University of Advancing Technology is an elite, private college that serves its student body by fostering knowledge creation and academic excellence in an environment that embraces the young technophiles of the world. With three centers of research and a suite of technology-centered undergraduate and graduate degrees, the University is a recognized leader in technology education.
Leading cyber security education in the southwest, University of Advancing Technology (UAT) has surpassed 20 successful years since the inception of its elite Network Security degree program. As one of the longest-running cyber security degrees in the southwest, our complete continuum of undergraduate and graduate cyber security degrees have prepared thousands of ethical hacking, network security, and cyber security graduates. The NSA has designated UAT as a CAE training center in cyber defense.
Visit University of Advancing Technology for more information on all our cyber security majors.
In fact, there has been a notable shortage of cyber security professionals, making this field appear even more lucrative and enticing. And with that, more individuals are going to college to earn a degree in cyber security.
But is a college degree in cyber security really worth it? Do you need one in order to be successful?
In this guide, we are answering these questions and more so you can make the best, most financially sound decision for yourself.
The field of cyber security (also written as “cybersecurity”) focuses on securing computer systems, servers, networks, mobile devices, and more against malicious attacks and intruders.
Hackers often launch attacks against digital devices in order to access private data; cyber security professionals protect individuals and businesses from these threats.
A cyber security degree will give you the foundation, skills, and coursework to help you pursue a career in cyber security. At most institutions, this comes in the form of a bachelor’s or master’s degree with an emphasis on information security.
This degree tends to be more rigorous and challenging than many other degrees but can lead to a very fulfilling and lucrative career.
The field of cyber security is broad and far-reaching, but most individuals tend to focus on a few key areas of computer science. These are the areas that are in the highest demand, but you can always specialize according to your own unique interests and skillset.
Network security professionals work to help individuals and businesses better protect the integrity of their network and data access. They defend networks against data breaches and other security threats – often using antivirus software, firewalls, VPNs, network analytics, and more.
Also known as “digital forensics”, technology forensics involves the investigation and recovery of information and data found in digital devices. These professionals help individuals and businesses recover “lost” data, defend against cybercrime, and report on their computer system’s performance.
Network engineers design, construct, and manage networks to ensure they are functioning at optimal performance. Individuals and organizations need optimized and secure networks in order to maintain uptime, keep their data secure, and stay connected across devices.
If recent news stories are any indication, it’s becoming increasingly more dangerous for businesses and individuals to ignore digital security threats. With more touchpoints for hackers to take advantage of, we see an increasing need for cyber security professionals to come to the defense.
You might want a degree in cyber security if you:
We can say outright that Yes, getting a degree in cyber security is definitely worth it. While the benefits of entering the field of cyber security are limitless, earning a degree is the best way to set you up for success from the get-go.
Here are some reasons why earning an undergraduate degree in cyber studies is the best path:
Many aspiring cyber security professionals turn to free resources in order to obtain their skills and experience on a budget. But these free resources can only take you so far.
For one, you risk learning outdated or inaccurate information. Second, this “unofficial” education very rarely translates well (in the eyes of hiring managers) when it’s time to apply for cyber security jobs. For these reasons and others, it’s best to take the traditional path and earn a degree from an accredited institution.
Colleges not only provide degrees but help set students up for success by providing access to a wide range of resources, events, skill-building sessions and more.
Most colleges offer internship opportunities, networking events, career counseling, and other services to help students not only gain more skills in their field but be better prepared to land a job after graduation.
The reality is that earning a degree in cyber security opens the door to a higher starting salary and better job prospects compared to jumping straight into the field with no education or experience.
In fact, recent studies show that a degree in cyber security can boost a job applicant’s “appeal factor” and lead to a higher salary. Also, keep in mind that many companies actually require applicants to have a degree in order to land the job.
A master’s degree in cyber security can also help you appear more attractive to hiring managers and present an opportunity to improve your skills, specialize in a specific area, and/or pivot to a different area of focus.
The average starting salary of someone with a Master’s of Science in cyber security is higher than that of someone with a bachelor’s degree.
And with online learning options available, plus on-campus and hybrid options, getting a master’s degree is more accessible than ever.
In short, yes, it is possible to land a cyber security job with no experience. But is it easy? Not necessarily.
In one of our recent posts, UAT professor Aaron Jones shared his thoughts on getting a cyber security job right out the gate:
“Information technology is hyper-competitive and the level of success you attain will often directly correlate with the amount of effort you are willing to put into it…
The degree is part of the equation… If the job does not require one but favors that degree, I have put myself above all other seekers lacking that degree.”
In other words, a degree may not be required in order to land a cyber security position, but it definitely helps. For your best chance of landing a high salary, we recommend earning at least a bachelor’s degree and attending an accredited college that can set you up for success.
According to the U.S. Bureau of Labor Statistics, the median salary for an Information Security Analyst in the United States is $103,590 per year. The career outlook for cyber security analysts is 31%, which is much faster than the national average. Recent projections anticipate the field of cyber security adding over 40,000 new jobs between 2021 and 2029.
“Demand for information security analysts is expected to be very high, as these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or causing problems for computer networks.” – bls.gov
One of the best ways to prepare you for a career in cyber security is to attend a college that offers internships, networking opportunities, and access to career services. These resources will help you prepare for job interviews, gain hands-on experience, and find job opportunities through your college’s exciting connections.
Plus, earning an advanced degree in cyber science is a great way to land an even better position and increase your earnings.
Here are some tips for applying to cyber security jobs:
UAT offers a Master’s of Science in Cyber Security, as well as bachelor’s degrees in Network Engineering, Network Security, and Technology Forensics. Our Cyber Security Degree for Ethical Hackers and Network Security Curriculum has been certified through the NSA/DHS National Information Assurance Training Program in Information Assurance and Cyber Defense.
Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security Bachelor’s of Science degree prepares students to take on the ever-evolving world of information security.
If you believe a career in cyber security may be right for you, request information about our degree programs. At the University of Advancing Technology, we’re passionate about helping students enter STEM fields and acquire the skills they need to land a rewarding career in cyber security and beyond.
Being a victim of a security breach is frightening and disruptive. Unfortunately, it is becoming an increasingly common part of our digital lives. The FTC states that 7-10% of U.S. citizens are victims of identity fraud. On a long enough timeline, most of us become victims of a security breach in one form or another. In fact, you may already be a victim and are unaware.
A simple method to check for security compromise can be performed at the "have i been pwned?" site. This site was created by Troy Hunt, a Microsoft Director, in order to help increase security breach awareness and prevent exploitation of multiple user accounts. Troy researches breaches and pastebins (a hacker preferred text storage sites) on behalf of others as a public service.
Password reuse is very common, as are weak and short passwords. One way to help eliminate this problem is to create an audit list of all accounts that you have created—try to recall all of them. Go through the list and change all of the passwords to something, unique, complex and long. While you’re there, set up multifactor authentication as well. This prevents the hackers from succeeding with multiple account access with the same credentials.
This audit and password change process can be daunting with the large number of accounts we tend to create, but it's easier to facilitate with a password manager. A password manager is an application that stores and generates strong passwords using the latest encryption algorithms and will outperform even the best human memory. Speaking of imperfect memory, changing all passwords quarterly is a best practice. Some recommendations for password managers to help facilitate this process are:
Multifactor authentication (MFA) can be implemented by setting up a sign-on generated pin number text to a mobile device, an email, or a code sent to an MFA application hosted on a second device. There are numerous ways to implement this process and it can often be performed natively through the website you interface with. Having MFA and unique, long, complex passwords exponentially decrease your chances of being compromised.
Finally, there’s the process of freezing your credit. All three bureaus—Equifax, Experian and Transunion—have a free method to freeze your credit from inquiries and new account creation. By blocking your credit, it’s not possible for a threat actor to create an account falsely under your identity. When you need to have a credit inquiry performed, or an account opened, you simply unfreeze your credit during that time period, then re-freeze the accounts when done. It’s a free layer of protection. Here are the links to freeze your credit:
If you’re in doubt about your personal security, these steps are helpful in assisting you to increase your security posture and reduce risk of identity theft.
Network Security degree students will use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.
Don't wait. Apply now!
Not all advice is created equally—especially when it comes to technology security. There are things you can do which greatly increase your security and protection. And there are things you can do that provide only minimal, if any, protection. Let's look at wireless security.
Whenever I can, I use a wired connection. It tends to be faster and more stable. However, wireless is incredibly convenient and relatively easy to set up, so it’s pretty prevalent everywhere. But with any networking technology, network security must be considered.
The average home user, when it comes to wireless security, may do some googling, and come upon some very popular advice. But is it GOOD advice? I googled "how to secure a wireless network", and the first result was from the Cybersecurity & Infrastructure Security Agency with a list of suggested actions, including the following two popular options to minimize the risks to your wireless network.
Pretty authoritative, right? I mean, it comes from a government website; certainly, we should heed it. This advice, in a nutshell, sounds pretty reasonable: use MAC address filtering, and disable the broadcasting of your SSID address. I'm going to be radical, though, and tell you to ignore both of those as relatively useless advice, which needlessly complicates things, when there are simpler and better options.
Let's discuss MAC address filtering first. Basically, you find the MAC address of your network cards, and then add them to a list of "allowed" network cards. If you need to connect a new device to wireless, you need to find the MAC address of the device and add that MAC address to allowed devices—otherwise, it cannot connect. This sounds pretty great, though it is a lot of work if family comes to visit regularly and wants to connect their devices, administrative overhead increases.
Does it keep the bad guys off your network? The bad guys need to be near your network, and they need to have the WPA2-PSK you use—the password you give out. They also need to have an approved MAC address. But guess what? A popular tool around for over a decade, Kismet, allows anyone to see the clients connected to your wireless access point, and it lists the MAC address for those clients. Then, the bad guys can change their MAC address to one of these approved clients—it'll take them about 60 seconds or less. How long does it take you to add MAC addresses to the approved list? Probably longer. So, we have a layer of security—and I'm all for layers of security—but this layer of security makes things harder for the good guys and doesn't present any hindrance to the bad guys. It’s not worth the time.
A similar method is disabling the broadcast of your SSID address. This is another popular recommendation that is effectively like filtering your MAC address. Anyone who comes over to use your wireless will need you to provide your SSID to them to type in, along with your WPA2-PSK wireless password. All the devices you set up in your home will need to be set up manually as well, as they won't be able to "see" your wireless network. This is a lot of overhead. Worth it? Unfortunately, no. Once again, it's work for the good guys, and no hindrance to the bad guys. The bad guys, once again using Kismet, are able to "see" the names of all hidden, non-broadcast SSIDs in the area.
Both of these options would be like putting your front door on the roof of your house—harder to get to, better security—right? Except every time you want to get in your house, you have to climb a ladder, meanwhile, the bad guys just break a window.
Instead, focus on the WPA2-PSK key, the password you use to connect to your network. Longer and complex is always better, just like with your passwords. Simply adding a few characters can significantly improve the security of the password and better secure your network, without making things harder for you (and negligible for the bad guys) like MAC filtering and SSID broadcast disabling.
Work smarter—and be harder to hack!
Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security bachelor of science degree prepares students to take on the ever-evolving world of information security. Network security students will receive hands-on technical training and learn best of class software and network programming and essential network security analysis.
Human psychology is a fascinating yet troublesome area of interest for me as a cybersecurity professional. In over 30 years in the industry, the primary “unsolvable” problem has been human behavior. Most people don’t intentionally try to create problems, but they sometimes can’t help themselves. Take for example, the continued growth of phishing campaigns, which allows malware into your environment.
Malware (short for malicious software) is unwanted programs that can cause your system slower speeds, damage or can result in the loss of data or control of your operational systems. Types of malware are extensive, but some of the terms you have heard include virus, worms, ransomware, adware, and more.
If you aren’t familiar with the term “phishing”, it is a play on the word fishing, where you are trying to bate or entice someone, normally via email or a web advertisement, to click a link. That link will then take you to a compromised site or download the malware onto your system. If your system or network has exploitable vulnerabilities, then you can further compromise your environment, resulting in the loss of confidentiality, integrity and/or availability of your critical data or operational environments. Phishing may be used to ask for your credentials to a specific site (bank, credit card, social media).
How do people get caught up in these types of activities? Well, here are just a few of the more common reasons.
The email header reads: “Queen announces retirement from Royal Duties”. In the email is a link that says “read the latest news here”. Of course, you are curious; but do you click the link? Of course NOT. If you think it is real news, you can find it on reputable news sites. If you scan the headers of your emails, you might find a few dozen or more headers with attempts to catch you with something you would be interested in.
The email header reads: “Complete this survey and get a $100 Walmart gift card”. Inside the email is a link that appears to go to a survey. Of course, it likely isn’t legitimate.
Fear, Uncertainty and Doubt (FUD)
The email header reads: “Action Required: Your PayPal Account is Suspended”. Inside the email is a professional looking button that says PayPal Login. Looks legitimate? Do you have a PayPal Account? Maybe your wife set one up in your name? Don’t click the link. You can check the status of your account by going directly to the vendor’s known legitimate website.
You are just sitting there trying to find something new and interesting to read or do. Those kinds of situations get us all into trouble.
Exhaustion or In a Hurry
Sadly, the faster we try to go or more tired we get, the more likely we are to make a bad decision or just not analyze the situation correctly. This is the same reason why most people don’t read the terms and conditions associated with their applications and memberships. With an average attention span of 8 seconds, people tend to look for “instant gratification”.
How do you stop humans from “clicking the link”? Better to ask, can you? The human nature will revert to its habits, so cybersecurity education, training and awareness will only take you so far. Don’t get me wrong, education is still essential, but you do have to assume somebody will click a malicious link, and organizations must be ready when they do.
Sadly, there is no perfect prevention; however, a few pre-emptive actions can significantly reduce the likelihood of a successful malware attack.
Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.
Visit University of Advancing Technology for more information on all our cyber security majors .
H@xc0rd is a simple yet powerful Discord bot for the utilization of common tools frequently used in network security, without the need to understand Linux.
“With only one command to start it, there’s no reason not to love it,” says H@xc0rd mastermind Bradley Chavis (Advancing Computer Science, Network Security). “No more struggling to set up a Linux machine, or trying to find all the tools compatible with Windows. It’s just one command and you’re done.”
H@xc0rd tools range from exploit to recon, including Hashcat, Hydra, Nmap, Shodan and many more. Each tool has its own custom-built help section to guide the user through understanding what the tool is, how to use it and how to use the results gained from it.
H@xc0rd was built off the node.js run time library, leveraging many libraries along the way, such as Discord.js and axios. The different commands are based on modules, enabling them to be loaded dynamically. This offers another benefit — the ability to limit users to certain tools and commands. Since many tools within this project can be intrusive to the local network that it’s hosted off of, the bot owner can adjust who has access to what tool at any time, significantly limiting the chance for it to be abused.
H@xc0rd is even simpler to use on the server this bot is hosted on — only a Discord account and a basic knowledge of the platform is needed. To use the bot, simply tighten the specified prefix that can be found packaged sub.js on file and the command you want to run. Such as a “!ping” command, which gives you latency to the bot.
Crack a password hash with java ripper and show off the results to everyone on the server. You no longer need to export the results of the tool to a file and send that file to others, time and time again. Better yet, want to find information on how many times a certain password has been compromised, like password? Use the “!haveibeenpwed,” which utilizes the haveibeenpwed guy to query and display the results.
Want to find out information about a machine accessible to the public internet through “!shodan,” and don’t know where to start? Start with H@xc0rd. Just add the help argument after any command for a comprehensive description of the tool, arguments that can be used with the command and external resources to learn more about that specific tool.
Now you may ask, how do I know all the commands in the first place? Well, the command “!commands” of course, which lists out all the available commands. Currently, there are approximately 15 types of tools implemented into this project.
As time goes on, new tools come along and current ones slowly fall out of date by not getting updated. To accommodate this, Bradley and project partner David Austad (Network Security) will consistently update the tools within the project, removing and replacing them with new ones that provide similar results.
If there is a tool that hasn’t been implemented yet, but you really want to use it, you have the freedom to add it yourself. H@xc0rd was built so that a new tool can be implemented in a matter of minutes!
During the building of this project, Bradley and David ran into a big issue — at first, the only way to run H@xc0rd was on Linux. Since this didn’t comply with the final goal of utilization by everyone, they searched for a solution and found Docker, a virtualization platform that allows operating systems’ environments, like Linux, to run on systems that generally wouldn’t support that, such as Windows or Mac OS. Docker’s implementation into this project allowed H@xc0rd to be hosted on nearly every operating system and can easily be tuned if one doesn’t work perfectly through the provided install script.
Another goal of the project was to make it as simple as possible for the user to set it up through install scripts. The entire install process was automated through bash scripts to run natively on most Linux systems.
Saving the best part for last, it’s free and open source. Bradley states, “You will never be limited with what you can do with this project, only by your imagination.” As time goes on, Bradley hopes others will contribute to it as well. Currently, H@xc0rd is only available via GitHub with plans in the works to host it through Docker as well.
Take your ideas and make them happen with UAT’s Advancing Computer Science degree.
Inspired by the lack of Internet of Things (IoT) security in homes and small business environments, Andrew Maddox (Network Security) created Smart House Security Solutions, a budget solution to network segmentation for home use of IoT networks. The project provides underutilized methods and tools for securing everyday IoT environments through a less expensive means of network segmentation, which is vital for the future and creates a demilitarized zone for the IoT devices.
To create the project demo, Andrew and fellow peers took advantage of the equipment in the lab and quickly got their hands dirty making IoT devices.
UAT’s segmented network was used as an example for this project. UAT’s primary segmented network leads to the primary front facing router with the switch delegating internet access based on IP range from the primary front facing router to personal computers or any computer that might be connected to the network. The IoT network has a wireless access point that facilitates all IoT communication between the devices and server.
The primary (public) router cannot ping the IoT network or device. As far as the front-facing router is concerned, the information was already passed to the IoT network router which distributes the information to the IoT devices for a more downstream flow. Without direct communication between the primary router and the IoT device/network, the IoT network becomes a demilitarized zone and handles the primary server communicating with the IoT devices and io network.
Andrew pursued the IoT project because of the experience he would gain and the opportunity it presented. The project involved systems administrative experience, network engineering, team management, problem solving and more. Throughout this project, Andrew learned a great deal about network segmentation as a component of the layers of network security, which is becoming more relevant as IoT becomes more pervasive.
Andrew is currently a Network Security major in his eighth semester at UAT, a previous CCDC team member and student ambassador and now a full-time employee at Norton LifeLock as a site reliability engineer.
Take security into your hands with a Network Security degree from UAT.
Always interested in technology, Daniel “Kody” Mitchell grew up watching his father play World of Warcraft and StarCraft. He quickly fell for these games and soon after, developed a love for programming while taking computer science classes in high school.
Kody came to UAT for the nerd and geek vibes. Since attending, he loves the family community aspect, the collaborative teamwork-focused environment, the combination of hard work and having fun and how the University truly prepares students for the real world. Kody feels that he has already learned so much about the industry and has gained the basic skills he will need to thrive.
Studying Artificial Intelligence and Network Security at UAT, Kody chose these degrees because he’s always been fascinated with artificial intelligence and knew that the world needs more cyber security professionals. So, he thought why not combine the two for a unique education and skillset!
Kody is a Student Ambassador for UAT and was involved in Nerf Warz! In his free time, Kody has been working on a project to create a calendar-budget program in Python that allows the user to see things at a glance, or hover over days for more details. The basis of the idea consists of the user inputting transactions they make on any given day (expense or income), and based on any recurring fees or payments, the program will show what day the user might run out of money (if there is one).
After taking a couple of classes taught by Mason Galatas, Kody was inspired by his expertise in his field and hopes to one day know as much as him, be as helpful and have as much fun!
Kody’s hobbies include 3D printing, programming, playing video games, singing in the car and watching movies. Once Kody gets out in the real world, he can't wait to put the skills he’s learned from UAT to the test and make a positive difference!
UAT is for people like you. Discover where you fit in at UAT.
Choosing a college major is a big undertaking. Even more daunting is planning for a career that will grow and remain exciting for decades. Getting a college degree is more than just a rite of passage or something you have to do. It is the first step to a journey that will shape your present, your future and how you want to contribute to society.
If you have a passion for technology, you are in for a great adventure.
Fueling economic growth, improving standards of living and creating new jobs are just some of the benefits of technology. With an economic impact of $1,879b and over 4.6 million US job postings, tech jobs are exploding.
The key is to select a major that:
Choosing the right college major can lead to a career that lets you take on new challenges and experience the rewards of solving big problems using technology. Ideally, it will provide you with a platform for launching your career and a foundation for a meaningful long-term adventure.
|Tech Job||Median Pay||Projected Growth Rate|
|Artificial Intelligence Engineer||$146,085||344%|
|Information Security Analyst||$99,370||31%|
|Computer Research Scientist||$122,840||15%|
As a technology major, you are ideally positioned to take part in some of the most exciting trends in history. These tech trends are growing quickly in 2021 and offer strong career potential over the longer term.
Trend 1: An Explosion of Data
By the year 2024, an estimated 149 zettabytes — the equivalent of more than 149T gigabytes —will be created globally every single day. The challenge is to take all that data, store it and deploy it in ways that help businesses, organizations and entire societies.
From small e-commerce shops to huge government agencies, organizations of every size and type know they need to use their data more effectively. It is among their highest priorities. That is the role of the data scientist. They integrate math, computing and critical thinking to answer deep questions, solve big problems and invent data-centric tools and technologies.
Some data scientists shape huge data stores to optimize traffic and services in large cities. Others monitor the click flows and user patterns on huge web platforms. Some help to create IoT solutions that make driving safer. Data scientists use raw data to develop insights and tools that unlock the future.
Short-term Demand: Data Science, Data Analysis or Machine Learning appear on nearly every list of top career options for 2021. The US Bureau of Labor Statistics (BLS) lists Data Scientists among its most in-demand professions now.
Long-term Outlook: The best opportunities in data science combine AI and machine learning to connect create new knowledge. That trend is just starting. The BLS expects 15% growth in the demand for Data Scientists between now and 2029.
Trend 2: Growth in AI
Artificial Intelligence is coming into its own as a stand-alone technology that helps humans make decisions, create media and manage large-scale online platforms, among many other things.
It is also a sort of "operating system" for other leading-edge technologies such as automation, DevOps, chatbots, and robotics. AI-driven applications will touch nearly every area of our lives. That's why AI majors’ study human cognition decision-making along with networks, programming and computer science.
Short-term Demand: Artificial intelligence specialists are in strong demand now. AI is a young, expanding field that is creating outstanding career opportunities.
Long-term Outlook: Forbes reports that AI will create $15.7 trillion in economic value by 2030 and lead to 12 million new jobs by 2025. Recruiting site ZipRecruiter.com calls the career prospects for AI professionals "excellent." The site notes that AI is expected to grow "explosively" over the coming decades as the technology matures and finds its way into more uses.
Trend 3: The Scourge of Cybercrime
The cost of cybercrime is expected to exceed $6.1 trillion in 2021, according to Cyber Security Ventures. That's $190,000 every second.
Whether they are guarding against identity theft, preventing destructive hacking or detecting and defeating espionage, fighting cybercrime is a growth area for well-trained professionals. Sadly, as long as there are cyber targets, there will be cybercrime. Society depends on a new generation of cybersecurity superheroes to deter, detect and defeat it.
Short-term Demand: 74% of companies worry that a lack of cybersecurity talent will put their data at immediate risk, Forbes reports. The New York Times calls the current employment market a "mad dash" to find qualified information security professionals.
Long-term Outlook: The Bureau of Labor Statistics expects the demand for cybersecurity experts to remain strong for the next decade, at least.
An investment in education is an investment in your future. We have seen that one way to maximize your investment is to consider both immediate and longer-term career implications. Choosing which college to attend is just as important as choosing the right major. Just like your degree, you want to make sure your university is the right fit for you.
Technology changes fast. So, it is crucial to choose a university that is fully dedicated to preparing you for your future. Rigorous academic coursework and extensive hands-on skills building will provide a broad and deep foundation on which to build your technology career. Ask your potential college how often they update the technologies, software, and tools you will be using. You can’t learn the newest advancing technologies if you’re working with outdated equipment.
Life-long learning is important for any degree major but even more so for technology majors. Technology is exciting because it is constantly changing, and you need to be ready to change with it. Seek out a university that offer opportunities for continued learning after you graduate. Look for alumni programs and benefits that will help you advance in your career long after your graduation date.
Classes, studying, and working on course projects will make up the bulk of your college career, however, don’t forget to look outside the classroom for more to learn. Take advantage of social clubs, student events, and networking opportunities to build a group of like-minded friends and maybe even future colleagues or business partners.
College can be expensive so invest wisely. Speak with financial advisors to learn what programs and scholarships are available. Spend some time researching grants or private sources of aid. Consider the length of time you will be in college too. Most bachelor’s degrees require four-years of study however, if your university of choice offers accelerated programs or year-round study, then you may be able to graduate sooner. That means you can be earning a salary and moving up the company ladder while your peers are still in school paying for tuition, books and room and board.
Choosing a technology major should be fun and exciting and done with some planning for the future. Technology careers can be rewarding and long-lived with the right plan of action in place. That plan starts with choosing a major that aligns with your interests and goals for what you want to accomplish in your career. Selecting the right university will ensure that you get a solid academic foundation in your major of choice, build lasting relationships with like-minded people, and provide the tools and resources for life-long learning that will help you build and grow a great tech career.
If you're interested in a career in technology, University of Advancing Technology is a great place to start. UAT is an elite, private university that offers cutting-edge technology majors at it's Tempe, Arizona campus, online, and hybrid classes. This tech-focused University has the status of being among a select few 100% STEM-based universities in the nation. Learn more at UAT.edu or request information.
UAT has led the way in cyber security since the late 90s, writing the rule books for cyber security education in Arizona.
Marking over 20 successful years since the inception of its elite Network Security degree program, UAT is proud to participate in Cyber Security Awareness Month, during the month of October, allowing our faculty of experts to share important information on cyber security with the public.
UAT recognizes the importance of training cyber security experts, in its students, alumni, faculty and in local members of the community.
We have compiled a few tips and anecdotes about our students below.
Want to know more about cyber security from UAT's experts?
UAT is hosting a Cyber Security Open House on Oct. 12, with industry experts, faculty and alumni to offer tips on how to stay safe online and talk about the importance of Cyber Security education to the public.
Learn more about protecting yourself online. Dive into what it's like working for the Cyber Security Industry. Celebrate Cyber Security Awareness month on October 12, with a full slate of activities, industry talks, and topics involving some of industry's top professionals. Don’t miss out on this incredible educational event!
What: UAT Cyber Security Open House
When: Thursday, Oct. 12, from 6:30-8:30 p.m.
Where: University of Advancing Technology: 2625 W. Baseline Rd. Tempe, AZ 85283
Why: To celebrate Cyber Security Awareness Month and educate the public on tips to stay safe online.
Event is Over
See you on Thursday night!
UAT held the 2nd Annual Cyber Security Open House on Thursday, Oct. 12, in conjunction with the national cause, Cyber Security Awareness Month.
UAT Cyber Security professors Wayne Kibbe and Mason Galatas teamed up to present a slideshow on the basics of cyber security and how to protect yourself the best you can from hackers.
Professor Wayne Kibbe said, “Cyber Security education is very important for several reasons. First, the demand for cyber security skills is rapidly growing and US Labor Department reports claim shortages for the foreseeable future. Second, as more and more devices connect to the internet, the chances of individuals getting hacked is increasing. A career in the field could be very rewarding by protecting not only individual consumers, but private businesses and government agencies as well.”
Curious about a career in tech?
Stop by the University of Advancing Technology during our open house event to learn how our exciting technology degrees will prepare you for a future-proof career in cybersecurity, computer science, artificial intelligence, robotics, business technology and more.
Busy with work? No problem. We use SyncFlex, a flexible learning model, which enables students to attend class in person, participate via livestream or watch a recording of class anytime.
Thursday June 27th
5:30pm - 7:30pm
University of Advancing Technology
2625 West Baseline Road
Tempe, AZ 85283
Here's the schedule:
Questions? Reach out to Erin: email@example.com. She is awesome!
This week, AZ Family News reported “Security cameras at Tempe hospital, Graham County detention center allegedly hacked in huge breach,” detailing a potential security breach at St. Luke’s Hospital in Tempe, AZ. The article cited startup Verkada Inc., which produced the security cameras for St. Luke’s, explaining how hackers are able to target and access these systems.
Aaron Jones, UAT Lead Cyber Instructor and leader in the local cyber community, commented on this story as well as how it is possible for hackers to infiltrate systems such as these.
“The hackers claimed to have accessed data and live feeds from 150,000 cameras used by Verkada clients, including big names like Tesla and software company Cloudflare. St. Luke's Hospital in www.azfamily.com.
Ubiquitous surveillance is a double-edged sword, and while cameras have been instrumental in solving crimes and locating missing person, their use can also be a severe blow to privacy. The current "attack" perpetrated by an alleged collective of individuals is another strong indicator that some basic security practices are not being followed.
Of note is mention that administrator access was gained through the use of credentials found on the internet. This is a strong indicator that two-factor authentication was not in place and therefore, someone’s admin account, once breached, was the only piece of protection between the outside world and their most private files.
It also would be indicative that if true that only a single set of credentials were used, that it is possible, that the admin was reusing credentials in multiple places. Another thing we certainly would not want to do.
Companies who have had their data accessed are still victims, even if a third party was the ultimate culprit. We have seen this targeting of third-party providers in many breaches, such as the famous Target breach, and it is a concern that we should always keep in the back of our minds. We can do much to secure our own systems, but what are our partners doing to secure theirs?
We should expect that any piece of infrastructure left online could be of interest to someone with ill intent. Cameras are a very easy target and due to their very nature, will often contain plenty of entertaining or interesting data. I believe this "breach" is an excellent reminder of how important it is to follow basic security practices, such as not reusing credentials, implementing two factor authentication, and working with your vendors to verify that they are following industry standard practices in cyber security.”
More about Aaron:Aaron Jones, the lead Cyber Instructor at the University of Advancing Technology, is a softwaredeveloper who currently creates applications for law enforcement. He is also an AZ POST certified General Instructor as well as a public speaker. He earned a B.Sc., in Computer Information Systems from Park University in 2013 and an M.A., in Intelligence Analysis with a focus in Cyber Security in 2014. He has been the recipient of recognition from the El Paso Police Department, State of Texas, Texas Military Forces, Chandler Police Department, and others.
Interested in studying cyber security?
Sponsored by the U.S. National Security Agency and Homeland Security Department, University of Advancing Technology’s ethical hacking degree is highly regarded by industry and government entities. UAT’s Network Security Bachelor of Science degree prepares students to take on the ever-evolving world of information security. Network security students will receive hands-on technical training and learn best of class software and network programming and essential network security analysis.
VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire networks. Mind you this is about 6,700 servers that are at risk.
A security firm for threat intelligence, Bad Packets is currently scanning all potential at-risk devices to report. This vulnerability targets a plugin in VMware vCenter, it's called vSphere Client (HTML5). These servers are vital to an enterprise that uses VMware as this server is a utility to manage VMware products installed on local machines.
This vulnerability was reported last year by a security firm Positive Technologies which discovered that an attacker could target the plugin's HTTPS interface and use malicious code to elevate privileges without the need to authenticate. Due to how vital this server is in managing other VMware products it was classified as highly critical and was reported to VMware.
It was hush-hush due to how many corporations use vCenter, so they took the time to test and make sure a patch can patch the bug. But a Chinese researcher decided to post the proof-of-concept about this vulnerability labeled as CVE-2021-21972, with this posted it denied companies any time to apply the patch.
Which resulted in a free for all for people to find any vCenter system that is still vulnerable and left online as hackers from different crews stepping over each other to get into these vulnerable systems. Then on top of that the exploit for the vulnerability was a one line cURL request.
In a Shodan query more than 6,700 VMware vCenter servers are still connected to the server and will be vulnerable till a admin patches it. VMware has taken this pretty seriously as this vulnerability has scored a 9.8 out of 10 and is trying to get customers to get their systems patched.
Ransomware gangs like Darkside and RansomExx been going after VMware systems and showed that gaining access to these systems are worth it for how much they can get an enterprise to pay up the ransom. A plus is Positive Technologies published a in-depth technical report on the bug which will allow Blue Teams to better defend their networks.
Should you equip your website with an SSL Certificate?
And here’s why…
An SSL certificate is a file that creates a connection between a website and a cryptographic key. When you use SSL to secure your website, you are working to guarantee that the transfer of data between the server and the user is safe from prying eyes or tampering. This guarantee of security enhances the trust relationship between your site and the customers who are visiting, inspires confidence that can often convert into sales, and increases the page ranking that companies like Google or Microsoft provide when you show up in their search results.
A website that does not employ an SSL certificate will be branded with a warning to the user that the site is insecure and potentially dangerous. As we move forward, insecure connections will continue to be phased out and some browser developers have indicated that you will soon need to edit your browser configuration to even allow insecure communication between user and server at a not far off date.
Google began providing a "very lightweight signal" in their ranking algorithm for SSL/HTTPS back in 2014. This small ranking benefit has gradually increased as they have decided that SSL/HTTPS is increasingly important in our modern economy.
Obtaining an SSL certificate can be free if you use Let's Encrypt, an opensource certificate authority that provides TLS/SSL certificates to over 240 million websites. Major sponsors of Let's Encrypt include Mozilla, Cisco, EFF, and the Chrome project as well as many others. Using a simple application, you can quickly stand up all of the infrastructure you need to rapidly deploy HTTPS support on your website.
If you are wondering if you should use or deploy HTTPS support on your site, the absolute answer is, yes. It is inexpensive and easy to deploy, provides a heap of benefits, and enhances your users experience and security. There are no reasons not to use SSL or to provide a secure connection to your website.
Interested in cyber security? UATs offer a variety of degree choices, from associate to master degree options. Review the programs available at https://www.uat.edu/cyber-security-degrees, and contact firstname.lastname@example.org to get started!
The top information security trends of 2021 will be industrial control systems in relation to critical infrastructure and supply chain security. We know that India suffered a targeted cyber attack of their Kudankulam Nuclear Power Plan in 2019 and Pakistan suffered a Netwalker ransomware attack on their power supplier K-Electric. The famous Solar Winds attack is a good representation of failed supply chain security.
Increased tensions globally will continue to fan the flames of cyber warfare. It can be very difficult to directly target a government or military entity and such attacks provide a tremendous risk of retaliation. The best alternative is to simply feign ignorance and blame criminal actors while using tools such as ransomware to disrupt the electrical grid or to destroy manufacturing capabilities of your target.
I do not have a crystal ball and I cannot see into the future, but I can infer from previous attacks that have been found to be successful that we will see attackers continue to target the supply chain of manufacturers as well as software developers and critical infrastructure. These attacks work and they get results and that is the most important aspect of conducting an attack. Any individual who may be concerned about cyber attacks can enhance their security by employing two tools. The first tool is a Network Intrusion Detection System, Snort is a good choice. This allows you to monitor your network for abnormal activity but does require some level of technical acumen and you must also figure out what an appropriate baseline looks like.
The second set of tools you can use are known as Source Code Analysis tools. There are many different tools designed for source code analysis and it will require that you know what languages you are using to find the right one. Individuals who do web development using PHP might be well served by the tool PHPStan. Regardless of the tool you choose, the concepts are the same. You want a tool that will assist you in verifying the integrity and quality of your code while also looking for common mistakes.
Interested in cyber security? UATs offer a variety of degree choices, from associate to master degree options. Review the programs available at https://www.uat.edu/cyber-security-degrees, and contact email@example.com to get started!
The FBI, CISA, ODNI, and the NSA released a statement stating that Russia has orchestrated the SolarWinds attack. It was believed that the hackers were working with a foreign government, but the security agencies have pointed the blame to Russia.
The background to this attack is due to the software provider SolarWinds was breached and a malware-laced update was deployed on Orion software. Which infected networks across US companies and government entities. Which US Security firm FireEye reported on as many other outlets reported this massive attack.
FireEye's own network was even breached as the SolarWinds supply chain attack allowed the hackers to get into their network which around 10 US governmententitieswere breached and around 18,000 Orion customers as well.
The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week.
The Washington Post cited sources claiming that multiple other government agencies were also impacted.
Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House.
Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).
FireEye didn't confirm the APT29 attribution and gave the group a neutral codename of UNC2452, although several sources in the cyber-security community with government entities confirming the APT29 attribution, done by the US government, is most likely correct, based on current evidence.
In security alerts sent to its customers in private on Sunday, Microsoft also confirmed the SolarWinds compromise and provided countermeasures to customers that may have been affected.
"The campaign is widespread, affecting public and private organizations around the world," FireEye said.
"The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East. We anticipate there are additional victims in other countries and verticals," FireEye added.
This malware being tied to Russia is a big security concern across the US and its allied countries as it has breach public, private, and government entities across the board. It's gonna be tense to see how this plays out.
Seems like WordPress can't catch a break. Another zero-day vulnerability in a plugin for WordPress which has been installed in more than 500,000 sites. In this particular vulnerability, it allows hackers to reset passwords for admin accounts.
This vulnerability was used for weeks on end and thankfully was patched Monday. It was able to impact Easy WP SMTP which is a plugin to let site owners to configure SMTP settings for outgoing emails. A company called Ninja Technologies Network or NinTechNet for short. They state that Easy WP SMTP 1.4.2 and older versions have a feature that creates debug logs for all emails and is stored in the installation folder.
"The plugin's folder doesn't have any index.html file, hence, on servers that have directory listing enabled, hackers can find and view the log," said NinTechNet's Jerome Bruandet. He also says that sites still running on these outdated versions the hackers have been able to automate the attacks to identify the admin account and do a password reset.
Since a password reset involves sending an email with the password reset link to the account, that very email is displayed in the Easy WP SMTP debug log. So, the attacker can grab the reset link and take over the account.
"This vulnerability is currently exploited, make sure to update as soon as possible to the latest version," Bruandet warned earlier this week on Monday.
Now there is Easy WP SMTP 1.4.4 which the developers found a workaround for the vulnerability by moving the debug logs into the WordPress logs folder. This is now the second vulnerability as the first one was found back in March of 2019 with the same plugin.
That vulnerability allowed backdoors on accounts. While it's an unfortunate situation this time with WordPress 5.5 where it has an auto-update feature, so an admin doesn't need to update it manually. But the question is if those sites are updated and have the auto-update feature enabled.
Hopefully a good admin who checks and updates regularly enable the auto-update to avoid this plugin mess.