Tag Archive for: concentration

New cybersecurity concentration gives App State students skills to combat hackers | Blowing Rocket

/in


BOONE — Chris Taylor is a computer hacker, and he teaches his students the tricks of the trade — with the best of intentions.

Taylor, a professional security specialist and senior lecturer in Appalachian State University’s Department of Computer Information Systems (CIS), is spearheading the department’s new cybersecurity concentration that begins in fall 2021.

Taylor holds a few professional certifications, including the Certified Ethical Hacker credential, which he describes as “a bit of an oxymoron.”

“Ethical means to choose the right path, while the term hacking is associated with breaking and destroying. So, the ethical hacker certification means I can legally — with specific permissions — break into systems in order to show companies their vulnerabilities and how the problems can be fixed,” he explained.

Serious breaches into corporate and institutional computer systems have made headlines lately, Taylor said, and managing cybersecurity is a growing field. According to the U.S. Bureau of Labor Statistics, the job outlook for information security analysts is expected to increase by 31 percent over the next decade.

Dr. Scott Hunsinger, chair of and professor in App State’s CIS department, said, “Our cybersecurity concentration with the CIS degree will allow students to learn the skills necessary to protect companies from malicious hackers and ransomware attacks. I am thrilled Chris Taylor is serving as our cybersecurity program coordinator.”

Taylor has developed and taught multiple CIS courses, including Managing Security, Audit Analytics  and Ethical Hacking and Countermeasures.

Picking locks and breaking codes

When Taylor began as an instructor at App State in 2011, he was working full time for a cybersecurity firm. He has since transitioned to a full-time faculty member but retains a consultant position in the firm to keep his knowledge of real-world security threats up to date.

In his classes, Taylor teaches hands-on skills, from physical lock-picking to digital security applications.

“Some organizations spend a lot of time and money on their technology but have a cheap door lock to protect their secure areas,” Taylor…

Source…

Firms with exposed IoT have a higher concentration of other security problems

/in


Exposed enterprise IoT devices can be an indicator of security issues to come, with firms sporting exposed devices having a 62% higher density of other security problems, new research shows.

For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post from the Cyentia Institute and RiskRecon.

But what does that correlation mean for chief information security officers? SC Media spoket o Kelly White, RiskRecon founder and CEO, to find out.

Is it surprising that there’s a correlation between something like IoT exposure and other security issues?

This is something we see time and time again: Where there’s smoke, there’s fire. The data shows that smaller indicators of cybersecurity risk performance, particularly on the negative side are strong indicators of larger problems. And that’s certainly borne itself out in the IoT report where you have a 62%, greater flaw density, observable flaw density and environments where they are operating IoT devices on the internet.

We’ve had other research papers that we’ve put forward, where we see that pattern happen over and over again, whether it’s, if you’re running a MySQL server database on the internet, that’s a strong indicator of having much bigger issues. And something simple, like ‘are you running the latest TLS encryption protocol?’ That’s another indicator of larger issues.

When you say larger issues, is that just in regard to the number of problems, or do the problems actually get worse from there?

The problems get worse from there.

If you have that IoT device, what had to go wrong? Let’s say you had a printer operating on the internet. Well, a lot of things went wrong. You have systems of internal network accessible from the internet, so potentially, you’ve got internet access and firewall policy issues.

Then breaking down why those occurred, there’s much larger problems behind that that led to that occurring, aside from the fact that it’s just a bad idea. If it’s an accident, then geez, you’re not managing your environment and you don’t have effective security…

Source…