply

Pittsburgh region information technology and security organizations are working together to increase awareness, interaction and knowledge among the local information security community. The Three Rivers Information Security Symposium will be held in the Sewall Center on Friday, October 28th from 8:30am – 3:30pm.

Three RMU students, John Weingartner, Sarah Pfabe and Brendan Adams, will be presenting: “Mobile Security Threats: How Safe Is Our Data?”.

Other presentations include: “How Litigation and E-Discovery Interrupt the Life Cycle of Data” and “Get Involved – InfoSec Careers”. Click the link for the full list of presentations and speakers: TRISS Schedule

Student admission is only $5.

Ransomware Dundee: A Report on Cyber Crime Down Under

Leave a reply

Taking advice from the internet and using it in real-life situations is not usually a lifehack that I would advise; that being said, I am here to offer a bit of advice. If you ever open your mailbox and find a USB flash drive, please do not insert said drive into your computer unless you know who put it there and why they didn’t just deliver it to you directly. This may seem like common sense to most people, but residents of a Melbourne, Australia suburb did not seem to possess this rudimentary level of technological knowledge.

Police in Pakenham, Australia are currently investigating reports from numerous residents that mysterious USB drives have been appearing in mailboxes throughout the community. When inserted into a computer, the flash drive runs a program offering a free Netflix subscription. Once the user initiates the process of signing up for the service, ransomware installs itself onto the machine. For those unfamiliar with the technology, ransomware has become a relatively common method of predatory cyber activity. Ransomware works by encrypting files stored on the user’s computer, then charging the user a fee to unlock their personal files. The ransomware forces the user to pay the fee in Bitcoin so there is no trace as to where the funds are going to or who is receiving them.

So far, only three residents have stepped forward and admitted to being duped into installing the application, though police believe that others have been impacted and are too embarrassed to step forward. Over the past few years, large-scale organizations have been impacted by ransomware and have paid extreme amounts of money to unlock their files. One of the more popular targets of ransomware purveyors are healthcare organizations. One prominent example of this is an attack earlier this year on the Kansas Heart Hospital. Ransomware forced the hospital to pay over $17,000 (miniscule compared to the original request of $3.4 million) to unlock patient and personnel files and then demanded a second payment to unlock the rest of the files that were still being held captive. Experts claim that the ransomware problem will “get worse before it gets better.”

As students, and as humans in general, we love free stuff. Next time you come across a free flash drive in your mailbox, take a second to think of the potential costs that this “free” piece of technology may bring on you. Personally, I’d much rather pay the $10 for a new flash drive than run the risk of obliterating my computer’s integrity for free.

The Washington Center National Security Seminar 2016

Leave a reply

Welcome back RMU students!

This past May, the Top Secret Colonials attended a two-week seminar at the Washington Center in Washington, DC. Students analyzed and researched various topics pertaining to cybersecurity. The seminar also included discussions with members of the CIA, DHS, FBI, and NSA.

Take a sneak peek at the Washington Center National Security Seminar from the eyes of those who have attended with this video: TWC National Seminar

There will also be a presentation on Tuesday, September 13th at 3pm in the Wheatley Atrium providing a more in-depth look at the seminar. We look forward to seeing you there!

10th Annual Intersections Undergraduate Research Conference – Friday, April 22nd

Leave a reply

Everyone is cordially invited to the 10th Annual Intersections Undergraduate Research Conference on Friday, April 22, from 11:45am – 5:00pm in Sewall 3rd Floor.

This is going to be an great event. RMU students are doing some incredible work. Over 100 students will be participating, with 14 panels and 19 poster presentations.  The schedule for the conference is here: http://honors.rmu.edu/urc/program

There will also be one presentation from the CIS department: “Mobile Security Threats: How Safe Is Our Data?”. This will be presented by John Weingartner, Sarah Pfabe, Jayson Phouthavong, Aaron Steinberg, and Brandon Adams. They will present in the Pennsylvania Suite from 4:00-4:45pm.

Security Presentation by Christopher Mellen, PNC – Tuesday, April 5th

Leave a reply

Christopher Mellen, CIO with PNC Financial Services and former Director of Information Management within the Office of the Chief Information Officer for the Executive Office of the President of the United States (Whitehouse), will present in the Wheatley Atrium on Tuesday, April 5th from 3:00 – 4:30pm. The Top Secret Colonials are sponsoring the event and there will be pizza provided. PNC recruiters for interns and full-time positions will also be attending. Students attending will obtain SET credit for their participation.

TSC Logo.jpg

Christopher Mellen Bio:
Chris currently leads the Strategic Security Initiatives group within the office of the Chief Information Security Officer with PNC Financial Services.  Chris manages the overall strategic direction of the organization as well as operational management responsibility for Identity Access Management, Mainframe security, Attack Surface Management, and Applied Cryptography.

Prior to joining PNC, Chris was the Director of Information Risk Management within the Office of the Chief Information Officer for the Executive Office of the President of the United States.  His directorate consisted of the Records Management Branch, Cyber Integrity (eDiscovery and investigations), Information Assurance and Security Operations.

Chris has worked as the Director of Professional Services with SAIC’s Incident Response, Computer Forensics and eDiscovery Service groups. He also created and managed the Professional Services Division for AccessData providing incident response, digital investigations and litigation support services. Additionally, Chris has served as a Manager with Guidance Software Professional Services, a Special Agent with the Department of Defense, Cyber Counterintelligence Activity, and a Computer Crime Specialist at the National White Collar Crime Center in Fairmont, WV.

Chris also spent 11 years on active duty in the United States Marine Corps. While in the Marines, Chris served with the Military Police, Customs, the Criminal Investigation Division and the Naval Criminal Investigative Service (Cyber Investigations and Operations).

Chris holds a Bachelor’s degree in Criminal Justice from Colorado Technical University and Master’s degree in Computer Information Systems from Boston University.

Carnegie Mellon University’s Summer Security Intensive

Leave a reply

CMU’s Summer Security Intensive is an opportunity provided for current juniors, who are pursuing work in the Cyber Forensics and CIS fields of work. The SSI is a paid summer fellowship, provided by CMU.  The total that can be earned from participating in this fellowship is around $2500.  Heinz college provides financial aid for all of those accepted into the program which can cover all participation costs, transportation, housing, meals, tuition, books, other supplies, social functions, and also a 1,000 stipend.

Participants will go to classes and get to meet and gain experience with some of the most skilled professionals in the cyber security field.  The three classes that SSI participants will take will focus on security topics, that are issues that many students and professionals alike face.

THE DEADLINE TO APPLY FOR THIS OPPURTUNITY IS MARCH 1ST.

To apply for this fellowship, follow the link here.

Again the opportunity to apply for this fellowship is quickly approaching, and those interested should apply immediately.

Wombat Security – Wednesday, February 24th

Leave a reply

The Top Secret Colonials are sponsoring a presentation by Wombat Security on Wednesday, February 24th from 4:30 – 5:30 pm.

Wombat Security is a cyber security company whose goal is to deliver software-based cyber awareness and training to help employees understand the risks associated with improper cyber practices and subsequently correct their behavior to strength an organization’s overall security environment. Wombat utilizes a Continuous Training Methodology to serve its customers, assessing the vulnerability of employees through a variety of custom knowledge assessments before seeking to educate on those flaws to maximize learning through a broad set of interactive training modules. Those customers who have implemented this approach have experienced up to a 90% reduction in successful phishing attacks and malware infections on their company.

This presentation will focus on the products Wombat delivers to its customers. During the presentation, Sean Ehrman and Jake Pancari will simulate a mock-phishing attack and demonstrate the training modules customers would go through should they fall for said-attack. They will also discuss the dangers of social engineering while reviewing a real case study before ending in a Q&A segment.

Students will earn 1 SET credit for attending.

Here is their website: https://www.wombatsecurity.com/

Department of Homeland Security Secretary’s Honors Program Cyber Student Volunteer Initiative

Leave a reply

The U.S. Department of Homeland Security (DHS) has launched the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative. The initiative targets current undergraduate and graduate students and is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary and post-secondary institutions and other key partners in academia and the private sector.

Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics, and incident response.

In the 2016 Cyber Student Volunteer Initiative program cycle, over 80 student volunteer assignments are available at over 40 local DHS field offices across the country and eight participating DHS Components, to include Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), National Protection and Programs Directorate (NPPD), Office of the Chief Information Officer (OCIO), Office of Intelligence and Analysis (I&A), Office of Policy/Cyber, Infrastructure and Resilience Policy, Transportation Security Administration (TSA), and United States Coast Guard (USCG).

The Cyber Student Volunteer Initiative application period is open until January 29, 2016 through the USAJOBS portal (https://www.usajobs.gov/GetJob/ViewDetails/425296700).

For more information, contact the DHS CyberSkills Management Support Initiative (CMSI) at CMSI@hq.dhs.gov

Data Privacy Day – January 28th

Leave a reply

The Top Secret Colonials are promoting a data privacy awareness day on January 28th. Data Privacy Day is meant to help raise the public’s awareness around data security and educate all internet users to be safer online. This day also aims to encourage greater accountability among consumers to better perceive how their information is being shared.

On January 28, the National Cyber Security Alliance (NCSA) will host events in Washington, DC and Los Angeles where privacy professionals will explain solutions to current challenges as well as best practices, such as how to recognize cyber intrusions and establishing an incident response plan. NCSA will also hold Twitter chats centered around data privacy in the days leading up to Data Privacy Day.

Data Privacy Tips (from StaySafeOnline.org):

  • Share with Care
    • What you post can last a lifetime: Before posting online think about how it might be perceived now and in the future and who might see it.
    • Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s ok to limit how and with whom you share information.
    • Be aware of what’s being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.
    • Post only about others as you have them post about you: The golden rule applies online as well.
    • Own your online presence: It’s OK to limit who can see your information and what you share. Learn about and use privacy and security settings on your favorite online games, apps and platforms.
  • Personal Information Is Like Money: Value It. Protect It.
    • Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
    • Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access.
    • Know what’s being collected, who is collecting it and how it will be used: Information about you, such as the games you like to play, what you search for online and where you shop and live, has value ‒ just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites. Only use a product or service if the company is open and clearly states how it will use your personal information. If you’re not sure what a business will do with your information, ask your parents. Think twice if an app wants permission to use personal information (like your location) it doesn’t need before you say “OK.”
    • Secure your devices: Use strong passwords or passcodes or touch ID features to lock your devices. Securing your device can help protect your information if your device is lost or stolen and keep prying eyes out.
    • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure – this means the possibility exists that anyone can see what you are doing on your laptop or smartphone while you are connected to it. Think about what you are doing and if you would want another person to see it. If you use public WiFi a lot, think about using a virtual private network (VPN) that provides a more secure WiFi connection.
    • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Turn off WiFi and Bluetooth when not in use, and limit your use of free public wireless networks, which stores and locations can use to track what you do online.
    • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way bad guys get access to your personal information. If it looks weird, even if you know the source, it’s best to delete.

Sources:

-http://associationsnow.com/2016/01/data-privacy-day-to-raise-publics-awareness-of-its-role-in-data-security/

-https://www.staysafeonline.org/data-privacy-day/privacy-tips/

Department of Homeland Security Secretary’s Honors Program Cyber Student Volunteer Initiative

Leave a reply

The U.S. Department of Homeland Security (DHS) is preparing to launch the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative. The initiative targets current undergraduate and graduate students and is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary and post-secondary institutions and other key partners in academia and the private sector.

Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics, and incident response.

DHS will announce the start of the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative program cycle within the upcoming weeks on http://www.USAJOBS.com. Here is a flyer with more details: DHS Flyer.

For more information, contact the DHS CyberSkills Management Support Initiative (CMSI) at CMSI@hq.dhs.gov.