Tag: Cyber Security Issues

Cyber Security in Today’s World

Posted on by venessa Regali

Interview with Ron Woerner: What Is Cyber Security in Today’s World

Ron Woerner stands as a seasoned IT veteran and a luminary in the field of cyber security, offering a wealth of knowledge from which one can glean valuable insights. His current role as the Director of Cyber Security Studies and an assistant professor at Bellevue University underscores his expertise in this domain.

His journey into the realm of IT and cyber security was ignited by an early fascination with computers and an innate curiosity about unraveling the inner workings of technology. This initial spark paved the way for his illustrious career as both a distinguished cyber security expert and an educator in the realm of IT.

Cyber Security Tips Ron Woerner

Woerner commenced his academic journey by achieving a Bachelor of Science degree in Computer Science, a commendable feat he accomplished at Michigan State University’s esteemed College of Engineering. His thirst for knowledge then led him to pursue a Master of Science degree in Information Resources Management, an achievement he attained at Syracuse University’s renowned School of Information Studies & Technology. To further fortify his expertise, Woerner has also earned various certifications, including the esteemed Certified Information Systems Security Professional (CISSP) and the highly regarded Certified Ethical Hacker (CEH).

As his reservoir of experience and capabilities expanded, Woerner has earned recognition as an authoritative figure in the realm of cyber security. He has shared his profound insights by contributing articles to industry publications, delving into pressing topics such as “4 Challenges to Address Corporate Cyber War” and “Educating Employees to Build Better Cyber Security.” Moreover, Woerner frequently graces conferences on cyber security and risk management as a distinguished speaker. Notable presentations in his repertoire include a captivating “Human Hacking” discourse at the US Cyber Crime Conference and an illuminating “Security in the New World” presentation at the Armed Forces Communications and Electronics Association (AFCEA) conference.

So what is it like to work in cyber security in today’s ever changing technical world? We are pleased to share Ron’s thoughts on that topic.

Please give a general definition of cyber security for someone interested in Information Technology but may not be familiar with the field.

The practice of cyber security is preventing, detecting, and responding to threats to the confidentiality, integrity, and availability of information systems and data.

Tell us more about your background and education. What brought you to work in IT and cyber security? 

I’ve always been interested in computers. I started using them in middle school in the early 1980’s and bought my own computer in 1982. It stems from always being curious on how things work. I studied computer science in college with a full-ride AFROTC scholarship to Michigan State University

After college, I worked for a year at AT&T Bell Labs in New Jersey in their archives researching the history, patents, and technologies. Once active-duty, I was an Air Force Intelligence Officer. That taught me many of the fundamental concepts of cyber security. I gravitated toward that topic as a Master’s degree student in the mid-1990’s, since it merged my computer science and intelligence backgrounds. I started working cyber security full-time in 2000 when I created a security program for a major billing company.  

Your professional IT work experience has been in many varying industries, from TD Ameritrade Bank to Nebraska Department of Roads to a food packaging company. Can you tell us a little about how cyber security varies from industry to industry?

The basic cyber security concepts and philosophies don’t change from industry to industry. What’s different are the compliance requirements and the organization’s risk management approach. TD Ameritrade is both a publically-traded company as well as an online brokerage. They have many more regulatory requirements than organizations not in that industry. Regulatory and legal requirements often make a security professional’s job easier, since it sets the goals for a security program. For other organizations I worked for, I had to sell the reasons for security technologies, policies, and procedures to ensure they fit the organization’s business model.

The other difference is how the organization manages risk. Financial organizations and publically-traded companies are much more mature in their understanding and handing of risks. Government and private organizations have a different risk tolerance and therefore the security program must be able to work within their risk framework. 

Cyber security is really a component of risk management and a function of the organization’s business. Cyber security professionals need to use sound risk management processes to ensure IT and cyber security risks are identified, assessed, and appropriately managed based on the business model.  

Can you talk about your dual role as an educator at Bellevue University and as the university’s Cyber Security expert?

The Bellevue University Cyber Security programs are designed to meet the high demand for cyber security professionals in both the public and private sectors. Combining theory with active learning, the program provides a framework for protecting an organization’s information and technology assets. The program is designed for professionals who want to build and expand their knowledge of protection and risk management techniques in the realm of cyber technologies. The program focuses on network and software security, risk management, protection mechanisms, business continuity planning, disaster recovery, and governance of information systems.

As the program director, I need to convey to my student and colleagues the skills, abilities, knowledge, and behavior required of security professionals. I am often asked by people both internally and externally for my expert opinion on a particular security issue, breach, or vulnerability. This requires continual study and research to be able to answer questions accurately and intelligently along with keeping my technical skills up to date.

As an Cyber Security professor, what concepts are you teaching students that are new for even you, a veteran of the industry?

The more I learn, the more I realize just how much more I have to learn. This is true in almost any field, not just IT. A good security professional needs to be well-versed in a multitude of subjects including economics, business management, psychology/human factors, legal studies and project management along with technology. 

Within technology, the newest area is mobile and cloud computing. Many organizations are moving to cloud technologies and using mobile devices like smartphones and tablets. This requires a slightly different mindset than traditional technologies. So, I’m continually learning the technologies in use such as virtualization, mobile app development, and big data.

Bellevue University is partners with numerous large companies like IBM, EMC, and Cisco. I’m taking advantage of the great training that comes with those partnerships.

It sometimes boggles my mind how much more there is to learn.  A philosophy I live by is to always be learning.  

How has cyber security changed since you entered it? Where do you see it going in upcoming years?

We will continue to see anytime/anywhere computing grow. Mobile and cloud computing enable this. The Internet of Things (IoT) is also a great change where more devices are made network-accessible. This means we’ll need to identify the threat, vulnerabilities, and risks associated with those technologies and apply security accordingly.

We are slowly migrating away from passwords. They are a very poor security control, yet they are very simple and cheap to operate. We will continue to see a growth in two-factor or multi-factor authentication, which requires users to use something they know (like a password) along with something they have (like a cell phone) or something they are (like a fingerprint). It’s much more common-place and user-friendly today, which is great because of the additional layer of security it provides.

Many companies from varying industries have been featured in the news recently for having their company and consumer information stolen by hackers. How does the field of cyber security contribute to preventing these kinds of hacker attacks and security breaches?

The recent breaches are causing many (if not most) organizations to re-prioritize cyber security. They don’t want to be the next headline, so they are hiring cyber security professionals to improve their technologies, policies, and procedures to reduce their risks. Cyber Security professionals understand threat vectors and the threat landscape to better anticipate potential security problems and hopefully stop them before they occur (aka prevention). They also understand how to detect issues to reduce the impact or probability of damage occurring. Lastly, they can help the organization respond appropriately when there is a breach.

There is no silver bullet to security. It takes dedicated security personnel along with universal participation of all employees to keep risks at a manageable level.

In your opinion, is it an ideal time to go into IT or to become an IT specialist? If so, why?

IT continues to be one of the hottest career fields. Computers are now ubiquitous and we need people to program, maintain, manage, and secure them. There are way more jobs than there are workers. 

What qualities or skills do you think are necessary for pursuing a career in IT and cyber security?

We need students who know more than just how to point and click, but understand the underlying technologies. They need to be consistently curious about the technology with a passion to learn the many different facets of the career field. To be successful cyber security also takes maturity. Things rarely go as planned. The professional needs to be able to handle adversity and implement contingency plans to meet organizational goals.

Other skills needed for not only IT / Cyber security, but all career fields are the ability to (1) communicate and (2) work with people. Being a successful IT or cyber security professional means more than just the technology, but the ability to interact with the people who use that technology.

What advice do you have for students pursuing a degree in IT or cyber security? How can students prepare themselves for the challenges?

A-B-C: Always Be Curious. There’s so much to learn (see my quote above) that you can’t get it all in the classroom. You need to do your homework even when you’re out of school to stay up to date. The real tests aren’t in the classroom, but in the workforce. 

Ask questions. If there’s something you don’t understand, it’s your job to ask intelligent questions to learn. 

CYA: Check Your Assumptions. Don’t assume that things are as they appear. Also, don’t assume that people understand what you’re talking about.

What do you find is the most exciting thing about the work you do?

The students. I love interacting and learning with them.

The experts interviewed for this article may be compensated to provide opinions on products, services, websites and various other topics. Even though the expert may receive compensation for this interview, the views, opinions, and positions expressed by the expert are his or hers alone, are not endorsed by, and do not necessarily reflect the views, opinions, and positions of EducationDynamics, LLC. EducationDynamics, LLC make no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in or resulting from this information or any losses or damages arising from its display or use.

Financial Aid Info

Cyber Security Issues

Posted on by venessa Regali

Interview with Michael Meikle: Challenges of Working in Cyber Security

Michael Meikle has witnessed the profound transformations within the Information Technology (IT) sector during his extensive two-decade tenure. The landscape that initially revolved around combating viruses and fortifying passwords in the 1990s has since undergone a substantial shift towards safeguarding data in our wireless, mobile-device-dominated world. Holding the pivotal roles of Chief Operating Officer and partner at the cybersecurity consultancy firm secure HIM, Meikle enjoys an unobstructed view of the ever-shifting terrain of data protection and risk evaluation within the IT domain.

Michael Meikle pursued coursework at Virginia Commonwealth University before embarking on a journey with a startup, where he gained invaluable hands-on experience. He furthered his education by earning a Master’s certificate in International Business Management and subsequently pursued multiple certifications, including the coveted Project Management Professional (PMP) and the esteemed Certified Information Systems Security Professional (CISSP).

Thanks to his profound expertise in the field, Meikle has been called upon to share his insights in articles addressing topics ranging from security breaches to effective business strategies. His contributions have graced esteemed publications such as the Los Angeles Times, the Chicago Tribune, and PC World Magazine. Additionally, Meikle is a sought-after national speaker on technology and cybersecurity, regularly delivering talks at diverse industry events, including those hosted by the Medical Society of Northern Virginia (MSNVA), the Intel/McAfee FOCUS Conference, and Secure360.

Meikle emphasizes that many of his early positions played an instrumental role in shaping his current career trajectory. He points to pivotal roles such as a system and network administrator at an engineering startup, a project manager within the US Department of Health, and a security architect at Capitol One as vital stepping stones in his professional journey.

A significant milestone in his career was achieved when he received the prestigious Governor’s Technology Award from the Virginia Department of Social Services. This recognition was bestowed upon him for his exceptional contribution to the implementation of the Division of Licensing Programs Help and Information Network (DOLPHIN) System. Notably, this marked his inaugural software product implementation intended for statewide use, marking a momentous achievement in his professional portfolio.

Our interview with Michael Meikle explores the challenges currently facing the field of cyber security and the importance of continuing education in order to stay current and informed in the IT industry.

Tell us more about your background and education. What led you to work in IT and cyber security?

I have always had an affinity for computers and technology, so when I joined an engineering startup in college, I naturally fell into a system/network admin role. From there, I leveraged my experience and gradually shifted my career toward software development project management. After completing some large enterprise projects, I saw that information security was becoming more crucial and so I sought out more opportunities that would take my career toward the cyber security discipline.

Please describe cyber security and what your company does for someone who may not be familiar with the field.

To boil it down to its most basic essence, cyber security is the protection of data. All the processes, technologies, and people involved are all concerned with confidentiality, integrity and availability of that data.

Our company, secureHIM, is a security consulting and education company. We provide cyber security training for clients on topics such as data privacy and how to minimize the risk of data breaches. To facilitate these services, secureHIM has partnered with the Information Institute and its founder Dr. Gurpreet Dhillion. This partnership provides an accredited information and security framework for these programs.

Our consulting programs include security program evaluation, HIPAA & HITECH security assessments, strategic social media programs, and IT security planning services.

What is the most exciting thing about the work you do? Or the most rewarding?

Developing and delivering security training programs for companies are two areas that are the most exciting for me. I really enjoy interacting with folks and providing some great material that can be interesting, helpful, and contribute a great deal to the security of their company.

The other area that is most exciting for me is incident response. While stressful, there is a thrill of tracking down the origins of a phishing attempt or successful malware infection and then crafting the appropriate solution to protect against such an incursion in the future.

Can you tell us about your different roles in the IT industry (security consultant, risk consultant, author, trainer, voice in social media)?

I’ve held quite a few different roles in the IT & Security Industry. I’ll list a few of these below:

Security Consultant – I have provided security consulting services for around 15 years across multiple industries (Financial, Healthcare, Government, etc.). Projects I have led include Data Loss Prevention (DLP), endpoint encryption, intrusion detection/prevention, risk assessments, and data breach response.

Risk Consultant – As part of my security consulting practice, I have provided a wide assortment of risk consulting services, primarily in risk assessments. These assessments include HIPAA, HITECH, application security, and enterprise security environment.

Author – I have a significant body of published work across various publications, including a recent article about the Affordable Care Act in Social Work Today.

Trainer – I am an eLearning expert with dozens of online courses/webinars in my portfolio. I have provided these services for ExecSense/Financial Times, AtTask, Medical Practice Trends, and in person at various enterprises.

Social Media – I am an active participant in social media and I also provide security services for enterprise social media programs. I have spoken at national conferences on the topic of social media and I have designed several social media campaigns for regional companies.

How has your entrepreneurial spirit been a benefit to you in the cyber security field?

The drive to take a concept and create a viable business around it is very beneficial in several ways. It forces you to keep on top of your industry. You have to continuously educate yourself to ensure you have not missed a crucial opportunity or made potentially damaging missteps. 

It also provides a healthy reality check regarding business realities and forces a person who is oriented toward technology to manage the day to day operations of a business. This is invaluable experience and a definite step outside of the comfort zone of a typical technologist.

What are some of the key points you emphasize when training a company on risk, compliance, and security? What are some of the challenges of the profession?

Key points on Risk:

  1. Effective enterprise risk management requires a certain level of corporate maturity. This entails a managed and supported governance program.
  2. The concept of risk management itself must be driven from the executive suite with full support of those executives.
  3. With a new risk program, start small. Track no more than 10 critical business processes (KPI). Attach a Key Risk Indicator (KRI) to each.
  4. Risks must have executive oversight and business ownership.
  5. There is no technological silver bullet for managing risk.

Key points on Compliance:

  1. An effective compliance program is a component of a robust Governance, Risk, and Compliance initiative. This relies on a level of corporate maturity and support from the executive suite.
  2. The regulatory burden on multiple industries is continuously increasing. An enterprise needs to be educated on its local, state, and federal regulatory burden to ensure its program is covering its exposure.
  3. Beware of compliance by “checklist.” A checkbox compliance program may be tempting but many industry regulatory frameworks are incomplete or vague, which could lead to missing key risks. PCI compliance can be a good example of compliance by “checklist.”

Key points on Security:

  1. Security must become more of a priority at the executive level. Even with the latest breaches, corporate leadership mostly considers cyber security as a necessary evil with appropriate funding and visibility to match.
  2. The most unsophisticated security solutions still provide the most bang for the buck. These include patching your servers and endpoints, training your users on security risks, standard, updated antivirus/antimalware protection on servers and endpoints.
  3. Consider that nearly all of the recent major breaches have begun with a phishing campaign that lead to accounts becoming compromised and eventually stolen data.
  4. Monitor the tools you do have in place. All of the security solutions in the world will not protect you if they are not managed and monitored. Trained staff interpreting the data that is received by these solutions is very critical.

Challenges of the Security Profession:

  1. Staying current on the latest technologies, threats, and regulations is quite difficult. It requires continuous education.
  2. Communicating the need for training to leadership. Training in the enterprise today is not a priority for most companies. I have consulted for quite a few who do not invest at all in their employee’s ongoing education.
  3. Communicating the importance of security to leadership. It is an unfortunate reality that the security team of most companies becomes involved in a project near its completion when a security issue occurs. Proactive information security involvement in the enterprise is still in its infancy.

Companies from varying industries are desperately trying to safeguard their information from being hacked. What are some principle practices that you emphasize to companies trying to maintain security?

When considering your security program, remember it is about protecting the enterprise data. Data is the new currency and is increasingly important to the enterprise. In some industries, the protection of data has added federal mandates, such as healthcare Protected Health Information (PHI).

When protecting your data, review the Data CIA model. This stands for Confidentiality, Integrity and Availability.  Is you data confidential to unauthorized users? Do you know who has accessed, changed, or copied your data (integrity)? Can your data be accessed by authorized users when appropriate (availability)?

How has the cyber security field changed since you entered it?

The security field has changed tremendously since I first entered it in the 1990s. At that time, decent virus scanning tools, patching endpoints/servers when necessary, and a firewall were considered a viable security program. Security was usually an activity underneath the IT department that was managed by system administrator on an “as needed” basis.

Fast forward to today and the pace of security has become frenetic. New threats arise constantly and staying ahead of the curve is nearly impossible. In many cases, cyber security is still a subcomponent of information technology, but that is changing quickly. The basics of security still apply. Patching, monitoring, endpoint and server protection, employee training etc. are very critical.

The biggest change has been the arrival of consumer technologies into the enterprise (Consumerization). Gone are the days of corporate Blackberries, laptops, and desktops being the only devices an employee uses to access corporate information. Now a plethora of iDevices, Androids, and other mobile devices have knocked down the enterprise technology barriers. Managing how data is accessed, stored, and transmitted on these devices is one of the largest security challenges for security departments today.

Security has gone from the moat, drawbridge, and castle model to building a multiple secure perimeters around crucial pieces of corporate data. 

Do you think it’s an ideal time to go into IT or to become an IT specialist, and if so, why?

I believe it is a viable career choice with some caveats. You must realize that IT has been the target of downsizing, right-sizing, outsourcing, whatever euphemism you want to call it for over twenty years. You must be very flexible in your IT career and constantly aware of what trends are impacting the profession. Information security is relatively hot at the moment, but that could change quickly. Be prepared to shift your direction in your career and always have a few other IT skills you can fall back on.

Which skills do you think are necessary for pursuing a career in IT and cyber security?

General skills that may serve you well in IT and security:

  1. The ability to learn quickly
  2. Ability to troubleshoot problems while drawing on multiple sources of information
  3. Ability to embrace change
  4. The ability to communicate technical concepts to business users so they can make the appropriate decisions
  5. A love of technology

Valuable technical skills would be:

  1. Operating Systems
  2. Networking
  3. Servers
  4. Storage
  5. Virtual Machines
  6. Software Architecture

What advice do you have for students pursuing a degree in IT or cyber security? How can students prepare themselves for the challenges?

To prepare for the pursuit of an IT or cyber security degree, I would earn an industry certification or two. Take a look at the various CompTIA certifications and see what fits your interest. They may be valuable for your resume but there is no replacement for experience. Experience in the industry will give you the best feel for what to expect in a degree program. Internships may be abundant for IT and security, so seek them out at your university. 

The experts interviewed for this article may be compensated to provide opinions on products, services, websites and various other topics. Even though the expert may receive compensation for this interview, the views, opinions, and positions expressed by the expert are his or hers alone, are not endorsed by, and do not necessarily reflect the views, opinions, and positions of EducationDynamics, LLC. EducationDynamics, LLC make no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in or resulting from this information or any losses or damages arising from its display or use.

Financial Aid Info

© Education Connection 2024. All Rights Reserved.

*https://nces.ed.gov/programs/digest/d20/tables/dt20_311.15.asp

Sources for school statistics is the U.S. Department of Education’s National Center for Education Statistics.

Disclosure: EducationDynamics receives compensation for the featured schools on our websites (see “Sponsored Schools” or “Sponsored Listings” or “Sponsored Results”).  So what does this mean for you? Compensation may impact where the Sponsored Schools appear on our websites, including whether they appear as a match through our education matching services tool, the order in which they appear in a listing, and/or their ranking.  Our websites do not provide, nor are they intended to provide, a comprehensive list of all schools (a) in the United States (b) located in a specific geographic area or (c) that offer a particular program of study.  By providing information or agreeing to be contacted by a Sponsored School, you are in no way obligated to apply to or enroll with the school.

This is an offer for educational opportunities, not an offer for nor a guarantee of employment. Students should consult with a representative from the school they select to learn more about career opportunities in that field. Program outcomes vary according to each institution’s specific program curriculum. Financial aid may be available to those who qualify. The financial aid information on this site is for informational and research purposes only and is not an assurance of financial aid.

1 You must apply for a new loan each school year. This approval percentage is based on students with a Sallie Mae undergraduate loan in the 2018/19 school year who were approved when they returned in 2019/20. It does not include the denied applications of students who were ultimately approved in 2019/20.

2 This promotional benefit is provided at no cost to borrowers with new loans that disburse between May 1, 2021 and April 30, 2022. Borrowers are not eligible to activate the benefit until July 1, 2021. Borrowers who reside in, attend school in, or borrow for a student attending school in Maine are not eligible for this benefit. Chegg Study® offers expert Q&A where students can submit up to 20 questions per month. No cash value. Terms and Conditions apply. Please visit http://www.chegg.com/legal/smtermsandconditions for complete details. This offer expires one year after issuance.

×

Sponsored Meaning Explained