Autistic People Can Solve Our Cybersecurity Crisis

Autistic People Can Solve Our Cybersecurity Crisis

Wired, November 26, 2016

Alan Turing was the mastermind whose role in cracking the Nazi Enigma code helped the Allies win World War II. He built a machine to do the calculations necessary to decipher enemy messages and today is hailed as the father of the com­puter and artificial intelligence. He’s also widely believed to have been autistic.

Turing was not diagnosed in his lifetime, but his mathematical genius and social inelegance fit the profile for autism spectrum disorder (ASD).

And his story illustrates how society benefits when it gives a voice to those who think different. Until he came along, no one perceived the need for a com­puter; they simply needed to crack the code. It took a different kind of mind to come up with that unexpected, profoundly consequential solution.

While Turing’s renown has arguably never been higher, today we are failing to recognize the potential in millions of other talented minds all around us. Like Turing, many of them are also capable of exceptional technological expertise that can help to safeguard our nation.

The Centers for Disease Control and Prevention report that more than 70 million people worldwide—1 percent of the global population—are living with autism. In the US, an upward trend in diagnosis means that the number of adults with ASD is expected to top 3 million by 2020. And today, according to expert estimates, 70 to 90 percent of them are unemployed or underemployed.

The common prejudice is that people with ASD have limited skills and are difficult to work with. To the extent that’s true, it’s a measure of our failure as a society. Almost half of those diagnosed with ASD are of average or above-average intellectual ability.

And we have clear evidence that job-focused training and support services, especially in the transition to adulthood, can make a huge difference, leading to higher levels of employment, more independence, and better quality of life.

But few are getting such help. Programs for adolescents and adults with ASD receive less than 1 percent of all autism-related funding in the US, public and private. (Most spend­ing is on research into the causes of the syndrome and on programs for children.) That we are not preparing these individuals for the future is more than just a personal tra­gedy; it’s a monumental waste of human talent.

In what kinds of jobs could we match the interests and passions of people with ASD and our country’s needs? Well, it just so happens that there is a massive labor shortage in the vital field of cybersecurity. Globally, the damage from cyber attacks by criminals, terrorists, and hostile states is projected to exceed $2 trillion by 2019. Yet the number of unfilled jobs in this area is growing and will likely reach 1 million worldwide next year.

At the same time, more than three-quarters of cognitively able individuals with autism have aptitudes and interests that make them well suited to cybersecurity careers. These include being very analytical and detail-oriented as well as honest and respectful of rules. And there are many other areas in which these talents could quite literally be employed.

A few innovative firms, including Microsoft, SAP, and Freddie Mac, already have pilot programs for hiring people with autism to fill sophisticated IT jobs and other positions. The Gates Foundation, the Milken Institute, and the Hilibrand Foundation have also funded valuable employ­ment and research programs.

But given the coming tsunami of adults with autism, a much broader effort will be required. We need a national strategy, coordinating the efforts of public agencies, companies, and organizations, to bring these valuable minds into the work­force. Such an initiative should focus first on providing meaningful job opportunities for adults who are cognitively able and eventually branch out to more of the autism spectrum.

This effort needn’t start from scratch. Let’s begin by convening those working on the issue in Los Angeles, New York, San Francisco, Seattle, and Washington, DC—areas where strong research and clinical programs are up and running and where tech industry jobs are readily available. By capitalizing on this existing network, we can seed job hubs around the country for adults with autism.

These hubs would create programs to cultivate expertise in cybersecurity and would teach workplace social skills and independent living skills. They’d also work with industry partners to develop a talent pipeline and help them under­stand how best to integrate autistic employees.

Half a century ago, Turing’s extraordinary abilities helped us win a war and launched the technology that is still reshaping our world. Today we’re facing a new threat, and we must once again band together. This is a tremendous opportunity—to use one social challenge to solve another—and a potentially transformative moment.

Let’s take full advantage of it.

SOURCE: WIRED, November 26, 2016

U.S. says cybersecurity skills shortage is a myth

U.S. says cybersecurity skills shortage is a myth

Nov. 21, 2016

The U.S. government has released what it claims is myth-busting data about the shortage of cybersecurity professionals. The data points to its own hiring experience.


In October 2015, the U.S. launched a plan to hire 6,500 people with cybersecurity skills by January 2017, according to White House officials. It had hired 3,000 by the first half of this year. As part the ongoing hiring effort, it held a job fair in July.

At the Department of Homeland Security (DHS), “We set out to dispel certain myths regarding cybersecurity hiring,” wrote Angela Bailey, chief human capital officer at DHS in a blog post Monday.

One myth is this: “There is not a lot of cyber talent available for hire,” said Bailey. “Actually, over 14,000 people applied for our positions, with over 2,000 walking in the door. And while not all of them were qualified, we continue to this day to hire from the wealth of talent made available as a result of our hiring event.

“The amount of talent available to hire was so great, we stayed well into the night interviewing potential employees,” said Bailey.

However, the experience of the U.S. government seems counter to what industry studies say is actually going on.

For instance, a report released one day before the government’s job fair in July, Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), pointed to a “talent shortage crisis” of cybersecurity skills.

David Foote, co-founder and chief analyst at Foote Partners, is skeptical of the government’s findings, and says there’s really no unemployment among people with cybersecurity skills, “so why would they go to a job fair?”

Why would someone take a government job that will pay less than a beltway consulting firm?

The salary for a senior cyber security specialist, with five or more years of experience, in the Washington D.C. metro area is $132,837, said Foote.

The salary range for an IT specialist in cybersecurity ranges from about $65,000 to to $120,000, depending on skills, experience and educational attainment.

Foote said the appeal of getting a security clearance may have motivated some to apply for a government job. A security clearance can open to subsequent private sector jobs.

But Foote suspects that the U.S. is focusing on hiring people it can train, and not on hiring someone with experience and who would command much higher salaries than can government offer.

In cybersecurity, experience is critical, said Foote. “Cybersecurity is something you have to do, you have a develop an instinct and you only do that with hands on,” he said.

SOURCE: Computerworld, Nov. 21, 2016

Urgent: The first 100 days of cybersecurity in the Trump Administration

Commission urges better cybersecurity

Urgent: The first 100 days of cybersecurity in the Trump Administration

The Associated Press, December 3, 2016

A presidential commission has made 16 urgent recommendations to improve the nation’s cybersecurity, including creating a nutritional-type label to help consumers shop wisely and appointing a new international ambassador on the subject — weeks before President-elect Donald Trump takes office.

The release of the 100-page report follows the worst hacking of U.S. government systems in history and accusations by the Obama administration that Russia meddled in the U.S. presidential election by hacking Democrats.

The Presidential Commission on Enhancing National Cybersecurity urged immediate action within two to five years and suggested the Trump administration consider acting on some proposals within its first 100 days.

The commission recommended that Trump create an assistant to the president for cybersecurity, who would report through the national security adviser, and establish an ambassador for cybersecurity, who would lead efforts to create international rules.

It urged steps, such as getting rid of traditional passwords, to end the threat of identity theft by 2021 and said Trump’s administration should train 100,000 new cybersecurity workers by 2020.

Other ideas included helping consumers to judge products using an independent nutritional-type label for technology products and services.

“What we’ve been doing over the last 15 to 20 years simply isn’t working, and the problem isn’t going to be fixed simply by adding more money,” said Steven Chabinsky, a commission member and the global chair of the data, privacy and cybersecurity practice for White & Case LLP, an international law firm.

He said the group wanted the burden of cybersecurity “moved away from every computer user and handled at higher levels,” including internet providers and product developers who could ensure security by default and design “for everyone’s benefit.”

The White House requested the report in February and intended it to serve as a transition memo for the next president. The commission included 12 of what the White House described as the brightest minds in business, academia, technology and security. It was led by Tom Donilon, Obama’s former national security adviser.

It was not immediately clear whether Trump would accept the group’s recommendations. Trump won the election on promises to reduce government regulations, although decades of relying on market pressure or asking businesses to voluntarily make their products and services safer have been largely ineffective.

Trump’s presidential campaign benefited from embarrassing disclosures in hacked emails stolen from the Democratic National Committee, Hillary Clinton’s campaign staff and others.

Plus, Trump openly invited Russian hackers to find and release tens of thousands of personal emails that Clinton had deleted from the private server she had used to conduct government business as secretary of state. He also disputed the Obama administration’s conclusion that Russia was responsible for the Democratic hackings.

Under Obama, hackers stole personal data from the U.S. Office of Personnel Management on more than 21 million current, former and prospective government employees, including details of security-clearance background investigations for federal agents, intelligence employees and others.


CyberTECH Opens Grind Coffee Shop

CyberTECH is pleased to announce the opening of its in-house coffee shop, Grind. By introducing a fully functioning cafe, CyberTECH is addressing one of the challenges for workers in the Banker’s Hill area – good coffee. With very few cafes and restaurants within walking distance of the CoWorking offices at First and Fir, CyberTECH Members have struggled to fulfill their coffee break needs.

On November 10, the Grind will start providing hot drinks like mochas, lattes, and Americanos. With a focus on high quality beans and well-crafted beverages, Grind will be offering European-inspired products. CyberTECH facility manager, Mo Rahseparian, brings his years of restaurant ownership experience to ensure customers enjoy the highest quality products and services.

Starting with a wide selection of hot beverages, Grind will be expanding its line of products over the coming weeks and months. Cold drinks, bottled drinks, snacks, and sandwiches are all vital components to ensuring every visitor can find something to eat or drink.

And Grind will be open to everyone. Of course, the primary customers will be those Members inside the CyberTECH community. But the building at First and Fir houses office employees and healthcare workers that will be able to easily take advantage of the food services. In addition, Banker’s Hill residents and workers will have access to the Grind coffee and food. CyberTECH Members will get a hefty discount on any purchases.

Initially, operating hours will skew towards the morning with service starting before 8am. And because the shortage of lunch options in the area, the cafe will operate through the lunch hour. Extended and weekend hours will be determined based on demand and need.

CyberTECH Immersive and Emerging Technologies Lab

CyberTECH will soon launch its Immersive and Emerging Technologies Lab, it will be housed in xHive which is located on the 2nd floor of NEST CoWork.. Because virtual reality (VR) and augmented reality (AR) continue massive expansion in the personal use and professional use markets, CyberTECH is setting aside a space to explore both personal and business uses of any and all advancements. The lab space will include all three major VR platforms – HTC Vive, Oculus Rift, and Sony PlayStation VR.

Three CyberTECH Members are already reserving the space for research and product development. 360 Stock VR, Built by Web 3, and MiPOV Technologies will be the first in-house users. These three companies will be working with CyberTECH staff to ensure expandable capacity while maintaining everyday ease of use.

In an effort to offer a full line of three dimensional services, CyberTECH is happy to announce its Member, SD3D, will have a permanent kiosk in the Grind Café lobby. The 3D printing kiosk offers product samples and a web-based ordering system for customers looking for three dimensional solutions.

Both the 3D printing kiosk and the VR lab will be available for trial and review at CyberTECH’s 3rd Annual Good Neighbor Taste of San Diego event on 10 November.

CyberTECH is both proud and sad to announce that 3D manufacturer and Member, Sympathetic Innovations, will be moving out of the First and Fir building and into a larger warehouse in National City. Alejandro and Matthias have been exceptional Members and we are thrilled they have used their time inside CyberTECH to grow. You’ll be missed!

A Practice Pitch for Startups

As part of Good Neighbor Taste of San Diego, Thursday, Nov. 10, 6-7 pm, at NEST CoWork Space, our initial cohort of Entrepreneurs in Residence (EIR) will get a chance to present their Power Point decks to a panel of experts.

Each EIR company will have three minutes to pitch to venture cap and business judges, followed by a five-minute Q&A – a total of eight minutes per pitch. Winners will receive prizes and also advance to San Diego Startup Week Pitchfest in June 2017. The event will be led by our co-chairs Dave Titus @CooleyLLP and Andrew Berkhausen @ScaleMatrix. Ashok Kamal from @Techcoastangels will also be participating.

ABOUT CyberTECH’S Entrepreneur in Residence (EIR):

  • A six-month, low-rent program designed to build strategic relationships between early-stage companies and CyberTECH’s growing ecosystem of partners and stakeholders.
  • The innovative program leverages CyberTECH’s “Social Community Incubator Model” and is designed as a major element of CyberTECH’s Smart & Safe Cities initiative, in partnership with CyberCalifornia.
  • EIR startups will work independently with the support of the CyberTECH community. In some cases, EIRs may be embedded directly in departments or with Business Units at CyberTECH’s corporate partners to accelerate their business concepts and new technology products and services.
  • In addition to being assigned to a Mentorship Team, CyberTECH EIR startups will have access to no- or low-cost office space, along with discounted or low-cost software, high-speed Internet, strategic, legal and marketing professionals and other early stage startup services.
  • Some startups may be offered stipends or scholarships from CyberTECH ecosystem companies.





For the Good of the Internet – of things


Sure, for some the Internet of Things is just an opportunity to make money. But what if it’s also an opportunity to share our expertise — and in the process, make the world a better place?

Addressing the topic of the Internet of Things (IoT) during RIPE 72, one of the speakers started his presentation with the observation that, “The IoT won’t make you rich.”

However, he then went on to conclude that, “You can make a living at the same time as having fun and making the world a better place.”

There’s been a lot of talk about the economic opportunities that the IoT might provide, but ignoring the obvious driver to make money, what else can be done with the IoT to make the world a little bit better?

Many well-known Internet institutions weren’t founded with the intent of getting rich – in fact, you can argue that the inception of the Internet itself wasn’t aimed at obtaining any commercial success.

Many Internet organizations are established as not-for-profits, and a lot of critical Internet services are not operated with the primary purpose of making money, but simply as an enablers that exist for the good of the Internet.

Times have changed, of course, and the Internet has turned into a commercial success that allows many people to make a living – and some to even get rich.

If any, the projections for what is commonly referred to as the IoT are even more optimistic, full of forecasts that connecting everything together and processing vast quantities of data will allow even bigger commercial success and profits to be made.

Yet at the same time, many concerns have been raised – especially by those who understand the technology – about the risks involved with an ever more connected society and the dependencies this creates for our economic well-being.

These issues range from questioning the scalability of it all to the dangers of cyber warfare, where a well-aimed attack could cripple an entire country.


Message to the next President: Online, we’re all targets

When it comes to cybersecurity, changing outcomes is about unity of mission, not command, and here our government is often at odds with itself. The next president, whomever he or she turns out to be, has a chance to change that. The hack of the Democratic National Committee (DNC) made juicy headlines –but it shouldn’t have surprised anyone. Because these days, there are two kinds of presidential campaigns in the United States: Those that have been hacked and those that have been hacked but don’t know it.  If our next president is serious about preventing attacks, we need to stop waiting for the inevitable. The appointment of the nation’s first chief information security officer and the new directive for cyber incidents is a start, but good cybersecurity policy should be proactive, not reactive.

Here’s how we can get ahead of the game:

1) End the government doublespeak
In February, President Obama took the first step of writing an op-ed in the Wall Street Journal to outline his strategy for strengthening the internet. He’s spending $3 billion to overhaul federal computer systems and fix government IT, which he characterized as “an Atari game in an Xbox world.”

2) Create a new cyber technology court
Many of the laws governing cybercrime are decades old and failed to anticipate today’s connected world. The Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, for instance, criminalize research by ethical hackers designed to find security flaws before they can be exploited by criminals.

3) Internet security isn’t a war; the government needs help
For a global power used to flexing its muscle to solve problems, the web can be a strange place and a great equalizer. Some of the best tech talent and tools are in the private sector.

SOURCE: Federal Times, Sept. 16, 2016

The ongoing saga of Yahoo’s data breach


Facts are in dispute, Yahoo’s explanations are conflicting, and Congress can’t agree what to do. This much we know: On September 22, Yahoo admitted that some 500 million accounts had been stolen by hackers, including encrypted passwords, names, phone numbers, e-mails, but not banking information. The breach actually occurred two years ago, but apparently Yahoo only discovered the theft some weeks before the public announcement. Beyond these bare details, not a lot more is known — a situation that has produced a cascade of questions and allegations.

For instance, Yahoo has not disclosed an exact timeline showing when it learned about the breach. The company stated, “We don’t know how the bad guys got in.” It has also asserted that the theft was perpetrated by a “state-sponsored actor,” though it provided no technical details to support this claim. There are both private and public implications stemming from Yahoo’s voluminous customer-data breach. In July, Verizon agreed to pay $4.8 billion for Yahoo’s core business. Thus, the timing of the subsequent hacking incident could have a direct impact on the proposed takeover — and has produced suspicions about when Yahoo learned of the huge theft.

Senator Richard Blumenthal (D., Conn.) has demanded that regulators “investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon.” His suspicions no doubt deepened after learning that Yahoo had claimed in an SEC filing on September 9 that it had no knowledge of any incident that could adversely affect the sale to Verizon. In addition, a Yahoo customer has launched a lawsuit, accusing the company of “gross negligence” of customer data and seeking class-action status.

The brief suggested that Yahoo had neglected customer privacy and refused, despite warnings, to bulk up its security defenses.


The Biggest Cybersecurity Threats Are Inside Your Company


When security breaches make headlines, they tend to be about nefarious actors in another country or the catastrophic failure of technology. These kinds of stories are exciting to read and easier for the hacked company to admit to. But the reality is that no matter the size or the scope of a breach, usually it’s caused by an action, or failure, of someone inside the company.

The role that insiders play in the vulnerability of all sizes of corporations is massive and growing. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. IBM Security research also found that health care, manufacturing, and financial services are the top three industries under attack, due to their personal data, intellectual property and physical inventory, and massive financial assets, respectively.  However, while industries and sectors differ substantially in the value and volume of their assets and in the technology infrastructures they have to manage and defend, what all businesses have in common is people — all of whom have the potential to be an insider threat.

Before addressing the threat, it’s helpful to understand the primary types of insider risks:

  • We’re only human, and at exactly the wrong time. Human error is a major factor in breaches, and trusted but unwitting insiders are to blame. From misaddressed emails to stolen devices to confidential data sent to insecure home systems, mistakes can be very costly. The riskiest of these are well-meaning IT admins, whose complete access to company infrastructure can turn a small mistake into a catastrophe.
  • A few people leak the passwords. With these trusted but witting insiders, it’s the thought that counts. Malicious employees whose intent is to steal or damage are a very real risk. Some steal competitive information, some sell data or intelligence, and some just have a vendetta against the organization.
  • A wolf in the clothing of John from accounting. Cyber criminals are experts at hijacking identities. Some accomplish this by compromising an employee system through malware or phishing attacks; some leverage stolen credentials, especially by gleaning data from social networks. In many cases attackers can increase a hacked user’s access within a system, leading them to even more sensitive information.

The most dangerous aspect of insider threats is the fact that the access and activities are coming from trusted systems, and thus will fly below the radar of many detection technologies. Particularly in the latter two categories, malicious actors can erase evidence of their activities and presence to further complicate forensic investigations.


Webroot buys Cyberflow Analytics

Webroot buys Cyberflow Analytics, to expand in San Diego

Webroot, the market leader in next-generation endpoint security and threat intelligence, has announced it has acquired the assets of CyberFlow Analytics, an innovator in applying data science to network anomaly detection.

This acquisition enhances Webroot’s ability to address the explosion of internet-connected devices and an increasingly complex threat landscape. The company plans to expand its operations in San Diego.

Adding the FlowScape network behavioral analytics solution extends Webroot’s leadership in machine learning-based cybersecurity to the network layer.

As malware is now overwhelmingly polymorphic and advanced persistent threats (APTs) mask their activities within everyday network noise, SaaS-based FlowScape adversarial analytics and unsupervised machine learning enables Webroot to further reduce time to classify and address threats.

“Today, one of the only things attackers can’t find out about your network is what’s normal,” said Dick Williams, Webroot CEO. “This solution can identify and alert on potentially malicious activity that deviates from normal traffic in milliseconds.”

Sept. 21, 2016

CyberTECH’s NEST Receives $40,000 Grant to Help Generate Tech Startups

Mayor Faulconer lauds new “living, breathing workplace” and “new way of doing things”

As part of Mayor Kevin Faulconer’s commitment to grow San Diego’s tech innovation sector within the “Smart and Safe Cities” campaign, the City of San Diego has awarded a $40,000 grant to CyberTECH’s NEST CoWork space to help generate the creation of more startups and jobs across the region.

Officially opened nearly six months ago, NEST, the 16,000 square foot space located within the Manpower building in Bankers Hill (1855 First Avenue, San Diego, CA 92101), is now fully leased with 47 resident members. That total is expected to grow to 100 companies by mid-2017. For every resident member, NEST also supports an additional four non-resident members through its Community Social Incubation model.

The City of San Diego’s “Smart and Safe Cities” program emphasizes the need to support tech startups with infrastructure, mentorship and access to capital. By definition, a “smart and safe” city encourages a best-practices approach to preventing cyberattacks and related disruptions to the Internet and other open networks that are increasingly vulnerable, along with protecting basic user privacy and product safety.

“What we see at NEST represents a momentous shift away from the traditional workplace – a living, breathing workplace that embraces a new way of doing things,” said Mayor Faulconer in making the announcement. “NEST represents our city’s fast-changing, ever-flexible, always upwardly-mobile economy, especially for downtown, which is more vibrant than ever.”

Entrepreneur in Residence (EIR)

CyberTECH Launches Entrepreneurs in Residence (EIR) Program

California’s tech-inspired startups drive many of today’s hottest and most innovative products and services, helping to further position the state as the global center for excellence in Cybersecurity, Internet of Things and Emerging Technologies such as drones, blockchain, robotics, and 3D printing.

In that spirit, CyberTECH is proud to announce the CyberTECH Entrepreneur in Residence (EIR) — a six-month, low-rent program designed to build strategic relationships between early-stage companies and CyberTECH’s growing ecosystem of partners and stakeholders.

This innovative program leveraging CyberTECH’s “Social Community Incubator Model” is designed as a major element of CyberTECH’s Smart & Safe Cities initiative, in partnership with CyberCalifornia.

You’re invited to join us in welcoming our initial cohort of CyberTECH Entrepreneurs in Residence at a special luncheon event, as follows:

CyberTECH Entrepreneurs in Residence

  • Thursday, Sept. 15, 2016, 11:30 am to 1 pm
  • iHive @ NEST CoWork, 1855 First Avenue, Suite 201, San Diego, CA 92101

CyberTECH EIR startups will work independently with the support of the CyberTECH community. In some cases, EIRs may be embedded directly in departments or with Business Units at CyberTECH’s corporate partners to accelerate their business concepts and new technology products and services.

In addition to being assigned to a Mentorship Team, CyberTECH EIR startups will have access to no- or low-cost office space, along with discounted or low-cost software, high-speed Internet, strategic, legal and marketing professionals and other early stage startup services. Some startups may be offered stipends or scholarships from CyberTECH ecosystem companies.

Please join us for lunch Thursday, Sept. 15 to learn more about this exciting new program.

Darin Andersen, CEO/Founder


EIR Program Application

Why SIOT Matters

Why SIOT matters so much

The size of the IoT market is estimated to more than double the size of the smartphone, PC, tablet, connected car and wearable markets combined by 2019, according to, a news and research website.

At the same time, IoT’s security loopholes can wreak havoc in our lives, from enabling terrorism to simple hacking. The Internet of Things (IoT) has become one of the biggest areas of concern for cyber security experts. It was among the most discussed subjects at an annual conference in Singapore in May arranged by Fortinet, a software company based in Sunnyvale, CA, that provides enterprise-level next generation firewalls and arrays of network security products.

At the conference, Tyson Macaulay, Chief Security Strategist and Vice President of Security Services at Fortinet, and Darren Turnbull, Vice President Strategic Solutions at Fortinet – leading global experts on network security — said the market was both a threat and an opportunity.

Courtesy of Forbes India:

Microsoft wins surprising privacy ruling

A surprising privacy win for Microsoft

Microsoft has won its three-year lawsuit against the U.S. government over a warrant for a customers’ emails. The company has been fighting since 2013 to resist turning over the emails, which are stored in an Ireland-based data center.

The U.S. Court of Appeals for the 2nd Circuit ruled July 22 that Microsoft is not required to comply with a warrant for the users’ emails if the data is not stored within the U.S.

Although Microsoft triumphed in this case, its other battle with the U.S. Government continues — the company is still suing the Justice Department over gag orders that prevent it from informing customers when the government demands access to their data.

The court’s decision was hailed as a win by other industry giants that rely on overseas data centers for their infrastructure. For example, Ireland is a particularly popular location. Google, Facebook, and other companies all use data centers in that national because of its cool climate and appealing tax incentives.

The case has garnered international attention and has been a lightning rod for debates about how and when law enforcement should be able to access online data.

Although the U.S. government could appeal the case further and it may eventually land before the Supreme Court, Microsoft celebrated its victory.

As global law enforcement struggles to access data, legislators might use the excuse to require companies to store user data locally. For example, Russia enforces a data localization rule, and Brazil and France have considered similar legislation.

Apple Announces ‘Bug Bounty’ to Hackers Who Report Flaws

Criticized in recent years for failing to pay outside hackers who report bugs in its products, Apple announced at Black Hat that it would begin offering a so-called bug bounty to technologists who alert the company to flaws.

In recent years, nearly every company in Silicon Valley has been rewarding hackers who turn over bugs — a term for flaws that can make a product vulnerable to intrusion — in their systems, with cash. The reward is intended to serve as an incentive to keep those flaws out of the hands of organized groups or spy agencies. However, Apple had stayed away from the practice.

By contrast, Facebook and Google have offered large rewards – in some cases hundreds of thousands of dollars.

In addition, Apple said that if hackers donated their rewards to charity, it would match their donation.

Source: New York Times, August 4, 2016

CoWorking Week: Shared work spaces on tour

CoWorking Week: Shared work spaces on tour

By Roger Showley

August 5, 2016





The fifth annual CoWorking Week, kicking off Monday, aims to show how self-employed people can thrive in a post-pajama environment.

Five coworking spaces in San Diego County will hold free open houses to introduce the concept to people who have left the corporate world or want to escape loneliness at their home office.

But instead of renting a private office and paying for a common receptionist, coffee pot and copy equipment, coworkers typically work in an open-office setting and share ideas and trade services among one another.

Coworking entrepreneur, Darin Andersen, 50, started Cybertech and its Nest CoWork hub in Bankers Hill as a way to combine his interest in technology and background in commercial real estate.

He offered three tests for determining if coworking makes sense:

“You find yourself constantly distracted (in a home office). I call it ‘polishing the silver.’

“You are growing your team. You have more than yourself. You feel you’re in a growth phase and want to grow your concept and professionalize it outside your home space.”

“You are tired of working at a coffee shop, where it’s a loud environment and there’s no support.”

One study predicts 44 million Americans will be occupying coworking spaces by 2020. There are believed to be at least 1,000 San Diegans coworking today.

Coworking has gotten a boost since the recession, when workers lost their jobs and started their own companies. They set up shop in a spare bedroom (wearing PJs all day) and decided to professionalize but not in a beige cubicle setting.

The Nest coworking space attracts cybertech and other users to a Bankers Hill location, complete with food service and a gym. Cybertech .

The workers form one of the pillars of the so-called “shared” or “gig” economy and suit both single entrepreneurs developing a product and startup companies with a handful of employees not ready to set up permanent, standalone offices.

Coworking spaces offer a variety of membership plans, from only access to social events and workshops, starting at around $70 per month, to full-time dedicated desk space at around $400 per month.

Some locations include private offices as well, but all set aside space for conference and meeting rooms, food and sometimes exercise.

Andersen said the trend is solving a problem for landlords who have trouble filling vacant space. Instead of insisting on five- or 10-year leases, they can rent to a coworking company that in turn subleases to week-by-week or month-by-month users.

“I think coworking is a major global trend,” Andersen said. “I think people are looking at new styles of work and coworking is a sophisticated way to get work done and start something small and work up to big.”

Read the Original Story on the San Diego Union Tribune

Featured Photo Credit: Horacio Jones/Cinema Viva

CoWork Spaces Available


Looking for that perfect CoWork tech space?

We’re pleased to offer “ONE DAY FREE” at NEST CoWork @ CyberTECH, in San Diego’s Bankers Hill, a few blocks from downtown. Offered in partnership with LiquidSpace.

1855 First Avenue, Suite 103

San Diego, CA 92103

Sample space:

1 unreserved desk w/ private kitchenette, modern feel, part of 16,000 sf NEST CoWork space. Included: broadband, utilities, security, conference room, workout gym, coffee service. No hidden fees!

Contact Darin Andersen:


Federal judge rules probable cause isn’t necessary for computer search

In a surprising twist on a Constitutional precept, a senior US district judge has declared that probable cause wasn’t required for the FBI to search a suspect’s home computer.

The recent Virginia-based case involves a defendant who stands accused of intent to view child pornography and the receipt of child pornography.

According to the ruling, Judge Henry Coke Morgan, Jr., found that Edward Matish III “possessed no reasonable expectation of privacy in his computer’s IP address.” Thus, said the court, that IP address did not represent a prohibited search.

In pursuing the case, the FBI used what’s called “network investigative technique” (NIT) after agents seized control of Playpen, a dark net website. Users were surreptitiously transferred to an undercover FBI site.

The judge declared that “the rise of computer hacking via the Internet has changed the public’s reasonable expectations of privacy.”

The surprise ruling makes an ominous exception for the Fourth Amendment right against unreasonable search and seizure. If upheld, law enforcement would be free to remotely search and seize information from any computer, without a warrant, without probable cause, or without any suspicion at all.

In other words, privacy be damned.

The Electronic Frontier Foundation (EFF), a leading nonprofit organization that defends civil liberties in the digital space, intends to file an appeal.

The implications for the decision, if upheld, are “staggering,” said the EFF.

“Law enforcement would be free to remotely search and seize information from your computer,” said a spokesman, “without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy.”

SOURCE: The New York Times

Bay Area ranks as top U.S. tech hub

Each year, the CBRE Group gives the nation’s top 50 technology cities a score based on 13 metrics such as college degrees, tech job growth and the concentration of tech jobs in the workforce.

The top five winners: Northern California’s Bay Area, Washington D.C., Seattle, New York and Austin.

CBRE, which releases such rankings annually, is the world’s largest commercial real estate services firm serving owners, investors and occupiers.

However, the rankings tend to be a bit misleading.

The reason: CBRE’s research centers on computer/software-related technology jobs, such as programmers, computer technicians and engineers. It does not include life science-related jobs — where 16th-ranked San Diego, for example, has a large footprint. In addition, life science firms increasingly are requiring software engineers and other traditional tech workers for big data analysis in fields such as genomics.

A high concentration of millennials is a characteristic of tech cities, according to the report. San Diego posted a nearly 14 percent population increase in millennials from 2009 to 2014 – the latest data available.That ranked third nationally for percentage gain in cities with a tech workforce above 50,000 jobs, trailing only Washington, D.C., and the Bay Area.

San Diego had 67,590 tech workers in 2015 – up 47 percent over the previous five years. The average wage last year was $98,990, up 16.6 percent since 2010.

Source: San Diego Union-Tribune

Uber Pays Bug Bounty and Patches Vulnerabilities

Thanks to a team of bug bounty hackers out of Portugal, Uber has patched some system weaknesses. Uber has seen tremendous growth in recent years, acting as a market disruptor for personal transportation. With millions of registered users around the world, Uber stores the kind of sensitive, personal and financial information that could be extremely profitable to unethical hackers.

Specifically, the Uber hackers were able to identify individual drivers, trip histories, rider financial data, and user device data. Additional finds included passenger photos, fare prices, and coupon code vulnerabilities. According to UK-based tech publication, The Register, Uber quickly responded to the issues and closed the security gaps before any malicious hackers could access the system.

According to Lane Thomas of Tripwire, these kinds of programming problems are very commonplace. Services like Uber need to be built with cyber security as a primary goal.

Without programmers focusing on inadvertent vulnerabilities during the development process, software become very susceptible to hacks. Reverse programming to fix problems is frequently more expensive and less effective than avoiding the weaknesses upfront.

As more and more companies are creating apps and programs that customize services for individuals, more and more people are filing their personal and financial data and assuming the information is safe. But it’s not. Large companies, like Uber, have massive resources at their disposal to build the system correctly, routinely update the software, and proactively work to prevent future hacks. However, with app development happening on every corner in tech hubs like San Jose, Seattle, and San Diego, smaller firms may not have the knowledge base or resources to secure client information.

Bug bounty rewards have proven to be a very cost-effective way for companies willing to listen to the independent hackers trying to help. If the hackers can’t find any problems, the companies don’t pay a dime. But given the proliferation of malicious hacks, most companies will eventually be tested by hackers. Being amenable to paying out for a benign hack will often save the millions of dollars that would have been paid in stolen money, revenue decreases, and brand deterioration.

Uber was lucky. Given the value of the data uncovered through the system vulnerabilities, Uber would have eventually lost this data to a more malignant hack. Uber had millions of users to protect; but smaller companies with just a few thousand users are still a source of valuable data. There’s a market for active credit card accounts, and hackers are willing to sell off their finds to the highest bidder.

DHS cyber role elevated in new legislation

The Department of Homeland Security is likely to expand its role and profile as the lead agency in the federal government for cybersecurity. A bill approved by the House Homeland Security Committee could create a new DHS cyber defense agency that would be called the Cybersecurity and Infrastructure Protection Agency. The transformation would reorganize and optimize key cybersecurity roles and functions currently in DHS’s National Protection and Programs Directorate. The change may take place as early as 2017 as it has strong bi-partisan support.

The prospective agency would replace NPPD and put a stronger focus on DHS’s integral role in cyber preparedness, response and resilience. More importantly, it would reorganize the agency into an operational role to help protect against targeted cyber intrusions of the nation’s critical infrastructure, such as financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways and buildings.

DHS’s responsibility to protect against cyber threats has evolved significantly from early days of the department and its creation under the Homeland Security Act of 2002. A major reason for this new focus on cybersecurity has been the rapid changes in the information technology landscape. Since 2002, the capabilities and connectivity of cyber devices and communications has grown exponentially. So have the cyber intrusions and threats from malware and hackers, requiring restructuring of priorities and missions. The cyber threat reaches far beyond terrorists, and includes various criminal enterprises and adversarial nation states.

A change in these risk environments has corresponded with a heightened DHS collaboration with other agencies, and especially the private-sector stakeholders who own most of the nation’s vital infrastructure. DHS has had to step up assessing situational awareness, information sharing and resilience research and development plans with these stakeholders to mitigate risk and protect critical infrastructure and key resources.

DHS’s heightened cybersecurity mission was also reaffirmed via the House Appropriations Subcommittee on Homeland Security allocating $1.1 billion in fiscal 2017 for cybersecurity programs.

DHS has significantly evolved since 2002 and has elevated its technological and organizational capabilities in confronting security and terrorist threats. The new reorganized and streamlined agency will address the new security challenges of the digital world and hopefully enable DHS to successfully fulfill its growing leadership role.

Charles (Chuck) Brooks serves as the vice president for government relations & marketing for Sutherland Government Solutions. He served at the Department of Homeland Security as the first director of legislative affairs for the Science & Technology Directorate. Find him on Twitter: @ChuckDBrooks.

Korey Castillo as Director of Member and Partner Relations

Korey Castillo, a well-known member of the San Diego tech community, recently joined CyberTECH as Director of Member and Partner Relations.

Understanding the important role that technology plays within businesses each day, Korey has been an ongoing supporter  frequently volunteering and helping to educate companies and individuals about the importance of cybersecurity best practices.

“Korey has always been a close friend of CyberTECH. We are grateful that she is joining us on this exciting journey,” said CyberTECH Founder, Darin Andersen.

In her role at CyberTECH, Korey will drive communications and business development efforts.

“CyberTECH is on the cutting-edge of all things technology, and that’s exciting! I love the culture, the people, and the overall energy of the community. I am honored to join so many talented entrepreneurs and leaders.”

Please help us give a big welcome to Korey!

CyberFlow Analytics Wins First Place at the Cisco Innovation Grand Challenge

It has been a long but exciting journey for CyberTECH Member, CyberFlow Analytics, a San Diego-based cybersecurity company specializing in “anomalytics”. In successive rounds since June competing against more than 3,000 entries from more than 100 countries, CyberFlow Analytics took first place at the Cisco Innovation Grand Challenge at the IoT World Forum in Dubai for securing the IoT with Anomalytics, taking home the Grand Prize of $150,000.

The Six finalists from Canada, Finland, Germany and the United States delivered Shark Tank-like pitches and demos before a live audience and finalist judges – themselves a “who’s who” of IoT industry leadership.

Beyond the cash prizes, the winners earned VIP access to industry, investment and business experts, including Cisco’s global Innovation Centers and Cisco investments team for potential business acceleration and joint go-to-market strategies.

A big congratulations to CyberFlow Analytics!

USD Center for Cyber Security Engineering and Technology

The University of San Diego recently launched its first Cyber Security degree program, a fully online Masters of Science in Cyber Security Operations and Leadership. In keeping with their strategy for a robust cyber security education program, approvals for their next degree, a Masters of Science in Cyber Security Engineering, is scheduled to launch in January 2016 as a fully on-ground program.

This degree is accelerated and focuses on the engineering aspects of cybersecurity.  It is designed for those with computer science, electrical engineering, or computer engineering bachelor degrees.  While work experience will certainly be considered in admission decisions, because of the rigor of this offering, it is very important to have a fundamental background in order to succeed.

The program will consist of 30 units of coursework and is designed for the working professional.  It will take 5 semesters or approximately 20 months to complete.  It is an extremely specialized degree of the Shiley-Marcos School of Engineering – not only is it the engineering school’s first Masters degree, but it is part of USD’s first center (CCSET).  While the term is often overused, students in this program will truly be pioneers at USD.

The program is being led and developed by Dr. Winnie Callahan, an educator with 20 years of experience at the University of Nebraska and the University of Southern California. She brings together experts in national defense, business, information technology and education to train a new generation of cybersecurity professionals.

“It made sense to me with the things I was seeing that we needed to address this national problem at a couple of levels, including better trained cyber professionals,” said Dr. Callahan.

CyberTECH Executive Director, cyber professional and program champion, Shirley Adams stated, “The center will play a key role in San Diego’s regional efforts to be recognized as the National Center of Cyber Security Excellence. Working together we can help produce the high quality cyber security engineers that our nation so desperately needs.”

Houston, We Have A Problem (Cyber)

We all know every city has this same problem, so why share what’s up in Houston?   This city is in many ways like San Diego, as is Texas and California, so collectively they can set the cyber tone in the west. That is, doing collaborative, actionable things versus just continuing to admire the problem (threat).

Houston is the 4th largest city in the USA (SD is the 8th), both are very diverse in culture, business and academia (with SD the lead on the latter).

Houston has a large port district and maritime influence, SD has an even larger, more global port ecosphere.

Both have an economic and symbiotic relationship with Mexico and cross border opportunities (with SD the more mature effort).

Houston has a strong high technology effort, while SD leads in the cyber startup / incubator support infrastructure.

The academia, university, overall educational efforts are similar as well, with SD leading in education, especially with SOeC.

Houston is second only to New York with the most number of fortune 500 companies – thus business does business there.  SD has a wide industry base of government, academia, research, diverse businesses, etc. The two can complement each other in a highly symbiotic relationship.

So in short, it’s natural to link up the two as cyber sister cities, as well as the larger CyberTexas and CyberCalifornia initiatives. The ability to share cyber information can be geometrically increased, highly leveraged, and better integrated as partners between all three – government, business and academia.

So what’s Houston doing?  They have the usual professional security groups of course: ISSA, ISC2, Infragard and Houston InfoSec (a monthly happy hour, network, presentation affair), and a few others.

Infragard is especially active and has several SIGs, of which I support two – Maritime and Technology.

We’ve recently initiated a “Cybersecurity Solutions SIG” as a Houston MeetUp (though open to anyone) to better harmonize the various security groups as well as take a project, action oriented cyber focus, going beyond just information sharing.

Something we think every city needs to do in some manner.. aka, start DOING more cyber.

Blog written by Mike Davis, Deputy Director and Senior Manager, IT Security, American Bureau of Shipping (ABS).

A small gallery

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

  • Nulla consequat massa quis enim.
  • Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu.
  • In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo.
  • Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi.

Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim.

Read more

This is a post with post type “Link”

Entries with this post type link to a different page with their headline. Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor.

A nice post

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem.

Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim.

Read more