California Cyber News

Oak Tech 006

Originally Posted On: edsource.org

Four years ago in May of 2014, the CEO of Code.org, Hadi Partovi, sent a letter to Governor Jerry Brown asking for a meeting to talk about the importance of expanding student access to computer science education in California’s K-12 schools.

 

Gov. Brown asked State Board of Education President Michael Kirst to advise him. A colleague of mine for over twenty-five years, Mike asked me to look into it and to answer some basic questions: What is computer science education? Why should it be for all students? Why now?

With college degrees in English Literature and Public Policy, and accustomed to relying heavily on Apple’s Genius Bar to fix my iPhone and laptop, I had a very steep learning curve.

But with mentoring from Code.org, the national nonprofit expanding K-12 computer science across the country and support from California’s many computer science advocates, I dug in. And the more I learned and understood, the more passionate I became about the need for computer science to be brought into K-12 as a foundational subject and about the critical importance of ensuring that girls, students of color, low-income kids, EL students — all students have access.

Fast forward four years.

P2

It’s easy to talk about the need for more women in IT, but hearing stories from friends and family members drove the point home for Del Norte High School student Lily Hu.

“Females are given fewer opportunities than their male colleagues,” Hu said. “If more young women become involved with IT and cybersecurity, we can change such stereotypes. Having more women would encourage support for one another.”

Hu is one of seven students from the CyberAegis team in San Diego to receive a National Center for Women in Technology (NCWIT) Aspirations in Computing Award. The award honors women in grades 9 through 12 who are active and interested in computing and technology, and encourages them to pursue their passions.

img333
Innovations in Cybersecurity Education:
We talked about it for months, but WOW what a mega success. The second annual Innovations in Cybersecurity Education awards program resulted in a glorious 73-page booklet chock full of innovations ready for you to integrate into your cybersecurity classrooms! They include tried and true techniques in areas of curriculum, faculty development, lab activity, local partnerships, and student-aided learning. This handy publication is available for free to National CyberWatch Center academic members.
Fotolia 104123748 Subscription Monthly M 730x480

Originally Posted On: paymentsjournal.comaymentsjournal.com

127 million smart home units are expected to be sold in the US in 2018, with the global smart home market expected to be worth $53.45 billion by 2022. With 55% of smart device owners in the dark about how they actually work, could those who bought second-hand smart home devices be welcoming a threat to their families into their homes?

Internet security experts vpnMentor have utilised a team of ethical hackers to uncover the most hackable smart home devices including the first-generation Amazon Echo, a Samsung Smart Camera and the first-generation Ring Smart Doorbell.

cyber security cybersecurity device 60504

Originally Posted On: zdnet.comdnet.com

California IoT security bill criticized by security researcher. Expert says bill “is based upon an obviously superficial understanding of the problem.”

The first Internet of Things (IoT) security bill in the US has been approved in California at the end of August and has now reached the Governor’s desk to be signed into law.

The bill, SB-327, was introduced in February 2017 and was the first legislation of its kind in the US.

It even predated by almost six months the Internet of Things Cybersecurity Improvement Act of 2017, a bill introduced in the US Senate by Sen. Mark Warner [D-VA].

But while dust gathered on Sen. Warner’s proposal to secure IoT devices across the US, the California bill saw active discussions and was approved on the California Assembly and Senate floors on August 28, and 29, respectively.

Man sharing experience with woman 300x199

Originally Posted On: certmag.com

We’ve all heard of the Catch-22 phrase, “In order to get experience I need a job, and in order to get a job, I need experience.” Liz Ryan, noted author of Reinvention Roadmap, and a contributor to Forbes Magazine described this as a “membrane that seems to be thick and impenetrable, but once you get a foot inside you will see that it’s not(.)” Ryan identifies the importance of getting involved in “networking events whenever you get a chance … Start to form relationships with business people in your area.”[1]

For cybersecurity students with professional ambitions, the term “business people” can be substituted with IT and cybersecurity professionals. As both an educator and cybersecurity professional, I’ve been in a position of teaching and mentoring a large number of students over the years, with the express goal of creating great taxpayers. In order to achieve this goal, educators need to focus on key competencies that students need to succeed in these job roles. Those competencies are:

Dan Manson

Dan MansonDan Manson saw for the vision of what cybersecurity education could become long before many people even knew what cybersecurity was. 

Over the past 20 years, he’s helped expand cyber competitions across California while serving as a professor and chair of the Computer Information Systems department at Cal Poly Pomona. After seeing so much success in California, he’s ready to do the same thing in Nevada, where he now lives.

“California has gone so far down the road that they don’t need me,” Manson said. “There are other places that aren’t very far down that road where I can still have an impact.”

Manson joined the cybersecurity world in 2001 after hearing about a Department of Education grant aimed at improving campus cybersecurity. He thought that there might be an opportunity for faculty to become involved and — as he’s done many times throughout his career — invited himself to the meetings to learn more about it.

That grant lead to two $900,000 NSF Advanced Technical Education grants, one in 2003 and one in 2007. Those funds were aimed at workforce development and allowed Manson to begin building partnerships with other colleges that have only grown stronger over time.

In addition, Manson led the effort for Cal Poly Pomona to be designated a National Center of Academic Excellence in Information Assurance Education in 2005, 2008 and 2014. 

money shutterstock489

Original article posted on informationweek.com

2018’s bullish economy is reflected in venture capital and private equity investments. Software drives the majority of deals since software powers just about everything now. Here’s where the money is flowing and why.

2018 is a strong economic year, as reflected in venture capital and private equity investments. According to the 2Q Pitchbook-National Venture Capital Association (NVCA) Venture Monitor, $57.5 billion was invested in U.S. VC-backed companies in the second quarter. Ninety-four of the financings involved at least $100 million and 42 unicorns closed deals with valuations of at least $1 billion.

“To say capital availability is high would be putting the true state of the US VC industry lightly,” the report says.

In the first half of 2018, software represented 43% of venture capital deals and 11.9% of private equity (PE) buyouts, according to Pitchbook. It expects more PE to flow to VC-backed companies in the forms of buyouts and growth rounds.

promo image

Originally posted on courses.certification.comptia.org/a-on-ramp

You’re ready to get certified, we’re ready to help. Sign-up today for free certification advice!

Register today for CompTIA A+ On-Ramp, our online course designed to simplify the certification process.  CompTIA A+ On-Ramp includes three classes (only 10 to 14 minutes each). Each class is recorded and available online, anytime, on your computer or mobile device. Watch them at your convenience.

Original article posted on indivigital.com

According to security firm Sucuri, the alleged “main contributors” to the spread of the infection are the tagDiv Newspaper theme and the Ultimate Member Plugin. Conservative estimates suggest the malware has infected at least 2,200 websites.

At least 2,200 WordPress websites have been infected by new malware that maliciously redirects visitors to third party websites to mislead them into accepting requests for browser notifications, according to a post published by cyber security firm Sucuri.

The malicious redirects send users to various URLs on the domain utroro.com, at which point they are seemingly served browser notification opt-ins masquerading as reCAPTCHA images.

Screen Shot 2018 08 20 at 10.18.45 AM

Original article posted on datadriveninvestor.com

Avoid Being Tricked By The Automated Army Of Hackers

Part I: Identifying the Problem

“Phishing” is the practice of fooling unsuspecting people into voluntarily giving away their most sensitive data—user names, passwords, social security number, birth dates, and more—by disguising their communication requests to look authentic. Given how easy it is to digitally copy a corporation’s official communication template, this problem is actually far worse than you could ever imagine. Hackers leverage the power of computers to automate sending phishing scams. Hundreds of millions of phishing emails are sent every day for pennies and only a small percent need to work for the system to be rewarded. And rewarded it has been.

  • In 2016, 85 percent of all organizations had suffered phishing attacks and 30% of all phishing emails were opened.
  • In 2017, fake invoicing emails sky-rocketed, CEO fraud emails total $5 billion in losses, and phishing emails that targeted people filing their W-2 forms increased 870%.
  • In 2018, fake invoices becomes the #1 disguise for distributing malware, Dropbox phishing scams surge and DocuSign lures are the most effective.
security mistake

Original article posted on informationweek.com

Cybersecurity is more painful to manage as technology architectures become more complex. Simplify your approach by avoiding these major security mistakes.

Effective cybersecurity is becoming a tougher problem as organizations embrace more types of devices and hardware. Protecting organizations requires more than tools, which companies tend to learn the hard way. Granted, as the technology stack changes, new cybersecurity tools become necessary. However, the problem has become so complex that no organization can afford all the tools, all the people, and all of the other resources it would need to protect itself against everything.

“You need to take a risk-based approach to security,” said Garrett Bekker, principal analyst, Information Security at 451 Research. “You have to figure out what is an acceptable level of risk, which is easier said than done.”

Bay Area Cyber Camps

Over the past three months, Irvin Lemus logged more than 7,000 miles and 70 hours on the road. He wasn’t taking a summer vacation road trip — he was checking in on more than 1,000 students who participated in 29 cyber camps throughout the Bay Area.

The 28 Bay Region community colleges voted overwhelmingly to support the summer CyberCamp program over the past two summers. Strong Workforce Program Regional Funding was dedicated to this effort. 

Lemus is the cybersecurity instructor at Cabrillo College and the Bay Area Cyber Competitions Regional Coordinator for the Western Academy Support and Training Center. In that role, he’s built the Bay Area Cyber Competitions program from the ground up and said he does not plan to stop any time soon.

The state wants to add every city and county government to its automated threat feed program in the next three to four years.

The California Cybersecurity Integration Center alerted its partners to the Thomas Fire along Interstate 5, before the largest wildfire in the state’s modern history was phoned in last December.

Someone had taken to Twitter to first report the blaze, and Cal-CSIC’s media scrapers—which plug into its automated threat feed—noticed.

Cal-CSIC, pronounced “cal-sick,” was created by Gov. Jerry Brown’s executive order in August 2015 to prioritize cyber threats to public sector agencies and expand into the private sector.

Study documents growing need for qualified cybersecurity workers in the marketplace.

Sacramento, Calif. – Today, the Governor’s Office of Business and Economic Development (GO-Biz), in conjunction with the Governor’s Office of Planning and Research (OPR), released the results of a California Cybersecurity Labor Market Analysis and Statewide Survey. This document details the findings of a study done by the California Community Colleges Centers of Excellence for Labor Market Research and demonstrates that there is much work to be done in order to adequately prepare Californians for the demands of the digital and cyber economy.

Conducted as part of the California Advanced Supply Chain Analysis & Diversification Effort (CASCADE) initiative funded by the U.S. Department of Defense, the study gathered information about workforce needs in California and the scope of training being provided by educational providers across the state. It found an alarming gap in the supply of qualified cybersecurity workers prepared to fill the 35,000 cybersecurity-related annual job openings that exist in California.

GSCH

GenCyber Camp Brings Technology to Underserved Groups

Carrie Raleigh didn’t know the first thing about cybersecurity when she started working for the Girl Scouts of San Gorgonio Council. And, who could blame her? It’s a far cry from the things traditionally associated with the scouting program.

Over the past three years, Raleigh and colleague Knea Hawley brought the GenCyber program under the Girl Scouts umbrella and opened the doors for even more young women to learn about cybersecurity.

“I’ve learned so much and it’s been an amazing journey. Now it’s one of those things I talk about all the time,” Raleigh said. “It’s been so eye opening to me realizing the potential in the field for these girls. We can connect them with the training they need for this large opportunity in front of them.”

GenCyber is a nationwide program with camps in nearly all 50 states. The San Bernardino camps were held June 18-22 at CSU San Bernardino. The program was funded by a National Science Foundation grant received by CSUSB that made it free to all attendees. CSUSB has invited the Girl Scouts of San Gorgonio Council to participate in their GenCyber camp since 2015.

Beyond learning the basics of cybersecurity, girls had the opportunity to meet with industry professionals from Google, Facebook and Bank of America just to name a few. While it took a lot of coordination from the GenCyber planning team, Raleigh said it was worth it for the students and the employers.