Thousand Oaks, CA – 24 April 2019 – In a move to continue its leadership role in helping to redefine global educational platforms, synED, a non-profit 501(c)(3) organization is pleased to announce the expansion of its Board of Directors, the addition of an advisory committee and a new director of its California Cyberhub initiative.

“Including leaders in their fields that have unique experiences and passion is crucial to help drive our efforts to fulfill synED’s charter to change the way our global citizens are educated and trained. We are pleased to announce the following representatives that will broaden our organizational expertise, and expand our influence. In turn, their market presence and stature will serve as a solid base for us to move swiftly and to gain participation in all facets of our organization,” said Executive Director/Chairman of the Board, Scott Young. The following industry leaders are joining the synED Board of Directors:

United States Air Force, Major General (Ret.) Sheila Zuelke – “As a nation, we must start cyber security education early and sustain learning and vigilance throughout our lives…our nation needs every citizen to be a cyber defender to protect our way of life.” Zuelke retired from the United States Air Force Reserve in June 2017 after 34 years of distinguished service, including as a Major General and Mobilization Assistant to the Commander, 24th Air Force, Air Forces Cyber. During her Air Force career, she also served as the senior reserve advisor to the Commander, U.S. Cyber Command and Director of the National Security Agency.  More about Major General Zuelke.

Mr. Gary Wang most recently served as the Army Deputy Chief Information Officer/G-6. Wang moved from his position as Director of Intelligence Systems and Architectures, Office of the Under Secretary of Defense for Intelligence, where he has had executive oversight for numerous intelligence programs across the armed services and defense agencies since 2012.

In Army circles, he is best known as the change agent who will help the Army accelerate to the modern, secure and globally-available network needed now and for the future. More about Mr. Wang.

In addition to the Board expansion, Ms. Liz Fraumann will assume the role of Director of the California Cyberhub, a key synED initiative. Under her direction, the organization anticipates deeper community level engagement and growth in all programs associated with California Cyberhub. “We are thrilled to have Liz join the organization. Her rich experience of running the Securing Our eCity Foundation for over eight years and her international experience will lead Cyberhub to new heights,” said Scott Young.

To help guide our efforts, by having a touchstone across government, business, education and society in general, we have established an Advisory Committee that will work directly with the Board of Directors. We are pleased to announce the following individuals as the first two representatives to join this committee. Ms. Laura Lee, Executive VP at Circadence and Mr. Rick McElroy, Head of Security Strategy for Carbon Black.

The current synED Board of Directors and officers include: Ms. Florence Nissim, Secretary; David Daggett, Treasurer; and Scott Young, Executive Director/Chairman of the Board.

ABOUT synED

SynED is a non-profit organization dedicated to promoting educational excellence by promoting synergies between traditional, non-traditional and experiential learning to realize the best possible outcomes for students, faculty, business and society.

For more information, visit synED.org

ABOUT California Cyberhub Initiative

California Cyberhub is a synED initiative focused on engaging communities to advance cyber security awareness and life-long learning. The goals are to provide highly interactive opportunities with a focus on collaboration, communication, creativity, persistence and adaptability for all while fostering cyber career opportunities. Engage with California Cyberhub to advance cyber security awareness and life-long learning: ca-cyberhub.org.

When Anna Carlin started working in IT in the 1980s, there were more women in the field than she saw 20 years later as an IT instructor.

Over the years, Carlin has used her experience in education and industry to help students understand the value that working in IT and cybersecurity can bring and inspire the next generation of ethical leaders.

Carlin worked in cybersecurity before there was a formal term for the field. She evolved from looking at the risk associated with computer systems at all levels to making presentations to the board of directors on the security over computer systems.

Along the way, she was asked to help teach some classes at Cal Poly Pomona. She was hesitant at first but knew that her professional experience would be valuable in the classroom.

“I never thought of going into academia,” Carlin said. “But I quickly found that I loved the interaction with students and sharing what I wish I knew when I was in their shoes.  In addition, understanding how what you are learning is applied in business is valuable.”

Carlin taught at Cal Poly Pomona for 20 years before moving to Fullerton College in 2016. Her goal as an educator is to help students build the bridge to what comes next after college. She also encourages lifelong learning and membership in professional organizations such as ISACA.  She is a board member and chairs the Academic Relations Committee for the Los Angeles chapter.

Carlin promotes the networking opportunities afforded by professional associations but also encourages security professionals to share their expertise with the future workforce by visiting the classroom, judging student-based competitions, advising colleges on curriculum, and mentoring.

Building professional connections and career paths early is the key to filling cybersecurity vacancies, she said. Some students might instantly know that cybersecurity is the career they want, but many discover it gradually.

“When there’s a shortage of people, you need to plant all the seeds you can,” she said. “You can’t sit around waiting for the right time when the lightbulb goes off.”

Carlin has mentored countless women throughout her career, including Tobi West, a cybersecurity professor at Coastline Community College and founder of the CyberTech Girls program. Carlin met West when she was a graduate student at Cal Poly Pomona and said the two hit it off almost immediately.

They now work together on CyberTech Girls, where West said Carlin serves as a role model for what a successful IT career can look like.

“Anna has been an inspiration for CyberTech Girls as an original supporter of the vision for the program,” West said. “Since the start of CyberTech Girls, she has provided workshop ideas and local event support as mentor and workshop trainer.”

Carlin sees the movement to promote stable, high-paying cybersecurity jobs to young women as an extension of the women’s empowerment movement she grew up with in the 1970s.

“The majority of single-income homes in America are made up of women who make their own decisions in life that are not dependent upon someone else’s paycheck,” Carlin said. “Cybersecurity is a high-paying field. We need to reach women early to give them a sense of what it’s all about and help them see a career path for themselves.”

Though she was hesitant about teaching at first, Carlin’s expertise has proven to be invaluable in the classroom. Carlin and West frequently collaborate on a presentation called “Cyber Up! Your Resume!” that helps students accentuate cybersecurity experience on job applications.

“Anna is a wonderful teacher both inside and outside of the classroom,” West said. “We have co-presented on several occasions to help students and those entering the field develop their resumes and their skills to prepare for cybersecurity careers.”

Carlin knows that women in IT may have different motivations than their male counterparts. She understands these motivations and emphasizes how careers in cybersecurity can satisfy them.

“Women want to see the value of the work they do,” Carlin said. “They’re not in it just for the money. They want to get up and go to work that doesn’t seem like work, and see the positive impact of their work.”

SANS Institute has launched a national cybersecurity program designed specifically for high school girls to encourage more females into the industry and to reduce the national cyber skills gap.

The Girls-only cybersecurity program, Girls Go CyberStart, is the result of a partnership between 27 state governors and SANS Institute. Those states are Alabama, Arkansas, California, Colorado, Connecticut, Delaware, Georgia, Hawaii, Idaho, Indiana, Iowa, Maine, Maryland, Michigan, Montana, Nevada, New Jersey, North Carolina, North Dakota, Pennsylvania, Rhode Island, Tennessee, Texas, Vermont, Virginia, West Virginia, Wyoming.

Girls who want to participate in the free program do not need any experience in gaming or computer science, but must be at least 13 years old and enrolled in 9th, 10th, 11th or 12th grade at a public or private school (or the homeschool equivalent) in a participating state.

There are three stages in Girls Go CyberStart. Each stage features a series of digital challenges that introduce participants to important concepts in the field of cybersecurity, according to the release.

The first stage consists of a series of questions that measure existing knowledge, problem-solving skills and the potential for a career in cybersecurity. The second stage involves learning techniques to take on real world challenges such as cracking codes and finding security flaws. The final stage is for the best performing teams from each state who will compete in a national online ‘Capture the Flag’ competition.

More information can be found here.

CyberAegis Aether shows success in statewide efforts to bring girls into cybersecurity and STEM.

Next week, thousands of students from across the country will compete in the Air Force Association’s CyberPatriot XI Finals in Baltimore, the culmination of a year of hard work and dedication.

Among those teams is CyberAegis Aether, a group of five seventh and eighth grade girls from Oak Valley Middle School in San Diego, who are ranked third among all middle school CyberPatriot teams in the U.S. This dynamic group of young women shows that anyone can excel in cyber competitions and cyber careers, regardless of gender.

Beyond that, though, team members Rachel Lee and Ellen Xu said that the friendships they’ve formed will last into high school and beyond. Part of the team’s success is how well they work together and how close they’ve become.

“We’ll always come back to this group of girls. We’ve all experienced so much together,” said Lee, who is the team’s captain and CyberAegis president at Oak Valley Middle School. “This team will always have a special place in my heart.”

“It doesn’t feel like we’re just a team,” Xu said. “It feels like we’re a family or really close friends,”

Under the direction of Coach Paul Johnson, CyberAegis is a force to be reckoned with, with six of its teams competing in CyberPatriot Nationals. To gain a competitive edge, Lee said team members spend an average of two hours each night studying on their own in addition to scheduled practices.

Even if the team does not win in Baltimore, the girls say the extra effort will be worth it because it’s helped teach them valuable time management skills.

“There are only 24 hours in each day, so we make sure that we make use of each minute and get everything done,” Xu said. “We make sure that we get really in-depth on things that matter to us.”

When CyberAegis Aether competes, they are representing much more than themselves or even their school. Even at a young age, they are aware of the spotlight that’s on them as young cyber leaders.

“As an all-girls team, we want to convey the message to the rest of the world and help other girls around the world know that STEM fields are gender-neutral fields,” Xu said.

It’s a badge they wear proudly on behalf of girls around the United States and around the world.

“When we compete, we’re representing all the girls who are underrepresented in the STEM field and don’t have as many opportunities as we do,” Lee said.

Teams like CyberAegis Aether are an important part of meeting the demand for cybersecurity workers across California. Meeting this need is a high priority for the Governor’s Office of Business and Economic Development, which supports the national Girls Go CyberStart program.

Girls Go CyberStart is a series of interactive challenges designed to introduce girls to cybersecurity. More than 6,000 high school girls across the U.S. participated in the program in 2018.

“California businesses are struggling to fill cybersecurity-related jobs with qualified employees. As we work to close that gap, it’s critical that we bring greater diversity to the field of cybersecurity so that our businesses are better able to anticipate the full range of threats they face,” said Governor’s Chief Economic and Business Advisor and Director of the Governor’s Office of Business and Economic Development Lenny Mendonca. “The GirlsGoCyberStart Program is an important way for us to get more young women and girls to consider cybersecurity as a viable and fulfilling career path. There’s no question that a more diverse workforce leads to stronger businesses and a stronger California.”

Other opportunities for middle and high school girls to become involved in cybersecurity include the California Mayors Cyber Cup and the CyberTech Girls program.

Lee offered a few words of advice for any girls who are interested in cybersecurity but worried about being one of the only girls in the room.

“Don’t let the guys put you down because you can be just as good them and you can be even better than them,” Lee said. “Surround yourself with people who love you and support your and don’t be afraid to follow your passion.”

1,200 Students across California Participate in the California Mayors Cyber Cup using the Haiku Cyber Range

In an effort to help grow the cybersecurity workforce of tomorrow, California Cyberhub, its affiliates and Sentek Global joined forces for the 2019 California Mayors Cyber Cup (CMCC).

On February 23rd, 2019 at 9:00 am, 1,200 middle school and high school students (Over 250 teams) gathered at locations in 12 regions across California to compete in the annual event.

All 250 teams had been working for months with coaches, teachers, mentors and parents to prepare for the competition; many also participated, virtually, in a practice round on the Haiku Cyber Range from their homes or schools several weeks before to help sharpen their skills.

Sentek Global, a Department of Defense Cybersecurity and Engineering contractor built a realistic United States grid that the students protected in a mock attack simulation. The Haiku Cyber Range was donated to the CMCC in partnership with Amazon Web Services.

Read the full article here.

Employee mistakes were ranked as the highest risk in the 2019 Global Encryption Trends Study, though employee-owned devices on company networks deserve more security scrutiny.

When it comes to assessing security risks, exposure of sensitive data is most likely to result from human error when handling data and malfunctions of systems and processes designed to protect data, according to the 2019 Global Encryption Trends Study, published Thursday by nCipher Security and the Ponemon Institute. More than half (54%) of respondents indicated employee mistakes were the largest risk, while 30% cited system or process malfunction in the survey question, for which more than one choice was permitted.

These concerns outweigh those of targeted attacks by hackers and malicious insiders, with 30% of respondents citing hackers, 22% citing temporary or contract workers, and 21% citing malicious insiders, the report found. Third-party service providers were cited by 19% of respondents. Concerns of government interference—both lawful and eavesdropping—were not priority concerns, cited by only 11% and 12%, respectively.

SEE: Windows 10 security: A guide for business leaders (Tech Pro Research)

Motivation for encrypting data is equally split between protecting the intellectual property of the organization and protecting the sensitive personal information of customers, with 54% of respondents citing those factors as the main drivers for deploying encryption. Protecting against specific, identified threats followed closely at 51%, while 46% cited compliance “with external privacy or data security regulations and requirements.”

Prioritizing encryption surfaces emerging security risk

Overextended IT workers inevitably must prioritize what they view to be the highest-risk technologies, and work to secure them. These highest-risk items are what you would suspect—Internet communications, databases, and backups/archives comprise are the top three. At the very bottom of the list are Internet of Things (IoT) devices and platforms, at 52% and 50%, respectively.

With the proliferation of both IoT devices in general and in the workplace, as well as the ubiquity of employee-owned devices in workplaces and BYOD policies, IT departments are being made responsible for ensuring the security of these devices.

Demand for IoT security solutions is anticipated to drive that market to $9.88 billion by 2025, according to a report from Grand View Research late last year. Likewise, an abundance of high profile IoT security breaches in 2018 should make IT security professionals take a second look at what devices are brought onto their networks by employees.

For more on the risks of data breaches, learn why 61% of CIOs believe employees maliciously leak data, and 3 security threats businesses need to prepare for by 2021.

Most companies have not implemented standards for authenticating emails and preventing hackers from successful phishing attacks, according to Valimail.

Businesses and consumers see more than 1.2 million phishing attacks each year, as hackers use the effective social engineering attacks to con employees into clicking a malicious link or attachment. Despite how widely known and damaging these attacks can be, companies still fail to adequately prevent them from happening, according to a Friday report from Valimail.

Widely-accepted open standards exist for authenticating email and preventing phishers from spoofing domains with fake emails, but a majority of companies across industries have not made full use of them. The vast majority—90%—of large tech companies remain unprotected from impersonation attacks, the report found.

SEE: Security awareness and training policy (Tech Pro Research)

The report examined the primary domains for 525 global tech companies with revenues of more than $500 million annually, querying them for the presence of Domain-based Message Reporting, Authentication & Conformance (DMARC) records and Sender Policy Framework (SPF) records.

Nearly half (49%) of companies had DMARC records of some kind, indicating that they have begun to deploy this anti-phishing tool. But only about half (55%) of those companies have DMARC records that were correctly configured and set to a policy that will actually stop phishing and spoofing, the report found.

Companies are more advanced when it comes to SPF, the report noted, likely because it is older and better understood. Some 78% of tech companies analyzed are using SPF correctly, it added.

The presence of DMARC is positively correlated with a company’s revenue, according to the report: Companies with DMARC enforcement had an average revenue of more than twice that of companies with no DMARC records at all, at $10.2 billion versus $5 billion.

For tips on how to prevent phishing attacks in your business, check out this TechRepublic article.

Senior leaders in business and government ought to take note of ISACA’s State of Cybersecurity 2019 research, which details the findings of a global survey of cybersecurity professionals.

The report highlights many of the issues of which we cybersecurity professionals long have been painfully aware: that it is increasingly difficult to recruit and retain technically adept cybersecurity professionals; that while gender diversity programs have yielded positive results, support for these programs may be waning; and, cybersecurity professionals are concerned that budgets for cybersecurity programs are flattening or on the decline.

While most senior leaders are already sensitive to these issues, the report should kindle a sense of urgency to address them. I submit that traditional methods of addressing these issues are inadequate to remedy the situation and we need to look to other leadership approaches to fill the gaps.

With cybersecurity professionals being such a high demand/low density asset, organizations ought to think out-of-the-box to ensure they have the right people, with the right skills, in the right place, at the right time. They need to look at other sources of talent. As an example, I am a huge fan of reskilling personnel. Reskilling is a term meant to describe where an existing employee is trained in new skills to fill gaps. During my time in the US Air Force, I saw this technique used to great effect as we took mid-level security forces personnel and trained them in information technology and cybersecurity skill sets. Some of the best cybersecurity professionals I know are former Air Force cops. Reskilling personnel is a tool that senior leaders can use to close the gaps.

Read the full article here.

Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.

Finding and retaining workers in IT security continues to be a challenge for organizations, though IT professionals report a modestly increased shortfall of skilled security workers, compared to last year, according to the 2019 Cyberthreat Defense Report from CyberEdge.

The report, published Tuesday, indicates that talent shortages are the second-highest concern among security decision-makers surveyed in the report, with 84.2% of respondents indicating their organizations are having difficulty filling security roles, an increase from 80.9% in 2018.

SEE: Research: As overseas business operations grow so do concerns over cyberwarfare and cybersecurity (Tech Pro Research)

The following IT security roles are most difficult for organizations to fill, according to the report:

  1. IT security administration (34.3%)
  2. Security architect (28.2%)
  3. Security analyst/incident responder (27.6%)
  4. Application security tester (22%)
  5. Compliance auditor (21.6%)

The education market is the most affected by these shortages, with 91.3% of respondents in that field indicating difficulty filling roles. Government and healthcare (81.8% and 81.9%, respectively) are the least affected.

There is noticeable regional disparity—94% of respondents in Japan cited difficulty filling those positions. Wages for IT careers are substantially lower in Japan than in other countries, with attempts to raise wages generally in Japan falling short of expectations. Likewise, Saudi Arabia and Singapore disproportionately reported difficulties filling IT security positions.

Oddly, the report also notes that despite the difficulty in filling those positions, Japan appears to fare substantially better in security than Saudi Arabia, with 87.8% of respondents in the kingdom indicate falling victim to a ransomware attack in the last 12 months, though only 37.8% of respondents in Japan reported the same.

Brazil (65.6%), Germany (74.3%), and Australia (76.1%) were the least impacted by shortages in IT security workers.