Kick Off the New Year With a Comprehensive Cybersecurity Reading List

When you assemble your 2018 cybersecurity reading list, there may be no better place to start than with BookAuthority, a website based on thousands of recommendations made by hundreds of industry leaders. Hone your skills and increase your knowledge base by adding the following top entries from BookAuthority’s “100 Best Cyber Security Books of All Time” to your 2018 reading list.

“Blue Team Field Manual,” by Alan J. White, is a cybersecurity incident response guide aligning with the NIST Cybersecurity Framework consisting of the five core functions—identify, protect, detect, respond, and recover—by providing the steps to follow and commands to use when encountering a cybersecurity incident.

“Cyber Security Handbook: Protect Yourself Against Cyber Crime,” by W. Muse Greenwood, is an information resource to help business owners, leaders and team members develop policies and procedures.

“Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It,” by Marc Goodman, offers a journey into the digital underground to expose the ways in which criminals, corporations, and even countries are using new and emerging technologies.

“Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon,” by Kim Zetter, recounts the story behind the virus that sabotaged Iran’s nuclear efforts. Zetter’s book describes how a digital attack can have the same destructive capability as the most destructive bomb.

“The Plot to Hack America: How Putin’s Cyberspies and WikiLeaks Tried to Steal the 2016 Election,” by Malcolm Nance, is must reading for anyone concerned with the way in which cyber thieves hacked the Democratic National Committee and stole sensitive documents, emails, donor information, and voice mails with the singular goal of getting Donald Trump elected president.

Finally, you will want to add “Cybersecurity Leadership: Powering the Modern Organization,” by University of Maryland University College’s own Mansur Hasib, widely acclaimed as the definitive book on cybersecurity leadership and governance. It defines cybersecurity and expands upon its three key tenets—people, policy and technology.

7 Cybersecurity Predictions for 2018 – UMUC Experts Weigh in on the Future of Workforce, Skills, Disruptive Technologies and More

Cybersecurity remains a top global priority and affects just about every aspect of our lives, including politics and voting systems, national defense, artificial intelligence, social media, mobile devices, the Internet of Things (IoT), financial systems and more. As 2017 comes to a close, Cybersecurity faculty experts at the University of Maryland University College offer their industry predictions—and calls to action—for 2018 and beyond.

1. It’s the Status Quo for 2018 and a Call to Action for the Future.

Ajay Gupta, program chair of Computer Networks and Cybersecurity and faculty sponsor of the UMUC Cyber Padawans Hacking Competition team said he sees no change in the current state of the cybersecurity industry.

We’ve known for a while that we are not graduating or training enough professionals; that has not changed. We’ve also known for a while that systems in every industry are at risk, and that has not changed. Moreover, organizations across industries have not made significant improvements to their security posture even after a digital “Pearl Harbor” with the Equifax breach.

I predict that until we make measurable advances in training professionals who are equipped to mitigate risk across the digital enterprise, we will see no change.

2. There Will Be a Refocus on Developing the Cyber Workforce of the Future.

Loyce Pailen, director of UMUC’s Center for Security Studies, said that during 2018 and over the next few years, cybersecurity and cyber terrorism will continue to impact the organizational, personal, U.S. governmental and political landscapes—and that will force larger segments of society to refocus on developing the cyber workforce of the future.

I predict that the dearth of cyber-trained professionals evident in the early 2010s will reach a critical point by 2020, which will force higher education and secondary-school educators to create cybersecurity programs. Parents, community leaders and others will also begin to include—and require—cybersecurity literacy in pre-schools and primary schools.

My long-term prediction and wish is that media socialization through ad campaigns, films, books, music, gaming and other sources will make “cyber speak” so common that students will grow up to be more readily capable of appreciating and seeking cybersecurity careers.

3. The Cycle Time to Credential Qualified Cybersecurity Professionals Will Be Compressed.

Valorie King, program chair of Cybersecurity Management and Policy at UMUC predicts that workforce demands will dictate a further compression of the cycle times for educating, training, and credentialing cybersecurity professionals. Employers will seek out qualified individuals regardless of bachelor’s- or master’s-degree status and will rely on learning experiences from outside of academia. Badging and alternative forms of credentialing also will gain traction as ways of “qualifying” for entry into the career field or for advancement on a career ladder, King said.

4. Expect a Rise in Skills-Based Hacking Competitions.

Jesse Varsalone, collegiate associate professor of Computer Networks and Cybersecurity as well as head instructor for the UMUC Cyber Padawans Hacking Competition team, piggy-backs on King’s projection with his prediction that, an increasing number of businesses will come to value and support skills-based hacking competitions as a way to provide students and professionals with the critical-thinking and decision-making abilities they need to succeed in a cybersecurity career.

More organizations will come to realize that students who are actively engaged in competitions have a better opportunity to learn and demonstrate their skills. On the flip side, Varsalone said, employers will come to see that watching a student perform technical tasks in a high-pressure team environment provides a great deal more confidence for hiring.

5. The Adoption of Blockchain Technology Will Impact Cybersecurity.

Balakrishnan Dasarathy, collegiate professor and program chair for Information Assurance in UMUC’s Graduate School predicts that one area in the application space—blockchain—is going to explode in 2018 and beyond. Blockchain is the technology that supports the use of vast distributed ledgers to record any transaction and track the movement of any asset, whether tangible, intangible, or digital and open to anyone.

Blockchain technology’s disruptive aspect is its potential to eliminate intermediaries, such as government agencies, banks, clearing houses and companies like Uber, Airbnb and eBay. Blockchain provides these and other companies a measure of speed and cost savings when executing transactions. The blockchain shared, distributed and replicated ledger allows transacting parties to directly update the shared ledger for every transaction. Since parties interact directly through the shared ledger, they have to trust each other, and the transaction records in the shared ledgers should be visible only to the right parties. As such, cybersecurity technologies, specifically cryptography and access control, are critical enabling technologies for blockchain.

6. A Proliferation of Internet of Things (IoT) Will Drive Focus on Security.

Bruce deGrazia, program chair and collegiate professor of Cybersecurity said more and more devices will be connected in 2018, but security will be overlooked. We all know about IoT appliances such as refrigerators and washing machines, but unsecured children’s toys and other smaller devices will be the next frontier, deGrazia said.

7. Machine Learning Will Give Rise to Cybersecurity Challenges and Solutions.

Tamie Santiago, collegiate associate professor of Cybersecurity Policy predicts we’ll see the continued explosion of products in virtual reality, robotics, and the machine-learning space, in which artificial intelligence (AI) is a major component. Just this past year, Saudi Arabia welcomed Sophia, developed by Hanson Robotics, as the world’s first robot citizen, and UK-based AiX introduced a new AI platform for crypto trading that acts as your personal broker.

As AI spreads into every industry, new exploits and vulnerabilities will most likely arise. But, also, cybersecurity may benefit by relying on AI technology to identify attack vectors with more speed and precision.

Cybersecurity Awareness Month Wrap-up: UMUC Covered a Lot of Ground

The University of Maryland University College (UMUC) marked National Cyber Security Awareness Month this past October with a slate of events and activities that stressed the importance of leadership, workforce skills, and strategies to help businesses and the public stay safe online.

Through our Facebook Live Interview series, sponsorship of the Cyber at the Crossroads Symposium, and participation in CyberMaryland 2017, UMUC cybersecurity experts shared insights into the following:

  • How Skills-based Hacking Competitions Build Critical Thinking Skills. Ajay Gupta, chair of the Computer Networks and Cybersecurity program at UMUC, opened our Facebook Live series by discussing how these competitions build essential real-world, hands-on technical skills in data forensics, network defense, ethical hacking and other areas. Gupta suggested they also foster collaboration and develop the critical—and quick—thinking skills needed to complete complex, often unfamiliar tasks.
  • What Managers and Leaders Need to Understand About Cybersecurity. Valorie King, chair of UMUC’s Cybersecurity Management and Policy program, followed Ajay’s session with a discussion about how business leaders need to understand cybersecurity at a level that makes it possible for them to effectively lead those entrusted with safeguarding their organization’s people, processes, and technologies.
  • What’s the Difference Between Security and Cybersecurity? Finally, we concluded our Facebook Live series with Mansur Hasib, chair of UMUC’s Cybersecurity Technology program, who explained the critical distinctions between these two concepts and the role cybersecurity plays in the upper management and the healthcare space.
  • Lessons Learned from Eligible Receiver 97. On Oct. 10, UMUC hosted the daylong “Cyber at the Crossroads” symposium, co-sponsored by the National Security Agency’s Cyber Center for Education and Innovation–Home of the National Cryptologic Museum. During the event, national cybersecurity leaders from government, military, industry and academia, explored in-depth the wide-ranging implications of the secret exercise—Eligible Receiver 97—that the Pentagon conducted 20 years ago to assess the vulnerabilities of Department of Defense computer networks.
  • How to Prepare the Cyber Leaders of Tomorrow. UMUC sponsored the education track at the Cyber Maryland 2017 conference that convened on Oct. 11 at the Baltimore Convention Center. Emma Garrison-Alexander, vice dean of UMUC’s Cybersecurity & Information Assurance program, moderated the session, “Cybersecurity Leadership: Preparing the Cyber Warriors of the Future,” which highlighted best practices for achieving effective cybersecurity leadership across public and private organizations and industries, as well as local, state and federal government agencies.

To learn more about all of our activities during the month of October, read our complete coverage in the UMUC Global Media Center.

Interested in a Career in Cybersecurity? Set Your Sights on Leadership Skills

The skills you need for a successful career in cybersecurity may not be the ones you think. A common misperception about cybersecurity is that you cannot enter the field without being a STEM major with the technical acumen to code, hack, and write scripts.

When Professor Mansur Hasib talks to aspiring cybersecurity professionals who lament their liberal arts degrees, he reminds them that his bachelor’s degree is in economics and politics and his master’s degree is in political science.

Hasib, who is program chair of the Cybersecurity Technology program in The Graduate School at University of Maryland University College (UMUC), explains that “cybersecurity is a vast field in which anyone can find their passion in some aspect.”

Contrary to what you may read in the news, the majority of cybersecurity failures relate to shortcomings in leadership and governance, not technology. Cybersecurity needs professionals with the leadership skills and experience to manage an organization. Organizational leaders in cybersecurity with experience in management can understand cybersecurity at a business level. They have the ability to understand the holistic and interdisciplinary nature of cybersecurity.

“Without a balanced strategy of technology, policy, and people, your organization will not succeed,” said Hasib. “If you don’t know who to hire, how to engage people, how to develop a strategy based on the brainpower of everyone in the organization, and how to build high-performing teams, your organization will fail.”

A Message to Recruiters: Look for Candidates with Soft Skills

While cyber career aspirants should invest in gaining leadership and management skills, cybersecurity recruiters would be wise to consider a broader background when hiring—notably soft skills such as leadership, communication, and teachability, not just technical aptitude.

Organizations that focus on hiring coders and “tech jockeys” miss the boat. “We have a huge leadership void in the field,” said Hasib. “When you look at all the breaches, it may appear as if it was a technology issue, but it was almost always never the technology. It was leadership and strategy that was lacking.” Recruiters should be looking at what a candidate can learn and whether they have the capacity for perpetual, perennial learning and innovation.

Learn more about the skills you need to launch a career in cybersecurity and gain additional insight from UMUC’s Mansur Hasib:

Combating Ransomware Attacks: The Reasons for Their Rise and the Ways We Can Prevent Them

As has been widely reported, a new wave of cyberattacks has hit Europe, possibly a reprise of the widespread ransomware assault in May that affected 150 countries.

Ransomware, typically delivered via malicious email or infected third-party websites, is a family of malware that either blocks access to a PC, server, or mobile device or encrypts all the data stored on that machine. Similar to a kidnapping or hijacking with a ransom demanded in return for release, the perpetrator of a ransomware attack takes possession of valuable data or files belonging to individuals or businesses and then demands payment in the form of electronic currency called “Bitcoin” for their return.

According to a report earlier this year by NBC News writer Herb Weisbaum, citing the FBI, ransomware payments for 2016 are expected to hit a billion dollars compared to the $24 million paid in 2015. And that figure is expected to rise, with more victims and more money lost. Why the dramatic rise?

  1. Easier access to technology. Criminals have increased access to sophisticated technology to conduct these attacks. Even highly sophisticated tools developed by NSA and other similar advanced tools are now in the hands of criminals. Also, criminals are making continuous improvements to such technology, and have banded together to turn this type of crime into an organized business.
  2. Increased profitability. The business of ransomware has become highly profitable. Therefore, highly talented programmers are choosing to make this their profession— and they are making a lot of money in this way.
  3. Organizations are lagging in innovation. Arguably, the most important reason is that individuals and organizations are not paying attention to continuous improvement or innovation in the technology they use or the protection systems they have in place. Without innovation, such individuals become sitting ducks. Without innovation, regardless of how good your technology is, hackers will eventually get in. Because the probability of a higher payout with organizations is greater, criminals are targeting organizations at a higher rate. However, everyday computer users are also being targeted.

Shegoftah Nasreen Queen (SNQ), Bangla Service, Voice of America, recently interviewed Dr. Mansur Hasib, program chair, Cybersecurity Technology, The Graduate School at the University of Maryland University College, to learn more about the reasons for the rise and solutions for combating this pervasive cyber threat. Read the full interview.

The Internet of Things Is Changing the Way We Live—Should We Be Worried?

The Internet of Things (IoT) is on the rise, and so are the threats associated with the interconnectedness of our devices. Eighty four percent of organizations that have adopted IoT report experiencing at least one IoT-related security breach—and 93 percent of executives expect IoT security breaches to occur in the future—according to a February 2017 Aruba Networks study. Malware, spyware, and human error are the most common problems the study also reported.

It’s widely accepted that the number of IoT security breaches will only grow in the near future. To quote a 2016 Forrester Research report: “When smart thermostats alone exceed one million devices, it’s not hard to imagine a vulnerability that can easily exceed the scale of other common web vulnerabilities, especially if multiple IoT solutions include the same open source component.”

IoT affects everyone, not just large corporations with industrial equipment. From smart thermostats to smart refrigerators, dishwashers, and washers and dryers, we’re all part of the landscape and vulnerable to threats.

What are we to make of the proliferation of the IoT and how concerned should we be?

For answers, read the white paper by Balakrishnan Dasarathy, UMUC collegiate professor and program chair for information assurance, The Graduate School.

UMUC’s Award-Winning Cyber Team Takes Second and Third Place Honors in Day-Long Capture the Flag Competition

UMUC Cyber Padawans

The UMUC Cyber Padawans continue their winning ways by taking second and third place honors in a day-long Capture the Flag competition held at Top Golf Loudoun in Ashburn, Virginia on April 1.

The day-long, 16-team event, was sponsored by The Hackerground, a provider of penetration testing tools, and White Hat Academy, a training organization that focuses on PPC, digital marketing and SEO. It was a professional, “Jeopardy”-style competition, open to students and those working in the field. Question categories covered web application exploits, binaries and reverse engineering, password cracking, cryptography, and wireless.

Members of UMUC’s Cyber Padawans teams included: UMUC alumni Daniel Coyne, Matt Matchen, and Jake Truhlar; full-time student Abel Rezene; part-time students Casey Sampson and Josh Nelbach; and faculty member Nischit Vaidya.

The University of Maryland University College cyber security competition team is a powerful force in cyber challenges around the world. The team includes students, alumni and faculty, with members studying in a variety of cyber security and IT programs at UMUC.

To learn more about the Padawans and their accomplishments, visit the team website.