The New Frontier of Cyber Security

Technological advances are constantly transforming the cyber security landscape with emerging threats and risks.  We are now entering a period of innovation enabling the interaction between cyber, such as smartphones and the Internet, and physical systems, such as electricity distribution, automobiles, and the human body.  These new advancements span a large breadth of industry sectors including transportation, healthcare, building and construction, manufacturing, and utilities.  The Internet of Things makes consumer level cyber physical systems a reality with smart phone connectivity for home automation and automobiles.  Cyber physical systems and the Internet of Things are founded in the collecting and sharing of data, thus creating a plethora of opportunities in big data and predictive analytics.  While cyber physical systems advances solve problems and create efficiencies through improved performance and functionality, they also open up systems to new vulnerabilities and attacks.

We are on the verge of the perfect storm of rapid modernization, workforce shortages, and aging approaches that is driving cyber security into uncharted territory.  This new era of connectivity through cyber physical systems and the Internet of Things is creating unprecedented demand for cyber security professionals.  A Stanford University study estimated 209,000 unfilled cybersecurity jobs in the U.S., up 74% over the past 5 years.  Cisco warns that the worldwide shortage of cybersecurity professionals has exceeded 1 million.  The Bureau of Labor Statistics expects the demand for cybersecurity professionals to grow by 53% by 2018.  Industries that traditionally haven’t required positions for cyber security professionals are now creating dedicated cyber security teams.  The cybersecurity workforce shortage will lead to increased exploits of networks and data, many of which can be prevented with new security practices.  We’ve already seen examples of cyber attacks in this new territory including Target, Jeep Cherokee, and Bowman Dam with reactive responses instead of proactive approaches.  There is a need for cyber security professionals to create and support new approaches and models for securing cyber physical systems.  Additionally, there is a need for cyber security professionals with an understanding of big data and the analytics to process the wealth of cyber information generated by these new technologies.

The new frontier of cyber security is creating a revolutionary cyber security professional.  New roles in cyber security are emerging and will continue to grow as technology adoption increases.  These roles include data science and cyber data analytics, which involve machine learning and data mining tools such as Splunk, Hadoop, and Python.  The new cyber security professional will use data science and analytics skills to harness the vast amount of data to create new insights and stronger proactive cyber defenses.  In addition to a strong data science skillset, the new cyber security professional will possess a variety of interdisciplinary skills across technology, computer science, policy, leadership, and psychology.  Softer skillsets include communications, problem solving, creative thinking, adaptability, and autodidactism.

As we embark on this exciting new adventure of technology innovation, we are presented with a field for discovery and the opportunity to expand the boundaries of our knowledge in the new frontier of cyber security with the avant-garde cyber security professionals as our pioneers.


Originally published in the University of Virginia Thoughts from the Lawn

Valentine’s Day Cyber Threats

Valentine’s day can be an emotional and stressful holiday for people.  Whether they are looking for love online or looking for the perfect gift for a loved one, they can become vulnerable to Valentine’s day scams that lead to identify theft.  There are 4 main scams that are prevalent around Valentine’s day:

  1. Romance scam: Also called “catphishing”, romance scams happen any time of the year, however victims tend to be a more vulnerable and more trusting around Valentine’s day. Romance scams happen on online dating sites and chat rooms, where cyber criminals create fake identities to deceive victims. They often pretend to live abroad or to be a soldier overseas. Once the cyber attacker has convinced the victim that they are in love with them they eventually ask for money, for example to travel to visit the victim or for an emergency. The FBI Internet Crime Complaint Center lists romance scams as one of the Top 10 reported internet crimes. The FBI IC3 reported over $68M in total losses in the female age 40 and over category, $13M in the male age 40 and over category, and $4M in the male and female age 39 and under category.
  2. Delivery scam: Flower delivery scams are popular around Valentine’s day. Cyber criminals call or send emails to trick victims into giving out personal information and credit card information stating that they have flowers to deliver to them.
  3. Ecard scam: Valentine’s day is a very popular time for ecards and the scams that go along with them. Cyber criminals send spam emails with links to fake ecards. When the victim clicks on the ecard link it installs malicious software on their computer. This software is then used to capture personal information and other data.
  4. Good deal scam: Valentine’s day is a popular time to look for deals online, especially for flowers, jewelry, and gift cards. Cyber criminals create fake ecommerce websites and post unreasonably good deals, usually through pop up ads or social media. Victims purchase items and enter in their personal information and credit card information. By the time they realize the gift hasn’t arrived the website is already gone along with the victim’s personal information.

Here are a few general good security practices to help protect you from Valentine’s day scams and many others throughout the year:

  1. Update your security software such as anti-virus and anti-malware weekly.
  2. Change your passwords every 30-90 and don’t use the same password across multiple accounts. I suggest 30 days for accounts that have financial data and 90 for others like email or social media.  I want to stress again – don’t use the same password for multiple accounts.
  3. Don’t click on links in emails. Legitimate ecard companies will provide a code to use directly on their website to view an ecard.
  4. Buy from a local, established, brick and mortar businesses or well known online shopping sites.
  5. Create your own personal privacy policy and don’t overshare information online. Never send money or personal data like social security numbers, credit card numbers, or bank information to someone you met online.
  6. Monitor your accounts for fraudulent activity and check your credit once a year. Watch for sudden drops in credit scores or unknown line items on your report. gives you 1 free report per year.

Thanks to the local news station for stopping by to talk to me about this!

2016: The Year of Epic Cybersecurity Workforce Shortages

I’ve seen dozens of 2016 information technology and security predictions over the past few weeks – ranging from possible to probable to occurring. Many center around 2016 becoming the year of IoT attacks and the cyber criminal’s ever-evolving arsenal of exploits. Regardless of whether any of these 2016 predictions are realized, a highly probable concern for 2016 is the widening cybersecurity skills shortage.

In 2015 we saw high profile attacks on organizations such as OPM, JP Morgan, and Anthem and thousands of other less high profile attacks. During this time we also saw unprecedented demand for cybersecurity professionals. A Stanford University study estimated 209,000 unfilled cybersecurity jobs in the U.S., up 74% over the past 5 years. Cisco warns that the worldwide shortage of cybersecurity professionals has exceeded 1 million. The Bureau of Labor Statistics expects the demand for cybersecurity professionals to grow by 53% by 2018.

As we move in to 2016 we will continue to see the demand for cybersecurity professionals outpace the supply. This cybersecurity workforce shortage will lead to increased exploits of organization’s networks and data, many of which could be prevented with common security practices. There just aren’t enough cybersecurity staff to implement, maintain, and monitor the organization’s security protections. It’s easy to see that gaps in cybersecurity workforce = gaps in enterprise security.

Why aren’t more people pursuing cybersecurity careers? Especially since U.S. News and World Report ranked a career in information security eighth on its list of the 100 best jobs for 2015. It’s likely due to poor communication of the types of cybersecurity careers available and paths to pursue them. When many people think of cybersecurity careers they think of the hardcore technical roles that require in-depth computer science and programming skills. However, many of the positions in demand span a breadth of technical and non-technical capabilities. Cybersecurity roles extend beyond the core technology aspects of security to include risk, legal, business, and other non-technical cybersecurity needs. Many people moving into cybersecurity careers have diverse backgrounds including law enforcement, psychology, legal, game development, and management to name a few. Skillsets for those seeking careers in cybersecurity include excellent written and verbal communications, problem solving skills, creative thinking, adaptability, leadership, and mentorship ability. Due to the ever-evolving nature of technology and security, cybersecurity professionals should also have a passion for continued learning and possess strong self-learning skills.

For those interested in pursuing a cybersecurity career, I suggest that you first build a foundation of knowledge through education and certification. There are a number of universities that offer undergraduate and graduate programs in cybersecurity. The University of Virginia’s School of Continuing and Professional Studies offers a Certificate in Cybersecurity Management – an online, part-time, 6 course, graduate level certificate for those interested in the strategy, policy, assessment, ethics, legal, and regulatory aspects of cybersecurity. There are also a number of commercial companies that offer cybersecurity certification including ISC2, EC-Council, and SANS.

Let’s make 2016 the year we start closing the cybersecurity workforce shortage. I am happy to speak with anyone interested in pursuing a career in cybersecurity to provide advice and guidance on your career path. Please feel free to reach out to me and have a happy and secure new year!