University of Advancing Technology is an elite, private college that serves its student body by fostering knowledge creation and academic excellence in an environment that embraces the young technophiles of the world. With three centers of research and a suite of technology-centered undergraduate and graduate degrees, the University is a recognized leader in technology education.
Something shocking and bizarre to the Cyber Security community has occurred. Russia has arrested a malware author, to give some context to this. Russia is normally very soft with hackers and rarely takes action against them.
The Russian Ministry of Internal Affairs states the suspect is a 20-year-old from the region of North Ossetia-Alania. They have been onto him since 2017 as they suspected he made several malware strains which later infected around 2,100 computers in Russia. The suspect also had help while operating his malware. It is believed he had six other accomplices to help distribute the malware which helped the group to earn about 4.3 million rubles which are around $55,000 USD.
Though Russian authorities haven't given too much info on the suspect other security researchers have. A malware analyst from CSIS Security Group, Benoit Ancel has twitted that they and other security groups have been tracking the suspect under the nickname of "1ms0rry."
Benoit Ancel back in 2018 worked with a team to see what 1ms0rry was capable of and their loadout:
1ms0rry-Miner: A trojan when installed on a system, starts covertly mining cryptocurrency for its author.
N0f1l3: Info-stealer trojan that can extract and steal data from infected computers. Capabilities steal browser passwords, cryptocurrency wallet configuration files, Filezilla FTP credentials, and specific files stored on a user's desktop a real nasty trojan.
LoaderBot: A trojan that can be used to infect victims in a first stage and then deploy other malware on-demand during a second stage which has gained a foothold on the infected system.
Benoit Ancel said 1ms0rry sold his malware strains on Russian-speaking hacker forums and that some of his creations were also eventually used to create even more powerful malware strains, such as Bumblebee (based on the 1ms0rry-Miner), FelixHTTP (based on N0f1l3), and EnlightenedHTTP and the highly popular Evrial (which shared some code with 1ms0rry's creations).
The security team's work in 2018 also exposed 1ms0rry's identity. Being a talented young programmer from the city of Vladikavkaz, who at one point even received praise from local authorities for his involvement in the cyber-security field. Unfortunately, he messed up this time. Allowing his malware to target Russian citizens in which Russia does not accept.
Russia has always ignored cybercrime as long these cybercriminals do no target Russians and Russian businesses. Even when US authorities have tried numerous times to get the Russian government to act.
Today, all major Russian-speaking hacking forums and black-market sites make it very clear in their rules that members are forbidden from attacking users in the former Soviet space, knowing that by not attacking Russian citizens, they will be left alone to operate undisturbed. Which is a safe haven for them, hence why many malware strains have been coded to avoid affecting Russian users. Yet 1ms0rry is now seeing as to why these rules are in place.
In a shocking display of poor management over 100 smart irrigation systems were left exposed online without any security or even a password. Which allowed anyone to access and mess with any of the water irrigation which was used for crops, trees, cities, and any building complex.
This clear example of what not to do was discovered by a security firm in Israel, Security Joes.
These systems were running off of ICC PRO designed by Motorola for agricultural use and as well landscape. Security Joes co-founder Ido Naor reported that these companies and city officials had these installed but left them on factory settings which don't have a password for the default account.
Anyone attacking the systems could have identified them with IoT (Internet of Things) search engines like Shodan. Once they did locate the ICC PRO system, they would just have to type the default username for the system, and boom they are in.
They'll have access to pause or stop the water, change settings, water quantity, water pressure, and even lock the systems by deleting the user. Honestly this sounds more like a prank to do in the park in the middle of summer. Yet it could be more dangerous as Israel is in the middle of the desert.
Security did identify that with the 100 ICC PRO systems almost half of which were located in Israel while the rest were in other places around the globe. Ido Naor notified the CERT in Israel which then contacted the companies who own these systems, Motorola, and shared the information with other CERT teams in other countries.
Thankfully Motorola sent an announcement to customers about the dangers of leaving systems on default without a password. Security Joes has stated that the number of exposed systems has gone down to about 78 as companies begin to securing their ICC PROs.
Back in April Israel did have attacks targeting water management systems to alter water systems in order to create water shortages in certain areas by emptying water reserves and causing outright civil unrest. To combat this the INCD Israel's cybersecurity agency has sent out nationwide alerts to have passwords changed for web-based management systems.
A group of tech companies formed together a coalition to make a coordinated effort to break the back-end infrastructure of the TrickBot malware botnet.
Some of these tech companies included organizations from Microsoft's Defender, ESET, Broadcom's Cybersecurity Division Symantec, FS-ISAC, Lumen's Black Lotus Lab, and NTT. To hit the infrastructure and malware modules.
This coalition has been spending months collecting over 100,000 TrickBot malware samples to analyze the content inside, extracting it, and sniffing through information about the Malware workings as well the servers the botnet used to control infected computers. After all the information is gathered Microsoft went to court and asked before a Judge to be granted control over the malware Trickbot servers.
The Judge approved and allowed Microsoft and the other organizations to disable the IP addresses, make the command and control servers inaccessible, disable all services to the botnet operators, and made sure any TrickBot member was unable to buy another server.
TrickBot has had over a million infected systems. Being the second biggest botnet since it started in 2016 from humble beginnings as a banking trojan then turn into a business model for Malware as a Service (MaaS)
Yet even being a successful takedown TrickBot was able to be brought back online. Activity picked back up after it's temporarily shut down. This is not the first for a Botnet to be taken down only to be put back online.
Even with it being brought back up it does setback the malware operations quite a bit. It adds costs for them to get back their infrastructure and of course the botnet being offline. It could also play another role in damaging the reputation in the cybercrime world by showing that the botnet is not safe from the coalition. Making it where customers show that it's not as worth all the fees they pay.
Another positive showed that with Microsoft's legal team. The approval of the Judge to show that TrickBot was violating against Terms of Service (ToS) and allowed Microsoft to use full force against the botnet which may prove valuable for future takedowns on other botnets.
The United Nations International Maritime Organization (UN IMO) announced that they had a security breach during the past couple of days. The agency characterized the attack as a "sophisticated cyber-attack" that targeted its IT systems.
International Maritime Organization is a United Nations organization that issues international guidance on shipping, passenger ships, maritime security, and maritime environmental protection. It's a very vital organization in the international rulemaking scene, which often sets international policies regarding the entire maritime sector.
The incident impacted the Maritime Organization public website and web-based services, the UN agency stated in a public report.
"Email systems, its virtual conferencing platform, along with other internal and external collaboration platforms, were unaffected." a UN spokesperson said. Systems that were affected have been taken down and over the course of a couple of days were restored.
The UN agency also stated that the attack "overcame robust security measures" which were in place to protect the affected IT systems.
The UN agency also disclosed that "The IMO Headquarters file servers are located in the UK, with extensive backup systems in Geneva. The backup and restore system is regularly tested," statement to reinforce that the attack was an advanced one to breach into UN systems.
"Following the attack, the Secretariat shut down key systems to prevent further damage from the attack. The Secretariat is working with international security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent recurrence."
It is uncertain if the United Nations International Maritime Organization was hit by some sort of ransomware, malware, or its website was used for a watering hole attack. Which this type of attack where hackers host malicious code on the Maritime website to potentially trick members of the organization and visitors into downloading malware which would infect their system.
The United Nations as a whole has many sub-organizations within itself that play a vital role in the international community. It is also unclear who may have launched this attack. Hopefully, more information about the attack and breach will be public in the upcoming months.
Hometown: Fort Washington, Maryland
Major: Digital Video
Rebecca remembers being six and sitting in her elementary school’s computer lab exploring all the features of the old Macintosh computers. Her fascination with computers matured into playing around with video editing for school assignments, coding activities and picture editing for fun in high school. She’s always been interested in technology.
Rebecca changed her major to Digital Video after originally attending UAT for Network Security. Since she has more experience in the video field and some close friends in the Digital Video major, the transition happened naturally.
Ultimately, Rebecca just wants to edit videos. She loves creating with video editing software and discovering all the things you can make. Rebecca loves UAT for its smaller campus, which promotes a close-knit family atmosphere amongst faculty and students.
When she’s not studying or doing homework, Rebecca likes to hang out with friends and play games, go to the mall, hike and joyride BIRD scooters. Inspired by her brother, parents and friends, Rebecca wouldn’t be here without their support and advice in times of doubt. After graduating from UAT, Rebecca would like to edit videos as a career.
Hometown: Gilbert, AZ
Major: Network Security
David decided he wanted to increase his knowledge after working for three years at a third-party IT company. With many of his clients working in the medical industry, he felt he could better meet their need by gaining additional skills. This led him to pursue a degree in network security.
David remembers networking PCs together during gaming LAN parties and building his first PC as a teenager. He’s been interested and influenced by tech from a young age. Since many state universities didn't offer degrees that specifically addressed the field of work he was interested in, he found UAT and decided to attend. UAT’s atmosphere felt like home to David, a place where he could do the things he loved. UAT’s innovative spirit has rubbed off on David.
David’s favorite hobby is gaming—all sorts of gaming, including board games, video games, card games and anything that challenges him to use tactics and intellect to achieve victory. He also enjoys hiking with Jennifer, his wife.
Through the years, David was especially inspired by his great grandfather. At a young age, David had the privilege of spending time with his great grandfather at his Northern Arizona cattle ranch. At the ranch, David learned that any task worth completing is worth completing well, the value of hard work, and to never give up on any dream.
Aubrey “Kim” Martin
Hometown: Keyesport, Illinois
Major: Game Art and Animation
Kim loves seeing the possibilities of what something can looked like in a TV show, animation, movie or even a comic. She’s always been interested in character design and development, so she chose to study Game Art and Animation to become a character concept artist.
After her junior year of high school, Kim received a call from one of her close friends, who told her that UAT offered both of the majors they wanted to study. They soon visited UAT for a campus tour. “The moment I walked into the main building was the moment I decided I was going to attend UAT,” remarks Kim, “nobody was going to tell me otherwise.”
Kim enjoys hobbies such as digital and traditional drawing, playing video games, creating 2-D animations and playing piano.
Since attending UAT, Kim discovered her love for 2-D animation and has gained many new skills, such as developing 3-D modeling in 3DS Max and Autodesk Maya and creating vector and pixel art and animations for functional video games. She has also taken a position as a character artist at the student-run company BunchOfNerds. Most importantly, she’s gained strong motivation, new friends and a true happiness at UAT.
Interested in meeting more UAT freshmen? Read our last issue of Geek411!
This week, they made a big move on the masses, as a large amount of the population is working from home, and sites/apps like Zoom are growing in popularity to keep coworkers connected. The FBI is warning that hackers have been “zoombombing” calls—essentially hijacking conference calls—and some of these unwanted callers have even known to leave some pretty offensive stuff on your screen. And this warning is real; it happened to a UAT employee, who fortunately wasn’t the one hosting the call.
At UAT, Zoom is useful, but definitely not our main platform. Microsoft Teams and Canvas LMS are our primary platforms for distance learning. We use a myriad of others as well, including Discord, Slack and Zoom. We mostly use Zoom for special purposes, and not for normal class activities. With that said, we are careful with our links… password-protecting meetings, managing participants, keeping a close eye on attendance, controlling who can share a screen, etc. So, let’s talk a about some common mistakes people make when using Zoom and tips to avoid becoming a victim to hackers.
First of all, assume what happens in Zoom does not stay in Zoom. Keep that in mind for every call and don’t use it for sensitive information. Along that same mindset, don’t link your Zoom account to other social sites like Twitter. In fact, it’s really smart to create a new email to use only for your Zoom account; don’t use your main email, and definitely don’t login with Facebook.
If you’re the host, the responsibility truly lies on you to take the extra precautions. Make sure to select the option for private and create a password for all people on the call—or else anyone can have access to it. Check and manage the attendance and match it to who should be in the room. For guests, you can control access by using a waiting room to verify who they are. For UAT, we only allow the host to share their screen, which prevents the bad content from creeping in. In addition, don’t click links in the chat that you don’t trust, the same as in email, and consider using the site in a browser versus downloading on your desktop.
As always, it’s important to keep your computer up-to-date and as secure as possible. Never wait on installing updates, and make sure to have security installed on your computer. Sophos, AVG, Norton, and McAfee are all good options for Internet security, and also make sure to consider security requirements when selecting vendors. For example, if end-to-end encryption is necessary, does the vendor offer it? Finally, ensure your VTC software is up to date. These patches address security vulnerabilities within a program or product.
To sum it up, while we know there are global security and privacy concerns with Zoom, we have enough institutional prowess to navigate the concerns to ensure we are protected, and it is still a great tool for what it’s good for.
See President Pistillo featured on AZ Family News discussing Zoom safety here:
And find out additional tips at:
Designated as a Center for Academic Excellence in Information Systems Security Education by the US National Security Agency, UAT offers an ethical hacking degree that’s highly recognized by industry and government entities alike. You can get a Bachelor’s Degree in Network Security, or a Master’s Degree in Cyber Security. Take the first step by completing a FastApp today!
This past fall, AZBigMedia hosted a panel of Arizona Cyber Security experts at the AZ Tech Talk, moderated by UAT’s very own Data Privacy expert, Dr. Dave Bolman, University of Advancing Technology’s Provost and Chief Academic Officer. The panel was brought together to provide critical information to Arizona individuals, businesses, and schools on the rising concern of data privacy, how to safeguard systems to prevent a cyber security breach from occurring, where to find cyber security resources and how to get help after a cyber-attack of at any level has occurred.
Panelists at the AZ TechTalk with Dr. Dave Bolman included: Ori Eisen, the founder and CEO of Trusona; Heather Monthie, PhD, Associate Dean of the College of Science, Engineering and Technology at GCU; Sean Moshir, the CEO and co-founder of CellTrust; Greg Schu, a Partner at BDO; and Steve Zylstra, the President and CEO of the Arizona Technology Council.
In honor of Data Privacy Day, UAT is relaying five key points from the highly-respected moderator and panelists’ discussion, delivering a helpful guide for readers to apply in their own cyber security practices.
“If you want to understand cyber security, you have to understand what it’s all about — you have the entire world right there at your doorstep at any moment. The world has transformed into digital belongings that can more can be easily taken away. Just like you protect your physical belongings, you need to protect your digital assets”, said AZ Tech Talk panelist, Sean Moshir.
The most critical topic discussed throughout the TechTalk panel relates to individuals and businesses alike, but many are confused about where to start. One panelist suggested a simple Google search to find a massive amount of helpful tips and information on the topic of Data Privacy Education.
Sean Moshir stressed, “Continue to adapt, learn how to take advantage of technology to protect yourself and others. Protection comes from education. The number one most important thing in cyber security that I have seen in my life is education for the employees. How you educate your employees, how you have policies, how you write policies, how you enforce those policies and making sure your company is compliant.”
"Data Privacy and Cyber Breach prevention education doesn’t have to be complex or expensive," Greg Schu explains, “Educate employees with very simple processes. If you’re an organization, there are very straightforward processes you can put in place. If you don’t have a plan in place, call your professional friends at reputable firms; they may have done this before and have things that work for them. There are so many things you can do where you don’t have to spend any money. If you have a family or friend into tech, get them to at least help you with your backups. If something goes wrong, at least you have a way to recover without paying ransomware,” said Schu.
Additionally, aside from the (often free) Firewall, AntiVirus, Anti-Spam and other basic protections you can have on your devices to protect your data (including having a backup strategy in place) the following tips are the most important practices to educate your family and employees in order to maintain a strong, proactive data privacy force at home and work.
If you’re still using weak or the same passwords from several years ago for several accounts, you’ve likely already been hacked whether you know it yet or not. Use complex, original passwords for every account that have nothing to do with anyone’s names or addresses, birthdates, etc. Make really tricky passwords, especially the ones housing your confidential information such as financial, social security number, or other personal data that could be stolen and used for identify theft.
Also, change them frequently, even every time you log in if you want to be overcautious about it. Don't write them down on a sticky note or even lock them in spreadsheet on your computer, as these can be very easy ways for someone to access your data. To make coming up with new, original and complex passwords and remembering them easier, use a password generator and a secure password storage application.
Although you’ve likely heard these tips before, in the high-level AZ Tech Talk panelist conversation, the current state of passwords were ignored. Only the passwords of the future were discussed because of how easily hackers are getting through our standard cyber security practices. The future of passwords is still undeclared but there is hope of a new, safer way forward to protect our data. However, you should still keep up with password best practices in order to utilize what’s available at this time.
During the TechTalk, Ori Eisen addressed the complex topic of the future of passwords with, “As a person that works everyday to replace passwords, how many people that have great technology we’re taking with us everywhere, let’s use that. It’s time to get rid of passwords. Biometrics are awesome as long as you don’t replay them. At the end of the day it’s converted to 0’s and 1’s. computer listening to 0’s and 1’s of my fingerprint or facial scan — anything that goes from analog to digital can be stolen and used maliciously.”
Until a safer option of biometrics has been developed or the next option for passwords have been implemented, add extra layers of security to your accounts. Enable some form of Multi-Factor Authentication whenever possible on all accounts. This at least provides an extra level so even if someone does have your password, if they’re trying to login from a device that isn’t yours, you’ll get an alert and be able to stop the action in a timely manner. There are ways hackers can get around this but for most situations, it’s an additional way to keep them out.
Some Identify Theft Protection providers will monitor the dark web for breaches of your information, but all will report malicious activity associated with your data. It makes the process go a lot faster and smoother if you have this in place when a breach does occur. Think of it as your digital accidental insurance policy, similar to car insurance if you get in a fender-bender, when someone takes over your personal identity with malicious intent.
The Arizona Tech Council’s President & CEO, Steve Zylstra, stated that “Business-focused insurance companies used to have cybersecurity in their general liability policies, but they took it out so if you’re not sure if you have it, you don’t.”
It’s critical to have insurance and protection in place in order to not only lose data and trust from customers but your business altogether. According to IBM, The average financial cost of a data breach is $3.92 million, and Joe Galvin, a Chief Research Officer for Vistage, reported that 60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack.
Zylstra also explained that when shopping for data privacy insurance, “You want to make sure your insurance covers everyone involved in the business. Some insurance policies won’t cover the management team.”
AZ TechTalk Panelist Tom Eisen shared the phrase, “Curiosity killed the cat” while on the topic of not clicking on everything interesting that comes your way online. “In terms of protecting your data, don’t be curious and click on the latest celebrity article. Unfortunately, that leads you to ways hackers can put malware on your computer.”
In a more personalized sense, also don’t fall for the Facebook messenger notification appearing to be from your friend asking, “is this you in this video?” attached with a video link. “Instead of being curious, be cautious first", Eisen said.
Phishing is the most common way people lose their data privacy. Retruster’s 2019 Phishing and Email Fraud Statistics report states that Phishing accounts for 90% of all data breaches. Just in the last year, 76% of businesses reported being a victim of a phishing attack, 30% got opened by the targeted recipients and 15% of people successfully phished will be targeted at least one more time within the year.
To avoid being caught in a phishing trap, it is recommended to check the sender’s email address to ensure its correct. Hover over any link to check to see if it’s a valid and a secure link, an HTTPS link that matches and makes sense for who it should be from. For example, if your bank sends you an email and the email address or link within the email is off by a letter, a number, or has a random dot where it shouldn’t, never click on anything. Today, there are many ways people can spoof email addresses to look like the real deal as well, so always be cautious. Never log in to any account from an email.
Also ensure that the email from your boss asking you "Are you are in the office? I need you to do me a favor", is really from your boss. When in doubt, go directly to that person, pick up the phone or send a text to verify to make sure – and alert them if you believe you received a phishing email. Your boss will be appreciative when you didn’t follow a spoof request to wire all of the company’s funds to a random oversees account or spend a massive amount of money on gift cards.
How you handle a breach of your data is just as important as the steps you take to prevent it. Whether the company you have an account with was hacked, your personal email, or your business and customer data was compromised, how you recover can look different. Depending on your situation determines your next steps forward.
Firstly, change your passwords to any/all accounts associated with the breach. Check your bank statements, credit cards, credit reports for any malicious activity and report any issues to the designated customer services where the breach occurred.
The Tech Talk panel recommended that if this isn’t your area of expertise, call (and vet) a personal or professional IT Support specialist, just like you would your landscaping provider. If it’s your business, your internal IT department should be equipped to handle it, otherwise call on a reputable IT Support or Cybersecurity company to help you handle the procedures required for your industry and organization’s compliance regulations. Hopefully, you also backed up your data in case of a ransomware situation.
If you’re a school, reach out to your local community of IT experts if you need help. Contact the local Technology Council to find information on resources. In Tempe and the surrounding Phoenix area, University of Advancing Technology offers itself as a resource of support to local businesses. As the first and leading Cyber Higher Education resource in Arizona and the Southwest, Dr. Dave Bolman offered, “I invite any of Arizona’s public, charter, or private K-12 school that needs cyber security assistance and resources to reach out to me at firstname.lastname@example.org”.
US businesses are required to report a breach to law enforcement soon after it occurs as well as notify customers. For customers, it’s important to explain what information or data of theirs was potentially breached in addition to how they can attempt to re-secure their accounts. In addition to reconciling with your customers, the AZ Tech Talk panel recommends to inform other businesses in order to prevent it from happening to them.
If your business is in Arizona, Tech Council’s Steve Zylstra recommends to “Join the Arizona Cyber Response Alliance, where if you’re hacked, you share info with other organizations to help others prevent against the breach. This supports and gets the community collaboration going as well as gives you access to lots of resources in the community."
Greg Schu also commented, “When hackers find vulnerabilities, they share that with other hackers. If we’re not sharing gateways with others, we’re putting ourselves at risk.”
Hackers are getting more resourceful, creative, and relentless. It’s not expensive to hack anymore and the more data they have on you, the more they know you and the easier it is to get you to fall for their phishing schemes. A hacker “could be anyone. You can literally google “how do I hack”. There’s money to be made to teach people how to hack. In today’s world, hackers are business oriented and becoming more formalized. People punch a clock.“, Greg Schu alarmingly shared.
That isn’t the reason to go off grid, however. Ori Eisen inspiringly stated, “If you give up the convenience we have from the internet, we are already at loss. I don’t think that should be on the table. If it was, we wouldn’t know how to drive home from anywhere. On the serious side, what are things you can do everyday and where do you start? It can be so overwhelming.” The answer is to be mindful.
Eisen goes on to give questions to start asking yourself including: “What’s the most common denominator for keeping everyone around you safe? How are you protecting yourself today? How can you get rid of things that expose your data? How can you make it easier for your customers to be secured? Is there is a limit to what people want and can do? If you just start there, you can start to remove several obstacles that could pose a risk to your data privacy.”
Data Privacy is a rising concern among organizations and individuals alike and taken very seriously by University of Advancing Technology (UAT). UAT was one of the first universities in the nation to offer a Network Security education and the Cyber Warfare range was even partially funded by the Department of Defense. UAT has been designated for over 13 years as a Center of Academic Excellence (CAE) by the National Security Agency (NSA) for its Cyber Education. Our 100% STEM University currently offers three Bachelor’s degree programs and a Master of Science in Cyber Security, and is recognized for creating true cyber security leaders of integrity. UAT has also prepared more graduates with a NSA and CAE-credentialed education than any other program in Arizona and the Southwest.
Learn more about our Advanced Cyber Security Bachelor and Master of Science degree offerings.
To call for Dr. Dave Bolman or any tech expert at University of Advancing Technology for future moderator bookings, speaking engagements, or panelist opportunities, please reach out with your request to email@example.com.
If you think this article could help someone you know better protect their data privacy, please share with your friends, family, co-workers and connections!
The US Army has now deemed that using the Chinese owned app TikTok, which the US Army was using it to recruit and promote their own branch of service, is a potential security risk that needs to be banned.
Army spokesperson Lt. Col. Robin Ochoa told Military.com, "It is considered a cyber threat… We do not allow it on government phones."
It's a no-brainer that China has raised a lot of security concerns since they don't have to abide by U.S. laws on data privacy and collection and consumers who request their data. So having a Chinese company collecting vast quantities of video footage and location data and IP addresses and other information from military personnel? Probably not the best for keeping things under-wraps from foreign espionage.
That being said, this is not the first app to be banned. In 2016, the U.S. military banned Pokemon GO due to it being too distracting. Banning TikTok as well is quite a reasonable response.
This is not, however, the first time TikTok has raised security concerns. U.S. senators wrote a letter to the U.S. Director of National Intelligence requesting a review of the app. In the letter, they stated "Security experts have voiced concerns that China’s vague patchwork of intelligence, national security, and cybersecurity laws compel Chinese companies to support and cooperate with intelligence work controlled by the Chinese Communist Party."
As well, it's not just the Army who has it banned, but In December 2019 the U.S. Navy also prohibited its personnel from using TikTok on government-issued phones. Violating the restriction threatened the users to face a block from the Navy-Marine Corps Intranet.
I feel bad for those service members who wasted time dancing in front of their phones 15 times to try and get it right. So don't go dancing in front of the boots recruiters.
At UAT, a Student Innovation Project (SIP) is a culmination of an undergraduate student’s hard work on a specific assignment relative to their degree and technological field of study. A SIP is similar to a Capstone or Master’s thesis but with an agile, new-age approach to developing a student’s career-readiness.
During their last three semesters at UAT, students work intensely during and outside of their SIP-designated class to develop, design, and craft their ideas into a technology product or service that makes a claim to Innovation. A student’s SIP does not have to necessarily be a new invention or completely market ready. The main task at hand is to create something innovative utilizing advancing technology—capable of being better than anything of its kind available in the market today.
“Most schools have students write papers or present research or work, but we have them create and present these creations in a live session that is actively graded as a graduation requirement,” said Dr. Mark Smith, UAT Program Champion – Business Technology and Mark Tank organizer (UAT’s version of Shark Tank).
At the end of each semester, UAT hosts a SIP Showcase event where students present their project to a panel of faculty and an audience full of fellow students. Each presenter is allowed 10 minutes to present their product or service, how it works and what their claim to Innovation is. The presentations conclude with a Q&A session where the person or team is asked about their project, such as the challenges to bring it to life, their product’s current status and market-readiness, and their plans for monetization and/or the future of the product.
Art Direction Professor Dapzury Valenzuela and the Fall 2019 SIP students.
Once finished, the judging panel takes a day to discuss the projects, and together, they pick three award winners for ‘Best in Show’, ‘Most Market Ready’, and ‘Most Intriguing’. The audience also participates in live voting during the SIP Showcase to pick the ‘Audience Choice’ award, and this year’s line-up was incredibly competitive. Dr. Dave Bolman, UAT’s Provost, commented that the Fall 2019 event as the “most impressive SIP Showcase yet”.
Best in Show, DeadNS by Garrick King
Most Market-Ready, ServerPanel by Bailey Herbert
Most Intriguing, Conflation by Ian Favreau
Audience Choice, Conflation by Ian Favreau
Although only four projects were chosen for awards, the innovation shared throughout the entire showcase far succeeded prior events according to Dr. Mark Smith, who is also a panelist and organizer for the SIP Showcase events. He commented, “The Fall 2019 SIP Showcase marked some of the best and brightest of our students showcasing some of our university’s best projects to date, and they just get better every semester as we keep raising the bar and expectations.”
SIP and additional student awards were presented by distinguished faculty. L to R: Dr. Matthew Henry, Professor Donald Schepis, Darin Palermo, James Goddard, Kyle Davis, Professor Derric Clark, Abdulai Sallah, Addison Buettner, and Professor Lynn Understiller.
UAT’s 2019 Fall SIP Showcase presentations included:
Guardians Legacy – Kyle Davis, Devon Garret, Mikaela Farrell, and Harley Davis put together an RPG (role-playing video game) project focusing on heightened skill development and utilizing skill tree choice, where a player can make customizations to their character throughout play of the game.
Escape Room AR – Darin Palermo created a Mobile platform AR (augmented reality) game allowing you to have a virtual interactive Escape Room experience from anywhere, breaking down the walls and limitations of this popular entertainment trend in a real-world setting.
Input Dependent System – Kieli Adkins and Keith Caryl created a game mechanic that uses what you pick up in the game to set the personality of a character, and the game changes and points shift depending on the user’s personality and choices.
Conflation – Ian Favreau, inspired by world-renowned artist, Salvador Dali, created a surreal art story video game that won over the audience and panelists with its use of perspectives, emotions, poem puzzles, and smooth aesthetics, featuring a dark-minded dreamscape brought to life through game art, design and animation.
Donna’s Paradigm – Donna Dinh elevated another student’s SIP project, Chris Koon’s Proficiency Sphere Map, defining and interpreting how it functions through designs and assets, transforming the original documentation into digital art form.
Project Techno – James Goddard created a DJ and car-driving video game with use of bright retro designs and colors, as well as a polished GUI (graphical user nterface) for echo location.
A Silly Guide to Love – Enrique Garcia created a video game that tests the companionship of two players by enabling the performance of one player to affect the other’s simultaneous play. He also conveyed data regarding the outcome of a study conducted during development involving the players’ temperaments and how it affected the overall compatibility score.
Task Counter – Merlin Call set out to create a video game that awards a player additional points for completing real-world tasks, such as chores or going to class, to promote accountability and set play limitations on gaming when goal tasks haven’t been completed.
UAT Space Flight Computer – Robert Perry, US Navy Veteran, developed a near space flight computer for UAT space missions that is more advanced than any option currently available on the market, built with additional sensors for more significant data collection and testing capabilities. He also shared the reporting from its last successful mission.
ServerPanel – Bailey Herbert developed a Cloud tool that allows a person to have a suite of cloud administrative services on their server, enabling hosting of multiple web servers. He is launching this as a new business in the coming weeks as a more affordable subscription service than what’s on the market today.
ReciPlease – Stephen Oellette created a Mobile app that allows recipes to be created, stored, accessed and shared with others when not connected to Wi-Fi, being unique to other recipe apps currently available where data is only accessible when connected to the Internet.
Athena – Zac Thompson built a better way for neural networks to be built, allowing live output of the network, currently in an image recognition and learning phase using the GAN (generative adversarial network) that UAT students implemented. It is in progress to make it a web-based subscription for market purchasing.
Hephastaus – Trevor Kinard created a generative design tool for FEA (finite element analysis) engineering CAD (computer aided design) work and engineering stress analytics that uses a GUI (graphical user interface) for data input.
deadNS – Garrick King created the first and only free zero-logging, encrypted DNS (Domain Name Server), with a highly professional website (https://www.deadns.com) that allows people to perform web queries without their information being tracked. It is already in the market and in use as a free service.
Cricket Learning – Brennan Joseph, Devon Large, and Brant Wagner developed a video game that teaches players awareness about ads and how to avoid click-bait by quickly eliminating ads when on a popular site with common ad space settings.
SecureIT – Shon Woodruff created a Managed Service Provider (MSP, usually a full-service IT provider for businesses) concept for residential purposes to combat the rising Cyber Security threats as well as educate individual users on awareness of how to protect and manage their digital environments at home.
MicWrite – Alex Orzescu developed an E-Sports audio transcriber that uses voice recognition to create a transcript and coaching tool aligned with play. This helps gaming teams optimize play by providing content they can review for training and development purposes.
A recent Smartwatch exposes the location of more than 5,000 children and parents. Chinese SMA-Watch-M2 is one of the most vulnerable smartwatches in the market to date. The IoT testing division AV-TEST found enormous amounts of security measures in place to protect the backends of mobile apps.
There is an authentication token in place to prevent unauthorized access but there is no verifying process so an attacker can input any token they like.
"An attacker can connect to this web API, cycle through all user IDs, and collect data on all kids and their parents. Morgenstern says that using this technique, his team was able to identify more than 5,000 M2 smartwatch wearers and more than 10,000 parent accounts." (ZDNet)
There is a more disturbing vulnerability, attackers are able to change the parent IDs and use their phones to pair with the children smartwatch which allows them to track them and make calls and chats with the child. So far the watch is banned in Germany and being pulled off shelves in the EU.
Courtesty of Catalin Cimpanu
To help prepare our UAT community for shopping safely when the tempting online deals flood their devices this season, we interviewed two of University of Advancing Technology's Student Ambassadors earning their degree in Network Security, Andrew Maddox and Marcos Xochihua, for their knowledgeable insights.
Andrew Maddox has 3 primary rules when it comes to buying anything online. Number one being, “don’t use a debit card.” He recommends using an alternative payment method such as a credit card. “This is a rule is because catching fraudulent charges on a credit card is much easier than a debit card.” Credit card companies generally have more power and resources to help you reverse the transaction.
Another great way to keep your financial information safe is to not use any personal card tied to you when shopping online and rather, “use pre-paid Visa or gift cards. You can even go a step farther by purchasing those cards with cash in-store ahead of time”, Marcos Xochihua adds. It’s one less opportunity for an account or personal financial data to be stored and potentially breached later.
To understand what data any online store will keep from consumers, Marcos says, “you should be able to find information to learn the data privacy storage practices and the terms and conditions of purchasing online from that store specifically on their website”. He also suggests using the guest checkout when possible but “if a website requires you to create an account, it should also provide you a way to delete it”. If deleted, that will prevent a future breach of information from the account level or if the store’s website is breached altogether.
Andrew’s rule number two for shopping safely online is, “be sure whatever website being used is trusted. There are so many resources like Amazon that are trusted but sometimes that specific gift that you want is only available somewhere else.”
Both UAT Network Security students recommend you check the URL of the website and look for a secure encryption, also known as an SSL Certificate, where the URL of the website begins with 'https' and not just 'http'. This means that the online store has taken the recommended basic steps for securing the website. Marcos warned, “Do not purchase anything online from a website that doesn’t have that standard security certificate”.
Andrew’s third rule looks at the wider scope of information security and all the ways your data could be stolen. He says, “being safe while shopping doesn’t just include the website and you”, he says. “If you are shopping while at a public WiFi like in the airport or other areas that are not your home's secured network, you risk losing credit card information and being the victim of identity theft, fraudulent charges, and overall, having a not-so-merry Christmas.”
Marcos suggested a subscription-based Virtual Private Network (VPN) if you tend to shop on-the-go. “When you’re away from a secure network, it’s considered the safest alternative to using any public Wi-Fi”, he shares. For about $10-15 per month through a subscription, a VPN enables you to be more anonymous online. It routes your IP address to a secure server elsewhere and tricks your device into thinking you’re in another location.
Marcos also recommends that “one of the best gifts to give this year (especially for a techie and network security student) is a privacy screen protector”. This protector is not only great for preventing cracks when you accidentally drop your device, but only the person holding the device can see what’s on the screen. It blacks out the screen to any other perspective – so that the incognito criminal hacker sitting behind you can’t see your data either.
From left, UAT Student Ambassadors: Marcos Xochihua, Andrew Maddox, and Bailey Nielson sharing tips.
Advertising on social platforms is a great way for businesses to reach prospective consumers and re-market to past customers based on their digital behaviors and online purchase history. On the flip side, when leading up to the busiest online shopping holidays like Cyber Monday, more stores are buying ad space which makes it challenging for social platforms to spot scams. Marcos recommends, “just don’t click on ads at all. When you can, enable ad blockers, spam filters, update your ad preferences and privacy settings in your social media accounts to help filter those from reaching you.”
On the topic of email, the most common way consumers are breached is through a technique called “phishing” and the specific form of “spoofing” is a hacking trend on the rise. “It’s easy for someone to send an email as a store, just by replacing a simple letter like using a ‘1’ for the ‘l’ in ‘Kohls’", says Marcos.
It’s also easier now to mask a name or email address as though it’s coming from anyone’s legitimate email, like your friend’s exact email address or even looking like it’s really from Facebook. Marcos discussed the importance of checking the sender’s email address and the actual URL in any clickable links for errors by hovering over them before clicking through. And rather than clicking through an email to go to log in to any website, just navigate to that website directly through your safe internet browser. Hackers can make anything look real, and if you’ve clicked through an email to a fake Facebook site to enter your login credentials, you’ve just given a hacker your Facebook login information.
If you wake up on Cyber Monday with an erroneous charge, “call your bank right away to report it”, stresses Marcos. Banks are getting more predictive and accurate at spotting scams (because they happen all the time), some even have real-time text messages and notifications that deploy if something out of character comes up on your account. Some banks will even make you approve larger purchases over a certain dollar amount or you can set up settings to alert you for those occurrences. If you spot a purchase that you didn’t make, the sooner you get the charges removed, the better the chance you’ll get access to those funds again.
Then, you also have to worry about the aftermath of your information being breached. With identity theft being a rising concern, make sure to monitor your credit reports. Ask your bank if they offer free credit monitoring services. Ask your bank or employer what identity theft protection or credit monitoring benefits are available to you.
Many would agree that identity theft protection insurance is an underutilized and must-have insurance policy in terms of keeping your data safe in today’s technology-driven world. More industries are requiring this protection for businesses due to the rise of breach occurrences, which is why we’re here to provide you with some tips for shopping safely online. Just like health insurance supports someone in the case of a health problem, individuals are recommended to start thinking about data privacy protection in the event their information is stolen and could be used against them for identity theft.
“I’ve learned that it’s a drawn-out and expensive process to recover from your identity being stolen. Having protection and insurance in place can help alleviate and speed everything up when it does occur”, adds Marcos.
For more tips and insights on shopping safely online, make sure to subscribe to our news for more stories like this! For questions on this topic or any of UAT's advancing technology degrees degrees, please reach out! Happy Holiday Shopping!
Arizona businesses face evolving privacy laws, enforcement practices and cyber crimes. That’s why the Phoenix Business Journal invited some of Arizona’s leading cybersecurity and legal experts to discuss the cyber problems facing Arizona’s businesses and offer solutions at the Cybersecurity Forum earlier this week. The University of Advancing Technology has been teaching cybersecurity for more than 20 years, which is why the PBJ team invited UAT Provost Dr. Dave Bolman to moderate the panel discussion for the second year in a row.
Privacy and consumer protection laws continue to change and so do enforcement practices. So far, the Arizona Attorney General hasn’t prosecuted a single information breach, but that does not mean he won’t in the future. Many companies don’t realize that hackers aren’t just after their customer data. Cyber criminals also pursue intellectual property information. “Think about how much of your organization’s competitive information shows up in your emails,” Dave told the audience.
New technology is exposing new industries to cyber threats. For example, agriculture is more connected than ever. But how many Arizona farmers are thinking about cybersecurity? With the advent of new information security technology and products, the landscape of liability is also changing. Arizona small business owners should consult legal experts like Osborn Maledon’s William Furnish to better understand who is truly responsible when a breach occurs.
Business owners should also consider looking into cyber risk insurance, which is becoming a big business. But people need to know how to ask what’s covered and what’s not. It’s always a good idea to consult a cybersecurity lawyer.
Cyber criminals are also finding new ways to exploit small businesses to reach bigger targets. For example, hackers responsible for the massive Target breach broke in through a small HVAC company that contracted with the mega retailer. Moving forward, companies of all sizes should consider vendor risk management.
Risk is not black and white; it’s a spectrum. Businesses must decide how much risk they are willing to take on, but it’s easy to handicap your business if the mindset is “No trust, no risk.” Arizona businesses can consult the experts at Terra Verde to determine what works best for them and learn how to create value from security and compliance investments.
The first step in protecting your organization is knowing what data you want to protect and then evaluating all the places where that information is stored. Dump any data you don’t need. “Clean your own house first,” Dave said. The next step is making sure all of your vendors and business partners are on the same page.
Are you ready to secure your business? Reach out to Terra Verde Sr. Security Manager Jacques Lucas to start the conversation.
Want to learn how to fight cyber crime and protect people’s data? Check out Arizona's first NSA-Certified Center of Academic Excellence cybersecurity degree program at the University of Advancing Technology.
Provost and longtime professor at University of Advancing Technology (UAT), David Bolman, is moderating a Phoenix Business Journal forum that will be discussing the state of cybersecurity and the rise of the tech community in Arizona.
“Arizona will grow based on its strength in technology,” said Bolman. “Phoenix has a tech community on the rise. This is confirmed from all sides: Bureau of Labor, CompTIA, PEW research, Arizona Office of Economic Opportunity, PBJ, the media, etc.”
Bolman is correct. According to an annual report by the CBRE, Phoenix was ranked 15th in the country for tech talent in 2018 and expected to continue to grow. The biggest reason for the talent and growing tech community is due to education opportunities and organizations recruiting talent from outside of Arizona.
“UAT’s student body is primarily from out of state, almost 75% of our students come from all over the country – even international,” Bolman said.
However, with the increase in tech talent and growing businesses in the Valley also brings the need for increased digital security. That demand is not just in Arizona either, it's a growing demand that is beginning to look more like an epidemic than a job opening.
According to Bolman, “There is an important assumption to all of this: Organizations and individuals have to trust that their information, IP and transactions are secure from digital criminals. These PBJ forums play an important educational role for small businesses, the largest segment in Ariz., by giving them access to current information about the state of cyber security.”
“A reality that takes many small businesses and individuals by surprise is that everyone, big or small, need to address digital security as a necessity,” Bolman said. “Essentially every medium to large company has a dedicated IT team that is focusing on network security. But for smaller businesses, especially those not involved in tech, defending against digital theft and ransom is a scary unknown. By convening experts to discuss trends and impact, the PBJ is providing companies information and tools that help them make good decisions, keep their businesses and customers safe, and focus on their products.”
UAT has been offering Network Security degrees and certificates for over 15 years. With its private campus in Tempe just across the street from Fry’s Electronics, the university has also added cybersecurity graduate programs in recent years.
“Our Cyber and Network Security programs have been growing year over year,” said Valerie Cimarossa, Vice President of UAT. “The demand for individuals with these skills and degrees in this field greatly out numbers the current talent pool across the country – if not the world. Our graduates leave UAT with the best knowledge and network security skills to give them more than enough experience to get hired right away.”
UAT is an elite intimate private college in Tempe, AZ focused on educating students in advancing technology who desire to innovate in the areas of emerging technology disciplines including Advancing Computer Science, Information Security, Game and New Media technologies.
Living on campus, students are surrounded in a true living learning technology environment that incubates their ideas into innovations that students can patent and take to market.Students must create an innovation project to graduate.
During Provost Bolman’s three decades at UAT, the university has grown from a single classroom of 13 students into a destination private college campus dedicated to advancing society through the wise use of technology. Provost Bolman has written and been a featured speaker on the nature of technology as a foundational human force. He is an alumni of and past President to the Board of Valley Leadership, is chairing Valley Leadership’s Leadership Institute, is a member of New Schools for Phoenix Fellows and an alumni of the FBI Citizen’s Academy.
Commentary: Dr. Natasha Vita-More
Professor, Undergraduate and Graduate Programs
University of Advancing Technology
On Saturday, February 15, UAT’s Cybersecurity team participated in the Western Regional Cyber Defense Competition. UAT’s team was made up of 8 students, all taking on different roles as team members.
To set up for the competition, I arrived at 9:00am and ran a check of the team members and their titles by checking off the list provided to me by Dr. Brandon R. Brown, the Director of WRCCDC. To be on the safe side, and just in case we came in with a high-ranking, I checked off each student’s name and requested to view each team member’s ID. Below is my check off list:
Team Captain Jeremy Bunce immediately went into action, assessing tasks, team members’ computer locations, and getting the team ready for the competition’s 10:00 AM start time. All competing teams are referred to as the Green Teams. During the competition they are performing tasks for vulnerabilities testing.
You have just been hired as the network and security administrators at a small company and will be taking administrative control of all information systems. You know very little about the network, what security level has been maintained, or what software has been installed. You have one hour to familiarize yourself with the network and systems and to begin the security updates and patches before the red team starts actively attacking your company, you also have to keep up with the needs of the business and user demands while maintaining service level agreements for all critical Internet services.
Because this competition covered the West Regional area, there were 21 universities participating (in alphabetical order). Each of these university cyber teams were competing Blue Teams.
The Blue team's role was to are watch out for any vulnerabilities and hacking from their opposition, the “Red Team”. The Red Team was comprised of computers based in California. The Red Team established numerous handicaps that students had to cover come. Their aim is to simulate external hackers and attempt to gain unauthorized access to competition Blue teams’ systems.
On two separate occasions the Red Team’s servers had a breakdown in the system lasting 30 minutes each. While on standby for the computers to get back online, UAT’s team remained claim and focused.
Students worked as a team. I was delighted at the comradery and lack of egos! They helped each other, while maintaining their individual roles. At 5:10, there were two unfinished tasks for them to resolve and by 5:20 all tasks were completed, with 10 seconds left! From my observation, UAT’s team felt confident and eagerly awaiting the competition results. There was tremendous excitement and a high level of relief!
The WRCCDC wrapped up and its officials examined every inject, red team report, blue team incident report, and the carefully inspected the service scoring engine and database. Their aim was to be completely fair and transparent to make sure that no team had an advantage over another team. The teams that are advancing to the finals are listed below in order of highest scores to lower scores:
University of Advancing Technology (UAT) now offers the option to earn a professional certificate in technology-centric disciplines. These certificate options derived from the reality that local business is starved of technology talent and as such find themselves having a difficult time scaling for growth. As a long time partner meeting the needs of business demands, UAT is seeking to impact sector growth head-on. These certificate options afford business owners and executives the ability to grow their company while offering employees seeking career advancement opportunities an affordable option to add professional development to their resume.
The Cybersecurity Cave on campus.
UAT President Jason Pistillo said, “UAT understands that a company’s growth can be stifled due to lack of tech talent. In order to be part of the solution, UAT wants to help businesses reach their full potential by nurturing the current technology workforce and by providing the skills employees in tech need to further their careers. Educating and developing existing staff saves employers time and money by offering their employees a new skillset to take their company to the next level.”
Chief Executive Officer and Chief Technology Officer of Security Horizon, Russ Rogers said, “The potential for an organization to succeed, and even excel, at meeting its goals is becoming much more dependent on the people within the organization who best understand current technologies. Without this understanding, the organization may be lacking the critical technological advantages needed to perform at the highest level, and may be putting their most valuable assets at risk of compromise.”
UAT’s initial roll out includes options for cyber defense and for software development. Both options offer an intensive courseware for business owners to offer their technology staff in order to learn the most up-to-date information and techniques.
These comprehensive Certificate Programs offer many benefits to business owners and employees, such as flexible schedules – evening, online and hybrid classes are available to accommodate the working professional, a hands-on and skills-oriented classroom environment taught by industry professionals, and access to all campus resources and technology. Certificate credits earned can be applied to a graduate degree, upon completion of three courses; certificate credits can transfer towards a master’s degree.
UAT has partnered with Arizona Bank and Trust, who have agreed to assist startup companies by providing funding and financing for a grant to enroll tech employees in the certificate program. For large companies, employers have the ability to request a customized curriculum in an effort to address specific, more tailored needs.
In a small town in Alaska, a sophisticated cyber attack nearly wiped out the Matanuska-Susitna (Mat-Su) Borough network servers with a virus cocktail of ransomware, a trojan horse, time bomb, Cryptolocker and dead man’s switch, according to reports by BleepingComputer and BBC. This attack forced the town’s businesses to dust off old typewriters and conduct business by hand until IT experts were able to get back online.
While the use of machines that click clack is unsustainable in the digital world, the Mat-Su attack is just one example of the type of criminal activity happening in the public sector that keeps cyber warriors on their toes.
According to Statista, government agencies are at the top of the list for cyber attacks, which involve “non-state actors, such as terrorist groups, political or ideological extremists groups, transitional criminal organizations and hacktivists,” who intend to cause destruction or mayhem.
Between 2014 and Q1 2018, the U.S. government and military reported 350 million breaches to their systems, according to Statista. And in 2015, the government dealt with the largest global data online breach to its U.S. voter database.
Penetration by foreign governments is a real threat and an on-going battle for our nation's online warriors.
Dr. Greg Miles, Program Champion of Cyber Studies at the University of Advancing Technology, principal of Peak Security and former Black Hat teacher, said the most prevalent foreign countries initiating attacks include Russia, China, North Korea and Brazil.
“Their goal is pure disruption with the intent to cause fear, uncertainty and doubt in U.S. organizations,” Miles said.
Russia has been on the radar for some time, especially with the ongoing federal investigation into the 2016 elections. The Russian hacker group, referred to as “Fancy Bear,” hacked the Democratic National Committee computers and exposed information about political candidates. The CIA determined that Russia’s motive was to assist Donald Trump to win the election instead of “undermine confidence in the U.S. electoral system,” according to the Washington Post.
Recently, the Department of Homeland Security (DHS), FBI and UK officials issued a joint warning about Russian attacks to everyday equipment such as routers, switches, firewalls and our power grid system.
“These hackers want to create a level of chaos where people can’t conduct business in a regular manner and target critical infrastructures that affects people and the ability of governments to keep control of our citizens,” Miles said.
The top two concerns from these agencies include the ability to “access data and intellectual property, allowing them to spy on companies and individuals and steal not only their secrets but the data that they use to run their businesses. The second, is that the Russians could be setting up backdoors that would allow them to take down critical infrastructure such as banking, energy and manufacturing as a precursor to actual physical war,” as reported by USA Today.
With increasing threats to our country’s defense systems, the Department of Homeland Security (DHS) developed the Cyber Incident Response center that “share threat information with private companies [and] identify the country’s digital ‘crown jewels’ that may be especially vulnerable,” as reported by Fifth Domain.
“If hackers can get defense designs, they will either build defense systems themselves or find vulnerabilities to disrupt our defense systems,” Miles said.
The House passed legislation for the Cyber Incident Response center authorizing their warriors to hunt down cyber criminals and “help owners and operators of critical infrastructure respond to cyber attacks as well as provide strategies for mitigating cyber security risks. The bill would also allow the Secretary of Homeland Security to add cyber security specialists from the private sector to the response teams,” according to The Hill.
With the need for more online warriors, the public and private sector are investing in more talent and technology. Within Arizona, there are over 40 cyber security companies in different stages and currently over 10,000 job postings within the industry, according to cyberseek.org. And “for the 2019 fiscal year, the U.S. federal government has budgeted $45.8 billion for federal IT spending,” according to Statista.
For those looking to fight in the nation’s online war, picking the right educational program can make you more attractive to government agencies.
The National Center of Academic Excellence (CAE) is an accredited cyber security program sponsored by the DHS and National Security Agency (NSA) given to colleges for their alignment to their “specific cyber security-related knowledge units vital to securing our nation’s information systems and validated by top subject matter experts in the field.”
For 22 years, University of Advancing Technology (UAT) has graduated cyber warriors from one of the longest running CAE designated programs in the U.S. At UAT, students can build their skills and obtain a cyber security degree in a shorter amount of time than at a state school and enter the workforce 2.5 years earlier on average with a higher level position and salary.
UAT takes an applicable approach to cyber education to prepare students for battle and make an impact. In UAT’s cyber security program, students engage in real-world activities, develop and redefine ethical hacking skills in UAT’s Cyber Warfare Range, which is equipped with 16 FRED machines (funded by a D.O.D grant) and experiment with tools in an isolated environment.
UAT students are pushed to think out-of-the-box, develop innovative ways to combat attacks and demonstrate their cyber warrior abilities. To support a student’s growth, the Cyber Advisory Board brings in alumni to help mentor students for potential cyber intern opportunities with government agencies.
Aside from education and training, there are important qualities that make up a strong cyber warrior.
“You must have the desire, passion, need to learn and protect, and the ability to think outside the box. These attackers are going to generally be one step ahead of you and you have to think a lot like an attacker in order to put the right defenses in place for whatever organization you work for,” Miles said.
Learn more about UAT’s cyber security program HERE.
On April 27, 2018, North Korea and South Korea signed the Panmunjom Declaration for Peace, Prosperity and Unification of the Korean Peninsula. Two electronic versions—one in English and one in Korean—have been stored on the Ethereum blockchain. The energy industry alone has invested $1 billion in blockchain.
And four of the world’s largest automakers want to put blockchain technology in your car.
“Blockchain is right up there with the invention of the Internet,” said Damian Chung, Sr. Director of Cybersecurity Engineering and Development at Dignity Health. Chung thinks blockchain has the potential to revolutionize healthcare, empower businesses to bypass the middle man and even safeguard democracy. “We can apply it infinitely, so it’s here to stay,” Chung said.
Blockchain may lead to unprecedented business agility and help companies save time and money, but few people know how to harness the power of this emerging technology. According to TechCrunch, 14 blockchain job openings exist for every one blockchain developer.
Students who take Chung’s Summer 2018 blockchain class will be able to:
The 15-week course will cover blockchain transactions, keys, miners, distributed ledgers, blockchain wallets, hash functions, pseudonymity, Solidity, Go, private blockchain on Ethereum, Hyperledger Composer and MultiChain. Even though the class will incorporate some coding, students do not need to be strong programmers to do well.
Students should also capitalize on the power of the magic words, “I am a college student, and I need help.” Reach out to professionals who are already doing cool things with blockchain. Tweet to SEMs who tweet about blockchain. Ask questions on blog posts. Utilize LinkedIn. Create your own internship.
Search for and join Meetups such as Desert Blockchain. Professionals go to Meetups because they want to connect with other innovators, give back to their communities and meet and mentor (and possibly hire!) curious students.
Learning how to develop blockchain solutions will prepare students for careers as disruptors. Studying how blockchain is transforming industries such as banking and real estate will also help students to forecast, visualize and implement change in other industries such as energy, gaming, HR and cosmetics.
Interested in collaborating on a blockchain project with UAT or hosting a blockchain event on campus? Reach out to Ashley: firstname.lastname@example.org.
Blockchain believers hail the distributed ledger technology as a transformative means to enhance trust and transparency. But how does it impact privacy?
Cyber Security Expert and UAT Adjunct Professor Damian Chung empowers his students to develop blockchain solutions for real-world problems. Despite his enthusiasm for blockchain technology, he still preaches caution:
“Companies looking to implement blockchain solutions will have to consider how much anonymity and privacy is required so that the proper architecture is designed. The more restrictive the environment, the lower the user adoption rate. Naturally, a permissioned blockchain would have less nodes but contain better privacy. Even in a privately managed blockchain, would you trust the company who controls access to the system?”
Several startups that aim to solve the blockchain privacy problem are popping up. For example, Oasis Labs recently garnered $45 million in VC funding. Their mission is to create a “privacy-first cloud computing platform on blockchain.” They have already began testing their ideas by initiating new privacy safeguards at Uber. Developers can apply now to join the Oasis Labs private “testnet.”
Bitcoin, the world’s first decentralized digital currency, enjoys a sort of pseudonymous privacy. Web merchants leak data about purchases. Online wallet service providers remain prime targets for hackers. Government entities seek to increase regulatory requirements on exchanges, which could open access to users’ personal information. Professor Chung breaks it down:
“Bitcoin transactions are easily searchable because the blockchain is publicly accessible. The identities of individuals may be hidden by use of a public crypto key, but it is not impossible to draw a connection to a real identity. As soon as that real person goes to exchange a cryptocurrency for hard dollars, they have to reveal themselves.”
He poses this question to his students: “Should you trust anyone even when everything is encrypted?”
If you want to develop blockchain solutions that protect people’s privacy, check out the University of Advancing Technology’s cyber security degree program here.
Ethical Hackers are talented hackers who use their superpowers for good. In essence, hackers are smart people who want to understand how things work. They tear things down to their basic components—a process known as reverse engineering—to get a deep understanding of something.
The term hacker is often misused or misunderstood in the media and in the community. There are actually three different types of hackers: white hats (the good guys), black hats (the bad guys) and gray hat (the guys who ride that good guy/bad guy line).
If companies and organizations don’t understand how hackers can get into their systems, then they will have a hard time securing them. That’s why smart companies hire ethical hackers to identify and fix vulnerabilities, therefore preventing exploitation by malicious hackers. White hats help these companies save a lot of time, money and headaches.
We hammer ethical concepts into UAT students throughout their time in school. UAT students work through penetration methodologies, risk assessments and social engineering tactics. Then they analyze their findings to determine impact on “the customer” and recommend ways to improve their security posture. Students also learn how to explain their findings through extensive report writing (just like in the real world).
Check out this short clip to learn more about our cyber security program:
You can also connect with me on LinkedIn. We're always exploring collaboration and educational opportunities with our friends in the cyber security community.
Colleges have many resources to help students find internships, including jobs boards, networking events and career fairs. But there are other ways to find internships, especially if you know what you want. For example, UAT network security student Gabriel Howard chatted up the guy sitting next to him on the plane home from Black Hat and left the airport with an internship.
Gabe's internship with the City of Mesa focused on threat hunting and threat intelligence, which means finding out how vulnerable a network is and how a security team can respond to potential threats. Gabe also responded to phishing attempts using intrusion detection tools when malicious emails were detected on the network.
The City of Mesa also has community outreach programs, which Gabe got to work with. For example, he helped Mesa K-Ready to deploy software for tablets that children can use for learning.
Over the course of his internship, Gabriel encountered some obstacles such as collaborating and communicating effectively with an entire team and balancing work, school and life. His biggest takeaway: Don't be afraid to ask questions. Lots of questions. When he felt comfortable asking engineers the tough questions, he learned a lot and helped improve his contributions to the team. In the beginning, Gabe really struggled with time management, so he developed a schedule and stuck to it.
Overall, Gabe enjoyed his internship. Classes such as Security Essentials and Foundations of Systems Administration helped prepare him, especially with all that report writing and documentation.
All on-ground UAT students must complete an internship in order to graduate. Gabe's advice for students? "Do your own research outside of class, work on your own projects and get out there and talk to people." He recommends starting out in a basic cyber security or information technology internship, finding out what you like and then pursuing a more specialized internship.