Tag Archives: cyber security

NOVA Workforce Receives $100,000 From Capital One to Develop Cybersecurity Pathway

Northern Virginia Community College has received a $100,000 grant from Capital One Foundation to help develop the Cybersecurity Career Pathways Project that will inform and support middle and high school students in the Northern Virginia Region who wish to explore and hopefully pursue a career in cybersecurity. The project will whet the appetite of a future generation of cyber workers and eventually fill a regional and national skills gap that will only continue to widen in the coming years.

NOVA will be working as part of a cohort of 14 community colleges in D.C., Maryland, New York and Texas to develop some thematic areas of focus in relation to labor-market data and career pathways to create a pilot program with two Prince William County public high schools—Forest Park and Potomac—both chosen due to their high level of diversity and for the large number of students from underserved populations.

The program will offer training to teachers and counselors within the schools to teach them the importance of these fields and to relay the needs expressed by local employers. Students will attend activities and have the chance to learn about the growing field of cybersecurity. They will participate in internships and “job-shadow” opportunities and will achieve a cybersecurity credential while still in high school. They will then move through NOVA and hopefully a four-year institution and emerge prepared to succeed in this very in-demand and high-paying field. Ultimately, as a result of this pilot, students will have a greater understanding of the importance of the cybersecurity field and the value that achieving a credential can bring them in terms of launching a career with a bright future.

NOVA’s Cybersecurity program provides a curriculum that is mapped to DHS and NSA cybersecurity education standards and is designated by the Department of Homeland Security and the National Security Administration as a Center of Academic Excellence for two-year institutions (CAE2Y). Our AAS Cybersecurity degree is transferable to many four-year institutions and offers students the opportunity to participate in a variety of exciting competitions and extra-curricular activities. NOVA is a founding member of the National CyberWatch Center, a national consortium of colleges and universities focused on cybersecurity education.

Workforce Development Division Offers CompTIA Security+ Training

Security+StudyGuide

 

CompTIA® Security+ is a vendor-neutral certification that validates the competency of security professionals working in the IT industry. The Security+ certification confirms a technician’s critical knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. This longer, boot camp style course is for anyone interested in pursuing a career in IT security.

For more information and to Register for the course please visit our website below

https://nvcc.augusoft.net/index.cfm?method=ClassInfo.ClassInformation&int_class_id=2922&int_category_id=0&int_sub_category_id=0&int_catalog_id=0

 

 

IT Pursuit Boot Camps Have Arrived

Northern Virginia Community College’s Workforce Development Division will host a series of Boot Camps/Information Sessions for individuals interested in pursuing CompTIA® Security+ and CompTIA® Network+ certification.  Tuition may be waived for those that have work or academic experience for these accelerated boot camps. This grant initiative is open to all, however, first consideration will be provided to women, minorities, and veterans that have attended NOVA. Make every effort to attend the information session for greatest consideration of the program.

Upcoming Boot Camps/Information Sessions 

Annandale Campus “Network +” Info session: Friday, March 18th  1pm     

Boot Camp- (4) Wednesdays 9:00am – 4:00pm, Mar 30th -April 20th

Location: Off-Campus, old Pitney Bowes Bldg. NOVA Workforce on 6th floor,

7630 Little River Turnpike, Annandale, VA 22003

 

Woodbridge Campus “Security +” Info session: Saturday, March 19th 11:00am

Boot Camp- (3) Wednesdays 6pm-9pm Mar 30th – April 13th

(3) Saturdays 9am-1pm Apr 2nd – Apr 16th

Location: 2645 College Dr., Woodbridge, VA 22191, Arts and Science Building Room 223

 

Manassas Campus “Network +” Info session: Thursday, March 24th 7:00pm

Boot Camp- (4) Tuesday and Thursdays 7pm- 10pm Apr 5-28th

Location: Off-Campus- Manassas Innovation Park, Room 134

9485 Innovation Drive, Manassas, VA 20110

 

Loudoun Campus “Security +”  Info session: Thursday, April 7th 7:00pm

Boot Camp – (3) Monday and Wednesdays 6pm- 10pm Apr 25- May 11th

Location: Off-Campus- Loudoun Signal Hill, Room 314

21335 Signal Hill Plaza, Loudoun, VA 20164

 

Alexandria Campus “Security +” Info session: Thursday, April 28th, 7:00pm

Boot Camp- Friday, 8am – 4pm May13th

Sat & Sun, 9am- 5pm, May 14th & 15th

Location: 5000 Dawes Ave., Alexandria, VA 22311- Room 416

RSVP by email rcwet@nvcc.edu or call (703) 878-5707

Fixing the Glitch: cyber security and broken systems

Remember the AP Twitter hack-and-hoax of 2013, where the Syrian Electronic Army (SEA) gained access to the Associated Press’ Twitter account and posted a fake tweet reporting explosions at the White House and the injury of the President? Within seconds, financial markets dropped by 1%. Within minutes, Twitter became a hornets’ nest of refutations and announcements. AP reporters tweeted that @AP had been hacked. Things returned to normal.

This hack proved that financial markets, which move reliably and quickly to perceived threats, can be vulnerable to manipulation by hackers; any glitch in the system causes software—and people— to react, so response before context and clarification is given usually causes damage. (A hacker’s market, @Economia, May 2013)

Cybersecurity_NOVAworkforce

Why hackers hack

Causing disruption in financial markets is only one small incentive for cyberattacks. Large amounts of useful data live in networks and in the Cloud, and hackers are finding creative ways to get to it, to be used for everything from “simple” identity theft to industrial espionage.  In May 2015, The Internal Revenue Service confirmed that hackers had used stolen identity data (and shady email domains) to defraud the “Get Transcript” application to steal account information for 100,000 taxpayers.

CareFirst BlueCross Blue Shield was also hit in May 2015 with a data breach that compromised personal information on over 1 million customers. The same attack methods may have been used in earlier breaches at Anthem and Premera, which collectively involved data on more than 90 million Americans. All companies are providing credit monitoring and identity theft protection services for members while they seek solutions to provide more robust security for their networks.

Katherine Archuleta, the director of the U.S. Office of Personnel Management (OPM), is currently dealing with one of the largest government data breaches in U.S. history. The scope of this disaster is still growing, since additional reports have surfaced indicating that the breach has affected  almost 20 million background investigation forms and 1.1 million fingerprint records for Federal employees.

The theft of these forms represents a major national-security and intelligence failure, given that they contain records of past drug use, mental health and contacts with people overseas and other sensitive information that could prove useful to a foreign intelligence agency. (Wall Street Journal, July 9, 2015)

Archuleta will likely be held accountable for the current OPM breach, but the problem is systemic, and much more than any one person or committee can solve.

In April 2015,  the U.S. Government Accountability Office presented GAO-15-573T, a testimony on Cybersecurity and the need for government agencies to address cybersecurity challenges that are growing steadily each year.  “Specifically, the number of information security incidents reported by federal agencies to the U.S. Computer Emergency Readiness Team (US-CERT) increased from 5,503 in fiscal year 2006 to 67,168 in fiscal year 2014, an increase of 1,121 percent.

Wait. what?

Yes, you are reading that correctly. Between FY 2006 and 2014, the number of information security incidents—stolen data, malware installation, phishing or SPAM attacks, and so on—increased over ONE THOUSAND PERCENT. Here’s a visual from page 7 of the GAO report:

GAO chart from 2006 to 2014 showing increase in security breaches

Furthermore, the report details the types of threats and the purposes of the attacks. Keep in mind this is the stuff we know about.  And the government sector is expanding its cyber warfare capabilities in an attempt to meet these threats head on.

Intentional versus unintentional threats

In addition to cyber attacks, computer glitches are wreaking havoc with automated software systems worldwide. Software that runs massive systems involves millions of lines of code. Despite thorough quality checks and regular security upgrades, a tiny error—such as one misplaced string of code or a missing character—can cause programs to act erratically, or  even crash completely.

A United Airlines computer system glitch grounded flights nationwide for a few hours Wednesday morning, July 8, leaving thousands stranded and causing a domino effect of delays for almost 5,000 flights worldwide.

The glitch affected software that automates United’s operations, according to the FAA. And its failure shows just how sensitive computerized companies are nowadays. (CNNMoney)

Fears of systemwide technical vulnerability were brought to light when the New York Stock Exchange went dark from 11:32 a.m. to 3:10 p.m. on the same day of the United Airlines debacle. This outage was longer than the 2013 NASDAQ collapse, which spawned an order from the Securities and Exchange Commission to improve the vulnerable systems that form the backbone of Wall Street. According to market analysts,

… the SEC, which polices the markets, has struggled to keep up with the technological revolution that has come to dominate modern trading. It has also missed out on opportunities to address key vulnerabilities, opening the door to other damaging threats. (@WashingtonPost)

Luckily, technology kept the outage a non-crisis. The availability of alternative electronic trading platforms has resulted in the NYSE handling less than 14% of the trading in American shares. So while the NYSE’s glitch is still problematic, it wasn’t catastrophic. (Glitch Perfect, @theEconomist, July 9, 2015)

Shortly after the beginning of the NYSE computer crash, the Wall Street Journal displayed a 504 error on its site until a modified homepage could be uploaded. The full site was restored shortly thereafter.  The Wall Street Journal has not yet reported what caused their website crash, but theories abound, from the serious (bandwidth overload, virus issues, cyber attacks) to the silly (anniversary of first print issue in 1889, SkyNet waking up).

The Wall Street Journal 504 error on its site.

Leaving the door open

United Airlines cited a faulty router for the systemwide halt; the New York Stock Exchange crash seems to have been caused by a faulty software update that was installed Wednesday morning before trading began. And the Wall Street Journal experienced a systems-overload (only on its non-mobile browsers) that was likely an effect of overload from users seeking information on the other two (my theory, at any rate).

While nothing indicates the three technical glitches are linked, speculation is causing a lot of fears about technology infrastructure and data security. With the Sony Pictures hack from late 2014, to the still-fresh nationwide OPM hack blamed on old software, cyberattacks and malfunctions are becoming part of the public awareness of our dependence on vast, vulnerable systems.

…OPM has other responsibilities, including payroll and health benefit processing for government employees. [OPM Director] Archuleta repeatedly blamed legacy systems, some of which dated back to 1985 and use outdated COBOL programming language, as part of the problem. Such legacy systems, she said, could not be encrypted, for example. Office of Management and Budget (OMB) CIO Tim Scott noted that information-security practices such as data segmentation in databases are much more difficult in legacy systems. (“OPM Blames Legacy IT Systems in Contentious Hearing,” @PrivacyTech, June 17, 2015)

Obviously, we can’t just pull the plug on old systems and start from scratch. New critical systems and enhanced, secure infrastructure is needed everywhere, but these improvements will take time. The shortage of skilled IT and cybersecurity professionals has been widely publicized; in February 2015 the White House held a summit on Cybersecurity and Consumer Protection at Stanford University, calling for “industry, tech companies, law enforcement, consumer and privacy advocates” and others to come together to work through the issues facing cybersecurity. President Barack Obama explained that the government cannot tackle this “cyber arms race” on its own due to so many systems residing in private industry (non-government) sectors. Since cybercrime is systemwide, it makes sense for both government and private industry to work together to grow our defenses against cyberattacks.

Part 2:
Fixing the glitch: the face of cybersecurity


NOVA Workforce Development Division | Blog

Northern Virginia Community College’s Workforce Development Division is dedicated to improving Northern Virginia’s economic development and business landscape with a comprehensive variety of training options, including Professional Development, Certificate Programs, Enrichment Courses, Continuing Education, and Customized Training. Visit us online to learn more.

Cybersecurity: closing the Workforce gap

A flurry of recent articles have revealed a growing problem that is particularly troublesome in light of recent cyberattacks on Government entities, including the White House, U.S. Postal Service, and National Weather Service. Cybersecurity is a buzzword in IT circles, but students aren’t flocking to government-based job openings. Why? Federal News Radio’s Emily Kopp cites low pay compared to private-sector jobs:

…the government’s midcentury personnel structure needs an overhaul to fit today’s needs. And yes, bureaucratic systems like the security-clearance process can make it hard for workers to flow in and out of government. And the country overall needs more professionals trained in the STEM fields of science, technology, engineering and math. But there are things that agencies can do right now to address their pressing need for cybersecurity talent. …The growing awareness of cyber threats has made talented cybersecurity workers a hot commodity worldwide. (read the full article)

This sentiment is echoed in a Washington Post article, citing a Partnership for Public Service report that calls the Federal cyber workforce “woefully inadequate.”

A shortage of IT and Cybersecurity professionals is not limited to government, however. A nextgov.com article ups the ante: “The entire world appears to be in the same boat.” Drawing data from a Frost & Sullivan study on the Global Information Security Workforce, the worldwide demand for security professionals is far greater than the number of qualified people to fill available positions.

While both government and private-sector companies find ways to woo critically-needed talent to the field of cybersecurity, NOVA’s Workforce Development Division is prepared to train the next generation of IT security professionals with three Cybersecurity Certificate programs targeted toward entry-level through advanced learners.

Cybersecurity certificate programs at NOVA's Workforce Development Division

Cybersecurity certificate programs
at NOVA’s Workforce Development Division

Meeting the demands of the Information Security industry, our Cybersecurity programs focus on the fundamentals of network protection, information assurance, preventing attacks, ensuring privacy, and gaining an understanding of the ethical, legal, and regulatory world of cybersecurity. Our classes will prepare you for several industry certification exams.

If you have ever wanted to explore a career in Cybersecurity, now is an excellent time to begin your training; the government is finding ways to attract new talent to meet the growing need.

(not all courses are offered every semester.)

Entry Level Certificate
(No experience required)

  • Cyber Jobs, Pathways & Clearances
  • CompTIA® Network+
  • CompTIA® Security+
  • Certified Information Privacy Professional (CIPP/US)
  • Systems Security Certified Practitioner (SSCP®)

Mid-Level Certificate
(1 – 5 years’ minimum experience required)

  • Entry Level courses PLUS:
  • Certified Information Security Manager (CISM)
  • Certified Information Privacy Technologist (CIPT)

Advanced Level Certificate
(5 – 7 years’ minimum experience required)

  • All Entry and Mid-Level courses PLUS:
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Systems Security Professional (CISSP)

Additional Courses
(classroom/online)

  • CyberWatch Security
  • Certified Information Systems Auditor (CISA)
  • Ethical Hacking
  • CompTIA® Advanced Security Practitioner (CASP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Locking Down Linux User Accounts, File Systems, & Services
  • Protecting Windows Systems w/ Access Controls, Encryption & Group Policy
  • Business Continuity & Disaster Recovery
  • Computer Forensics Evidence Collection
  • Managing Information Security Risks, Threats, & Vulnerabilities
  • Network Security Essentials
  • Protecting Networks with Firewalls & VPNs
  • Securing Web Applications
  • Ethical Hacking Tools & Techniques
  • Information Security & Risk Management Planning

If you are interested in the Cybersecurity Certificate program offered through NOVA’s Workforce Development Division, please contact IT Program Manager Scott Wood at swood@nvcc.edu.