Merritt College Cybersecurity Career Day, Nov. 2

Instructor Panel Announced: Teaching Students Cybersecurity Skills Required for the Future

To ensure an excellent cybersecurity program at your business or organization, you
must have top talent. And with more focus than ever around security in a digital world, an IT talent gap looms on the horizon as industry works to recruit top candidates to fill a fast-growing number of security roles.

On Nov. 2, Merritt College will host its Cybersecurity Career Day in Oakland, Calif. By melding thought leadership panels and candidate networking, this event will help business leaders understand the future cybersecurity landscape and connect to students preparing to enter the workforce. I am particularly excited about the Instructor panel that has just been announced, which will focus on teaching cybersecurity skills for the future.

• Tim Mather, PatternX
• Brian Zaugg, Authentic8
• Omer Ayfer, Ayfer Network LLC
• Beverly Brooks, Adjunct Instructor at Merritt College

This instructor-led panel will be crucially important as it will explore the areas of concern that business and organization IT leaders face to staff for cybersecurity in a shrinking pool of talent. And talent is what makes this cybersecurity program special. Learn more about the program.

The Career Day event underscores the important role IT and cybersecurity experts will play in the global economy moving forward with panelists sharing unique insights based on years of real-world experience. While there is no cost to attend, space is limited. If you’d like to reserve a spot, please email your name, company name and contact information to info@ciseeducationfund.com.

Mark Egan

Solving the Cybersecurity Talent Paradox

CISO Panel Announced, Future of Cybersecurity Career Day Nov. 2 at Merritt College in Oakland, 

Every day it seems like headlines report about jobs being replaced by AI and other transformative technology.  While some types of jobs may see change, other areas, like cybersecurity, will see incredible growth in coming years. By 2021, it is estimated that there will be 3.5 million cybersecurity positions available in the U.S., while college institutions are expected to matriculate only 35,000 students with a Bachelor’s degree in computer and information services. Regardless of the latest trend or newest tech, one thing is clear: cybersecurity will be increasingly important to business and talent that is on the cutting edge will be in high demand.

To help industry identify and fill this gap, the faculty at Merritt College has teamed with Consortium of Information Systems Executives (CISE) to develop a fully accredited, two-year Associate of Science degree in Cybersecurity.  On Nov. 2, 2018, the College will host a Cybersecurity Career Day in Oakland, Calif.  Attendees will have the opportunity to meet highly-qualified students and learn firsthand of their training, experience and determination to enter the cybersecurity field.

CISO Panel Announced:

During the event, thought leaders will be part of an engaging Chief Information Security Officer (CISO) panel that will offer companies and students important insights into the future of cybersecurity and the coming IT talent crisis. The panel includes:

• Eddie Borrero, Robert Half
• Jimmy Sanders, Netflix
• Michael Armer, Barrick Gold Corporation
• Kwame Fields, Federal Home Loan Bank of San Francisco

This event underscores the important role that IT and cybersecurity experts will play in the economy moving forward. Our stellar panel will share unique insights for industry and job seekers based on years of real-world experience. While there is no cost to attend the event, space is limited. If you’d like to reserve a spot, please email your name, company name and contact information to info@ciseeducationfund.com.

Merritt College Comes In Fourth Competing In Its Third Year At National Cyber League

This year our Merritt College Information Security students competed in their third year at the National Cyber League, coming in fourth place among 175 schools entered in the competition. Over the last three years, our students have been participating in this competition in consecutively more challenging levels, moving from bronze, to silver, and now competing this year at the gold level. We’re very proud of our team, beating out all these other schools, and these victories attest to the power of our program and the skill sets these students have to offer.

As a recap, the CISE Security Program at Merritt College  is a fully accredited two-year degree program that is the result of a partnership with Merritt  College and the Consortium of Information Systems Executives (CISE). The program is a huge win in working to solve the cybersecurity crisis and has the support of Congressman Ro Khanna. Our objective is to place graduated (and soon-to-be-graduated) students within companies in the Silicon Valley. We’re looking for companies that are progressive and innovative in their approach to solving the cybersecurity issue.

We have students available for full-time and internship positions.

Please contact me and I will put you in  touch with students.

Mark Egan

 

 

 

Leveraging Actionable Intelligence to Mitigate Risk Within Your Enterprise

I recently hosted a panel with leading CISOs from around the world. We delved into how “Leveraging Actionable Intelligence to Mitigate Risk Within Your Enterprise” can be approached from a set of common points and differences. We opened with an overview of ideas that led to each panelist posing their own comments and questions with initial answers. The comments and questions below recap our discussion flow, and provide a current base for understanding the breadth and context of mitigating cybersecurity risks.

Panel Opening Comments

• Security threats are increasing both in frequency and complexity
• Security leaders need to be proactive in this area and put programs in place (people, process, and technology) to protect critical assets
• We have assembled a panel of experts in this area and our goal is to provide recommendations that you can immediately use when you return to your office

Initial panelist comments

As predictive analytics matures, we may see significant improvement in the value of threat intelligence data.

• If you’re spending money on Threat Intelligence, you must have first solved a lot of common problems, such as patch management.
• Be realistic about what you expect to get from Threat Intelligence. Are you looking for Indicators of Compromise? Attribution? Predicting the next attack? Understand the limitations of the various types of Threat Intelligence data.

Second panelists comments

• How does the actionable intelligence change as you move “up the stack” or away from the stack (to human)?
• How is the IoT changing the “actionable” part of actionable intelligence?

Third panelist

Leveraging actionable intelligence is the process of gathering analytics based on the identification and collection of relevant threat information. Unfortunately, threat intelligence is an elusive concept for many companies. By 2020 there will be 50 billion connected devices. There are not enough cyber specialists now to handle current security issues, so businesses need to leverage actionable intelligence and analytics for companies to protect themselves.

• Should threat intelligence be managed internally by companies?
• When threat intelligence is accumulated what is the important information for the c suite?
• What are the company’s concerns regarding their employees in leveraging actionable intelligence?
• How does actionable intelligence apply to regulatory compliance?

Fourth panelist

How do we deal with the increasing scale and frequency of attacks, and threat actors that far outstrip our budgets and resources? Traditional information security methods within the enterprise are not a match for any of the above seven events.

Threat intelligence provides a possible way to get ahead of these threat actors and threats — to have intelligence on the threats. But, threat intelligence is a new data source, another fire hose of information that requires analysis. And it has a different nature from traditional tools. We’ll only get value out of the threat intelligence information if we properly analyze it and make it actionable.

Mark Egan

@markeegan

@StrataFusion

Improve Your Information Security Program and Give Back to the Community

We are very excited to announce that Merritt College in Oakland, CA has graduated its first Information Security class. Merritt College serves the San Francisco Bay Area Central East Bay School districts, which include students from less advantaged backgrounds. The Merritt College Information Security program is a fully accredited A.S. degree with majors in Applications and Infrastructure Security. This program has been two years in the making and results from the partnership with the CISE CIO organization, Merritt College, and CIO’s/CISO’s from leading San Francisco Bay Area companies.  Please find a fuller summary of the program below:

• Courses are designed and delivered by security thought leaders from leading companies including Symantec, Wells Fargo Bank, and McAfee
• Security program includes 30 credits of Information Security classes, hands on labs, and internships with Bay Area companies
• Class projects include forensics of a pharmaceutical organization that suffered a security breach, securing systems on Amazon Web Services, and developing Information Security strategies

We are now looking to place these graduates into Information Security roles with leading companies and organizations. Contact Mark Egan if you are interested in hiring our students to improve your Information Security programs.

 

Introducing the New Merritt College Applications and Infrastructure Security Program

Merritt College Information Security Students Place 2nd in 2015 National Cyber League Competition

The frequency and virility of cyber security attacks, and the damage they cause to a number of industries, with millions of dollars lost, and with threats to personal safety, is something that bombards us in the news weekly.  Security is top of mind today; everybody is worried about security. I’ve made it part of my professional and personal mission to help companies protect their critical assets, and also teach information security best practices.

This past year I have spent a lot of time building up a new program to train the next generation of cyber security professionals. Working with Merritt College in Oakland, CA, we have designed a two-year associate’s degree in Information Security that includes a fully accredited degree.

The program covers all aspects of security, and students can major in application security or infrastructure security. Our first class of students will graduate this May. And the students from this class also recently placed 2nd in the 2015 National Cyber League Competition, beating out 125 other colleges and universities across the country, applying what they’ve learned in the classroom and internships with local companies.

We are looking for jobs for these students, and if you’re looking for security staff, we are here to help. Email me to connect with these students to learn more.

Mark Egan

follow me on Twitter: @markeegan

Our Take on the Top Tech Trends

Later this week, the Churchill Club will hold its 17^th Annual Top 10 Tech Trends debate. This kind of debate is just our thing, so the CIOs and CTOs here at StrataFusion are putting forward trends we expect to see. We’re looking forward to hearing whether the Churchill Club’s guests agree.

Internet of Things (IoT): Trends we expect include the incorporation of Radar into IoT and the ubiquity of Location-Aware Technology. Applications that rely on data and analytics from sentient machines: smart machines with artificial intelligence that are location-aware will be everywhere. Service businesses based on this technology will thrive.

Information Security: There is no denying the urgency behind increasing information security. The industry will strike a balance between security and ease-of-use by accepting “second form of authentication/tokens” as standard business procedure. Today we err on the side of ease-of-use but continued data losses will force a behavior change.

Commerce: We expect to see significant advances in commerce and banking innovations that address developments in the sharing economy, mobile commerce, micro-banking and micro-outsourcing.

Income Inequality: Technology has been a significant driver in the acceleration of income inequality, and the potential risks that could pose to economies and social structures around the world. We are interested to see how technology can become a driver in reversing this trend.

Home/Personal Tech: This space is still a mess. The Internet, digital reproduction and storage technology, new distribution models and standards have all had a hand in throwing this industry into turmoil. We believe we’ll see tech companies find a way to streamline this experience for the everyday consumer while protecting the rights of content creators.

Personal/SMB Payments: The emergence of new payment instruments such as Bitcoin and new payment methods such as Apple Pay could disrupt large parts of the payment and money transfer markets.

We also see an increased role for robotics (including drones) and wearables (beyond your wristwatch). Battery technology is on our list to watch, given we have been on the cusp of a breakthrough in battery technology for decades now.

Trusted Information Security

How Safe is YOUR Information?

3 Simple Tips to Improve Your Information Security Program

By Mark Egan

1. Know who can access your systems
2. Keep your hardware and software current with security updates
3. Monitor your network for suspicious activities

Every day we hear about information security issues and the associated business impacts.  We are talking billions of dollars from data breaches, stolen valuable IP, and compromised sensitive information.  While legislators are busy “thinking” about how they will “help” protect us, I recommend that you focus on three areas that will greatly improve your information security program to minimize negative business impacts.

First and foremost, do you know who can access your systems?

This may seem like a simple question, however, our experience is that organizations do not do a very good job of managing personnel and systems access, especially non-employees. Make sure that only authorized personnel can access your systems and have an ongoing process to maintain personnel additions and deletions.  Recently, a major retailer experienced a security breach of 40M credit/debit cards that was a result of credentials being compromised that were provided to their air conditioning vendor.

Second, are you keeping your hardware and software current with the latest security updates?

These are generally provided free of charge by the vendors. Establish an ongoing process to ensure that occur on a regular basis to mitigate risks.  Take for example the “Heartbleed” bug that exposed about 17%, or half a million, certified secure web servers to encryption vulnerability and information theft. SANS Institute, a cooperative research and education organization dedicated to information security solutions, provides a wealth of free information on best practices for patching hardware and software (www.sans.org).

Finally, do you monitor what is going on within your network?

You would be surprised at what we found working with clients just starting to implement their security monitoring systems; everything from employees accessing inappropriate web sites to hackers that steal valuable IP and operate undetected.  You might consider having a third party provide this service for you, if you do not have the in-house capability.

StrataFusion has worked with several public and private organizations over the past year and we have found these simple security measures have not been addressed within their organizations putting them at risk.  The simple tips presented are not expensive to implement and provide considerable improvements to your information security program.

Start protecting your information today – learn more.

StrataFusion Security Practice

Read more.

Mark Egan’s Guide will walk you through the process.

The Executive Guide to Information Security: Threats, Challenges, and Solutions