Tag Archives: cybersecurity

Jason Haddox and Blake Gabriel will hold Security Lecture – February 27th

Leave a reply

Jason Haddox from Dick’s Sporting Goods and Blake Gabriel of Proofpoint will be holding a lecture on Wednesday, February 27th from 4:30 – 5:30 pm in the Wheatley Atrium. This is a Top Secret Colonials sponsored event. Students will receive one (1) hour of SET credit for attending. Pizza and drinks will be provided. Please read below for information about the presenters.

Jason Haddox – Senior Security Analyst, Dick’s Sporting Goods
RMU Graduate Class of 2003 – Bachelor’s in MIS

Jason got his start in IT working as a student tech at the RMU computer center in 1999 – he worked all 4 years while going to school. He has 15 years of full time IT experience and currently works as a Sr. Security Analyst in the SOC at Dick’s Sporting Goods.

Blake Gabriel – Director Field Sales, Proofpoint
RMU Graduate Class of 1992 – Bachelors’ Degree in Marketing

Landed an internship with Haamco, a paper supplier that had a partnership with RMU. He sold papers to small business, 7-11 and retail stores. Back then it was all about point of sale. Went into the IT space upon graduation and he has been selling software for over 27 years in various roles and forms. He has prior experience working at IBM, Computer Associates, Intellect Design Arena, SEEC, Oracle, and now as a Director at Proofpoint leading the Mid-Atlantic Region.

U.S. Steel seeking Summer 2019 Interns

Leave a reply

U.S. Steel is encouraging highly motivated students interested in IT and Computer Science to join our Summer 2019 intern cohort.

U.S. Steel is one of the largest steel sheet and tubular products manufactures in the world. They produce steel used to create the everyday products used in the automotive, appliance, container, industrial machinery, construction, and oil and gas industries.

U.S. Steel’s internship program provides meaningful, hands-on work experience while helping students develop career-related skills. Students can participate in the program as either a full-time summer intern or a part-time co-op working during the school year.

Below are direct links to the open roles in the Pittsburgh area:

9718BR: U.S. Steel Cyber Security Internship

9455BR: U.S. Steel Programming Research Engineering Internship

Inspiring Improvement in the Field of Automotive Cybersecurity

Leave a reply

A few weeks ago, I submitted a post about cybersecurity in the automotive industry, specifically about Volkswagen’s foray into invested into cybersecurity for automotive computers. Earlier today, the U.S. National Highway Traffic Safety Administration (NHTSA) suggested that automakers should “make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life.” These are not enforceable rules, but strong suggestions from one of the government institutions that are partially responsible for the creation of future regulations that will more strictly govern the automotive industry as a whole.

The NHTSA poses many potential security upgrades in their proposal, entitled “Cybersecurity Best Practices for Modern Vehicle.” Some of these suggestions are moves that manufacturers, like Volkswagen, are already putting into place. Most of the proposals made in the proposal are becoming standard operating procedure for automotive companies, while other suggestions are less likely to be taken into consideration. One proposal in question relates to the disclosure of proprietary information about critical components of electrical and data systems within vehicles. Jonathan Allen, acting executive director of the Automotive Information Sharing and Analysis Center, explained in an interview that this section of the industry is incredibly competitive and that companies will probably avoid disclosing this information until they are required to.

As I mentioned in my last post, the threat of automotive hacking, while still extremely small, is becoming an increasing threat. As companies begin to offer significant vehicle upgrades through wireless data links, much the same as Tesla has been over the past few years, the need for secure connections will continue to grow. Massachusetts Senator Ed Markey agrees with this sentiment and stated in an interview today that “if modern day cars are computers on wheels, we need mandatory standards, not voluntary guidance, to ensure that our vehicles cannot be hacked and lives and information put in danger.” I couldn’t agree more with this sentiment. As technology continues to impact our lives in increasingly different ways, the need for knowledgeable cyber security experts will continue to grow.

Cybersecurity in the Automotive Industry

2 Replies

Over the past decade or two, RMU has grown into a rather diverse university in regards to the variety of degrees available. With the influx of new technology during this time period, the need for cybersecurity has risen exponentially. RMU’s cyberforensics and information security program has done nothing but grow since its inception. If you were to ask students in the program where their dream job would be, most would probably respond with a government, law enforcement, or financial institution of some sort. If you happen to ask the same question at some point in the near future, you may be surprised to discover students who are looking for work in the automotive industry.

As I mentioned before, the growth of technology and integration of tech into our everyday lives has created new weak points for cyber criminals to exploit. Computers are increasingly being used in vehicles to control and operate basic functions and a number of features, such as remote engine start, can now be controlled through the use of smartphone apps. To combat the risk that modern vehicles are threatened with, Volkswagen is teaming up with Yuval Diskin, the former head of Israel’s intelligence agency. The joint venture was created with the goal of protecting the next generation of cars from hackers. The new company, called CyMotive Technologies, will be primarily run by acting chairman, Diskin, while Volkswagen will possess a 40% stake in the company.

This may be the first time you have heard of a cybersecurity firm dedicated specifically to automotive security, but it won’t be the last. IBM and Harman are two other major companies that have previously invested money in other Israeli firms focused on automotive security. These companies are hoping to restrict and limit automotive hacking while it is still in its infant stages. While we do not know what automotive advances will look like in the future, or what kind of features will become the new standard, one thing can be assumed for sure: the need for competent cybersecurity professionals will continue to increase.

10th Annual Intersections Undergraduate Research Conference – Friday, April 22nd

Leave a reply

Everyone is cordially invited to the 10th Annual Intersections Undergraduate Research Conference on Friday, April 22, from 11:45am – 5:00pm in Sewall 3rd Floor.

This is going to be an great event. RMU students are doing some incredible work. Over 100 students will be participating, with 14 panels and 19 poster presentations.  The schedule for the conference is here: http://honors.rmu.edu/urc/program

There will also be one presentation from the CIS department: “Mobile Security Threats: How Safe Is Our Data?”. This will be presented by John Weingartner, Sarah Pfabe, Jayson Phouthavong, Aaron Steinberg, and Brandon Adams. They will present in the Pennsylvania Suite from 4:00-4:45pm.

Security Presentation by Christopher Mellen, PNC – Tuesday, April 5th

Leave a reply

Christopher Mellen, CIO with PNC Financial Services and former Director of Information Management within the Office of the Chief Information Officer for the Executive Office of the President of the United States (Whitehouse), will present in the Wheatley Atrium on Tuesday, April 5th from 3:00 – 4:30pm. The Top Secret Colonials are sponsoring the event and there will be pizza provided. PNC recruiters for interns and full-time positions will also be attending. Students attending will obtain SET credit for their participation.

TSC Logo.jpg

Christopher Mellen Bio:
Chris currently leads the Strategic Security Initiatives group within the office of the Chief Information Security Officer with PNC Financial Services.  Chris manages the overall strategic direction of the organization as well as operational management responsibility for Identity Access Management, Mainframe security, Attack Surface Management, and Applied Cryptography.

Prior to joining PNC, Chris was the Director of Information Risk Management within the Office of the Chief Information Officer for the Executive Office of the President of the United States.  His directorate consisted of the Records Management Branch, Cyber Integrity (eDiscovery and investigations), Information Assurance and Security Operations.

Chris has worked as the Director of Professional Services with SAIC’s Incident Response, Computer Forensics and eDiscovery Service groups. He also created and managed the Professional Services Division for AccessData providing incident response, digital investigations and litigation support services. Additionally, Chris has served as a Manager with Guidance Software Professional Services, a Special Agent with the Department of Defense, Cyber Counterintelligence Activity, and a Computer Crime Specialist at the National White Collar Crime Center in Fairmont, WV.

Chris also spent 11 years on active duty in the United States Marine Corps. While in the Marines, Chris served with the Military Police, Customs, the Criminal Investigation Division and the Naval Criminal Investigative Service (Cyber Investigations and Operations).

Chris holds a Bachelor’s degree in Criminal Justice from Colorado Technical University and Master’s degree in Computer Information Systems from Boston University.

Wombat Security – Wednesday, February 24th

Leave a reply

The Top Secret Colonials are sponsoring a presentation by Wombat Security on Wednesday, February 24th from 4:30 – 5:30 pm.

Wombat Security is a cyber security company whose goal is to deliver software-based cyber awareness and training to help employees understand the risks associated with improper cyber practices and subsequently correct their behavior to strength an organization’s overall security environment. Wombat utilizes a Continuous Training Methodology to serve its customers, assessing the vulnerability of employees through a variety of custom knowledge assessments before seeking to educate on those flaws to maximize learning through a broad set of interactive training modules. Those customers who have implemented this approach have experienced up to a 90% reduction in successful phishing attacks and malware infections on their company.

This presentation will focus on the products Wombat delivers to its customers. During the presentation, Sean Ehrman and Jake Pancari will simulate a mock-phishing attack and demonstrate the training modules customers would go through should they fall for said-attack. They will also discuss the dangers of social engineering while reviewing a real case study before ending in a Q&A segment.

Students will earn 1 SET credit for attending.

Here is their website: https://www.wombatsecurity.com/

Department of Homeland Security Secretary’s Honors Program Cyber Student Volunteer Initiative

Leave a reply

The U.S. Department of Homeland Security (DHS) has launched the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative. The initiative targets current undergraduate and graduate students and is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary and post-secondary institutions and other key partners in academia and the private sector.

Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics, and incident response.

In the 2016 Cyber Student Volunteer Initiative program cycle, over 80 student volunteer assignments are available at over 40 local DHS field offices across the country and eight participating DHS Components, to include Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), National Protection and Programs Directorate (NPPD), Office of the Chief Information Officer (OCIO), Office of Intelligence and Analysis (I&A), Office of Policy/Cyber, Infrastructure and Resilience Policy, Transportation Security Administration (TSA), and United States Coast Guard (USCG).

The Cyber Student Volunteer Initiative application period is open until January 29, 2016 through the USAJOBS portal (https://www.usajobs.gov/GetJob/ViewDetails/425296700).

For more information, contact the DHS CyberSkills Management Support Initiative (CMSI) at CMSI@hq.dhs.gov

Data Privacy Day – January 28th

Leave a reply

The Top Secret Colonials are promoting a data privacy awareness day on January 28th. Data Privacy Day is meant to help raise the public’s awareness around data security and educate all internet users to be safer online. This day also aims to encourage greater accountability among consumers to better perceive how their information is being shared.

On January 28, the National Cyber Security Alliance (NCSA) will host events in Washington, DC and Los Angeles where privacy professionals will explain solutions to current challenges as well as best practices, such as how to recognize cyber intrusions and establishing an incident response plan. NCSA will also hold Twitter chats centered around data privacy in the days leading up to Data Privacy Day.

Data Privacy Tips (from StaySafeOnline.org):

  • Share with Care
    • What you post can last a lifetime: Before posting online think about how it might be perceived now and in the future and who might see it.
    • Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s ok to limit how and with whom you share information.
    • Be aware of what’s being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.
    • Post only about others as you have them post about you: The golden rule applies online as well.
    • Own your online presence: It’s OK to limit who can see your information and what you share. Learn about and use privacy and security settings on your favorite online games, apps and platforms.
  • Personal Information Is Like Money: Value It. Protect It.
    • Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
    • Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access.
    • Know what’s being collected, who is collecting it and how it will be used: Information about you, such as the games you like to play, what you search for online and where you shop and live, has value ‒ just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites. Only use a product or service if the company is open and clearly states how it will use your personal information. If you’re not sure what a business will do with your information, ask your parents. Think twice if an app wants permission to use personal information (like your location) it doesn’t need before you say “OK.”
    • Secure your devices: Use strong passwords or passcodes or touch ID features to lock your devices. Securing your device can help protect your information if your device is lost or stolen and keep prying eyes out.
    • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure – this means the possibility exists that anyone can see what you are doing on your laptop or smartphone while you are connected to it. Think about what you are doing and if you would want another person to see it. If you use public WiFi a lot, think about using a virtual private network (VPN) that provides a more secure WiFi connection.
    • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Turn off WiFi and Bluetooth when not in use, and limit your use of free public wireless networks, which stores and locations can use to track what you do online.
    • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way bad guys get access to your personal information. If it looks weird, even if you know the source, it’s best to delete.

Sources:

-http://associationsnow.com/2016/01/data-privacy-day-to-raise-publics-awareness-of-its-role-in-data-security/

-https://www.staysafeonline.org/data-privacy-day/privacy-tips/