header partial here

Request Info

1st step 2nd step 3rd step
Provide your information below and an Admissions Advisor will contact you shortly to answer your questions about UAT and your Advancing Technology degree program of interest.

 
 
Next
Previous
 
Next
University of Advancing Technology (UAT) is pleased to provide you with additional information about the college and its programs. By hitting submit, you give us permission to use either direct-dialed, autodialed and/or pre-recorded telemarketing to call or text you at the phone number you provided. Please note that such consent is not required to attend UAT.
Previous
 
Submit

ABOUT UAT
University of Advancing Technology is an elite, private college that serves its student body by fostering knowledge creation and academic excellence in an environment that embraces the young technophiles of the world. With three centers of research and a suite of technology-centered undergraduate and graduate degrees, the University is a recognized leader in technology education.

Learn More About UAT

    Life Saving Skills Learned at C2 Event


    Training for Situations, Hoping They Never Happen On Monday, May 16, 2022, UAT student Emilio Cress and Professor ...

    Training for Situations, Hoping They Never Happen

    On Monday, May 16, 2022, UAT student Emilio Cress and Professor Aaron Jones participated in a local escape and evasion course put on by C2Tactical, a local range and training facility. Students were afforded an opportunity to learn about several methods of restraint that have been used in kidnappings and methods by which those restraints could be broken or otherwise defeated. This included zip ties, duct tape, handcuffs, and rope. A briefing on the types of restraints, their uses and weaknesses, and the methods by which they are deployed by the bad guys was demonstrated through both presentation as well as hands on experience.

    "I like the fact that we can empower our students with skills that could potentially save their lives. We talk about cyber security every day, but the world is a dangerous place and it seems to always be growing more so. Students have to make a decision on what extra curricular items they want to participate in and, by providing opportunities like this, UAT is putting the safety and security of our most important assets first," Professor Jones spoke when asked why he was at the event with his student.

     

    {% video_player "embed_player" overrideable=False, type='scriptV4', hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False, hidden_controls=False, loop=False, muted=False, full_width=False, width='1080', height='1920', player_id='74413131611', style='' %}

    "Any knowledge learned is still knowledge and time well spent. Realistically, will I ever use the skills I learned in the course? Hopefully not. But for taking two hours out of my day, I learned the skills that could potentially save me from a life-threatening situation. This isn't curriculum that is typical of most universities, and there might even be a taboo around being taught these things, but I am thankful to Professor Jones and UAT for allowing other students and me the opportunity to get out and learn skills with real life applications," shares Emilio about his experience at the C2 event.

    Physical security is in the same realm as cyber security. We spend hundreds of hours learning how to secure our home network, but never just our home.


    UAT cyber student project (1080 x 1920 px) (1200 x 800 px) copy 3-jpg

    Interested in studying cyber security? UAT Network Security degree students use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    read more
    less

    Meet Hunter Autrey, Cyber Security Alum


    From Schooling to Career We caught up with recent graduate, Hunter Autrey, and asked about his post-graduation plans. Here's what he shared: After completing college and getting my Bachelor’s in ...

    From Schooling to Career

    We caught up with recent graduate, Hunter Autrey, and asked about his post-graduation plans. Here's what he shared:

    After completing college and getting my Bachelor’s in Network Security, I am finally starting off my career as a Network Administrator. This is going to be my first “real world” job, and I couldn’t be more excited to start out with this opportunity. The company that I am working for has put me through eight weeks of training to really get the knowledge and information flowing. After training, I continue into the work force where I''ll be securing the network and and making sure it's working appropriately—monitoring network performance (availability, utilization, throughput, goodput, and latency), testing for weaknesses, installing and integrating new hardware, and even keeping an eye out for any out-of-date software needing to be updated.

    Without the help of UAT, the courses they offered, and the accelerated and easy to work with classes, I would not be where I am today. Every teacher that I had has helped me more than I could ever ask for. There were lots of opportunities for me to go outside of class time to go set up servers, teach kids and parents about UAT and Network Security program, and just asking teachers for tips and tricks on how to do certain things. Aaron Jones really went out of the way for all his students. He shows that he cares for us and that he always tries to get us cool and exciting opportunities to get a good network going. Aaron pushed me to apply for the Greater Phoenix Chambers Cyber Security externship in which I got a good network going and learned so much about different companies and how they utilize their cyber security.

    I couldn’t be grateful enough for everyone here at UAT who has pushed me to do my best to be able to succeed in my studies and get to where I am at today. All the hard work over the past 2 years 8 months has been well worth it, and I now know that if I put my mind to a certain project or objective, that I can get that work done. Going into this field I know that I am never going to stop learning. Learning is something that I thrive to do and I will push myself until I am know in the cyber field and am doing the best I can!

    IMG_1938

     

    read more
    less

    The Beginning Beginners Guide to Linux


    What is Linux? Linux is an operating system for cars, phones, supercomputers, and home desktops. You can use Linux and probably have used it on any number of devices since the mid 90's. Most of the internet functions because of Linux and all the world's top supercomputers are running Linux as well. It...

    What is Linux?

    Linux is an operating system for cars, phones, supercomputers, and home desktops. You can use Linux and probably have used it on any number of devices since the mid 90's. Most of the internet functions because of Linux and all the world's top supercomputers are running Linux as well. It is the secret sauce that makes the world of business and science go round.

    The operating system itself is composed of numerous pieces that work in harmony to produce what you see or deal with daily. You will find a bootloader, kernel, init system, daemons, graphical server, desktop environments, and applications when working with Linux and each of these items can be dictated to you or be a deciding factor in choosing your installation method. Hate SystemD but really love a specific desktop environment? You may need to use something like Devuan Linux. Just looking to get your toes into the Linux waters. You can start with Ubuntu or Manjaro.

    You can choose which Linux distribution to start with by self-measuring your skills. Are you a computer novice? You may want to explore Ubuntu. Feeling more confident in your skills? Try Manjaro. Are you a super powered user? Install Gentoo! No matter which distribution you choose, you will find yourself growing and learning and that is the most important aspect of choosing Linux.

    Let us know which copy of Linux you chose! We would love to hear from you.


    SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE

    Network Security degree students will use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    Don't wait. Apply now!

    UAT Cyber SOC

    read more
    less

    Brute Force Attacks


    What does brute force mean? Brute force attacks are a method by which many login attempts are made to gain access to a system. WordPress is a free and open-source content management system that is used by 41.4% of the top 10 million websites on the internet. The two go together perfectly and attackers...

    What does brute force mean?

    Brute force attacks are a method by which many login attempts are made to gain access to a system. WordPress is a free and open-source content management system that is used by 41.4% of the top 10 million websites on the internet. The two go together perfectly and attackers regularly target WordPress based websites using brute force methods.

    Most websites running WordPress follow some simple rules. One of those rules is that the login page can be located at the "domain.TLD/wp-login.php" URL and that many of the setups are poorly configured without much in the way of security or preventative maintenance. Therefore, you can use some commonly available tools to quickly attack these sites to gain access to the underlying administration panel beneath.

    There exist tools such as WPForce that can be ran in combination with a Username List as well as Password List to brute force these sites. While some individuals will rightfully state that this type of attack is also referred to as a Credential Stuffing attack, they cannot argue that it is not effective and simple. You simply load up your application, pass on your credentials, and wait for confirmation—or pivot—if you discover your method is not going to work on that site.

    Once you have gained access to the website, you can next use the tool Yertle to attain persistence, activate meterpreter, load a keylogger, dump all of the hashes for the current passwords, and get the database credentials. This is a one stop shop for attackers and the tools themselves are simple to use. Yertle and WPForce are written in 96% Python and 4% JavaScript.

    How do you fight it?

    Individuals interested in protecting their webservers, developing defenses against these attacks, and preventing brute force or credential spraying attacks must understand the tools used to conduct the attacks themselves. By familiarizing yourself with these tools and their use, you can strategize how to defend yourself from the danger they pose.

    7-2

    Interested in studying cyber security? UAT Network Security degree students use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    read more
    less

    Surveillance Capitalism: The Cost of Data


    Watching for a Pay Day Surveillance capitalism is the act of earning money from surveillance in the simplest terms. Large companies who have access to massive data sets can reduce uncertainty and identify the probability that a future action will be taken by people. Many of these companies are...

    Watching for a Pay Day

    Surveillance capitalism is the act of earning money from surveillance in the simplest terms. Large companies who have access to massive data sets can reduce uncertainty and identify the probability that a future action will be taken by people. Many of these companies are collecting data about people in bulk, distilling it, and reselling that data to advertisers or companies to assist them in bolstering their ability to sell products.

    The secondary use for large data sets is surveillance. If you can collaboratively build a dossier or database on someone, it is not a large stretch to apply the knowledge you have gained to matters of national security. However, this massive gathering of data that was once the business of governments is now being used by corporations and this has shifted the power structure tremendously from the government towards these organizations.

    PokemonAn excellent and often cited example of surveillance capitalism is the game Pokémon Go. Pokémon Go is a game in which your location is tracked constantly, and your behavior distilled as you are provided "Pokemon" and other rewards for your efforts. This data can then be used to match photographs, time spent, network connections, phone activities, and more to a database that can then identify what products are more likely to sell to you and when and how they should be advertised.

    Understanding how technology works, what the uses for that technology are, and how our privacy intersects with our comfort is of utmost importance. As a cyber instructor a the University of Advancing Technology, I take privacy and security very seriously, and our classes are designed to make you ask and answer some of the toughest ethical questions in the industry. 

    Surveillance 2


    Earn a Degree In Cyber Security at UAT

    UAT offers a Master’s of Science in Cyber Security, as well as bachelor’s degrees in Network Engineering, Network Security, and Technology Forensics. Our Cyber Security Degree for Ethical Hackers and Network Security Curriculum has been certified through the NSA/DHS National Information Assurance Training Program in Information Assurance and Cyber Defense.

    read more
    less

    Dealing with Identity Theft


    "Identity theft is not a joke, Jim!" Preventing identity theft can sound like a daunting task. We live in an era where our data is being gathered, saved, combed through, and redistributed at the speed of light—and somewhere during all of that it is often being lost of...

    "Identity theft is not a joke, Jim!"

    Preventing identity theft can sound like a daunting task. We live in an era where our data is being gathered, saved, combed through, and redistributed at the speed of light—and somewhere during all of that it is often being lost of improperly stored. This has increased the likelihood that you or someone you know are going to be affected by identity theft in some capacity of the next few years.

    If you discover that your identity has been used to commit fraud, the first step is to report this to the company where you know the fraud has occurred. This could be a credit card, bank, or cell phone provider, but they all have fraud departments, and you should explain that your identity was stolen and request that they close or freeze the accounts. If you owned the account, you should attempt to change logins, passwords, and pins if possible. You may be asked to file a police report, and this can often be done quickly and online through your local police departments website.

    You can then contact Experian, Transunion, or Equifax to report the fraud and ask for a fraud alert to be placed on your accounts. You should need to only contact one as they are obligated to inform each other if there is fraud discovered. Asking for a credit report is a good idea as you may wish to check for accounts or transactions you do not recognize.

    You can also file an identity theft report to the FTC at https://identitytheft.gov and ask them to assist you with creating a recovery plan. The report you file to the FTC provides you a guarantee to certain rights you have as well.

    Further steps will require you to close those bad new accounts, remove bogus charges, correct your credit report, add a free or extended fraud alert to your accounts, and more. You may even need to report a misused social security number, replace government issued IDs, and work to clear your name of criminal charges as well.

    This is a lot of work, but with enough time and perseverance, you can eventually fix the issues you are facing related to identity theft.

    Or...

    Just click this link.

    .

    .

    .

    .

    Did you learn nothing? 😂Identity Theft 2


    Interested in studying cyber security? UAT Network Security degree students use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    read more
    less

    If You Choose To BeReal, Will You Be Safe?


    New Social App Combines Reality with Risks Applications like BeReal and TikTok are often in the news due to security concerns, but most users are ignorant to the dangers posed by these tools. TikTok was released in September of 2016 and BeReal...

    New Social App Combines Reality with Risks

    Applications like BeReal and TikTok are often in the news due to security concerns, but most users are ignorant to the dangers posed by these tools. TikTok was released in September of 2016 and BeReal started sometime in January of 2020. Both applications encourage users to create media of their immediate surroundings and collects a phenomenal amount of data from users.

    Sometime around September 22nd of 2021, a user of TikTok who was working on a military installation created a video of an unknown aircraft or frame. This clip was allegedly shared with Air Combat Command Chief General Mark Kelly who reportedly spent some time studying the video. The creation of this video was considered a grievous OPSEC violation. It is believed the aircraft was US stealth technology currently undergoing testing, which was posted to the Chinese government affiliated platform. It is important to remember that the Chinese passed laws in 2017 that state, "any organization or citizen shall support, assist and cooperate with the state intelligence work in accordance with the law."

    BeReal requests that users create a photo using both cameras on a phone simultaneously that can then be used to create a "more authentic" image of what is happening around the user. Some users refer to it as a more relaxed or "real" Instagram. However, users who deploy this application while in secure facilities or while operating around sensitive data can reveal much more than they expected.

    BeReal1 BeReal2 BeReal3

    Users of these social media applications should be educated on the danger posed by their devices and how important it is to safeguard the data that they are exposed to regularly. Providing images of secure facilities or secret tools can damage the safety and security of the nation and while the applications themselves may only be a means by which data is collected, users of these applications are often deploying them in the wrong place and at the wrong time.


    UAT offers a Master’s of Science in Cyber Security, as well as bachelor’s degrees in Network Engineering, Network Security, and Technology Forensics. If you believe a career in cyber security may be right for you, request information about our degree programs.

    Cyber Security Passion

    read more
    less

    Cyber Students Make Waves at Hack the Port 22


    March 21-25, 2022, students from the University of Advancing Technology (UAT) traveled to Ft. Lauderdale, Florida, to compete in the Maritime and Control Systems Cybersecurity Con, also known as Hack the Port 22. This hybrid cybersecurity event is hosted by ...

    March 21-25, 2022, students from the University of Advancing Technology (UAT) traveled to Ft. Lauderdale, Florida, to compete in the Maritime and Control Systems Cybersecurity Con, also known as Hack the Port 22. This hybrid cybersecurity event is hosted by MISI Academy (a STEM Mentoring Initiative) and DreamPort, and is inspired by U.S. Cyber Command.  

    According to Professor Aaron Jones, UAT’s Cyber Security Program Champion, attendees had an opportunity to attend lectures, speeches, and listen to panel discussions from government and industry leaders. Jeremy Bunce, UAT Cyber Program Support Specialist, led the team of cyber students to take on the challenge. The crew included Sam Roethemeyer, Christopher BarnesJerrod Touchton, Alexzander Rodriguez, and Emilio Cress. Here is Jeremy’s description of the experience:

    “The idea behind the hack the port competition was to simulate hacking into a port. They even had us go into Florida next to a real port to really sell the environment. The event also had physical devices to focus hacking into, such as a gas system, a boat, and even a crane.

    HackThePort3-1

    On the first day, the students where tasked with starting in a foreign trade zone and getting into the network on the boat. This would be like the network version of getting past customs.   

    The UAT students tried two methods of attack: social engineering and making a back door. The social engineering method involved sending an email pretending to be students wanting a tour of their IT room to get the head of IT’s email. Once they got that, they sent an email pretending to be an employee needing their password because the internet was down. This was successful, and they got the head of IT’s username and password. The next step was to find what computer they could use that password for, but they were not successful in that. 

    For making a backdoor, the students were given a computer and had to put a virus on it to let them remotely access it. The first step was being able to log in. After many technical solutions, like getting into safe mode and recovery mode, the team accidentally discovered that the password they needed to enter was “password”. After a laugh, they moved on to getting an Administrator account that would let them write that virus. They were able to do this by being able to run a program called PowerShell and changing the password for the Administrator account, letting them log in. Then students tried to set up a program called RDP on that box to remotely access it. But unfortunately, they were not able to complete that by the end of the first day.  

    On the second day, the team was given access past the foreign trade zone and focused on how to hack the boat. One of the students was able to find a web page that showed the boat’s gas flow. Another was able to remotely control a computer on that boat but needed one more step to have full access. During this effort, a blue team was working on keeping them out, so they had to make sure to be stealthy to not be caught.  

    Here are some additional highlights:

    • Jerrod got privilege escalation by seeing that you could run PowerShell as admin 
    • Team almost set up remote code exploit 
    • Chris worked on setting up a rubber ducky reverse shell in Python 
    • Sam found IP of box by filtering out syn packets only looking for the response
    • Emilio Found the web server I/O by doing a rust scan and looking for a port that Emilio found though Wireshark 
    • Emilio found a website though Wireshark 
    • Jerrod research how to get into natural gas devices 
    • Jerrod got into a HLM website with the default password (monitoring the flow of gas) 

    Overall, the students learned a lot about how attackers get into the system, and all understand where to learn more since they were able to test their skills. And most importantly, they had a blast."  

    Well done to the students who attended and participated! It is important for cyber students to test their skills in games and competitions to prepare themselves for the challenges they will face after they complete their education.

    “We are very proud of our students and firmly committed to developing the best security practitioners that we can,” said Professor Jones. “Our students are involved in missions that matter, and Hack the Port is another method by which we can provide hands on experience and instruction with the intent of preparing students for real life events and exercises.”

    HackThePort2-1 HackThePort4-1


    Earn a Degree In Cyber Security at UAT

    UAT offers a Master’s of Science in Cyber Security, as well as bachelor’s degrees in Network Engineering, Network Security, and Technology Forensics. Our Cyber Security Degree for Ethical Hackers and Network Security Curriculum has been certified through the NSA/DHS National Information Assurance Training Program in Information Assurance and Cyber Defense.

    Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security Bachelor’s of Science degree prepares students to take on the ever-evolving world of information security.

    If you believe a career in cyber security may be right for you, request information about our degree programs. At the University of Advancing Technology, we’re passionate about helping students enter STEM fields and acquire the skills they need to land a rewarding career in cyber security and beyond.

    read more
    less

    Mawadda Abuhamda, Future Cyber Sleuth 


    The University of Advancing Technology (UAT) is made up of smart, innovative students with big goals and the passion to achieve them. At UAT, we like to highlight our students and their achievements.  This month, we talked with student Mawadda Abuhamda about her studies, interests, and what it's like to be a women in stem. Check out our interview with Mawadda to...

    The University of Advancing Technology (UAT) is made up of smart, innovative students with big goals and the passion to achieve them. At UAT, we like to highlight our students and their achievements. 

    This month, we talked with student Mawadda Abuhamda about her studies, interests, and what it's like to be a women in stem. Check out our interview with Mawadda to learn more about how and why she chose a degree in technology!

    Tell us about yourself… where are you from, where did you go to school, etc.?

    I’m from Chandler, Arizona. I’ve lived in Arizona since I moved from California when I was five. I went to online school and EVIT.  

    What started your interest in pursuing a technology degree?

    I got interested in pursuing a technology degree after attending EVIT. At EVIT I studied cyber security. I also participated and won multiple cyber security competitions which made me more interested in continuing my education in the field.  

     


    Mawadda competing for EVIT


     

    What are you studying at UAT and why did you choose that program?

    I learned about UAT from a presentation at EVIT. I’m studying at UAT because I knew I wanted to major in cyber security, and I thought a university that was specific to technology would be the best place for that.  

    What are some of your other interests and activities?

    I really like Instagram; I have 7 Instagram accounts. I also like writing. I write short stories and poems in my free time. I also like archery. I have two recurve bows and practice whenever I get time to. 

    Who is someone you look up to?

    I look up to Yasmin Benoit who is an aromantic asexual activist and a model. I look up to her because I'm asexual, aromantic, and a woman of color like her. She advocates for visibility for asexual and aromantic people of color.

    Do you feel comfortable being a woman in STEM?

    I feel comfortable being a woman in STEM. There are other things that make me different from everyone around me, such as my religion or my race. My gender and the gender of everyone else around me isn’t usually the first thing I notice.  

    What is your biggest obstacle being a woman in tech?

    My biggest obstacle being a woman in tech is that there aren’t many women around, which means the men feel more comfortable making misogynistic comments. I usually try to ignore them, but the comments can be distracting and annoying. 

    What advice would you tell young women considering a tech degree?

    I would tell young women considering a tech degree to not be intimidated by the fact that there aren’t many women in tech.  

     

    Thank you for the advice Mawadda!

    If you're interested in sharing your school journey for a possible feature, email marketing@uat.edu and let us know more about you. 


    See Mawadda in a video created by Digital Video students:

    read more
    less

    How UAT Uses Cloud9


    Cloud-Based Integrated Development The University of Advancing Technology uses AWS Cloud9 to streamline classes, simplify setup for students, and stay at the...

    Cloud-Based Integrated Development

    The University of Advancing Technology uses AWS Cloud9 to streamline classes, simplify setup for students, and stay at the forefront of technology in the industry. Students who are studying at UAT are required to write code, edit scripts, debug, and work with the terminal, but many of them are still in the process of learning how to use Linux or have not developed the skills necessary yet to manage these tasks by hand. Being a student means you still have a lot to learn.

    This conundrum is addressed by UAT through the deployment of Cloud9. Cloud9 is a prepackaged development suite that provides access to many popular programming languages such as Python, PHP, JavaScript, and an array of others. This cloud-based integrated development environment, or IDE, is accessible from anywhere you might find yourself. Home, Office, or the dorms? It doesn't matter; you can get access to a full-featured and seamless experience for working with and developing applications. You can even share your environment with your instructor in real time, allowing YOU to instantly get live feedback and to track each other's contributions.

    UAT is always looking for new ways for our students to succeed and Cloud9 is just one of the technologies that we deployed to make the transition from technology user to technology builder, do-er, developer, and leader all the simpler. You will be able to start new projects quickly, work in a well curated environment that reduces the stress and headache of setup, and give you direct terminal access to your managed EC2 instance. You will be able to quickly and easily access and interact with AWS services.

    Contact a UAT recruiter today to learn more about how we can help you get a head start in the technology world of tomorrow, today.

    FoundersOutside_IMG_7677_logo

    read more
    less

    Local Professor and Students Participate in 40-hour Dignitary Protection Course


    The University of Advancing Technology (UAT) Instructor Aaron Jones participated in a 40-hour Dignitary Protection Course hosted by Karl de la Guerra, Inc and was afforded an opportunity to work with protection agents and law enforcement in an education environment where they studied protective driving, Tactical Emergency Casualty Care, IED recognition, and advanced intelligence topics....

    The University of Advancing Technology (UAT) Instructor Aaron Jones participated in a 40-hour Dignitary Protection Course hosted by Karl de la Guerra, Inc and was afforded an opportunity to work with protection agents and law enforcement in an education environment where they studied protective driving, Tactical Emergency Casualty Care, IED recognition, and advanced intelligence topics.

    Aaron Jones Training-2

    As part of the training, university students were expected to mockup an intelligence brief that could then be used by the protective detail to plan routes, sniff out threats, and prepare for potential emergency situations. Instructor Jones requested permission to include several students from UAT in the intelligence planning phase, and that request was granted.

    Aaron Jones Training-1UAT students immediately sprang into action. A common document was created, addresses were researched, and data was sifted through in a hurry. Students were able to locate photographs of places the protection team would be visiting, discovered potential threats, and used tools like Wigle to map out the EMF footprint of the areas, as well as checked for dead spots in communication. The brief was considered one of the best yet that has been presented in one of these classes.

    Instructor Jones would like to commend the students who participated in this exercise as well as to thank KDI Executive Protection Training for allowing UAT students to work on their field training exercise. Students at UAT expect a quality education experience and are always ready to rise to the occasion when afforded an opportunity to practice their skills, no matter the environment, and developing partnerships with individuals in the executive protection and training field gives our students the ability to better understand the austere and sometimes hostile environments that they need to be able to work within when their cyber skills are needed.

    Read the student testimonials about their experience:

    The amount of hands-on work that we do at UAT has demonstrated to me that I learn and retain a dramatically increased amount of information over just classroom busy work. I have been to two different colleges, both professing hands-on learning. In the last three weeks, I have learned more in a five-hour scenario assisting my professor with the KDI Executive Protection training field exercise than I learned in 2-3 years at other institutions.

    ~Philip Wrighton

    I believe that hands-on experience with network security and intelligence will always weigh more than just going over slides in a sterile classroom environment. The hands-on opportunities that I have experienced at UAT over the last two semesters have been great. Last semester I spent time at Basha High School putting together servers and giving back to my community and this semester I assisted Professor Jones with creating a mock threat brief for KDI Executive Protection Training and their field exercise. Every hands-on experience I participate in at UAT adds another skill to my resume and makes me a stronger cyber security candidate.

    ~Jerrod Touchton

    When I first came to UAT, I was expecting to be able to work on some really cool things, but my expectations were far surpassed. Aaron Jones has introduced me to the world of industry intelligence, and it's been an amazing experience; I now have a much firmer basis for further interactions with the intelligence community, and I am eternally grateful for the opportunity that has been provided for me by UAT.

    ~Micah Turpin

    Thank you to Karl L. de La Guerra, PPS, CLSS and all the cadre at KDI Executive Protection Training for allowing these UAT students to participate in their field training exercise.

    IMG_1937 banner


    Earn a Degree In Cyber Security at UAT

    UAT offers a Master’s of Science in Cyber Security, as well as bachelor’s degrees in Network Engineering, Network Security, and Technology Forensics. Our Cyber Security Degree for Ethical Hackers and Network Security Curriculum has been certified through the NSA/DHS National Information Assurance Training Program in Information Assurance and Cyber Defense.

    Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security Bachelor’s of Science degree prepares students to take on the ever-evolving world of information security.

    If you believe a career in cyber security may be right for you, request information about our degree programs. At the University of Advancing Technology, we’re passionate about helping students enter STEM fields and acquire the skills they need to land a rewarding career in cyber security and beyond.

    read more
    less

    Bet On Cyber Safety


    Gambling Apps Can Risk More than Money The Super Bowl is coming soon, and with sports betting apps now at our fingertips because of the law legalizing sports betting in the state of Arizona, this billion-dollar industry is about to make even more money. There are many options to choose from; Fanduel is the...

    Gambling Apps Can Risk More than Money

    The Super Bowl is coming soon, and with sports betting apps now at our fingertips because of the law legalizing sports betting in the state of Arizona, this billion-dollar industry is about to make even more money. There are many options to choose from; Fanduel is the biggest and most advertised, but there are also Caesars Sportsbook, Draftkings and BetMGM, just to name a few. They allow you to place bets on teams and games, on a win/lose as well as betting on the spread of the game, with just the click of a button.

    Other than the typical gambling risks, these apps are so new that there must be questions about the safety of the apps and the information needed to place these bets, as well as cashing out if you win or choose to do so before you lose.

    sports betting

    According to BetMGM, they collect personal information including bank information, social security numbers, driver’s license numbers, and telephone numbers, but state on their website that they do share information they collect for marketing and non-marketing purposes. There are ways to opt out of the sharing of your information, but it is a process, and most people won’t take the time to do so. Their website also states that while their servers are protected by firewalls and other security measures to protect against the theft of personal information, in the world of technology the hackers are getting better and better. According to a research team for Fierce Wireless, they had a 92% success rate in hacking apps across all platforms including Google, Microsoft, and iOS. The success of hacking apps should spotlight how, as a society, we need to be extremely particular when inputting personal information into these apps. Even if you cancel your account, the BetMGM app will continue to store your information for as long as legally necessary, and I am sure that other apps have this same clause in their disclosures. This vague description does not give much comfort when it comes to who has access to important personal information.

    Along with the risks of inputting information and that information being hacked, there are the continued risk of phishing, scams, and impersonations online and of these apps that are out there. We are all aware of the email versions of these types of scams, but as technology continues to evolve and we become more and more attached to our smartphones and apps, these risks will follow. Awareness of this risk is the best form of defense. According to ZeroFox, the easiest way to spot this is the guarantee of winning, or a risk free buy in, we all know gambling is not risk free, which is the fun of it sometimes.

    Professor Aaron Jones is the Program Champion of Cyber at the University of Advancing Technology as well as a leader in the cybersecurity community. For his work he has been the recipient of recognition from the El Paso Police Department, State of Texas, Texas Military Forces, Chandler Police Department, and others. When asked about the betting apps, he offered the following information and caution:

    “Russian hackers have deciphered the tools used in slot machines and were able to create a smartphone app that triggered a jackpot on the affected machines. The attacker was earning $250,000 per week but is now leveraging his skills to earn millions from his schemes.

    However, there are new laws being added to address data security practices and personal information has become a major piece of the privacy and business security matrix. We are seeing new expansion of legalized sports betting and online gaming which is now creating new opportunities as well as challenges for the wide array of stakeholders who control this industry.

    We can expect to see both large profits for the companies as well as some very major attacks before the industry settles. It is inevitable that something will happen as the bad guys are realizing that there is plenty of money to be made.”

    On top of the technological risks, the risk of gambling addiction plays a role as well. In order to entice you in, the apps offer first time match bonuses and free money when you sign up, but these apps will easily make up the money they lose in these promotions. While the apps are not rigged for you to lose, they make a commission on your bets and the odds are against you to win, as they are with any sort of gambling, and this gambling is just much easier because it is so accessible. So moral of the story is—always be careful when gambling. Just because it’s accessible doesn’t mean you will maintain control of it, and you must protect yourself; these companies only want your money.

    Overall, betting apps are new and exciting for those who love to bet on their favorite team to win or on their least favorite team to lose, but they come with some risks beyond just losing money. And while the apps themselves are of no higher risk than any other app on your phone or tablet to being hacked, the lure for hackers is greater because the information provided to the apps is more personal, therefore there is a higher profit for the hackers once they get into the apps. In the end, be careful and do everything possible to protect yourself, because a bet is always a gamble.


    Interested in cyber security?

    UAT offers a variety of degree choices, from associate to master degree options. Review the programs available at https://www.uat.edu/cyber-security-degrees, and contact admissions@uat.edu to get started!

    IMG_0432

     

    read more
    less

    Cybersecurity Students Earn Spots in Phoenix Externship


    Four students from the University of Advancing Technology (UAT) were accepted into the 2022 Cybersecurity Externship with the Greater Phoenix Chamber Foundation. Students ...

    Four students from the University of Advancing Technology (UAT) were accepted into the 2022 Cybersecurity Externship with the Greater Phoenix Chamber Foundation.

    Students Aaron Miller, Candice Bennett, Emilio Cress, and Hunter Autrey will join the Greater Phoenix Chamber of Commerce and their participating business partners for their March externship rotation. This Greater Phoenix Chamber Foundation program “convenes and catalyzes business, education, and community to enhance college and career readiness, develop a stronger workforce, and build healthier communities throughout Arizona.”

    According to Aaron Jones, UAT’s Cyber & Network Security Program Champion, “The UAT kids had a very strong showing and pretty much every UAT student who applied got in.”

    This exciting opportunity includes a variety of Arizona participants, such as high schoolers, university and community college students, military, and non-traditional individuals, offering insight into cybersecurity and IT career pathways.

    “It is certainly an honor representing UAT in an externship such as this,” said student Emilio Cress. “I am very thankful to Professor Jones for pushing his students to apply for this opportunity!”

     

    Greater Phoenix ExternshipThe 2022 Cybersecurity and IT externs will gain real-world experience during the paid two-week program, during which time they will complete and present a team research project. UAT student Hunter Autrey is looking forward to the opportunity to network and learn, stating, “I'm excited about the experience and looking forward to connecting with individuals in the cyber security field!” Find out more about the program and its sponsors at https://phoenixchamberfoundation.com/workforce-development/information-technology/technology-externship/.  

    UAT Network Security degree students use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    IMG_1936

    read more
    less

    Cyber Security Careers and Outlook - 2022 Guide


    Eight Magnificent Cyber Security Careers and the Education You Need to Keep Civilization from Imploding  The people with careers in cyber security are quite literally protecting the civilized world...

    Eight Magnificent Cyber Security Careers and the Education You Need to Keep Civilization from Imploding 

    The people with careers in cyber security are quite literally protecting the civilized world from the horde of digital barbarians who threaten to plunge us all into chaos and darkness. 

    “Look, man … I just want a good job with decent pay and plenty of vacation time.” 

    Oh, you’ll get all that if you go into cyber security. Over the next ten years, it’s projected by the Bureau of Labor Statistics to grow by more than 30%. (For perspective, seven percent growth is considered stable, so cyber security is about 300% more likely to have plenty of opportunities than a regular job.) And when job markets grow, so does the salary and benefits package. 

    But this is not a job. It’s a career. A vocation. A calling.  

    …This may well be your Red Pill/Blue Pill moment.  

    Take the blue pill and pretend that the tens of thousands of threads that make up the fabric of our civilization aren’t being tugged at individually on a daily basis by vast numbers of bad actors with evil intentions. Hey, you can even pretend there is no evil in the world, no good either, and that things will likely go on just fine if you sit on the sidelines.  

    Or— 

    Or you take the red pill. You appreciate that at on any given day nearly three thousand cyber attacks are launched against the electronic battlements of the United States and its allies and all the good businesses within those countries. Those countries and businesses are made up of individual people—people you know and love.  

    But the red pill, it isn’t for everyone, Neo. Taking up the vocation of cyber security is not for the faint of heart. It requires people not just of sound technical mind, but also strong moral character. 

    So, make the call. Blue pill, click away to another, safer part of the internet and enjoy the peace provided by others, or take the red pill and read on. 

    UAT cyber student project (1080 x 1920 px) (1200 x 800 px) copy 3-jpg

    UAT Students work in the Security Operations Center. 

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Careers in Cyber Security

    List and Overview

    Okay, Neo. One caveat before we dive in. Smaller organizations will have some of these roles folded into the internal IT department. This has its own set of pros and cons, but other departments may recognize their need for dedicated individuals to manage and implement their cyber security and may outsource some or all their needs.  

    Overall, the difference is that cyber-focused personnel are tasked with specifically protecting the organization, its intellectual property, and all the individuals, teams, and departments within the organization against internal or external threats (like the Sentinels.) Those with cyber expertise usually have titles that include terms such as cyber, network, data or information tied with security, forensics, engineer, analyst, etc.  

    Ready? Here’s some water for that pill. 

    • Cyber Security Analyst
    • Cyber Security Engineer
    • Penetration Tester
    • Digital Forensics Analyst
    • Cyber Supply Chain Risk Manager
    • Cyber Security Consultant
    • Information Security Research Scientist
    • Chief Information Security Officer 

    *The following career descriptions and estimated median annual salaries - or midpoint of the reported salary ranges - are based on data and information collected by the linked sources (Glassdoor's user data and the U.S. Bureau of Labor Statistics surveys) reported as of May 23, 2022, and are not exact or guaranteed expectations. 

    Cyber Security Analyst (a.k.a. Threat Intel Analyst, Cyber Network Defender, Network/Information Security Analyst) 

    Estimated Median Annual Salary: $103,590 per year (Bureau of Labor Statistics)

    While this position goes by various names (Threat Intel Analyst, Information Security Analyst, The One, etc.) they all do generally the same thing. You guessed it; they analyze cyber threats. This will involve monitoring and advising on all information security-related issues to make sure that the bad things don’t happen to the business or organization. It also means doing some threat analysis; probing your own organization’s firewall and security to test for strength and permeability.  

    Cyber Security (Firewall) Engineer (a.k.a. Network Security Engineer) 

    Estimated Median Annual Salary: $97,163 per year (Glassdoor)

    So, where the cyber security analysts test and analyze the organization’s security, the engineer builds systems to keep everything secure. It’s like the difference between those who test how safe a bank vault is on a day-to-day basis and those who actually build the vault. As the cyber security engineer (or network security engineer or cyber security firewall engineer) you will build the vault. You will build the vault based on your expertise in WAN and LAN intranet protocols. You will rely on your vast knowledge of computer languages and you will build the best digital vaults possible to protect those in your organization and those your organization does work with. 

    Penetration Tester (a.k.a. Ethical Hacker/White Hat Hacker) 

    Estimated Median Annual Salary: $102,405 per year (Glassdoor)

    Of all the careers in cyber security careers, this is the one for people who just didn’t grow up. Essentially, this is the position that moves from analyzing a security system to actively trying to take it down—in an ethical and approved manner.  

    Imagine all of the other cyber security professionals are playing Jenga. They study the structure. Remove a piece here. Hold their breath. Ask everyone else to hold their breath, then take out one more piece. But you, as the tester, as the ethical hacker, you see that there is another way. You could play their game and hold your breath and take a piece out carefully, or you could pick up the yellow bean bag chair in the corner and from the other side of the room lob that yellow mass of vinyl and Styrofoam right in the middle of their game and watch it smash apart.  

    This is where it gets fun. When they turn to you, instead of yelling for the teacher, they say thank you, pay you a decent salary, and they build the tower back up again. Maybe this time with someone holding an umbrella. All the while, waiting for you to destroy it again. Sounds fun, right? 

    Digital Forensics Analyst (a.k.a. Computer Forensics Examiner) 

    Estimated Median Annual Salary: $103,590 per year (Bureau of Labor Statistics)

    This career can range pretty wildly from the passive to the active and anywhere in-between. At it’s most basic and passive, a digital forensics analyst will respond to threats that have already taken place. In some instances, you will be handling active threats as they take place. Also on the more passive side, is dealing with the aftermath of an attack including analyzing for holes in the Matrix and getting those individuals affected back up and running. 

    On the more active side, some businesses use digital forensics analysts to proactively look for threats and ne’er-do-wells. This may come in the form of looking for those responsible for attacks and finding them in the digital world and putting a stop to them. You’ll be immersed in a world that uses phrases like Threat Hunting, Attack Lifestyles, and War Gaming. Definitely not a blue pill profession. 

    Cyber Supply Chain Risk Management 

    Estimated Median Annual Salary: $134,621 per year (Glassdoor)

    This career combines the business need for a supply chain (all the tools and material needed to make the widgets or Neo’s cool sunglasses) with a supply chain that is secure from cyber threats (like Agent Johnson who wants to keep Neo from wearing cool sunglasses and jumping inside his body). It’s an interesting combination of skills and an interesting career. Where most areas of cyber security will be more digital, this particular cyber security career lies in the intersection of the digital and the real. The choices made in this career will have a real impact on goods and services, very possibly, in real-time. 

    Cyber Security Consultant  

    Estimated Median Annual Salary: $ You Name Your Price 

    Consulting is a great profession. There’s freedom and a certain romance to it, especially in the cyber security landscape, because you’re a hero that knows no limits. What you do is highly valuable but not always used by everyone all the time. Because of this, companies will outsource specialty skills that are only needed occasionally, but they are almost always paid extremely well. Few people start out consulting. Rather, most start at one of the above occupations and after seeing a legitimate need in the sector, they take the leap and start their own thing. It’s highly rewarding, and at times, very difficult, but also a lot of fun. 

    How Do I Get There From Here? 

    To qualify for one of these highly confidential, digital, and IP security-focused positions, you must have a degree or extensive training in cyber security. We’re talking extensive knowledge and/or a degree in network security, network engineering, and technology forensics. These positions have the expertise of programming languages including python, and network architecture, and be fluent in system and network device administration, cloud computing, and virtualization technology. 

    And, if you are looking for one of the most “in-demand” fields, this is it. Cyber security expertise is needed everywhere, so you can still have that technical job and pursue your passion at the same time. This means working for the company of your dreams even if it's not in a “tech-based” industry. From the NSA and the CIA to social media and tech companies, to sustainable retail to high fashion, non-profits to hospitals to Hollywood. They all need their information, people, and customers protected.  

    So, yeah, a degree in cyber security is worth it.  

    UAT cyber student project (1080 x 1920 px) (1200 x 800 px) copy

     

     

     

     

    Becoming a Cyber Security Shot Caller 

    To qualify for management and higher, all the way up to the Chief Information Security Officer, everything is on the table. Your education, certifications, years of experience, all of this combined with a proven ability to be innovative and have foresight in your field; this is what it takes to be The One. To set yourself up with all the bells and whistles an organization wants to see on your resume, a master’s degree in cyber security or information assurance is the best place to start building up your qualifications.  

    Information Security Research Scientist 

    Estimated Median Annual Salary: $124,073 per year 

    This position is the Wizard of Oz, the man (or woman) behind the curtain. The analysts do their work and they do it well, but the Scientist/Wizard looks more deeply from his/her years of experience and impressive depth of knowledge. They usually have the letters MS or even Ph.D. after their names—and for good reason.  

    These scientists analyze what has been analyzed to develop working theories for the problems that may not even be apparent yet. They may develop new computer languages or software systems to help people work with and in the organization better and more safely. They will also test their theories and analyze the results of their digital experiments. In the world of cyber security, this is the position for those who first realized that there needed to be a red pill and a blue pill and then created them both. 

    Chief Information Security Officer  

    Estimated Median Annual Salary: $227,009 per year 

    This is the top dog in the cyber security side of IT. You reach this position and you are the shot caller. It’s a position of great power and great responsibility. You will organize and oversee (through intermediaries, usually) the cyber protection needs of your organization. You will put the right people in place who are able to make sure the right people are doing the work that you oversee with your team. Altogether with you as the leader will keep the organization's information and people safe.  

    No pressure. 

    UAT cyber student project (1080 x 1920 px) (1200 x 800 px) copy 2

    Final Thoughts as the Red Pill Kicks In 

    And where else to earn your cyber security degree than at UAT? There’s a reason the NSA designated UAT as one of the first CAE training centers in cyber defense in the Southwest. UAT has been teaching cyber security for over 20 years and has a complete continuum of undergraduate and graduate cyber security degrees that have prepared thousands of ethical hacking, network security, and cyber security superior graduates. A prestigious cyber security degree from UAT is recognized by industry and government bodies alike as a significant milestone.  

    So, what are you waiting for? The red pill has dissolved and it’s pulling you from your old safe, predictable life. A digital adventure awaits. Call our friendly admissions team at UAT and enter the future. Request information or apply today.

    And, don't forget to follow UAT's Cyber Security News to stay up to date on the latest in the world of InfoSec from industry-recognized professors and more. 

    read more
    less

    Common Hacking Attempts for Chief Executive Officers


    5 Tips to Minimize Risk and Safeguard Your Business If you are a high-level executive and concerned about cyber security, as you should be, then these 5 tips will help keep you and your company safe. Over the past several years we have seen many developments in how...

    5 Tips to Minimize Risk and Safeguard Your Business

    If you are a high-level executive and concerned about cyber security, as you should be, then these 5 tips will help keep you and your company safe.

    Over the past several years we have seen many developments in how companies and their executives are targeted by bad actors who are looking to exploit them.

    1. Physical Security - Evil Maid Attack
      1. Your executive team may have scaled back their travel during the pandemic, but many companies are still sending their team out into the world. This means that their hardware is at risk by a wide array of threats. It no longer matters if your executive team is staying within the U.S. or traveling abroad, if they have physical hardware with them, it is being targeted. Executives should always use full disk encryption and consider a two-factor authentication method for their systeevil maidm like the popular YubiKey tool. The reason this threat is called the evil maid attack is becauseit only requires the executive to leave their laptop in a hotel room for a few minutes for someone to gain access to the device and clone the drive or otherwise infect the machine with keylogger. Concerned executives should consider speaking to a physical security expert who can brief them on some of the dangers related to their hardware and what can occur during travel to data they are bringing with them.
    2. Physical Security - Payroll Attacks
      1. An email could arrive at your payroll team, coincided with a vacation, that is urgent and begs the payroll team to transfer accounts or make emergency edits to keep the business safe. These convincing emails are often spoofed messages or abusing hacked credentials and will lead to a tremendous loss of money for the company when payroll makes these edits that then send money to bad actors. This type of attack is usually backed up by convincing use of social media open-source investigations on users, their email style, and even use recordings of phone calls that are then spliced and edited to allow confirmation phone calls to sound legitimate. It is important that all emergency and routine changes to payroll or financial transactions are managed through a detailed failsafe system that accounts for many of these dangers before any changes are ever made.
    3. Physical Security - Education
      1. All employees, including the Chief Executive Officers, should undergo regular training on a wide array of threats. It is vital that all employees understand that there is no single threat matrix that can defeat all bad actors. They must be educated in a wide array of attacks so that they can make independent decisions to varied and chaotic events that benefit themselves as well as the company. Did the email from IT asking them to turn on their company come in from a legitimate requestor, or are they experiencing the start of an attack? Should they reply to the unsolicited sales email they received? If they get an email with a link claiming to be a contract, should they open it, or ask for assistance from IT before doing so? Numerous questions can arise every day, and the better trained and educated the users, the more likely they will choose to do the right thing.
    4. Cyber - Whale Phishing
      1. Whale phishing is the act of targeting the highest echelon of a company instead of the little fish lower on the totem pole. A CEO will receive emails, phone calls, text messages, and even hand delivered notes every day that could be a threat. A CEO needs to understand that everything they do and say could be of value to an attacker, and what they post on social media could also benefit an attacker. A bad actor will often appear to be a legitimate source and will have the knowledge and acumen to trick even very savvy cyber professionals, so it is important that companies implement a many-tiered method of protecting data and processes. This starts with the IT team and their attempts to block individuals from ever encountering messages from bad actors, to well-educated users who can identify flaws or issues and raise the flag for investigation, and finally to having a layered security system that stops mistakes from happening by having several eyes on an event like a payment before it can be finalized.
    5. Cyber - Expect the Unexpected
      1. Bad things are going to happen. Full stop. Regardless of how many safeguards or what expensive and fancy technology you deploy, you are going to run into issues that simply cannot be avoided. Have a plan and train for these events. Do you know who needs to be contacted in the event of an emergency? Do your subordinates? Do you foster a culture that encourages employees to raise the flag, or do they fear reprisal for false positives? You as a CEO must set the culture for your work force and encourage all employees to take a vested interest in the safety and security of the company, and that means promoting a positive culture that appreciates all attempts to safeguard the organization and her riches. One of the greatest dangers to a corporation, company, or agency is the human element. Encourage that human element to report issues, and if they see something then they should say something without fear that they will be punished if they were wrong. It is better to be woken at 2AM by an errant alert than to awaken at 8AM to a crypto locked company that will lose millions in recovery and many more millions to lose business.

    The CEO has an incredibly important role in the trajectory of their security as well as the security of their entire organization, and it is the decision-making process they follow that will dictate whether their company can survive a breach or will be blindsided by an event that will dismantle their organization. The top three potential threats to a CEO are completely physical, and only two threats are remotely cyber. Many CEOs attempt to avoid the use of technology in order to minimize risk, but the truth of the matter is that the threats that are targeting them are not based in cyber space, but instead of manipulating the CEO to take an action that benefits the bad actor in some way. It is invaluable that the CEO of any organization take the time to educate themselves, understand the response plan for their organization, and to expect that they will be a victim at some point and to plan accordingly.

    IMG_0433-1


    Interested in studying cyber?
    More about UAT’s Cyber Programs

    Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.

    Visit the University of Advancing Technology for more information on all our cyber security majors. 

    Ready to start? Apply now at uatfastapp.com.

    read more
    less

    Cyber Students Set Up Basha Servers


    University of Advancing Technology (UAT) cyber security students visited Basha High School on Saturday, November 20, 2021, for a community event to help with their servers and equipment for students.  Aaron Jones, UAT Cyber & Network...

    University of Advancing Technology (UAT) cyber security students visited Basha High School on Saturday, November 20, 2021, for a community event to help with their servers and equipment for students. 

    Aaron Jones, UAT Cyber & Network Security Program Champion, took 14 students to the school in Chandler, Arizona, to assist with putting together servers, installing software/operating devices, and begin the process of networking the devices. The students worked with Basha faculty to get the new system fully up and running! Participating students included (with LinkedIn links if available):

    Jarrod Touchton: www.linkedin.com/in/jerrod-touchton-3b0861205 

    Mathew Quinn: http://linkedin.com/in/mathew-quinn-4495b81b1 

    Zachary Brown: https://www.linkedin.com/in/zachary-brown-5b7099198 

    David Lujan

    Matthew Reynolds: https://www.linkedin.com/in/matthew-reynolds-157a13199 

    Jonathon Cillian 

    Kevin Duong 

    Christella Cyprien: https://www.linkedin.com/in/christelle-c-567a461a5  

    Allan Wheelock: https://www.linkedin.com/in/allan-wheelock-179946168 

    Hunter Autrey: https://www.linkedin.com/in/hunter-autrey-825387171/  

    Samuel Roethemeyer

    Micah Turpin: https://www.linkedin.com/in/micah-turpin-1242ba1a4/ 

    Nicole Lindahl: https://www.linkedin.com/in/nicole-lindahl-9652179b  

    Dakota Engelbeck: https://www.linkedin.com/in/dakota-engelbeck-358408198/ 

    Basha Project 2

    According to Jones, "All of the students had fun and are looking forward to finding more ways to give back to the community!"

    Improving quality of life and giving to the community are common themes in our student innovations. In fact, to graduate, students are required to complete and present a Student Innovation Project, or SIP. At UAT, this becomes the leading project in a student’s portfolio when they graduate and enter the workforce. Community projects like these at Basha help give them real-world experience as they study and complete their projects. 

    Participating student Matthew Reynolds was excited to take his skills to the school, commenting, "I really enjoyed going out to help Basha High School. Not only did I get to meet a ton of cool people who were into the same stuff as me, but we also got to give back to the community and help outwhich was a really good feeling!" 

     
    Want help from UAT students? Visit our website to request an internship at https://www.uat.edu/internships. 

    Basha Project 3

    read more
    less

    GitHub Wants Your Policy Proposals


    In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their policies for server...

    In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their policies for server configuration and standardizing metrics for use by developers on GH. With everything from indexing methodologies to configuration policies, GH has started a campaign that is aimed at gathering policy proposals from the developer community, in order to get a more diverse view of the situation and a wider range of potential solutions. A couple examples of proposed policies already are from GitHub developers TC39 and WebAssembly, covering a proposed indexing method and content security policies, respectively.

    GitHub

    TC39’s proposal covers a relative indexing method that is being requested to be added to JavaScript, which would enable the user to access the index of an array using negative indexing syntax. This method does not exist in JavaScript, as it doesn’t allow the user to count from the back of an array. This method does exist in Python, but since Python is not built for the web, the only methods for web-based developing are hacked together and insecure. The policy proposal by WebAssembly is a sandbox-type security model, that enables modules that were developed in GitHub to have limited interaction with the host, compensating for security issues such as the manipulation of return addresses or other stack data from the host.

    GitHub’s encouragement of policy creation by its developers isn’t something that resulted directly from this Twitch leak – however, it has most certainly had an influence on their search for, response to, and implementation of developer policies in the future. Had some of these policies and methodologies been implemented before the leak, chances are, the configuration issue that resulted in a third-party gaining access would have been closed off, and millions of lives and livelihoods would not have been destroyed. Despite the basis for this attack, which, according to 4chan, is because Twitch is a ‘toxic cesspool’ (which I will not disagree with), it still disrupted the daily routines and income of many. Building a wider base of policy proposals (which you can contribute to here) and new approaches to online functions, we can only hope that GH and other source-hosting services can prevent such disasters in the future.


    References

    GitHub. (2021). Setting policies for organizations in your enterprise account. Retrieved from https://docs.github.com/en/github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account 

    GitHub. (2021). GitHub policy · GitHub. Retrieved from https://github.com/about/developer-policy/ 

    GitHub. (2021, August 9). Defining Standardized GitHub Metrics for International Development, Public Policy and Economics Research and Indexes. Retrieved from https://socialimpact.github.com/assets/img/GitHub_RFP-StandardizedMetrics_FINAL.pdf 

    GitHub. (n.d.). ECMA TC39. Retrieved from https://github.com/tc39 

    GitHub. (n.d.). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

    GitHub. (n.d.). WebAssembly. Retrieved from https://github.com/WebAssembly 

    Hamilton, I. A. (2021, October 7). Twitch gave a brief explanation for the giant leak that exposed creator payouts, source code, and more. Retrieved from https://www.businessinsider.com/twitch-leak-hacked-explained-how-hackers-breached-data-2021-10?op=1 

    Kumar, M. (2021, September 20). Request for proposals: Defining standardized GitHub metrics. Retrieved from https://github.blog/2021-08-31-request-for-proposals-defining-standardized-github-metrics/ 

    Shape_Grifter. (2021, October 6). Twitch hacked, entirety leaked on 4Chan. Retrieved from https://gaming.ebaumsworld.com/articles/twitch-hacked-entirety-leaked-on-4chan/87000534/#:~:text=space%2C%E2%80%9D%20calling%20Twitch%20a-,%E2%80%9Ctoxic%20cesspool.%E2%80%9D,-Which%20is%2C%20admittedly 

    TC39. (2021, August 3). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

    W3schools. (n.d.). Python string negative indexing. Retrieved from https://www.w3schools.com/python/gloss_python_string_negative_indexing.asp 

    read more
    less

    2FA Cyber Support


    How Two-Factor Authentication Aids Cybersecurity Two-Factor authentication is a vital piece of the cyber security puzzle. By adding an additional layer of protection to our authentication methods, we can enhance our security and defend against many forms of attack that would normally ruin our day. ...

    How Two-Factor Authentication Aids Cybersecurity

    Two-Factor authentication is a vital piece of the cyber security puzzle. By adding an additional layer of protection to our authentication methods, we can enhance our security and defend against many forms of attack that would normally ruin our day. 

    Two-Factor authentication, or 2FA, is a process in which you possess an object that typically provides a rotating code to be used in addition to your typical username and password. These codes are usually referred to as one time pass codes (OTP) when provided by SMS and Time-Based one-time password (TOTP) when provided by an application like Google Authenticator. 

    So if there are at least two forms of 2FA, which one is better?

    It is ALWAYS better to use a tool like Google Authenticator than to use SMS. SMS is vulnerable to an attack in which bad actors intercept your cell phone messages. This type of attack is not rare and companies like Coinbase and others have all been affected by this type of attack. Therefore you should always use a tool like Google Authenticator or similar when offered the chance to do so.

    2FA is invaluable for keeping your accounts safe, but not all 2FA is created equal. Do your best to use the top protection available, but also understand that many companies will not use alternative methods to SMS because it is easier to implement, even if it is less secure.

    Regardless, you should use the tool that is available to you and don't hesitate to request better protections from companies you do business with.

    kelly-sikkema-mouse-unsplash


    SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE

    Network Security degree students will use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    Don't wait. Apply now!

    read more
    less

    Zero Day: the Cyber Glitter Bomb


    Welcome to Zero Day  No, it’s not the day when people are celebrated for the lack of accomplishments in their life. Keeping with the times and our ever-evolving language, “Zero Day” isn’t even a day at all. It’s more of an awareness. And, at that, it’s an...

    Welcome to Zero Day 

    No, it’s not the day when people are celebrated for the lack of accomplishments in their life. Keeping with the times and our ever-evolving language, “Zero Day” isn’t even a day at all. It’s more of an awareness. And, at that, it’s an awareness of vulnerability—the vulnerability in a piece of software.  

    But Zero Day is too cool and ominous-sounding to be the label for something so metaright? 

    That’s true. But what warrants its cool/ominous epithet is that this vulnerability isn’t necessarily known by the guys in the white hats.  

    See, as soon as anyone—including the guys in the black hats—finds a vulnerability in your favorite app, operating system, website, etc., that’s a Zero Day. And all the bad stuff that can occur because of this awareness is also wrapped up in this terrible glitter bomb we call Zero Day. 

    Zero Day: The Origin Story 

    “Zero Day” now refers to the number of days since a particular app’s vulnerability has become exposed, but that wasn’t always the case. 

    Once upon a time, when apps were called programs and the internet was beginning to stir in the primordial ooze that was made up of the digital bulletin board systems (BBS) around the world, the idea of Zero Day came into being. 

    Back in those dark times, hackers would prowl the internet looking for software to steal and pirate on the BBS. 

    It became something of a competition to steal a program as soon as possible and then post the number of days since its public release alongside the pirated program itself. The digital pirates would break into the systems housing a piece of software that was ready for release, yet unreleased to the public. When such a program was stolen from hard-working software developers, the pirated software fell into the ignoble class of Zero Day software. 

    Because of this, the idea of a Zero Day became synonymous with vulnerability, and now, even into today’s much more digitally advanced age, the name has stuck. 

    Cyber Skeleton

    Noteworthy Zero Day Instances Making Headlines 

    Zero Day attacks occur several times every year and with unpleasant implications for everyday people. 

    In what might be the most devastating Zero Day hack attack in the brief but brilliant time civilization has been accelerating down the information superhighway came the Zero Day attack that befell Sony Pictures in 2014. And while the exact vulnerability that led to the attack is still unknown to the public, the results are well-documented.  

    For weeks, hackers tromped around the corporation’s system network, stealing everything they could get their hands on. From emails and confidential employee records to financial data, unreleased movie scripts and even a handful of finished movies, they stole all of this and published it all on multiple file share websites. Then, to really rub salt in the wound, they completely wiped Sony’s network. 

    A few years later, in 2016 a Russian cybercriminal found another major Zero Day vulnerability that he sold on the dark web. This particular vulnerability allowed the wielder to gain admin-level rights on any Windows-based machine using the current Windows 10. It had the added benefit of being backwards compatible all the way to Windows 2000. Used alongside other malware that would give a hacker basic access to an innocent person’s operating system, this vulnerability was able to hurt everyone from corporations to the innocent individual. 

    In 2017, exploiting a zero-day vulnerability in Microsoft Word, hackers were able to trick users into clicking ‘yes’ on a seemingly benign pop-up, only to have their bank accounts exposed.  

    And in 2020, with most of the world working from home and using Zoom to stay in touch with co-workers and loved ones, hackers found multiple zero-day instances in the beloved app allowing them to remotely access a user’s operating system. If that user had admin privileges, then the hacker had free reign over all their personal data. 

    How a Zero Day Makes the Bad Things Happen 

    Hackers and cybercriminals use a variety of techniques to seek out the vulnerabilities in the software and apps we all know, love and use every day, like an automated static analyzer.  

    This type of tool analyzes the program without actually running the program (that would be a dynamic analyzer). And it doesn’t analyze the program like we would if we were using it. It actually pokes and prods at the source code itself to find the weaknesses that are likely hidden from normal use.  

    Another common method for exploiting Zero Day issues is an old favorite of the internet: phishing.  

    You know this trick. The bad guys send out an email in broken English to people like your Uncle Terry, promising riches to whoever clicks on their suspicious hyperlink string of alphanumeric characters. Uncle Terry already has a bad leg and is barely making it on government help, so what does he have to lose? He clicks the link and winds up on some crazy website filled with GIFs of flying monkeys singing the theme song to Donnie Darko before realizing he’s been had. Yes, he shuts down the browser, but not before his computer downloads all sorts of files from the malicious website. Files that are now sitting on Uncle Terry’s computer. Now, everything Uncle Terry does, from watching cat videos to reapplying for government help and sending out resumes for his next job—giving out his social security number and other personal details with abandon—have now found their way onto the darker side of the internet. 

    And those files that are sitting on his computer, they aren’t just stealing his information. They are viruses and worms and ransomware, or at least the seeds of them. Remember that Zero Day from the Russian cybercriminal? What if some of his files were uploaded during the opening insane melody of the Donnie Darko theme? At night while Uncle Terry has nightmares of flying monkeys, the guys in the black hats can access Uncle Terry’s computer and do all sorts of bad things in Uncle Terry’s name. And the really awful thing is that the bad guys are always looking for new ways to take advantage of people. Before long there will be a new way for the bad guys to do their worst. And who’s going to find and stop the next threat?  

    cyber security hacker

    What should you do if you’re involved in a Zero Day hack attack? 

    In terms of a Zero Day attack, the best thing individuals and companies can do to protect themselves and their employees is to have a strategy that addresses the inevitable. It’s really just a numbers game at this point. If we are going to have a presence on the internet, we will without a doubt find ourselves in a position of vulnerability at some point in the future. So how do you deal with it? 

    In terms of your personal computer, the first and easiest step is protecting your system from malware. The market is filled with good, commercially available (and sometimes free) resources to help protect a person’s computer against malicious apps meant to open windows and back doors for the guys in the black hats. 

    If a Zero Day hack has happened to an institution or company that has your personal information on file (remember the Sony attack of 2014?), it’s a good idea to change all of your passwords. Like, immediately.  

    This is a good habit to get into regularly anyway, but especially after there has been a breach involving your personal data. And remember, don’t reuse old passwords. This is a terrible habit to get into. Yes, it’s easiest just to add a number at the end of your “regular” password and cycle through, adding one to that number every time you change your password. But seriously, if you came up with that idea without any thought, imagine how easy it would be for someone who wanted to break into your computer to do so with such a weak protection scheme before them. 

    Can’t I Do Anything Else About a Zero Day Attack!? 

    You can, but it’s not for everyone. For most people, just keeping a good defensive strategy in place is a great answer.  

    I mean, it would be great if everyone understood the basics of object-oriented programming and could explain the difference between static and dynamic IP addresses, but again, it isn’t for everyone. 

    But for some… 

    For some, reacting to a bad situation after the fact isn’t good enough. For some, just putting up a firewall and hoping the bad guys don’t get through, isn’t enough. 

    Some people feel a sense of responsibility for their loved ones and their loved ones’ loved ones and for the strangers all around them. For these people, a little education can go a long way to protecting people everywhere. And at UAT, you can get your degree in one of our industry and government-recognized Cyber Security degree programs including Network SecurityNetwork Engineering or Technology Forensics and be on the frontlines of defending those who can’t defend themselves. You can also take your career opportunities to an advanced level with UAT’s Master of Science in Cyber Security 

    So, if you have a technical, creative mind, contact us at UAT today to learn more about our Cybersecurity degree programs. After over 20 years, we have one of the longest-running cyber security degrees in the southwest, and our complete continuum of undergraduate and graduate cyber security degrees have prepared thousands of ethical hacking, network security, and cyber security graduates. On top of that, the NSA has designated UAT as a Center for Academic Excellence training center in cyber defense—we don’t take this lightly! 

    Before you know it, you may find yourself uncovering a potential Zero Day attack before the bad guys do. 

    Your Uncle Terry will thank you. 

    UAT SOC Lab

    read more
    less

    Special Topics in Technology: Open Source Intelligence


    Using Shodan to Look for Vulnerable Critical Infrastructure Students at the University of Advancing Technology are often tasked with real world goals designed to make them flex and grow while experimenting with genuine...

    Using Shodan to Look for Vulnerable Critical Infrastructure

    Students at the University of Advancing Technology are often tasked with real world goals designed to make them flex and grow while experimenting with genuine technology. One of those students, Aaron Miller, did a fantastic job while searching for potentially vulnerable infrastructure posing a threat to United States interests. As the Cyber Security program champion, I felt it was relevant to highlight the work he is doing and to showcase what UAT students are capable of accomplishing.

    Here is his description of the project:

    Using Shodan to find different internet facing devices and to identify those that may pose a threat was my assigned goal, and I discovered that, with a little research, you can use Shodan to find different industrial control devices. These ICS devices are used to operate different functions within a physical system remotely. The control unit can open valves, AC controls, and even chemical disbursement in a public drinking system, as a small example. Any mechanical device that needs to have functions related to physical control of a device but aren’t easily accessible may be attached to an ICS connectivity device. A little research on Shodan and you can find the proper syntax to find these devices.

    When researching the security of such devices, we can look for certain identifiers. These identifiers could be models, types, and manufacturer names. Using google you can find the manuals, and even default passwords. If, after research, you learn the common functions of the controller, you can identify the weaknesses of the system. It is also possible to get into the main network from that device and also cause havoc by misuse of the device.

    Network Security means protecting your systems that should be on the network, but it also means protecting devices you may not expect to see on a network. Proper documentation and diagrams of the network are crucial in making sure all ends of the network are secure. Audits and proper knowledge of your network will help when thinking security. By following best practices and following standards, you can stand on the shoulders of giants when designing your security footprint.

    Locating and reporting potentially vulnerable infrastructure using Shodan is ethical as well as legal, but going beyond that enters a gray area that we avoid. You should not abuse the information you might find about devices in their online manuals, but instead only use approved tools while following the laws. Security research doesn't mean making bombastic claims or causing Earth shattering upheaval to businesses but is about being a contributing member of society while giving an uplifting hand to others.

    View Aaron Miller's full description of Shodan:


    Interested in studying cyber?
    More about UAT’s Cyber Programs

    Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.

    Visit the University of Advancing Technology for more information on all our cyber security majors. 

    Ready to start? Apply now at uatfastapp.com.

    read more
    less