CYBER
SECURITY APRIL 2018
ONLINE MAGAZINE
Degrees & Careers
Big Data Business
Artificial Intelligence Municipal Innovation
Privacy Defenses
INFLIGHT DATA SECURITY SHOULD BE A GIVEN, NOT AN UPCHARGE. Only Gogo Business Aviation makes cybersecurity simple; it’s built into everything we do. Find out more about our proactive cybersecurity approach and see why we’re the company most trusted by corporate aviators worldwide.
gogo.to/airborne-cybersecurity
CYBER SOLUTIONS
PROTECTING EVERY SIDE OF CYBER Raytheon delivers solutions that help government agencies, businesses and nations protect critical information, systems and operations across every side of cyber — to make the world a safer place.
Raytheon.com/cyber @RaytheonCyber Raytheon Cyber
© 2018 Raytheon Company. All rights reserved.
CYBER
SECURITY
20
14
How do virtual currencies work?
Driverless car makers address built-in security risks
18 Internet of Things society presents safety issues
8 10
PRIVACY PROTECTION What you’ll learn in this issue
12
FACE FORWARD How your smartphone’s newest feature works
SECURITY MAKEOVER Take steps to protect your personal data
SOCIAL MEDIA
4 CYBERsecurity
14
AUTONOMOUS ALERT Self-driving cars could be targets for criminals
24
SMART CITIES Staying safe in an interconnected world
TECH TALK Popular conferences promote networking, learning
18
26
DIGITAL DOLLARS Answers to cryptocurrency questions
ARTIFICIAL INTELLIGENCE Machines programmed to combat cybercrime
20
30
HELPING HAND IBM Watson is changing health care
FOLLOW US ON FACEBOOK
@usatodaymags
FOLLOW US ON TWITTER
@usatodaymags
Contents APRIL 2018
PREMIUM PUBLICATION
EDITORIAL DIRECTOR Jeanette Barrett-Stokes jbstokes@usatoday.com CREATIVE DIRECTOR Jerald Council jcouncil@usatoday.com MANAGING EDITOR Michelle Washington mjwashington@usatoday.com
26
EDITORS Amy Sinatra Ayres Tracy Scott Forson Sara Schwartz Debbie Williams
Companies equip machines to protect consumers
DESIGNERS Amira Martin Miranda Pellicano Gina Toole Saunders Lisa M. Zilka CONTRIBUTING WRITERS Matt Alderton, Brian Barth, Claudia Caruana, Hollie Deese, Gina Harkins, Marc Saltzman, Brittany Shoot, Adam Stone ADVERTISING VP, ADVERTISING Patrick Burke | (703) 854-5914 pburke@usatoday.com
WAYMO; GETTY IMAGES
ACCOUNT DIRECTOR Justine Madden | (703) 854-5444 jmadden@usatoday.com
32
DISSECTING DATA Analytics help companies quell cyberthreats
FINANCE BILLING COORDINATOR Julie Marco
36
HIGHER LEARNING College offerings expand as critical need for experts grows
This is a product of
40
COOL CAREERS Five cybersecurity jobs you never knew existed
Without limiting the rights under copyright reserved herein, no part of this publication may be reproduced, stored in or reproduced in a retrieval system, or transmitted, in any form, or by means electronic, mechanical, photocopying, recording or otherwise without the written consent of USA TODAY. The editors and publisher are not responsible for any unsolicited materials.
FOLLOW US ON INSTAGRAM
@usatodaymags
COVER ILLUSTRATION BY JERALD COUNCIL, GETTY IMAGES
PUBLISHED IN THE USA
5
Bolster your cybersecurity. We’ll help you overcome the 4 biggest roadblocks to success. IT and security executives face numerous challenges in modernizing their data centers. Among those challenges, 62% of IT leaders rank cybersecurity as critical when updating their IT platforms. Insight will help you build a security strategy that will ensure data protection — and peace of mind.
Download the whitepaper
1.800.INSIGHT | insight.com/build-your-cybersecurity
BE THE FIREWALL AGAINST DATA THEFT Cybersecurity & Information Assurance at Boston University Ensuring Ensuring the the security security of of digital digital assets assets and and protecting protecting against against cybercrime cybercrime are are more more important important than than ever, ever, and and BU’s BU’s Metropolitan Metropolitan College College (MET) (MET) can can help help you you develop develop the the critical critical skills skills and and technological technological expertise expertise needed needed for for success. success.
PROTECTION
DETECTION
INVESTIGATION
Security Security Master’s Master’s && Graduate Graduate Certificate Certificate
Digital Digital Forensics Forensics Graduate Graduate Certificate Certificate
Safeguard Safeguardcritical criticaldata data by by developing developingand and implementing implementing essential essentialsecurity securityprocedures procedures and and protocols protocolsfor forenterprise enterpriseinformation information systems, systems, networks, networks, and and databases. databases.
Master Masterskills skillspertaining pertainingto to acquisition acquisitionof ofdigital digitalevidence, evidence, conducting conductinganalysis, analysis,presenting presenting aareport, report,and andbeing beingan anexpert expert witness witnessin inaacourt. court.
Cybercrime Cybercrime Investigation Investigation && Cybersecurity Cybersecurity Master’s Master’s && Graduate Graduate Certificate Certificate
“
My MyMET METcoursework courseworkgreatly greatlyenhanced enhancedmy mypractical practicalexperience experiencein in [the [thecybercrime cybercrimeinvestigation] investigation]field. field.Even Eventhough thoughIIhave haveaalaw lawdegree degree and and28 28years yearsof ofexperience experiencein inthe theFBI, FBI,IIneeded neededthe theMET METmaster’s master’s degree degreeto tobe becompetitive. competitive.IIwould wouldhighly highlyrecommend recommendthis thisprogram— program— both bothfor forindividuals individualsnew newto tothe thecriminal criminaljustice justicefield fieldor orfor forthose thosewho who have havemany manyyears yearsof ofexperience experienceand andare arelooking lookingto toenhance enhancetheir their knowledge, knowledge,skills, skills,and andabilities abilitiesfor forthe thenext nextchapter chapterin intheir theircareers.” careers.” — —Fmr. Fmr.FBI FBISpecial SpecialAgent AgentJosh JoshMayers, Mayers,Master Masterof ofCriminal Criminal Justice Justicewith withconcentration concentrationin inCybercrime CybercrimeInvestigation Investigation&& Cybersecurity Cybersecurity(2018) (2018)
“
Gain Gain insight insight into into cyber-criminology cyber-criminology and and cybersecurity cybersecurity risk risk assessment, assessment, as as well well as as deep deep knowledge knowledge of of digital digital investigative investigative best-practices—and best-practices—and even even become become eligible eligible to to take take forensic forensic examiner examiner exams. exams.
Excellent ExcellentBoston BostonUniversity Universityclasses classessuch suchas asNetwork NetworkSecurity Security and andEnterprise EnterpriseCyber CyberSecurity Securityhave haveenriched enrichedmy myrole roleas aspremier premier support supportarchitect architectfor forBMC BMCSoftware, Software,where whereIImust mustarticulate articulatethe the importance importanceof ofsecurity securityto tothe theengineering engineeringteams teamsand andcustomers customers at atthe thefinancial financialcompanies companieswe weserve.” serve.” — —Isaac IsaacMatta, Matta,MS MSin inComputer ComputerInformation InformationSystems Systemswith with concentration concentrationin inSecurity Security
No No GRE GRE or or GMAT GMAT required. required. To To apply, apply, email email met@bu.edu. met@bu.edu. To To learn learn more, more, visit visit bu.edu/met/CyberUSAToday. bu.edu/met/CyberUSAToday.
OVERVIEW
On Guard
BY MICHELLE WASH I N G TON
T
he mere mention of hackers, data breaches and identity theft is enough to spark panic in the average person. It is disconcerting to know that individuals, large corporations and even the government can fall prey to cybersecurity breaches. The plain fact is that computers, smartphones and other connected devices are vulnerable to hacking — and stolen data can be used for a variety of criminal purposes, including extortion, insider trading and commercial espionage. In addition, hackers can take over
8 CYBERsecurity
computer-operated systems and wreak havoc. Throughout this issue of Cybersecurity, you will learn how a few simple steps can help safeguard your personal data, how your phone’s facial-recognition software is designed to keep intruders out and how artificial intelligence is making a real difference for businesses’ data protection and in health care advancements. There is information on the safety challenges presented by self-driving cars and smart technology in our cities, as well as a primer on cryptocurrencies such as bitcoin, Ethereum and Ripple.
Those already immersed in the cybersecurity field will learn when and where the biggest industry conferences will be held, and if you’re interested in entering the field, you’ll find out where you can earn a top-notch cyber education as well as some interesting jobs to pursue once you earn the degree. In today’s digital environment, technology keeps us informed and interconnected, and can even help us live healthier lives. The challenge is to keep this useful technology secure. — Steve Weisman contributed to this article.
GETTY IMAGES
Managing digital security in a challenging world
PROTECTION
Cyber Defense
These five steps will help safeguard your data BY M ARC S ALTZMAN
Y
ou’ve received plenty of notice that hackers are out in force, making your data more vulnerable. Many think it’s only a matter of time until the next big data breach comes to light. Before it arrives, there are shortcuts to locking down your private information. Consider this a five-step cybersecurity tuneup:
Don’t use the same password for all your online activity. Why? If a service is hacked and your password is exposed, cybercriminals may try it on other accounts. After the latest Yahoo breach, for example, stolen email passwords may have been cross-referenced with users’ bank accounts, cybersecurity experts say. Replace passwords with passphrases: sequences of words and other characters including numbers and symbols. For example: AwalkintheP@rk!
2. ENABLE TWO-FACTOR AUTHENTICATION Make it more difficult for the bad guys to access your data by adding a second layer of defense for all your online activity, such as email, banking and cloud accounts. Sometimes referred to as two-step verification, two-factor authentication uses a password or passcode (or biometrics logon, like a fingerprint or facial scan) to access your accounts, in
10 CYBERsecurity
3. INSTALL ANTI-MALWARE
OTHER TIPS Set up •biometric
security (fingerprint or facial scan) on your smartphone and a “find my phone” app to locate it if lost or stolen. Be cautious when using devices in free public Wi-Fi hotspots (use your smartphone as a hotspot instead). Exercise common sense when reading emails and text messages, and never click on suspicious attachments or links.
•
•
Just as you wouldn’t leave the front door of your home unlocked, you shouldn’t leave your tech vulnerable to attacks, whether it’s a virus or other malware that sneaks onto your device or caused by “social engineering” (including ransomware and phishing scams) because you were deceived into divulging confidential information. Reputable anti-malware on all your devices — laptops, desktops, tablets and smartphones — can identify, quarantine, delete and report any suspicious activity. The most robust software offers a suite of services, including a firewall and encryption options.
4. UPDATE YOUR SOFTWARE Set up automatic updates wherever you can, including your operating system, browser and plug-ins. You only need to do this once. For software that doesn’t allow for automatic updates, check for them regularly. Similarly, take a moment to secure your wireless router, too, by setting a password.
5. BACK-UP YOUR INFO There are several ways to save copies of your critical data, including external hard drives or USB thumb drives. Be proactive about backing up your important files regularly. You’ll minimize the damage if hit with a direct or indirect attack.
GETTY IMAGES
1. STRONG AND UNIQUE PASSWORDS
addition to a code texted to your mobile phone to type in.
PROTECTION
In-Your-Face Security Facial-recognition is becoming standard in smartphones — but is it safe?
F
ingerprints and passcodes are no longer the first line of defense in smartphone protection. Now, cameras on devices like the iPhone X and Samsung Galaxy S8 scan your face and unlock in an instant once they determine a match. However, every new convenience comes with security concerns. Earlier this year, two British men with similar facial features said they unlocked the same iPhone using Apple’s Face ID. A woman in New York also found her son could unlock her iPhone X.
12 CYBERsecurity
Despite early flaws, facialrecognition technology is here to stay. Here are four things to know about the link between your face and your phone:
1. IS IT SAFE? Hackers broke through Apple’s Face ID technology just a week after it was unveiled in November, but experts say most people don’t need to worry about that happening to their phones. First-generation facial-recognition programs were able to unlock at the sight of a photograph, says Anurag Kahol, chief technology officer at Bitglass, a
California-based cloud-access security broker. Fortunately, he says, that’s no longer the case: “The current crop of facialrecognition solutions — Face ID chief among them — are less easily fooled.”
2. CAN IT BE TRICKED? Despite the improvements, facial recognition is not infallible, says Lujo Bauer, an associate professor of electrical and computer engineering at Carnegie Mellon University. In 2016, Bauer and other researchers used specially printed glasses to evade facial recognition or trick
USA TODAY
BY GIN A HARKIN S
PROTECTION
the technology into thinking they were someone else. “The thing about machine learning is that we really don’t know why it made that decision — the algorithm teaches itself,” Bauer says. With facial-recognition linked to financial functions such as Apple Pay, Samsung Pay or banking apps, it’s important to recognize the technology is not impenetrable. Complex passcodes remain the safest form of authentication, Kahol says.
3. WHAT IF I CHANGE MY APPEARANCE? Samsung warns that glasses, hats, masks, makeup or beards can interfere in the facial-recognition process. Apple, however, says Face ID automatically adapts to changes in your appearance — including new facial hair, glasses or headscarves — by analyzing more than 30,000 points on your face. While features vary from vendor to vendor, Kahol says adaptive solutions learn more about their users over time. “Face ID is a prime example in that it looks for specific characteristics in the face, ignores superficial changes, and, as such, is better equipped to identify unauthorized login attempts,” he says.
GETTY IMAGES
4. DOES IT VIOLATE MY PRIVACY? When it comes to your smartphone, probably not, Bauer says. But as facial recognition becomes more common and ends up in places like stores or other public spaces, it could become more invasive — especially if corporations, governments or others used it to track people’s movements. l
PROTECTION
NXP S32 Automotive Processing Platform
A Volvo SF-1 self-driving car being tested by Uber
Waymo’s fully self-driving Chrysler Pacifica Hybrid minivan 1
A BMW autonomous test car
Driverless Dangers
Experts work to ensure autonomous vehicles are as safe from cyberattacks as they are from collisions
W
ith the press of a button, your car assumes control. At up to 75 miles per hour, it traverses a crowded highway, automatically braking and accelerating as other vehicles enter and exit its path. As the driver of an autonomous vehicle, your only job is steering. And soon, you’ll relinquish even that responsibility, according to automakers like Ford and BMW, companies that plan to release fully driverless cars by 2021. This lack of control is one reason many people are skeptical of self-driving cars, according to a 2017 survey by the Mas-
14 CYBERsecurity
sachusetts Institute of Technology, which found that nearly half of consumers (48 percent) say they’ll never purchase an autonomous vehicle. The death of a woman in Tempe, Ariz., caused by an Uber self-driving test car in March probably does nothing to assuage those concerns, though police have said that the accident likely was unavoidable. In reality, driverless cars may be the safest kind, according to the National Highway Traffic Safety Administration, which noted that human error is responsible for 94 percent of serious car crashes.
The real cause for concern might not be autonomous vehicles’ safety — it might be their security. Their cybersecurity, to be exact. “Folks need to think about cars — especially autonomous vehicles — as complex computer systems and treat them as such,” says Chase Garwood, a program manager in the Homeland Security Advanced Research Projects Agency, within the U.S. Department of Homeland Security’s Science and Technology Directorate. Government and industry are doing exactly that, he says. Ahead of their release, they’re >
NXP; UBER; NXP; WAYMO
BY M ATT ALDERTON
Secure Your Brand ePlus is a leader in cyber security services and builds custom, integrated security programs to help keep your data and your brand safe. ePlus utilizes the Fortinet Security Fabric to:
+ Protect applications in the cloud… any cloud + Provide real-time visibility and control for IoT initiatives
+ Deliver security advisory and managed services tailored to your needs today… and those to come
eplus-security@eplus.com
eplus.com/fortinet ©2018 ePlus inc. All rights reserved. ePlus, the ePlus logo, and all referenced product names are trademarks or registered trademarks of ePlus inc. All other company names, logos, and products mentioned herein are trademarks or registered trademarks of their respective companies.
PROTECTION
thinking about autonomous vehicles’ vulnerabilities and working diligently to address them.
A RISKY RIDE Understanding what makes autonomous vehicles vulnerable requires looking under the hood. There, engines cohabitate with central processing computers known as engine control units, or ECUs. “Cars today ... are no longer just analog with a carburetor and mechanical systems,” says Garwood, whose office conducts scientific research that supports the development of commercial cybersecurity solutions. “They have onboard software that controls everything from airbag deployment, seatbelt performance and braking to entertainment systems, steering and parking.” Unfortunately, all software has the same Achilles’ heel, whether it’s installed on a computer, smartphone or car: bugs. “The software for premium connected and autonomous vehicles’ ECUs contains up to 60,000 bugs — including 5,000 security defects. These bugs potentially allow malicious hackers to take over the ECU, which is connected to the internet and external networks,” explains David Barzilai, co-founder and executive chairman of Karamba Security, an Israeli startup that develops cybersecurity solutions for driverless vehicles. In August, DHS’ Office of Cyber and Infrastructure Analysis (OCIA) published an analysis of the national security risks posed by autonomous vehicles
16 CYBERsecurity
94% OF SERIOUS CAR CRASHES ARE CAUSED BY HUMAN ERROR
– SOURCE: NATIONAL HIGHWAY TRAFFIC SAFETY ADMINISTRATION
and concluded that hackers could not only seize control of self-driving cars but use them to violate privacy and steal data. “If connections aren’t secure, somebody who is able to access your vehicle can also access all your personal information,” says OCIA senior analyst Charles Covel.
BOTTOM-UP SECURITY Before dismissing autonomous driving as ominous driving, one should know that self-driving cars are being designed so that like cruise control and air conditioning, cybersecurity comes standard. “Autonomous vehicles are some of the most secure vehicles around because of what’s at stake,” says Hudson Thrift, head of internal security at Uber, which is currently testing autonomous driving in San Francisco, Pittsburgh and Tempe, Ariz. “We’re building these things from the ground up with security in mind.” Starting at the foundation with a security system makes it easier to segregate threats, which limits their impact.
“If you look at the majority of new vehicles, there’s a change in the vehicle network architecture,” says Timo van Roermund, security architect at NXP Semiconductors, which supplies computer chips to the automotive industry. “Rather than having a big open network, you now have isolated domains and a context-aware firewall, or filter, that controls which information can flow from one domain into another.”
TEAMWORK YIELDS TRUST Security involves teamwork as much as technology. “The automotive industry traditionally has been rather closed, but that’s starting to change,” says van Roermund, who notes that in the past, automakers have been reluctant to share knowledge for fear of losing their intellectual property. With cybersecurity, however, there’s a recognition that automakers are better off united than divided. Manufacturers are therefore establishing groups like the Automotive Information Sharing and Analysis Center, a consortium of global automakers and suppliers whose purpose is enhancing cybersecurity awareness and collaboration. “One of us being bad at security doesn’t help the others,” says Thrift, who chairs the technical steering committee for the Future of Automotive Security Technology Research, a similar group established in 2016 by Aeris, Intel and Uber. “We’re all better off if we’re all better at security.” l
Countering Current and Emerging Threats
Dr. Scott Goldstein l 703-321-4619 www.ensco.com/national-security
PROTECTION
Securing Smart Cities
B Y BRIAN BARTH
T
he Internet of Things has begun to take shape at the city scale. But cybersecurity experts say many of these systems are vulnerable to hacking, raising key questions about public safety, privacy and more. Several years ago, Cesar Cerrudo sat down on a park bench in Washington, D.C., with his laptop and hacked into the city’s traffic control system. Within a few minutes, he had access to the signals emanating from sensors embedded in the roadways surrounding Capitol Hill,
18 CYBERsecurity
which feed data to nearby traffic lights, effectively determining when they turn red, yellow or green. Fortunately, Cerrudo is not a criminally minded hacker, but the chief technology officer of IOActive Labs, a global cybersecurity consultancy firm. He merely accessed the data streaming from the sensors, but proved that a malevolent actor could easily alter it, and has since repeated the test in major cities around the world. The exercise was meant to draw awareness to what Cerrudo and other
Cesar Cerrudo of IOActive Labs proved the infrastructure in major cities can be hacked.
cybersecurity researchers view as the profound vulnerability of so-called “smart” urban infrastructure — traffic controls, utility grids, water systems, etc. — that have been linked with wireless networks for the sake
IOACTIVE LABS; PROVIDED BY CESAR CERRUDO
Communities tasked with protecting data in an interconnected society
PROTECTION
GETTY IMAGES
Millions of interconnected sensors are designed to pick up signals and collect data from our smartphones. of harvesting data, improving efficiency and delivering better public services. Smart city technology, an industry expected to reach $1.2 billion in value by 2022, is rapidly transforming urban life in ways that are largely invisible to the general public. This means millions of interconnected sensors in everything from roads and bridges to lampposts and park benches, some of which are designed to pick up signals and collect data from our smartphones as we go about our day. Add to the mix computer-controlled, internet-connected driverless vehicles, which are already hitting the streets in some cities, and the potential threats to public safety, not to mention personal privacy are frightening indeed. “Based on my personal experience and research I have done, most of these technologies are not secure,” says Cerrudo, who co-founded the nonprofit group Securing Smart Cities, which helps municipalities identify solutions to cybersecurity challenges. “This represents a huge new attack surface for cybercriminals.”
Cerrudo believes it’s only a matter of time before more malicious hackers turn their attention to the task. There have already been a handful of notable cyberattacks on urban infrastructure. A ransomware attack during Thanksgiving weekend in 2016 took the San Francisco light rail ticket machines hostage for an entire day. In the middle of the night in April 2017, hackers caused widespread panic, setting off all 156 emergency sirens in Dallas — which alert the public to catastrophic safety threats, like tornadoes or missile attacks. “Cybersecurity efforts in local government have traditionally focused primarily on information technology,” says David Jordan, the chief information security officer for Arlington County in Virginia, which encompasses a large swath of the Washington, D.C., metro area. “Operational technologies” — the systems that power urban infrastructure — “are a different animal.” While these systems have long been automated, in the past they were typically “air gapped” (disconnected from unsecured networks), which kept them relatively immune from attacks. That approach runs contrary to the notion of smart-city technology, of course. Despite the obvious threats, Jordan says he’s seen surprisingly little effort on the part of either
technology companies or municipalities to secure the networks that are now an integral part of systems delivering basic services to most urban communities. “Air gapping is no longer an option, because these systems have to be interconnected. Bolt-on security systems are available, but that approach isn’t very effective when the technologies themselves are not built in a way that is inherently secure.” He says federal regulations would go a long way toward changing that, but he’s seen little political will for the cause thus far. Jordan has taken his message to the airwaves on weekly local Practical Security radio show. “The question is do we try to fix this for the consumer so they don’t have to worry about it, or make the consumer very aware of it to the point where they demand that elected officials do something?” l Hackers could potentially hack traffic lights in a city and control when they turn red, yellow or green.
TECHNOLOGY
Digital Dollars
What are cryptocurrencies and how do they work?
B
y now, someone you know has probably told you how he or she is getting rich quick with virtual currencies like bitcoin, Ethereum, Ripple or one of the lesser-known 1,500-plus investable cryptocurrencies. But how much do you really know about them? Here is a primer on the basics of cryptocurrencies:
WHAT EXACTLY ARE CRYPTOCURRENCIES? Simply put, cryptocurrencies are electronic peer-to-peer currencies. They don’t exist physically, but just because you can’t hold a bitcoin in your hand doesn’t mean it isn’t worth anything.
HOW MANY ARE THERE? The number is always chang-
20 CYBERsecurity
ing, but according to CoinMarketCap.com as of mid-March, there were around 1,587 different virtual coins that investors could potentially buy. It’s worth noting that the barrier to entry is particularly low among cryptocurrencies. In other words, if you have time, money and a team of people who understand how to write computer code, you have an opportunity to develop your own cryptocurrency.
WHY WERE CRYPTOCURRENCIES INVENTED? The idea of an electronic peer-to-peer currency was being tinkered with decades ago, but it wasn’t truly successful until 2008, when bitcoin was conceived. The goal of bitcoin’s creation, and all virtual currencies that have since followed, was to fix a number of perceived
flaws with the way money is transmitted from one party to another. For example, think about how long it can take for a bank to settle a cross-border payment, or how financial institutions have been reaping the rewards of fees by acting as a third-party > Virtual currencies are not tangible but their popularity has skyrocketed since they were first introduced in 2008.
GETTY IMAGES
B Y SE AN WILLIAMS
END-TO-END PREVENTION. Keeping CARS SAFE from
CYBERATTACKS
www.KARAMBASECURITY.com Carwall: Stop Hackers from Getting In
Karamba Carwall autonomous security prevents attacks targeting connected and autonomous cars by automatically sealing electronic control units (ECUs) according to factory settings, so only legitimate operations are allowed.
SafeCAN: Prevent Network Hacks and Enable Secure Over-the-Air Updates
SafeCAN autonomous security prevents attacks targeting in-vehicle networks, by providing automatic, seamless, encryption between selected ECUs, to ensure that only commands from legitimate sources are performed by the car’s safety systems.
Zero false positives
Negligible performance impact
No updates required
Hardware and OS agnostic
Seamless integration. No developer Intervention
Innovation. Success. Career.
Information Security Professionals Are you interested in becoming a member of a company that is leading the world in financial services and technology? Every day at TSYS we are on the front line, helping credit card customers around the globe. Our team has a passion for putting people at the center of every interaction. If you’re ready to continue your career with development opportunities, then it’s time for you to apply for a position with TSYS. What’s in it for me? • Base salary • Full benefits package • Career growth opportunities Bonus points: • Casual dress in a fun, secure work environment • Rewards & recognition program • Family-oriented company which supports work-life balance For immediate consideration, please contact Tracie Ennis tennis@tsys.com. © 2017 Total System Services, Inc.® All rights reserved worldwide. Inc.
Get to know us at tsys.com/careers
SECTION TECHNOLOGY
than with traditional banking. Finally, transactions on blockchain networks may have the opportunity to settle considerably faster than traditional networks.
WHAT IS BLOCKCHAIN?
HOW ARE BLOCKCHAIN TRANSACTIONS VERIFIED?
Blockchain is the digital ledger where all transactions involving a virtual currency are stored. If you buy bitcoin, sell bitcoin, use your bitcoin to buy a sandwich, and so on, it’ll be recorded, in an encrypted fashion, in this digital ledger. Blockchain offers a number of potential advantages, but is designed to cure three major problems with the current money transmittance system. First, blockchain technology is decentralized. In simple terms, this means there isn’t a center where all transaction data is stored. Instead, information is stored on hard drives and servers all over the globe. Secondly, as noted, there’s no middleman with blockchain technology. No third-party bank is needed to oversee these transactions, so the thought is that transaction fees might be lower 6 CYBERsecurity 22 CYBERsecurity
There are logistics involved with blockchain verification, such as making sure that the same virtual coin isn’t spent twice. Most often this process is done by a group of individuals known as “miners” — people with high-powered computers who are competing against each other to solve complex math equations. The first miner to solve these equations, and in the process verify transactions on the ledger, gets a reward, which is known as a “block reward.” This reward is paid out in virtual coins, and is an example of how bitcoin transactions are verified. This process is referred to as “proof of work.”
ARE TRANSACTIONS ANONYMOUS? It depends. Most cryptocurrencies aren’t as anonymous as
you’d think. Sure, you don’t have to supply your Social Security number or bank account to begin trading or investing in cryptocurrencies, but any transaction you make is still going to be recorded in the underlying digital ledger. There is, however, a group of cryptocurrencies known as “privacy coins” that have a sole purpose of beefing up the anonymity and privacy of a transaction. They use specialized protocols to help hide the identity of the sender of a payment. Monero and Dash are examples.
HOW DO VIRTUAL COINS FIT INTO ALL OF THIS? In many instances, the coins are required to pay for transaction fees on a blockchain. Ethereum, which is one of the largest cryptocurrencies by market cap behind bitcoin, requires users of its blockchain to pay transaction fees in its coin, known as Ether. B ut there are other potential applications. l Sean Williams writes for The Motley Fool, a USA TODAY content partner offering financial news, analysis and commentary.
GETTY IMAGES
middleman during transactions. Cryptocurrencies work around the traditional financial system through the use of blockchain technology.
Do you still rely on risk matrices, qualitative scores and ambiguous categories like medium or red?
OR Do you prioritize actions with Return on Control using sound, actuarial methods that show measurable improvements?
Real Quantitative Methods Used from Practical Cybersecurity Risk Assessment In this intensive 2-hour webinar, Doug Hubbard will explain practical methods for quantitative cybersecurity risk assessment. Get immediate takeaways using spreadsheet- based risk analysis and learn to adopt more advanced methods over time.
Register now at
hubbardresearch.com/cyberriskwebinar Save 40% with this code: USATodayQuantRisk
Required Reading for 2018 Society of Actuaries Exam Prep!
Let Hubbard Decision Research help you implement real quantitative methods for assessing risk. info@hubbardresearch.com
IT’S TIME TO GET PHYSICAL DON’T LEAVE YOUR SECURITY TO CHANCE
Owl Data Diodes Can Help Physically-enforced cybersecurity for the strongest protection from cyber threats. Data diode technology secures networks and devices from all external attacks, including malware, ransomware, and advanced persistent threats.
In a world gone software, harden your defenses with Owl Cyber Defense.
@owlcyberdefense
www.owlcyberdefense.com
TECHNOLOGY
Tech Talk
Conferences bring cybersecurity professionals and enthusiasts together to learn and explore BY H OLLIE DEESE
C
RSA CONFERENCE
April 16-20; San Francisco (rsaconference.com/events/us18) “We want what is discussed to provide good guidance and actionable steps for them to put to use professionally and personally,” Britta Glade says.
•
SC MEDIA RISKSEC
May 31; New York City (risksecny.com) SC Media’s 12th annual cybersecurity conference will offer keynotes, panel discussions and networking opportunities, and demo area for tech companies.
•
CIRCLECITYCON 5.0
June 1-3; Indianapolis (circlecitycon.com) Community-led training classes are a draw for this conference, now in its fifth year.
•
24 CYBERsecurity
Professionals and newbies in the cybersecurity field have myriad opportunities to network and learn at conferences year-round.
GARTNER SECURITY AND RISK MANAGEMENT SUMMIT
June 4-7; National Harbor, Md. (gartner.com/events) Expect more than 300 sessions on security governance, IT risk management, data loss prevention and more as attendees learn how to shift to more dynamic, people-centric approaches to security and deliver IT resilience.
•
BLACK HAT USA
Aug. 4-9; Las Vegas (blackhat.com/us-18) Black Hat USA is one of the leading information security events, providing attendees with the latest in research, development and trends with technical trainings followed by the two-day main conference.
•
DEF CON 26
Aug. 9-12; Las Vegas (defcon.org) DEF CON is possibly more accurately described as a “hacker-thon.” About 25,000 expected attendees can focus on community and finding vulnerabilities to be fixed.
•
AI EXPO NORTH AMERICA Nov. 28-29; Santa Clara, Calif.
(ai-expo.net/northamerica) Considered the world’s leading artificial intelligence conference, AI Expo will showcase next-gen technologies and strategies to propel businesses. More than 12,000 attendees are expected to explore the latest advancements in cybersecurity.
•
RSA CONFERENCE; MIS MANAGEMENT INFORMATION SYSTEMS TRAINING INSTITUTE
ybersecurity isn’t just a niche tech specialty anymore — it’s as much a part of any business as payroll and taxes. “Digital business is ramping up fast,” says Christy Pettey, director of public relations for information technology research and advisory company Gartner. “As real and virtual worlds collide and digital ecosystems expand, new risks are being created. Digital transformation demands a radical new approach to security and risk management.” Here is a roundup of some of this year’s biggest and most popular conferences attended by business professionals across the country, and what you can expect to learn if you go:
Thursday, May 31 NEW YORK CITY SC Media's 12th Annual Security Conference, RiskSec NY Join RiskSec NY to learn about new approaches to info security, discover the latest technology and interact with the best in the business. • Interactive learning sessions with industry experts • Demos from leading technology companies • 9 CPE credits to maintain your certification • Dedicated networking opportunities
Use discount code CYBER to save $100 on admission.
SECURE YOUR SEAT RISKSECNY.COM
www.TestDividers.com Table Top Testing & Privacy Partitions For more information visit our website or email us at
testdividers@gmail.com 941-586-3447
Code: USA2018 for a
FREE CARRYING BAG with purchase of a set of Test Dividers
Join the foundation for Application Security Open
Global
Everything at OWASP is radically transparent from our finances to our code.
Anyone around the world is encouraged to participate in the OWASP community.
Innovation
Integrity
OWASP embraces ideas from a community of like-minded professionals designed to support leading edge solutions to software security challenges. owasp.org
OWASP is an honest and truthful, vendor neutral, global community.
TECHNOLOGY
Built-in Protection
Artificial intelligence and machine learning combat cybercrime
I
ncreasingly, major technology firms are recognizing the need to augment their systems with artificial intelligence (AI) and machine learning (ML) to help software engineers thwart massive data breaches such as those at Equifax, Sony Pictures, Target and the U.S. Office of Personnel Management. Automated protection against cybersecurity threats can catch potential risks humans may miss, by monitoring more data, and sending reports to humans for further investigation.
26 CYBERsecurity
Cloud computing service giants, including Oracle and Amazon Web Services, have introduced embedded, AI-driven security features engineered directly into the platform to monitor irregular activity, maintain overall system operability during regional outages and planned maintenance, as well as patch security holes as needed. Other cloud application platforms built on compliance and security, such as Box and Salesforce, also increasingly offer more and better protection
against network vulnerabilities to guard sensitive customer information. Matt Haney, the CEO of network security firm Universal Network Solutions Inc., says that while not new, machine learning and artificial intelligence are receiving a lot of attention due to increased public awareness about cyberthreats, as well as crucial advances in technology. “Cloud adoption coupled with AI have allowed organizations to collect and analyze data without
GETTY IMAGES
BY B RITTAN Y S HOOT
Fight Cybercrime, Be A Digital Detective
At Grand Canyon University, earning an online degree in cybersecurity prepares IT experts to meet industry demands, improve business performance, protect proprietary information and reduce costs of enterprise systems.
GCU Offers Three Online Degree Programs in Cybersecurity:
Learn how GCU’s flexible and affordable online programs can help you achieve your IT goals.
gcu.edu/cybersecurity
• Bachelor of Science in Information Technology with an Emphasis in Cybersecurity • Bridge to Master of Science in Cybersecurity • Master of Science in Cybersecurity
For more information about our graduation rates, the median debt of students who completed the program, and other important information, please visit our website at gcu.edu/disclosures. Please note, not all GCU programs are available in all states and in all learning modalities. Program availability is contingent on student enrollment. Grand Canyon University is regionally accredited by the Higher Learning Commission 800-621-7440; http://hlcommission.org/. Important policy information is available in the University Policy Handbook at https://www.gcu.edu/academics/academic-policies.php. GCU, while reserving its lawful rights in light of its Christian mission, is committed to maintaining an academic environment that is free from unlawful discrimination. Further detail on GCU’s Non-Discrimination policies can be found at gcu.edu/titleIX The information printed in this material is accurate as of MARCH 2018. For the most up-to-date information about admission requirements, tuition, scholarships and more, visit gcu.edu ©2018 Grand Canyon University. 18COBE0012
Meet the Demand in One of the World’s Fastest Growing Fields
Choose from three cybersecurity tracks. Conduct research with leaders in the field inside the Institute of Computing and Cybersystems. Get specialized knowledge to advance your career. Attacks on computer systems evolve quickly—and Michigan Tech graduates are prepared. Learn more and apply for free: mtu.edu/cs/graduate/cybersecurity Michigan Tech is an EOE, which includes protected veterans and individuals with disabilities.34701218
@MichiganTechComputerScience
TECHNOLOGY
impacting the organization it is trying to protect,” says Haney. Augmenting human engineering skills with automated processes has never been easier, and AI and ML-led features can offer crucial protection for any business with data in a private or public cloud. Strong network architecture is the first line of defense for protecting sensitive data, so it is especially necessary to maintain a fortified firewall against malicious attacks. “A successful attack on a database system can cripple a company or even a whole country,” warns Juan Loaiza, senior vice president of systems technology at Oracle, a company that is garnering much buzz with its new autonomous database unveiled in 2017.
28 CYBERsecurity
“Cloud adoption coupled with AI have allowed organizations to collect and analyze data without impacting the organization it is trying to protect.” — Matt Haney, CEO of Universal Network Solutions Inc.
The AI-driven database aims to constantly identify and patch security vulnerabilities in real time, working even quicker than the most nimble security experts can operate to stay ahead of hackers. Loaiza adds that applying machine learning to securing the network is just one more way to help customers minimize risk
and protect their data and systems: “A majority of cyberattacks exploit software vulnerabilities that have existing patches.” The most recent high-profile example of this was the Equifax breach, which occurred because a known vulnerability in the application system hadn’t been patched. Engineering additional automated protections can keep hackers at bay, but Haney warns that humans continue to play a crucial role in supporting even the most robustly engineered security systems. “Machine learning still requires a person to define, build and test the program,” Haney emphasizes. “But machine learning does offer a hope of simplification, scalability and even automation in an industry ripe with complicated products.” l
ORACLE
Larry Ellison, Oracle’s co-founder and chief technology officer, announces the company’s first autonomous database.
Cyber education and research are rising to a new level. Only four to five courses, (12 – 15 credits) are required to earn each certificate.
1-888-DSU-9988
dsucyber.com/rising
Cyber Threats are of Critical Concern to the Nation Protect the homeland with a degree from Marymount University B.S. in Information Technology M.S. in Information Technology M.S. in Cybersecurity MBA & M.S. in Cybersecurity dual degree D.Sc. in Cybersecurity* *Pending approval fall 2018
Detect threats and mitigate risks. Find out how at marymount.edu/CyberDegree
B.S., National Security Studies M.S., National Security Studies D.Sc., Civil Security Leadership, Management and Policy Cyber Security Certificates NSA & DHS designated Center for Academic Excellence For information on any of these degree programs, please visit njcu.edu/nationalsecurity.
Designated Center of Academic Excellence in Cyber Defense Education (CAE/CDE)
201-200-2275 • securitystudies@njcu.edu
2039 John F. Kennedy Blvd. • Jersey City, NJ 07305
TECHNOLOGY
IBM and Pfizer have teamed up to provide accelerated cancer care to patients using Watson for Drug Discovery.
Beneficial Intelligence IBM Watson’s AI is changing health care
S
ome say that artificial intelligence (AI) will radically change health care in the future. And they’re right. But that prediction overlooks an important detail: AI is already significantly changing health care. At the annual JPMorgan Healthcare Conference in January, IBM Watson Health general manager Deborah DiSanzo provided an update on the progress that IBM Watson, the AI system famous for beating Jeopardy! game show champions several years ago, is making in improving health care.
30 CYBERsecurity
MANAGING CARE DiSanzo notes that 20 percent of patients typically consume 80 percent of total health care costs. These high-cost, highneed patients require close
management of care. That’s where IBM Watson Care Manager comes in. The system was designed to help doctors manage those patients’ care more effectively. It sifts through structured and unstructured patient data, as well as the latest evidencebased medicine, quality standards and regulatory requirements. IBM Watson Care Manager then helps health care teams create individualized treatment plans and recommend the optimal approaches to patients’ care. Use of AI in managing care is
IBM; GETTY IMAGES
B Y K EITH S PEIGHTS
TECHNOLOGY
probably more prevalent than you think. DiSanzo says that roughly 147,000 patients now have their care plans managed with the assistance of IBM Watson Care Manager. The technology has been particularly useful in behavioral health and social care management, DiSanzo says.
up steam. DiSanzo says that in 2015, only one health care organization used IBM Watson for Oncology. Now, 155 hospitals and health care organizations utilize the technology. She also notes that IBM Watson has now been trained for many more cancers.
MATCHING PATIENTS WITH CLINICAL TRIALS
GETTY IMAGES
RAPID DRUG DISCOVERY It takes biotech and pharmaceutical companies at least 10 years, on average, to bring a new drug to market, according to industry trade group Pharmaceutical Research and Manufacturers of America. And most experimental drugs never actually make it to market. DiSanzo says IBM Watson for Drug Discovery is helping accelerate the process. IBM Watson Health collaborated with Barrow Neurological Institute, who used IBM Watson’s AI to rank 1,500 proteins for their predicted association with amyotrophic lateral sclerosis (ALS), also known as Lou Gehrig’s disease. Of the top 10 proteins ranked by IBM Watson, eight of them proved to be linked to ALS. Here’s the kicker: Five of them had never before been associated with the disease. DiSanzo states that IBM Watson “makes invisible data visible.” Even highly educated medical researchers struggle to keep up with the sheer volume of new information being generated, but IBM Watson was built to churn through the ever-growing amount of research data. Thus, the technology holds tremendous potential to bring new drugs to market faster than ever before.
CANCER TREATMENTS DiSanzo cites a study performed by Manipal Hospitals in India, where IBM Watson for Oncology “agreed” with the health care system’s multidisciplinary tumor board-recommended treatment approach in 93 percent of more than 600 breast cancer cases. The real potential is for AI to improve the consistency and overall quality of cancer care more quickly, freeing up physicians to spend more time delivering care to patients. Use of AI in this way is picking
One underappreciated difficulty with drug development is identifying which patients meet the criteria required for different clinical trials. This is an especially daunting task with cancer drugs, considering that there are nearly 1,000 cancer immunotherapies in development, and even more in pre-clinical testing, many of which could advance to human studies. Enter IBM Watson Clinical Trial Matching system. This system eliminates the need to manually compare clinical trial enrollment criteria with patient medical data. Instead, it uses AI to read through all of this data, matching the right patient to the right clinical study. During a 16-week trial period, the AI technology reduced pre-screening wait time by 78 percent. IBM Watson automatically eliminated 94 percent of patients who didn’t meet clinical trial requirements. This translates to faster enrollment, which ultimately could accelerate the speed by which new drugs make it to market. l — Keith Speights writes for The Motley Fool, a USA TODAY content partner offering financial news, analysis and commentary.
31
TECHNOLOGY
Dissecting Data
Analytics help companies quickly spot and react to cyberthreats BY A DAM S TON E
C
is expected to increase to $6 trillion annually by 2021. Big data analytics is here to help, offering a means to identify and respond to billions of potential threats intelligently, in real time. The functionality makes it possible to capture massive amounts of data, filter and ana-
lyze network activity and draw meaningful insights on a scale no human analyst could achieve.
HOW IT WORKS As the name suggests, big data is all about volume — the search for patterns and changes across potentially millions of digital events. Scanning through >
GETTY IMAGES
ybersecurity is literally too big for humans to battle alone. The first half of 2017 saw a worldwide total of 918 data breaches with 1.9 billion records compromised, up 164 percent from the previous six months, according to global digital security company Gemalto. The cost of digital attacks
32 CYBERsecurity
See the Future in Cybersecurity Bowie State is joining the fight against cyber threats. Our innovative curriculum teaches emerging tech experts how to avert real-world cybersecurity threats by identifying and strengthening vulnerable code. We work hard to ensure that the students of today can defend against the threats of tomorrow.
bowiestate.edu/technology
Doctor of Philosophy
Digital & Cyber Forensic Science Do you have a bachelor’s degree in computing science, computer engineering, or digital forensics? Are you interested in developing new tools and methods for handling digital and cyber forensic evidence? Would you like to work in business, federal/state security agencies, or academia? Our new PhD in digital and cyber forensic science may be for you! Learn more at shsu.edu/go/cyberforensicsphd
Sam Houston State University
TECHNOLOGY
34 CYBERsecurity
Biggest data breaches Here are some of breaches that have affected the most users since 2007. Dates are when a breach was announced, not necessarily when it occurred.
Yahoo!
1 billion
Dec. 2016
Equifax
145.5 million
Target
110 million
Sept. 2017
Nov. 2013
AOL
Oct. 2007
92 million
Sony PlayStation Network
77 million
U.S. Office of Personnel Management
21.5 million
April 2011
July 2015
SOURCE: USA TODAY RESEARCH
noticing anomalies, events that stand out as being somehow unusual. A mobile device, for instance, could suddenly tap into networks where it doesn’t usually go — a possible sign that it has been hijacked. Individuals may download large files, or networks may see sudden surges in traffic. Big data can identify these suspicious trends and flag them for investigation.
By poring over large volumes of information, these techniques can also find some of the most common cybercrime evolutions before they spiral out of control. Take for example ransomware, an increasingly popular form of attack in which criminals effectively lock up a computer system and hold it for ransom. “Data analytic tools have worked very
well detecting the first stage of ransomware attacks, hiding in server and PC log data that contains millions of entries of legitimate processes and access,” says John Pescatore, director of emerging security trends at the SANS Institute, one of the world’s largest providers of information security training and certification.
THE RIGHT SKILLS For companies looking to invest in big data analytics, there’s an important caveat: These tools are only as good as the people who put them to use. Big data can automate some aspects of security, but it requires a steady hand on the tiller. “Data analytic tools need to be used by highly skilled security domain experts,” Pescatore says. “There is a lot of engineering required up front to make sure that the right data is collected.” Done properly, data analytics promises to act as a force multiplier, leveraging the talents of skilled operators to glean better, deeper intelligence and ultimately drive enhanced security across the corporate landscape. l
GETTY IMAGES
network traffic logs and transactions, big data tools can flag suspicious activity. “This allows the human security personnel to focus their attention on the most urgent events, instead of slowly combing through the logged data by hand,” says Henry Carter, a Villanova University computing sciences professor. Susan O’Brien, vice president of marketing and communications at big data platform provider Datameer, describes a number of ways analytics and encryption software protect networks. These include malware research and analysis, a process by which analytic tools identify and flag suspicious files. There’s also macro trend analysis, the larger effort to scan for attack trends across the digital landscape in order to spot potential emerging threats. “By becoming more situationally aware, the security professional can pivot resources more quickly in order to manage risk,” says James Stanger, chief technology evangelist at the trade association CompTIA. Big data analytic techniques work by
100% Online
MS in Cybersecurity Columbus State University
Enhance your Security Defend the Future -Quality Degree at an Aordable Price
M.S. in Cybersecurity Management
-Flexible Curriculum
M.S. in Applied Computer Science - Cybersecurity Track
-Personal Advising
I
Become a cybersecurity trained professional
Apply today! https://cs.columbusstate.edu/cyber/
CS@ColumbusState.edu
EDUCATION
Higher (Cybersecurity) Learning Advanced educational offerings increase with critical need for experts soon, as future employment he headlines are filled opportunities in cybersewith examples that curity are projected to soar. show a lot of work According to the Occupaneeds to be done to mitigate tional Handbook, published ongoing cyberthreats to by the U.S. Department of individual Americans, busiLabor, the job outlook for nesses, national infrastrucinformation technology seture and the U. S. governcurity analysts is expected ment. to grow 28 percent by 2026. In five words: CybersecuMany colleges and unirity experts are in demand. versities offer cybersecurity Undergraduate students at Michigan Technological University work in a computer science lab. Such courses Eye-catching statistics and ancillary degree and are required to earn a master’s degree in cybersecurity. from CyberSeek, a project certificate programs. Here supported by the National Initiative for Cyberseare 10 U.S. institutions that have received certificacurity Education in the U.S. Department of Comtion from the National Security Agency (NSA) and merce, show that from October 2016 through SepDepartment of Homeland Security (DHS) as natember 2017, there were nearly 286,000 unfilled tional centers of academic excellence in informajobs in cybersecurity. tion assurance education, cyberdefense education This demand is not expected to decline any time or cyberdefense research: BY C LAUDIA CARUA N A
CAPELLA UNIVERSITY
Capella, a for-profit, online university headquartered in Minneapolis, offers a Master of Science in information assurance and cybersecurity program designed to prepare information security professionals to assess, develop and implement solutions to safeguard the information assets of an organization. capella.edu
FAIRLEIGH DICKINSON UNIVERSITY
The Center for Cybersecurity and Information Assurance at Fairleigh Dickinson offers 10 cybersecurity-related Bachelor of Science degrees, four Master of Science programs and several graduate-level certificates. Students take advanced courses in network security administration, computer forensics, secure software development and more. fdu.edu
36 CYBERsecurity
SARA BIRD/MICHIGAN TECHNOLOGICAL UNIVERSITY; PROVIDED BY THE UNIVERSITIES
T
PREPARE NOW FOR A CAREER IN INFORMATION TECHNOLOGY AND CYBERSECURITY CERTIFICATE IN CYBER FOUNDATIONS
CERTIFICATE IN CYBERSECURITY
3 Classes:
4 Classes:
Comp TIA A+ Certified IT Technician CompTIA Network+ CompTIA Security+
Linux Certified System Administrator (RHCSA/Linux+) Cisco Certified Network Associate (CCNA) EC-Council Certified Ethical Hacker (CEH) Network & Packet Analysis
Call to Register! 910-672-2954 For further information contact:
John A. Bellamy The Center for Defense and Homeland Security Office of the Chancellor, Fayetteville State University jbellam5@uncfsu.edu or visit our website: http://www.uncfsu.edu/cdhs/
EDUCATION
FLORIDA A&M UNIVERSITY
Courses offered in the department of computer and information sciences under the cyber defense certificate program at the undergraduate and graduate levels are used to satisfy the NSA/DHS designated 22 cybersecurity-related knowledge units. famu.edu
NEW YORK UNIVERSITY
NYU has a one-year Master of Science degree in cybersecurity risk and strategy for executives, offered jointly between the School of Law and Tandon School of Engineering, for professionals who want to deepen their understanding of cybersecurity risk. Faculty teach classes on topics including network security and systems-security engineering. nyu.edu
NORTHEASTERN UNIVERSITY
In the Master of Science in information assurance and cybersecurity program, students learn about issues in information security and how technology can help resolve them. Courses include applied cryptography, white-collar crime, cyber law and digital rights. northeastern.edu
PURDUE UNIVERSITY
In addition to a Bachelor of Science in cybersecurity, the Purdue Polytechnic Institute has a one-year information security for computing professionals program, leading to a Master of Science degree in computer science. The program has a strong focus on data security. polytechnic.purdue.edu
TEXAS A&M UNIVERSITY
The degree programs at the Texas A&M Cybersecurity Center include a cybersecurity undergraduate minor and cybersecurity designations as well as a Master of Engineering with a specialization in cybersecurity and certificate programs. tamu.edu
TUSKEGEE UNIVERSITY
Tuskegee offers several Committee on National Security Systems (CNSS) security certifications, including information systems security, NSTISSI-4011, National Training Standard for information systems security professionals and CNSSI-4012 for senior systems managers. tuskegee.edu
UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE
UNIVERSITY OF PITTSBURGH
The university’s school of computing and information has an interdisciplinary undergraduate program for cybersecurity that also includes legal and policy issues. There are also Master of Science and doctorate programs in information science available for graduate students. pitt.edu
38 CYBERsecurity
PROVIDED BY THE UNIVERSITIES
The three Bachelor of Science and five Master of Science degrees in areas including cybersecurity technology, cloud computing and digital forensics provide current knowledge and skills for protecting critical cyber infrastructure and assets. Students can also earn four undergraduate and graduate certificate programs. umuc.edu
BECOME A CYBER FELLOW
AN ELITE ONLINE CYBERSECURITY MASTER OF SCIENCE DEGREE FOR $15,000 Click here for more information.
@nyutandon #TechInService2Society
A Degree in Cyber Security Cyber Security has never been more important. That’s why Sullivan University trains and prepares students to work in the real world and protect information structures in different organizations. If you want Cyber Security to be part of your future, visit sullivan.edu to learn more and register today. Classes start June 25th.
Certificates Diplomas Associates Bachelor’s Master’s Doctorates For more information about program successes in graduation rates, placement rates and occupations, please visit: sullivan.edu/programsuccess.
CAREERS
Crime Fighters Five awesome cybersecurity jobs you never knew existed BY MATT AL D ERTON
I
1.5 million unfilled positions in the field worldwide by 2020, according to a 2015 study by cybersecurity training nonprofit (ISC)² — but also because cybersecurity careers can be surprisingly exciting. Not convinced? Here are five positions that might change your mind:
GETTYIMAGES
t’s perhaps unlikely that any child has ever said, “When I grow up, I want to work in the IT department.” However, that might soon change, thanks to the flourishing field of cybersecurity. Not only because cybersecurity professionals are in high demand — there are expected to be more than
2 CYBERsecurity 40 CYBERsecurity
There’s a fast-growing national need for the education of graduate-level cybersecurity engineers in the U.S., at state and local governments, and in industries such as banking, medical, public utilities, and education. Addressing the cybersecurity threats requires highly-educated practicing professionals to lead efforts in protecting our critical infrastructures. Meet the demand and apply today!
marylandcybersecurity.umd.edu/
CYBERSECURITY EXPERTS ARE IN DEMAN
UNIVERSITY OF MARYLAND ONLINE MASTER’S IN CYBERSECURITY
CAREERS
Penetration testers, or pen-testers, are hackers with a heart of gold. Also known as ethical or white-hat hackers, it’s their job to break into computer systems to help organizations identify — then fix — their weaknesses. “You get paid to break into customers’ networks,” says Chris Triolo, vice president of customer success at Respond Software, a provider of automated cybersecurity threat protection. “Whether exploiting a vulnerability on an unpatched web server, sending a malicious file through email enticing a user to click on it or tricking an employee to give you their password, anything goes.”
CYBERCRIME INVESTIGATOR This job could appeal to fans of crime shows
42 CYBERsecurity
INCIDENT RESPONDER After cyberattacks, victims call the authorities, including incident responders, who are digital EMTs. “When a company is facing a massive cybersecurity attack or realizes there’s been a data breach, incident response teams are the ‘first responders’ who
come in to help them shut down the attack, investigate what happened and strengthen their systems against future attacks,” says Wendi Whitmore, global lead of incident response and intelligence services at IBM, which she describes as a “cybercrime scene investigation unit.”
the latest hacks happening on your network and beyond. You observe common exploits, analyze them, identify large-scale patterns and then relay those back to security teams so that they know what malicious behavior to look for.”
THREAT HUNTER THREAT RESEARCHER Threat researchers are the translators of the cybersecurity world. Their job is to take the complicated IT language and decode it for businesspeople. “If cybersecurity were a football analogy ... threat researchers like me are the coaching staff that breaks down the biggest plays in the game,” explains Curtis Jordan, lead security engineer and threat researcher at TruSTAR Technology, which, through its security intelligence platform, allows companies to share information about cyberthreats. “Being a threat researcher gives you a front-row seat to
Cybersecurity is a game of cat and mouse. As a threat hunter, you’re the cat. “This role is close to that of a field biologist, as the threat hunter observes their prey — third-party attackers — in the wild,” says Kayne McGladrey, director of information security services at Integral Partners, a cybersecurity firm whose specialty is identity and access management, and a member of the Institute of Electrical and Electronics Engineers. “Threat hunters set traps and snares that appeal to (cybercriminals) and lead to fake computers where the threat hunter can monitor an attacker’s behavior before shutting down the breach.” l
GETTY IMAGES
PENETRATION TESTER
and detective novels. “Cybercrime investigators ... are hired to investigate cybersecurity crimes,” explains Jeff Friess, practice leader of the cybersecurity division at Global Executive Solutions Group, an executive search firm. “For example, Equifax, one of the largest credit bureaus, was penetrated in 2017 and personal data for 145 million people was compromised, including Social Security numbers. Cybercrime investigators would work to figure out who did the hack and help bring them to justice — just like the FBI would investigate a homicide.”
ABOUT US
Cybersecurity degrees online from a recognized leader Get Started
>> First University in Texas to receive the NSA’s highly prestigious National Center of Academic Excellence in Cyber Operations certification. >> Designated as an NSA National Center of Academic Excellence in Information Assurance/Cyber Defense Research and Education. >> More than a dozen faculty members conducting research in all aspects of cyber security. >> Cyber Security grants totaling $50 million in the last 12 years. >> Up to $50,000 individual scholarships for US-based students available through the CyberCorps : Scholarship for Service (SFS) Program.
OUR DEGREE PLANS INCLUDE:
>> Undergraduate Minor in Information Assurance >> MS & PhD in Computer Science with a specialization in Information Assurance
VISIT US AT
CSI.UTDALLAS.EDU
WANT TO MAKE A DIFFERENCE? Earn your Bachelor of Applied Science degree in
IT NETWORKINGCYBERSECURITY ONLINE: Beginning Fall 2018 Whatcom Community College was named a National Center of Academic Excellence in Cyber Defense 2-Year Education (CAE-2Y) in 2011 and again in 2014 – one of the first community colleges in the United States to earn this distinction, with curriculum mapped to the National Security Agency’s latest requirements.
Apply now!
whatcom.edu/CyberBAS
Partial support for this work was provided by the National Science Foundation under Award No. DGE-1623566.
MAT TERS
SO MUCH CYBERSECURITY, WE CAN BARELY CONTAIN IT. People like to think quality beats quantity. But the way we see it, why choose, when you could have both? We’re RSA Conference. And every year, we play host to over 700 acclaimed experts and thousands of infosec professionals from around the world. So go ahead, set your standards high. RSAC 2018 will not disappoint. Here’s why: •
More than a dozen keynotes from industry experts like Brad Smith of Microsoft, Samir Kapuria of Symantec and more
•
Over 650 of cybersecurity’s top exhibitors, including Alsid, FireEye and Promon
•
Relevant seminars, tutorials and trainings, and more immersive learning opportunities
•
550+ sessions to keep you on the cutting edge of your field
Can we count you in? Visit www.rsaconference.com/usatoday18 by April 13 to register for RSAC 2018 and get $300 off your Full Conference Pass. Secure your Pass today: Visit www.rsaconference.com/usatoday18
Follow us on: #RSAC 44 CYBERsecurity