Thousand Oaks, CA – 24 April 2019 – In a move to continue its leadership role in helping to redefine global educational platforms, synED, a non-profit 501(c)(3) organization is pleased to announce the expansion of its Board of Directors, the addition of an advisory committee and a new director of its California Cyberhub initiative.

“Including leaders in their fields that have unique experiences and passion is crucial to help drive our efforts to fulfill synED’s charter to change the way our global citizens are educated and trained. We are pleased to announce the following representatives that will broaden our organizational expertise, and expand our influence. In turn, their market presence and stature will serve as a solid base for us to move swiftly and to gain participation in all facets of our organization,” said Executive Director/Chairman of the Board, Scott Young. The following industry leaders are joining the synED Board of Directors:

United States Air Force, Major General (Ret.) Sheila Zuelke – “As a nation, we must start cyber security education early and sustain learning and vigilance throughout our lives…our nation needs every citizen to be a cyber defender to protect our way of life.” Zuelke retired from the United States Air Force Reserve in June 2017 after 34 years of distinguished service, including as a Major General and Mobilization Assistant to the Commander, 24th Air Force, Air Forces Cyber. During her Air Force career, she also served as the senior reserve advisor to the Commander, U.S. Cyber Command and Director of the National Security Agency.  More about Major General Zuelke.

Mr. Gary Wang most recently served as the Army Deputy Chief Information Officer/G-6. Wang moved from his position as Director of Intelligence Systems and Architectures, Office of the Under Secretary of Defense for Intelligence, where he has had executive oversight for numerous intelligence programs across the armed services and defense agencies since 2012.

In Army circles, he is best known as the change agent who will help the Army accelerate to the modern, secure and globally-available network needed now and for the future. More about Mr. Wang.

In addition to the Board expansion, Ms. Liz Fraumann will assume the role of Director of the California Cyberhub, a key synED initiative. Under her direction, the organization anticipates deeper community level engagement and growth in all programs associated with California Cyberhub. “We are thrilled to have Liz join the organization. Her rich experience of running the Securing Our eCity Foundation for over eight years and her international experience will lead Cyberhub to new heights,” said Scott Young.

To help guide our efforts, by having a touchstone across government, business, education and society in general, we have established an Advisory Committee that will work directly with the Board of Directors. We are pleased to announce the following individuals as the first two representatives to join this committee. Ms. Laura Lee, Executive VP at Circadence and Mr. Rick McElroy, Head of Security Strategy for Carbon Black.

The current synED Board of Directors and officers include: Ms. Florence Nissim, Secretary; David Daggett, Treasurer; and Scott Young, Executive Director/Chairman of the Board.

ABOUT synED

SynED is a non-profit organization dedicated to promoting educational excellence by promoting synergies between traditional, non-traditional and experiential learning to realize the best possible outcomes for students, faculty, business and society.

For more information, visit synED.org

ABOUT California Cyberhub Initiative

California Cyberhub is a synED initiative focused on engaging communities to advance cyber security awareness and life-long learning. The goals are to provide highly interactive opportunities with a focus on collaboration, communication, creativity, persistence and adaptability for all while fostering cyber career opportunities. Engage with California Cyberhub to advance cyber security awareness and life-long learning: ca-cyberhub.org.

SANS Institute has launched a national cybersecurity program designed specifically for high school girls to encourage more females into the industry and to reduce the national cyber skills gap.

The Girls-only cybersecurity program, Girls Go CyberStart, is the result of a partnership between 27 state governors and SANS Institute. Those states are Alabama, Arkansas, California, Colorado, Connecticut, Delaware, Georgia, Hawaii, Idaho, Indiana, Iowa, Maine, Maryland, Michigan, Montana, Nevada, New Jersey, North Carolina, North Dakota, Pennsylvania, Rhode Island, Tennessee, Texas, Vermont, Virginia, West Virginia, Wyoming.

Girls who want to participate in the free program do not need any experience in gaming or computer science, but must be at least 13 years old and enrolled in 9th, 10th, 11th or 12th grade at a public or private school (or the homeschool equivalent) in a participating state.

There are three stages in Girls Go CyberStart. Each stage features a series of digital challenges that introduce participants to important concepts in the field of cybersecurity, according to the release.

The first stage consists of a series of questions that measure existing knowledge, problem-solving skills and the potential for a career in cybersecurity. The second stage involves learning techniques to take on real world challenges such as cracking codes and finding security flaws. The final stage is for the best performing teams from each state who will compete in a national online ‘Capture the Flag’ competition.

More information can be found here.

CyberAegis Aether shows success in statewide efforts to bring girls into cybersecurity and STEM.

Next week, thousands of students from across the country will compete in the Air Force Association’s CyberPatriot XI Finals in Baltimore, the culmination of a year of hard work and dedication.

Among those teams is CyberAegis Aether, a group of five seventh and eighth grade girls from Oak Valley Middle School in San Diego, who are ranked third among all middle school CyberPatriot teams in the U.S. This dynamic group of young women shows that anyone can excel in cyber competitions and cyber careers, regardless of gender.

Beyond that, though, team members Rachel Lee and Ellen Xu said that the friendships they’ve formed will last into high school and beyond. Part of the team’s success is how well they work together and how close they’ve become.

“We’ll always come back to this group of girls. We’ve all experienced so much together,” said Lee, who is the team’s captain and CyberAegis president at Oak Valley Middle School. “This team will always have a special place in my heart.”

“It doesn’t feel like we’re just a team,” Xu said. “It feels like we’re a family or really close friends,”

Under the direction of Coach Paul Johnson, CyberAegis is a force to be reckoned with, with six of its teams competing in CyberPatriot Nationals. To gain a competitive edge, Lee said team members spend an average of two hours each night studying on their own in addition to scheduled practices.

Even if the team does not win in Baltimore, the girls say the extra effort will be worth it because it’s helped teach them valuable time management skills.

“There are only 24 hours in each day, so we make sure that we make use of each minute and get everything done,” Xu said. “We make sure that we get really in-depth on things that matter to us.”

When CyberAegis Aether competes, they are representing much more than themselves or even their school. Even at a young age, they are aware of the spotlight that’s on them as young cyber leaders.

“As an all-girls team, we want to convey the message to the rest of the world and help other girls around the world know that STEM fields are gender-neutral fields,” Xu said.

It’s a badge they wear proudly on behalf of girls around the United States and around the world.

“When we compete, we’re representing all the girls who are underrepresented in the STEM field and don’t have as many opportunities as we do,” Lee said.

Teams like CyberAegis Aether are an important part of meeting the demand for cybersecurity workers across California. Meeting this need is a high priority for the Governor’s Office of Business and Economic Development, which supports the national Girls Go CyberStart program.

Girls Go CyberStart is a series of interactive challenges designed to introduce girls to cybersecurity. More than 6,000 high school girls across the U.S. participated in the program in 2018.

“California businesses are struggling to fill cybersecurity-related jobs with qualified employees. As we work to close that gap, it’s critical that we bring greater diversity to the field of cybersecurity so that our businesses are better able to anticipate the full range of threats they face,” said Governor’s Chief Economic and Business Advisor and Director of the Governor’s Office of Business and Economic Development Lenny Mendonca. “The GirlsGoCyberStart Program is an important way for us to get more young women and girls to consider cybersecurity as a viable and fulfilling career path. There’s no question that a more diverse workforce leads to stronger businesses and a stronger California.”

Other opportunities for middle and high school girls to become involved in cybersecurity include the California Mayors Cyber Cup and the CyberTech Girls program.

Lee offered a few words of advice for any girls who are interested in cybersecurity but worried about being one of the only girls in the room.

“Don’t let the guys put you down because you can be just as good them and you can be even better than them,” Lee said. “Surround yourself with people who love you and support your and don’t be afraid to follow your passion.”

1,200 Students across California Participate in the California Mayors Cyber Cup using the Haiku Cyber Range

In an effort to help grow the cybersecurity workforce of tomorrow, California Cyberhub, its affiliates and Sentek Global joined forces for the 2019 California Mayors Cyber Cup (CMCC).

On February 23rd, 2019 at 9:00 am, 1,200 middle school and high school students (Over 250 teams) gathered at locations in 12 regions across California to compete in the annual event.

All 250 teams had been working for months with coaches, teachers, mentors and parents to prepare for the competition; many also participated, virtually, in a practice round on the Haiku Cyber Range from their homes or schools several weeks before to help sharpen their skills.

Sentek Global, a Department of Defense Cybersecurity and Engineering contractor built a realistic United States grid that the students protected in a mock attack simulation. The Haiku Cyber Range was donated to the CMCC in partnership with Amazon Web Services.

Read the full article here.

Employee mistakes were ranked as the highest risk in the 2019 Global Encryption Trends Study, though employee-owned devices on company networks deserve more security scrutiny.

When it comes to assessing security risks, exposure of sensitive data is most likely to result from human error when handling data and malfunctions of systems and processes designed to protect data, according to the 2019 Global Encryption Trends Study, published Thursday by nCipher Security and the Ponemon Institute. More than half (54%) of respondents indicated employee mistakes were the largest risk, while 30% cited system or process malfunction in the survey question, for which more than one choice was permitted.

These concerns outweigh those of targeted attacks by hackers and malicious insiders, with 30% of respondents citing hackers, 22% citing temporary or contract workers, and 21% citing malicious insiders, the report found. Third-party service providers were cited by 19% of respondents. Concerns of government interference—both lawful and eavesdropping—were not priority concerns, cited by only 11% and 12%, respectively.

SEE: Windows 10 security: A guide for business leaders (Tech Pro Research)

Motivation for encrypting data is equally split between protecting the intellectual property of the organization and protecting the sensitive personal information of customers, with 54% of respondents citing those factors as the main drivers for deploying encryption. Protecting against specific, identified threats followed closely at 51%, while 46% cited compliance “with external privacy or data security regulations and requirements.”

Prioritizing encryption surfaces emerging security risk

Overextended IT workers inevitably must prioritize what they view to be the highest-risk technologies, and work to secure them. These highest-risk items are what you would suspect—Internet communications, databases, and backups/archives comprise are the top three. At the very bottom of the list are Internet of Things (IoT) devices and platforms, at 52% and 50%, respectively.

With the proliferation of both IoT devices in general and in the workplace, as well as the ubiquity of employee-owned devices in workplaces and BYOD policies, IT departments are being made responsible for ensuring the security of these devices.

Demand for IoT security solutions is anticipated to drive that market to $9.88 billion by 2025, according to a report from Grand View Research late last year. Likewise, an abundance of high profile IoT security breaches in 2018 should make IT security professionals take a second look at what devices are brought onto their networks by employees.

For more on the risks of data breaches, learn why 61% of CIOs believe employees maliciously leak data, and 3 security threats businesses need to prepare for by 2021.

Most companies have not implemented standards for authenticating emails and preventing hackers from successful phishing attacks, according to Valimail.

Businesses and consumers see more than 1.2 million phishing attacks each year, as hackers use the effective social engineering attacks to con employees into clicking a malicious link or attachment. Despite how widely known and damaging these attacks can be, companies still fail to adequately prevent them from happening, according to a Friday report from Valimail.

Widely-accepted open standards exist for authenticating email and preventing phishers from spoofing domains with fake emails, but a majority of companies across industries have not made full use of them. The vast majority—90%—of large tech companies remain unprotected from impersonation attacks, the report found.

SEE: Security awareness and training policy (Tech Pro Research)

The report examined the primary domains for 525 global tech companies with revenues of more than $500 million annually, querying them for the presence of Domain-based Message Reporting, Authentication & Conformance (DMARC) records and Sender Policy Framework (SPF) records.

Nearly half (49%) of companies had DMARC records of some kind, indicating that they have begun to deploy this anti-phishing tool. But only about half (55%) of those companies have DMARC records that were correctly configured and set to a policy that will actually stop phishing and spoofing, the report found.

Companies are more advanced when it comes to SPF, the report noted, likely because it is older and better understood. Some 78% of tech companies analyzed are using SPF correctly, it added.

The presence of DMARC is positively correlated with a company’s revenue, according to the report: Companies with DMARC enforcement had an average revenue of more than twice that of companies with no DMARC records at all, at $10.2 billion versus $5 billion.

For tips on how to prevent phishing attacks in your business, check out this TechRepublic article.

Senior leaders in business and government ought to take note of ISACA’s State of Cybersecurity 2019 research, which details the findings of a global survey of cybersecurity professionals.

The report highlights many of the issues of which we cybersecurity professionals long have been painfully aware: that it is increasingly difficult to recruit and retain technically adept cybersecurity professionals; that while gender diversity programs have yielded positive results, support for these programs may be waning; and, cybersecurity professionals are concerned that budgets for cybersecurity programs are flattening or on the decline.

While most senior leaders are already sensitive to these issues, the report should kindle a sense of urgency to address them. I submit that traditional methods of addressing these issues are inadequate to remedy the situation and we need to look to other leadership approaches to fill the gaps.

With cybersecurity professionals being such a high demand/low density asset, organizations ought to think out-of-the-box to ensure they have the right people, with the right skills, in the right place, at the right time. They need to look at other sources of talent. As an example, I am a huge fan of reskilling personnel. Reskilling is a term meant to describe where an existing employee is trained in new skills to fill gaps. During my time in the US Air Force, I saw this technique used to great effect as we took mid-level security forces personnel and trained them in information technology and cybersecurity skill sets. Some of the best cybersecurity professionals I know are former Air Force cops. Reskilling personnel is a tool that senior leaders can use to close the gaps.

Read the full article here.

Organizations are facing more difficulty filling security roles now than in previous years, according to a CyberEdge report.

Finding and retaining workers in IT security continues to be a challenge for organizations, though IT professionals report a modestly increased shortfall of skilled security workers, compared to last year, according to the 2019 Cyberthreat Defense Report from CyberEdge.

The report, published Tuesday, indicates that talent shortages are the second-highest concern among security decision-makers surveyed in the report, with 84.2% of respondents indicating their organizations are having difficulty filling security roles, an increase from 80.9% in 2018.

SEE: Research: As overseas business operations grow so do concerns over cyberwarfare and cybersecurity (Tech Pro Research)

The following IT security roles are most difficult for organizations to fill, according to the report:

  1. IT security administration (34.3%)
  2. Security architect (28.2%)
  3. Security analyst/incident responder (27.6%)
  4. Application security tester (22%)
  5. Compliance auditor (21.6%)

The education market is the most affected by these shortages, with 91.3% of respondents in that field indicating difficulty filling roles. Government and healthcare (81.8% and 81.9%, respectively) are the least affected.

There is noticeable regional disparity—94% of respondents in Japan cited difficulty filling those positions. Wages for IT careers are substantially lower in Japan than in other countries, with attempts to raise wages generally in Japan falling short of expectations. Likewise, Saudi Arabia and Singapore disproportionately reported difficulties filling IT security positions.

Oddly, the report also notes that despite the difficulty in filling those positions, Japan appears to fare substantially better in security than Saudi Arabia, with 87.8% of respondents in the kingdom indicate falling victim to a ransomware attack in the last 12 months, though only 37.8% of respondents in Japan reported the same.

Brazil (65.6%), Germany (74.3%), and Australia (76.1%) were the least impacted by shortages in IT security workers.

Spear phishing attacks continue to increase in popularity among cybercriminals, and businesses must take steps to protect against them or risk seeing sensitive information stolen, according to a Tuesday report from Barracuda.

These highly personalized email attacks involve a hacker researching their target and creating a message often designed to impersonate a trusted colleague or business to steal sensitive information, which is then used to commit crimes like fraud and identity theft, the report noted.

Spear phishing attacks are particularly dangerous because they are designed to get around traditional email security like spam filters, the report found. They typically do not include malicious links or attachments, but instead use spoofing techniques and zero-day links that, combined with social engineering tactics, are unlikely to be blocked.

Of the 360,000 spear phishing email attacks examined by the report over a three-month period, the most common type of attack by far was brand impersonation (83%). Brand impersonation attacks attempt to impersonate a well-known company to gain a target’s credentials and take over their account. These attacks have also been used to steal personally identifiable information like credit card and Social Security numbers. Microsoft and Apple are the most commonly impersonated brands used in these attacks, the report found.

Read the full article here: https://www.techrepublic.com/article/how-to-prevent-spear-phishing-attacks-8-tips-for-your-business

The California Mayors Cyber Cup competition is over, but the work of Team California to educate the next generation of cybersecurity professionals is just beginning.

Over the next year, parents, educators, employers, employees, and leaders from business and government will work together to create 1000 new middle and high school cyber competition teams by 2020. It’s an ambitious goal but one that can be achieved through statewide cooperation.

The momentum for Team California began at the California Mayors Cyber Cup, which was held February 23 in 12 regions across the state. California is already a leader in cybersecurity competitions, but there’s the potential to do so much more.

Cybersecurity jobs provide a pathway to a secure and high-paying career that can’t outsourced. The goal of the Team California initiative is to bring cybersecurity awareness and education into communities across the state in the same way youth soccer or little league baseball became common generations ago.

“It is important to remember that little things, like stepping up to support a team or volunteering at competitions, can change the trajectory of a young person’s life. This has the potential to influence our future in ways we cannot imagine,” said Scott Young, director of the California Cyberhub, which organizes the California Mayors Cyber Cup and related efforts. “We are serving our communities and our youth by providing them with the tools they need to be successful. Everyone is important and every little thing they do does matter!”

Kimberly Pease, who was named Cybersecurity Professional of the Year by the Los Angeles Business Journal, said she sees programs like the California Mayors Cyber Cup as a way to strengthen the bonds that are needed for Team California to thrive.

She plans to keep her company, Citadel Information Group at the forefront of cybersecurity education moving forward.

“I am inspired by the dedication and enthusiasm to support cybersecurity and our future cyber guardians,” Pease said. “I was in awe of the teachers who devote their lives to our kids, students, and young adults to make the world a better place, especially as it relates to cyber. And most of all, I was inspired by the engaging students. They hopefully will find their passion somewhere inside a cyber security career and be phenomenal cyber citizens”

At the high school level, teachers spend countless hours preparing students for cyber competitions in addition to their full day of teaching. Districts like the Los Angeles Unified School District also provide computers for students to use and arrange transportation to and from competitions.

“LAUSD provided some laptops to students so that every member of the team could have a machine either to play or do research, said Carey Peck of LAUSD’s Beyond the Bell program. “We provided transportation for about 75 percent of our students who participated.

But, it’s not enough to have cybersecurity education in schools. In order to truly make a difference in students’ lives and meet the workforce demand, the community needs to be involved. Many of the new cyber competition teams created in the next year will be in partnership with the Girl Scouts of California and Boys and Girls Clubs after school programs.

“Building support for cybersecurity competition at the community level embeds awareness of cybersecurity hygiene in the community culture,” Young said. “We have millions of parents in California who can make great coaches. Given the chance, kids participating in cyber team competitions will teach themselves and their coaches about cybersecurity.”

Some of the top CyberPatriot teams in the nation are coached by a former band director Northrup Grumman engineer and dedicated high school teacher none of whom are experienced cybersecurity professionals.

“99 percent of what I know about teaching cybersecurity, I didn’t know when I started,” said Jay Gehringer, coach of the award-winning cyber teams at North Hollywood high school. “I took Cisco courses, did a lot of research online, talked to kids who had figured things out and got some help from other instructors along the way.”

Allen Stubblefield, a cyber coach at Troy High School, said California already has the resources necessary to become an even stronger cyber powerhouse and a model that the rest of the country can follow.

“Every state has great students, but California has many schools with the right combination of computer resources, passionate coaches and supportive administrators,” Stubblefield said. “New students are welcomed, and we try hard not to say ‘no’ to students who want to try this for the first time.”

Team California can only grow if students can teach each other along the way, freeing up coaches to work on bringing new students into the cyber world. This model is already well underway among the CyberAegis group in San Diego, according to coach Paul Johnson.

“I’m very fortunate to have such a sharp, determined group of high achievers,” Johnson said. “Every year all of the thousands of teams get better, and there are some teams who have been competing for many years. We keep improving our training and trying to stay on the leading edge of where vulnerabilities will be hidden next.”
In the end, teamwork across communities, industries and organizations will drive Team California’s success and make the goal of adding 1000 cyber teams across the state a reality.

“The technology community is one community,” said Amy Tong, California’s Chief Technology Officer and Director of the California Department of Technology. “You do not need to have the title of a public servant to help protect the public’s assets.”

For more information on the California Cyberhub and the Team California project, visit ca-cyberhub.org

About California Cyberhub

The California Cyberhub is an initiative hosted at SynED, a 501(c)(3) non-profit organization focused on bringing innovation to education and workforce development. The California Cyberhub initiative is made possible by a collaborative effort of volunteers and funding from California public education, government and business. Supporters include the California Community Colleges Chancellor’s office, Community College Regional Consortiums, the California Governor’s Office of Business and Economic Development, the California Department of Education and countless volunteers and champions across the state. For more information about the California Cyberhub, visit ca-cyberhub.org.

About Beyond the Bell

The mission of the Beyond the Bell Branch is to ensure that all children and youth in LAUSD have access to high quality, safe, and supervised academic, enrichment, and recreation programs that inspire learning and achievement beyond the regular school day. Every child and youth should have a safe place to be in the presence of a responsible, caring adult with engaging activities that support achievement and promote social, emotional, physical development beyond the regular school day.

About Citadel Information Group

Citadel Information Group, based in Los Angeles, California, provides information security management services to businesses and the not-for-profit community. Citadel’s commitment to excellence has been documented time after time. Our people are exceptionally talented. We are creative problem-solvers. We play well with others. And client-service is our absolute number one priority

About the California Department of Technology

The California Department of Technology is committed to partnering with state, local government and educational entities to deliver digital services, develop innovative and responsive solutions for business needs, and provide quality assurance for state government Information Technology (IT) projects and services. The Department’s “Vision 2020” Strategic plan is to create one digital government delivered securely by a dynamic workforce.