Reflections on Black Mirror – Cautionary Tale about Tech in Our Lives

Streaming media has taken over from network TV. Among the many shows we’ve binged on Netflix, one of our favorites is Black Mirror.

Each episode is a unique story, much like The Twilight Zone and others long ago. Uniquely, the Black Mirror stories are each cautionary tales about technology in our lives – the risks of misuse, loss of privacy, loss of intimacy.

One episode for example follows a mother who tracks her daughter through an implant and tablet app that allows for real-time geolocation and vitals, but also displays what her daughter sees and even blocks disturbing content from her vision. Other episodes also extend the reach of today’s technology to fictionalize uncontrollable security robots, intrusive virtual dating apps and other scenarios that focus generally on the dark side of ‘future’ technology adoption by consumers. In nearly every episode, the focus is on consumer devices, phones, pads, sensors, and the use of massive amounts of machine data spewing from these devices, shown for either better or usually detrimental impacts on the individual.

In reality, even with the technology – devices, software, analytics and machine learning we have today, we face these ethical dilemmas. My kids, both millenials, give their data freely, and expect to gain advantages from its mining. And having worked at Splunk, understanding the potential of ‘big data” analytics and artificial intelligence, I am of like mind. Sharing freely with attendant benefits outweighs security concerns – the exception being behaviors which can directly lead to identity theft.

A recent news show segment  featured a British security expert explaining what data we are sharing via Fitbit and similar devices, how our whereabouts and travels could be shown on a heat map, what implications that has for military personnel, etc. Yet the benefits of using a Fitbit and openly sharing geolocation and your vitals is well established. Another positive example of using analytics and AI to mine data for its potential was highlighted in a show about Chicago police, social workers, and clergy who have teamed together to mine data collected on potential felons in order to predict criminal behavior by these individuals (yes, without the imprisoned beings depicted in Minority Report!). Once they have a list of high risk subjects, a member of the police squad, a social worker, clergy, etc. actually visit the subject at home and try to convince them to enter into counseling, job training, and other programs. It’s not even at a 50% acceptance rate, but every point on that graph matters, and lives are saved. These points offer some light to go with what is often assumed to be a darker path via big data. And the implications for running a better business, endless!

Doug Harr

Career Showcase – Meet and Hire the Future of Cybersecurity Friday, March 23 at Merritt College in Oakland

With an increasing number of cyber security threats and an estimated 1M security positions open today, the tech world is facing a crisis.  To address these issues, the Consortium of Information Systems Executives (CISE) CIO group has worked with Merritt College in Oakland to develop and launch a fully accredited two-year degree program

Summary of program is below:

  • The CISE program at Merritt College is the only California community college that offers an Associate Degree in Information Security.
  • Our success was recently showcased when students from our program recently placed 4th in the Gold Bracket (highest level) against over 175 schools in the annual national Cyber League competition.
  • Courses designed and co-taught by security industry experts from leading San Francisco Bay Area companies
  • Program includes “hands on” labs to develop student’s technical security skills
  • Internships with San Francisco Bay Area companies to work in information security field while students study for their degree
  • Class projects include forensics of a pharmaceutical organization that suffered a security breach, securing systems on Amazon Web Services, and developing Information Security strategies

Agenda: 9:00-3:00

  • Welcome and introductions
  • CISO Panel on how to address our security staffing crisis
  • Keynote Speaker: Congressmen Ro Khanna from Silicon Valley
  • Merritt Faculty panel on information security skills required for staff in the future
  • Merritt Student panel on putting together winning team at NCL completion
  • Meet students from program


You will get a chance to meet our students and talk with them firsthand about the training and solutions they would bring to your company.  We are focused on placing these students with leading Silicon Valley and Bay area companies where they can apply their knowledge and training around cybersecurity.  Please participate to demonstrate that your company is a great place for cyber security professionals to begin their career, your commitment to improving diversity in the workplace and to support our local community. Please contact to register for the event.

Mark Egan

Merritt College Comes In Fourth Competing In Its Third Year At National Cyber League

This year our Merritt College Information Security students competed in their third year at the National Cyber League, coming in fourth place among 175 schools entered in the competition. Over the last three years, our students have been participating in this competition in consecutively more challenging levels, moving from bronze, to silver, and now competing this year at the gold level. We’re very proud of our team, beating out all these other schools, and these victories attest to the power of our program and the skill sets these students have to offer.

As a recap, the CISE Security Program at Merritt College  is a fully accredited two-year degree program that is the result of a partnership with Merritt  College and the Consortium of Information Systems Executives (CISE). The program is a huge win in working to solve the cybersecurity crisis and has the support of Congressman Ro Khanna. Our objective is to place graduated (and soon-to-be-graduated) students within companies in the Silicon Valley. We’re looking for companies that are progressive and innovative in their approach to solving the cybersecurity issue.

We have students available for full-time and internship positions.

Please contact me and I will put you in  touch with students.

Mark Egan




Leveraging Actionable Intelligence to Mitigate Risk Within Your Enterprise

I recently hosted a panel with leading CISOs from around the world. We delved into how “Leveraging Actionable Intelligence to Mitigate Risk Within Your Enterprise” can be approached from a set of common points and differences. We opened with an overview of ideas that led to each panelist posing their own comments and questions with initial answers. The comments and questions below recap our discussion flow, and provide a current base for understanding the breadth and context of mitigating cybersecurity risks.

Panel Opening Comments

  • Security threats are increasing both in frequency and complexity
  • Security leaders need to be proactive in this area and put programs in place (people, process, and technology) to protect critical assets
  • We have assembled a panel of experts in this area and our goal is to provide recommendations that you can immediately use when you return to your office

Initial panelist comments

As predictive analytics matures, we may see significant improvement in the value of threat intelligence data.

  • If you’re spending money on Threat Intelligence, you must have first solved a lot of common problems, such as patch management.
  • Be realistic about what you expect to get from Threat Intelligence. Are you looking for Indicators of Compromise? Attribution? Predicting the next attack? Understand the limitations of the various types of Threat Intelligence data.

Second panelists comments

  • How does the actionable intelligence change as you move “up the stack” or away from the stack (to human)?
  • How is the IoT changing the “actionable” part of actionable intelligence?

Third panelist

Leveraging actionable intelligence is the process of gathering analytics based on the identification and collection of relevant threat information. Unfortunately, threat intelligence is an elusive concept for many companies. By 2020 there will be 50 billion connected devices. There are not enough cyber specialists now to handle current security issues, so businesses need to leverage actionable intelligence and analytics for companies to protect themselves.

  • Should threat intelligence be managed internally by companies?
  • When threat intelligence is accumulated what is the important information for the c suite?
  • What are the company’s concerns regarding their employees in leveraging actionable intelligence?
  • How does actionable intelligence apply to regulatory compliance?

Fourth panelist

How do we deal with the increasing scale and frequency of attacks, and threat actors that far outstrip our budgets and resources? Traditional information security methods within the enterprise are not a match for any of the above seven events.

Threat intelligence provides a possible way to get ahead of these threat actors and threats — to have intelligence on the threats. But, threat intelligence is a new data source, another fire hose of information that requires analysis. And it has a different nature from traditional tools. We’ll only get value out of the threat intelligence information if we properly analyze it and make it actionable.

Mark Egan



The New Crisis in Cybersecurity


By Mark Egan

There is a new crisis in Cybersecurity.  A recent article highlights the current lack of trained Information Security professionals and ties this lack to the digital revolution and other technology advances, leading to “mega-breaches on an unprecedented scale.” Stealing IP has become a billion dollar business; couple that with the fact that it is also much easier to break into a system than protect it.  All the criminal needs to do is to find one hole in your environment and they can slip in. Why there is a dearth in Cyber Security professionals and what can be done about it I have outlined briefly in a few key points here.

One of the biggest reasons why there are fewer trained security professionals is due to the fact that the Office of the CISO is still a relatively new organization, compared to that of the CIO, which role has been around for significantly longer.  CIO titles started in the 80’s when Information Technology became a critical component of daily business operations. The CISO title is more recent and in 2006 only 43% of large organizations had a CISO. This has changed over the past 10 years and now most larger organization now have a formal security function and overall leader.

However, companies show a trend of being focused on hiring very experienced security staff externally, as opposed to developing and training individuals internally.  It would be more effective to take existing staff and train them, or hire in trained entry level professionals who you can develop.

Going Forward

The solution to Information Security is that companies have to develop their existing staff and then cultivate a mindset where everybody is “mindful” – like a Neighborhood Watch, where everyone is involved in the program. Most attacks still originate from phishing email – someone clicks on an email, and that email comprises that machine. And once they compromise that machine, they move laterally within the environment to elevate to a privileged level of access.  So if you have Neighborhood Watch, everybody is on alert. When they see the suspicious email, they notify someone, and through this behavior you can build and grow and perpetuate a more “security aware” program.

Ultimately security is a people issue. To this effect we created the Merritt College Information Security program as a fully accredited A.S. degree with majors in Applications and Infrastructure Security. The program has been two years in the making and serves the San Francisco Bay Area East Bay School districts, which include students from less advantaged backgrounds. It results from the partnership with the CISE CIO organization, Merritt College, and CIO’s / CISO’s from leading San Francisco Bay Area companies. The program provides trained, entry level security professionals from which an organization can then expand on and develop other existing staff internally.

They are currently for hire; please contact me for more info.

Information Security Training: Merritt College Enters Its Third Year


Merritt College logo

Merritt College in Oakland, CA will start its third year of classes this Friday, August 26.

We’re excited to be entering the third year of this program, having graduated our first set of students this past June 2016. The Merritt College Applications and Infrastructure Security program (as a reminder) is a fully accredited A.S. degree with majors in Applications and Infrastructure Security.

This program results from partnership with the CISE CIO Organization, Merritt College, and CIO’s/CISO’s from leading San Francisco Bay Area companies. These groups have given their time and expertise toward building up this program from its inception. Donations from the CISE CIO group now amount to $130K, and with this amount, we have developed the current curriculum and put a new cybersecurity lab in place.

This program and its impact couldn’t be more timely, given that one of the biggest threats to companies is a lack of trained cybersecurity professionals.

You can find an overview of program here.

We are also looking to place our recent first class of June graduates into Information Security roles with leading companies and organizations. Please contact Mark Egan you are interested in hiring our students to improve your Information Security programs.

Improve Your Information Security Program and Give Back to the Community

Merritt College Cybersecurity Students In Action

We are very excited to announce that Merritt College in Oakland, CA has graduated its first Information Security class. Merritt College serves the San Francisco Bay Area Central East Bay School districts, which include students from less advantaged backgrounds. The Merritt College Information Security program is a fully accredited A.S. degree with majors in Applications and Infrastructure Security. This program has been two years in the making and results from the partnership with the CISE CIO organization, Merritt College, and CIO’s/CISO’s from leading San Francisco Bay Area companies.  Please find a fuller summary of the program below:

  • Courses are designed and delivered by security thought leaders from leading companies including Symantec, Wells Fargo Bank, and McAfee
  • Security program includes 30 credits of Information Security classes, hands on labs, and internships with Bay Area companies
  • Class projects include forensics of a pharmaceutical organization that suffered a security breach, securing systems on Amazon Web Services, and developing Information Security strategies

We are now looking to place these graduates into Information Security roles with leading companies and organizations. Contact Mark Egan if you are interested in hiring our students to improve your Information Security programs.