Cylance® Proves Voting Machine Vulnerabilities

Cylance® Inc, a CyberTECH member, has announced the successful exploitation of critical vulnerabilities in a common model of voting machine. The exploitation of these vulnerabilities was previously thought to only be theoretical in nature prior to this revelation by Cylance researchers

The compromise techniques are relatively simple to undertake, but do require physical access to the voting machine.

To help understand the risk to election integrity, Cylance produced a demonstration video of the techniques used to compromise the Sequoia AVC Edge Mk1 voting machine.

The video shows how Cylance researchers were able to re-flash the firmware with a PCMCIA card, directly manipulate the voting tallies in memory, and cause a vote for one candidate to be credited to another by altering elements of the device’s screen display.

For mitigation in the long term, Cylance recommends phasing out and replacing deprecated, insecure machines — namely those without robust, hardware-based firmware and data verification mechanisms.

Also, additional due diligence of polling place volunteers, workers, officers may help mitigate possible collusion for tampering by these groups.

The units in question were known to be in use in hundreds of thousands of polling locations across the country in the recent election.

SOURCE: CYLANCE INC.

What if the Internet crashed for one day … or longer?

During a one-day outage we would see dramatic slowdown – possibly a total breakdown – of our ability to communicate with one another.

Many of us will be trapped in our homes without the ability to operate our electronic devices and so many other conveniences we take for granted.

What if? We’d be virtually helpless.

If the cyber attack is aimed at power supplies, many of us won’t be able to open our garage doors. Smart phones will be dead, iPads useless. Phone lines will be down. No media coverage. Accurate information about what has happened – and why — will be extremely limited at this point.

If people did manage toget out of their homes and into their cars,traffic control systems will be dark. First responders will start to mobilize, with law enforcement becoming increasingly visible as the day progresses.

Businesses of all kinds –banks, supermarkets, gas stations, the stock market — with cease. Everything will be “cash only” — but ATMs will be inoperable. Supply chains of all sorts will be disrupted. Most companies wouldn’t be able to remain open.

In a word, chaos.

Bottom line: In a society where disenfranchised members begin betting against the regime, cyber strikes to disrupt the political system and infrastructure are a powerful 1-2 punch to create widespread panic and civil unrest.

The “fallout” from one day will last for months, likely years. Cracks in our everyday lives – indeed, our very way of life — will be severely threatened.

Armageddon? Maybe.

Those are my thoughts. I welcome yours.

By Darin Andersen

China Approves Cybersecurity Law

Lawmakers described the law as necessary to bolster its online security at a time of multiplying threats

BEIJING—China’s government approved a broad new cybersecurity law aimed at further tightening and centralizing state control over the internet, including the role foreign companies play in Chinese cyberspace.

The law, passed by the standing committee of China’s legislature and issued publicly on Nov. 5, tasks agencies and enterprises with improving their ability to defend against network intrusions while demanding security reviews for equipment and data in strategic sectors.

The law includes provisions such as a requirement that internet operators provide unspecified “technical assistance” to authorities in cases involving national security. It also requires security checks for equipment used for “critical infrastructure,” which is defined as including information services, energy, transportation, finance and other important sectors.

During the drafting, the law was criticized by some foreign business groups and technology experts as a blueprint for further walling off China’s already isolated internet. China’s lawmakers described the law as necessary to bolster its online security at a time of multiplying threats.

China, which is often accused of supporting cyberattacks on other countries but which says it is a frequent victim of hacking, has moved aggressively to bolster cybersecurity since Chinese President Xi Jinping took office four years ago.

SOURCE: THE WALL STREET JOURNAL, Nov. 6, 2016

 

The Patient Will See You Now: Healthcare and the Internet of Things

  1. What time did Mom get up this morning?
  2. Did Dad take his mid-day pill?
  3. Does my teenager still have a fever?

The Internet of Things will soon provide an endless stream of data to
anyone acting as a caretaker to a growing child, ill spouse, or aging
parent. As technology grows smaller, we will be able to monitor vital
signs and physical activities from our phones. What once required a
hospital bed and team of nurses will soon require little more than a
medical patch and a cell phone (or Wi-Fi) signal.

The benefit, of course, will be improved medical care. Most
significantly, the Medical Internet of Things will prevent death. Most
patients don’t know how to recognize the early warning signs of heart
attack and stroke. Although we’ve had medical alert bracelets for
years, these still require the patient to recognize the problem and
press the button. In the future, cognitive choice will be removed from
the equation, and data like body temperature and heart rate will
become the deciding factors. And it won’t take too long before
sub-cutaneous devices will be used regularly to monitor blood
proteins, blood cell counts, and medication levels.

The drawback is privacy. Although you may want to know that your
70-year old mother is actively walking every day, she may not want you
to know she spent the afternoon perusing the purses at Nordstrom’s.
But her medical tag will be able to tell you exactly where she went
and if her heart rate stayed within normal parameters the entire time.

The United Kingdom is currently testing an Internet of Things program
within the National Health System (NHS). Over a two-year period,
patients with diabetes will be continuously monitored by a small
device designed to help them regulate physical activity and blood
sugar levels. The goal is to reduce doctor visits and hospital stays.
While the plan will help improve patient care, it is also intended to
monitor the ways in which caretakers use technology and respond to the
results. For example, will the massive amount of data be overwhelming
for caretakers? Does the NHS need to adjust the caregiver’s end-user
experience to be more efficient and user friendly?

Putting health-related technology into the hands of those who need it
the most can be difficult. Poorer populations don’t have the newest
iPhone or the fastest Wi-Fi signal – if any at all. So the NHS has
launched a second program in some of London’s poorer areas to help
reduce the chance of stroke for those patients. Thanks to a small
set-top box and a Bluetooth signal, caregivers no longer need to visit
patients on a daily or weekly basis to review vital signs like weight,
blood pressure, and pulse rate.

Health-related, Internet-connected apps and services are already a
part of our lives. You may not even know it, but your smartphone
probably has an activity tracker waiting to be initiated. (Or you
already have logged in and you are ignoring its constant reminders to
exercise more.) The technology is only going to become more precise
and accurate. And what we might sacrifice in privacy, we will likely
gain in healthy living.

Uber Pays Bug Bounty and Patches Vulnerabilities

Thanks to a team of bug bounty hackers out of Portugal, Uber has patched some system weaknesses. Uber has seen tremendous growth in recent years, acting as a market disruptor for personal transportation. With millions of registered users around the world, Uber stores the kind of sensitive, personal and financial information that could be extremely profitable to unethical hackers.

Specifically, the Uber hackers were able to identify individual drivers, trip histories, rider financial data, and user device data. Additional finds included passenger photos, fare prices, and coupon code vulnerabilities. According to UK-based tech publication, The Register, Uber quickly responded to the issues and closed the security gaps before any malicious hackers could access the system.

According to Lane Thomas of Tripwire, these kinds of programming problems are very commonplace. Services like Uber need to be built with cyber security as a primary goal.

Without programmers focusing on inadvertent vulnerabilities during the development process, software become very susceptible to hacks. Reverse programming to fix problems is frequently more expensive and less effective than avoiding the weaknesses upfront.

As more and more companies are creating apps and programs that customize services for individuals, more and more people are filing their personal and financial data and assuming the information is safe. But it’s not. Large companies, like Uber, have massive resources at their disposal to build the system correctly, routinely update the software, and proactively work to prevent future hacks. However, with app development happening on every corner in tech hubs like San Jose, Seattle, and San Diego, smaller firms may not have the knowledge base or resources to secure client information.

Bug bounty rewards have proven to be a very cost-effective way for companies willing to listen to the independent hackers trying to help. If the hackers can’t find any problems, the companies don’t pay a dime. But given the proliferation of malicious hacks, most companies will eventually be tested by hackers. Being amenable to paying out for a benign hack will often save the millions of dollars that would have been paid in stolen money, revenue decreases, and brand deterioration.

Uber was lucky. Given the value of the data uncovered through the system vulnerabilities, Uber would have eventually lost this data to a more malignant hack. Uber had millions of users to protect; but smaller companies with just a few thousand users are still a source of valuable data. There’s a market for active credit card accounts, and hackers are willing to sell off their finds to the highest bidder.

CyberTECH IoT San Diego and IoT Seattle Hosts Joint IoT Smart & Safe Cities Meetup

Member Spotlight: Triton, Innovative technology and service solutions provider joins CyberTECH

Triton2

Triton Services is a recognized leader with deep industry, business, and technology experience working for both Defense and commercial companies.

Headquartered in Annapolis, MD, Triton Services, Inc. recently expanded operations to San Diego establishing their West Coast Offices at CyberTECH as they continue to develop their leadership role in the Government’s acceptance of open source Internet of Things (IoT) application platforms.

Triton’s Shawn Reuland was recently featured in the San Diego Daily Transcript as he works on the company’s  cloud-computing technology.

TritonDT

TS

We are excited to welcome Triton to the CyberTECH Community!

To learn more visit the Triton website here.

INFIX “Life Coaches for Companies” offers free initial consultations to CyberTECH Members

Infixlogo

Infix your ideas and evolve your business with INFIX.US – Company Life Coaches will look at the operational and strategic aspects of your business and help you evolve to new levels.

INFIX will coach your business with a fresh perspective, through guided change, and support your staff with best practices and necessary training. INFIX also offer process improvement, data analytic and staff augmentation services.

For the months of May and June, INFIX is offering free initial consultations and affordable help to CyberTECH Members.

For more information or to get started, contact Andy@infix.us or call 1-949-4UINFIX. You can also visit the INFIX website at www.infix.us.

Korey Castillo as Director of Member and Partner Relations

Korey Castillo, a well-known member of the San Diego tech community, recently joined CyberTECH as Director of Member and Partner Relations.

Understanding the important role that technology plays within businesses each day, Korey has been an ongoing supporter  frequently volunteering and helping to educate companies and individuals about the importance of cybersecurity best practices.

“Korey has always been a close friend of CyberTECH. We are grateful that she is joining us on this exciting journey,” said CyberTECH Founder, Darin Andersen.

In her role at CyberTECH, Korey will drive communications and business development efforts.

“CyberTECH is on the cutting-edge of all things technology, and that’s exciting! I love the culture, the people, and the overall energy of the community. I am honored to join so many talented entrepreneurs and leaders.”

Please help us give a big welcome to Korey!

CyberTECH Opens Emerging Technology Incubator and Co-working xHive

CyberTECH Founder to Participate in “Real Disruption” Session at the SIOR 2016 Spring World Conference

On Thursday, April 14, CyberTECH Founder Darin Andersen will participate in a panel discussion about the sharing economy at the SIOR national meeting in San Diego. As we continue to grow the CyberTECH Co-working community, we are excited to join the discussion on how spaces such as NEST, CyberHive, xHive, iHive are great examples of new, innovative real estate product types that are changing commercial real estate generally and brokerage specifically.

Education Session: Real Disruption – The Sharing Economy and Commercial Real Estate (CE)

Moderator: Steve Weikal, MIT Center for Real Estate

Panelists:
Darin Andersen, CyberTECH
Matt Glade, Flexe
David Mandell, PivotDesk

We’re all familiar with (or have used) popular sharing services such as Zipcar, Airbnb and Uber. Now, this “sharing” model is coming to commercial real estate in a variety of forms. In this session, Steve discusses the new technology applications that use this approach to unlock value in real estate by increasing utilization rates, optimizing occupancy and decreasing market friction. This lively discussion with three industry innovators will provide a better understanding of how the sharing economy is poised to dramatically alter the office and industrial markets, and what it may mean for your business.

For the complete conference schedule click here.

For more information and to register click here.

CyberTECH Partners with Wireless Health Hub

WHHSoCal EED Logo

Over three years ago, the Wireless Health Hub (WHH) was founded by SoCal EED, a nonprofit organization with a goal of creating a startup community for entrepreneurs and investors in the Biomedical and Healthcare Industries.

WHH provided a forum for entrepreneurs to collaborate with universities, capital providers, municipal leaders, and local accelerator and incubator programs, tapping into San Diego’s deep domain expertise in wireless along with its world-class life sciences and biomedical research capabilities.

More recently, complementary trends have emerged – smart phones and clinical devices have become indispensable extensions of traditional healthcare infrastructure. WHH has begun to focus more on assisting startups pushing the envelope in cloud-based personal and clinical health applications.

These trends demonstrate the convergence of healthcare devices with the “Internet of Things” (IoT), a growing network of smart devices, embedded with electronics, software, sensors, and network connectivity that enables the collection and exchange of data. CyberTECH, already a leader in cybersecurity, has become a driving force in IoT, with a goal of providing resources and strategic programs to stimulate innovation in a wide variety of new application areas.

With these common goals in mind, we’re announcing a partnership between the CyberTECH and Wireless Health Hub to combine resources toward creating an even stronger forum for entrepreneurs to collaborate and connect with stakeholders across San Diego. Going forward, our organizations will work together to stimulate innovation and help solve the technical and business challenges common to healthcare and IoT startups – the need for expert resources and access to early-stage capital.

Our first jointly sponsored event, the CISOpen Roundtable: Bio and Healthcare Security by Design will take place April 14th and will focus on Cybersecurity issues pertinent to biotech, life sciences and healthcare companies. Prior to the CISOpen event, the partnership will also be announced at the NEST Ribbon-Cutting Ceremony on April 6.

Additionally, we have recently launched the CyberTECH Wireless Health Hub Meetup where we will host meetings at CyberTECH’s NEST Cowork space which also houses iHive, an Internet of Things Incubator, xHive and CyberHive.

Click here to join the CyberTECH Wireless Health Hub Meetup.

This is just the tip of the iceberg. We’re now in the planning stages for more combined events and some ground-breaking initiatives.

Stay tuned for more upcoming announcements!

CyberTECH Supporting an Established Video Developer Community as Part of our Workforce Development Campaign

CyberTECH has recently taken over as the Organizer of the San Diego Gaming Meetup. We have renamed the Meetup CyberTECH Video Game Developers San Diego.

Why have we done this?  Simply we want this important Meetup Community to continue on and offer more Game the Developers the opportunity to learn through the Meetup process which promotes collaboration through group learning.

This group is for established & aspiring game developers to network, share knowledge, and spawn innovative new games that’ll revolutionize the industry.

Join the Meetup Group today!

Please email darin@cyberhivesandiego.org with any comments or questions and we look forward to seeing you at our next Meetup.

Mayor Kevin Faulconer to Officially Open NEST, San Diego’s Largest Co-working Tech Startup Space

NEST-NEW

Mayor Kevin Faulconer will preside over a ribbon-cutting ceremony to commemorate the official opening of NEST, downtown San Diego’s largest co-working space for tech startups, on Wednesday, April 6 at 10:45 am.

The NEST ceremony will be held at 1855 First Avenue, 2nd Floor of the Manpower building, located in Bankers Hill adjacent to downtown. Covering more than 16,000 square feet, the newly-opened space reflects San Diego’s fast-growing leadership role in the hi-tech and cybersecurity sectors.

 

Along with Mayor Faulconer, more than 100 elected officials, business, civic and tech leaders are expected to attend including event MC Reo Carr, Executive Editor, San Diego Business JournalSherri S. Lightner, San Diego City Council President District 1; Shelley Zimmerman, Chief of Police, City of San Diego; Erik Caldwell, Director of Economic Development, City of San Diego; Phil Blair, Executive Officer, Manpower San Diego; and Greg McKee, CEO, CONNECT.

In addition to saluting the new tech space, Mayor Faulconer is expected to announce San Diego’s role as an innovator within the new “Smart and Safe Cities” campaign, part of the recently launched state-wide initiative, CyberCalifornia.

NEST Ribbon-cutting Ceremony with Mayor Faulconer
Wednesday, April 6, 10:30-11:30 am
Manpower, 1855 First Avenue, 2nd Floor, San Diego, CA 92101

Funding for NEST derives from a $40,000 City of San Diego grant, part of the city’s Regional Economic Development Corporation Transient Occupancy Tax funding program. Under the guidance of San Diego-based cybersecurity executive Darin Andersen, NEST is supported by resident and non-resident membership fees, plus sponsor partners and grants. The space is fully leased with 42 resident members. That total is expected to grow to 80 companies by mid-2017. For every resident member, NEST also supports an additional four non-resident members through its Community Social Incubation Model.

“We’re grateful that Mayor Faulconer and his staff fully recognize that our newest co-working venture will serve to further accelerate the region’s startup sector, with its growing emphasis on downtown,” said Andersen, chairman of CyberCalifornia, a non-profit security alliance of industry, government and academic leaders. “We’re equally grateful for the generous support and vision of the San Diego Regional Economic Development Corporation.”

Additional tech-themed working spaces within the Manpower building include: CyberHive, iHive, and xHive, featuring an array of incubators, shared workspaces, temporary workspaces and co-working spaces.

To RSVP for the ceremony please click here.

For more information about NEST please click here.

CyberTECH March 2016 IoT Meetup Report

San Diego CyberTECH March 2016 IoT Meetup Report

This blog was written by Don Larson at NewAdventures.

I attended the Thursday night San Diego CyberTECH IoT Meetup where about 80 or sopeople attended. The theme was The Rise of Machine Learning and presented in a TED Talk format. I served as the Master of Ceremonies for this meeting.

A video was taken and should appear in the CyberTECH YouTube Channel in the near future.

We had four qualified speakers discuss Artificial Intelligence and Machine Learning as indicated below:

  • Bill Bonney – Thinking Machines: What is Artificial Intelligence?
    • Bill is a principal consulting analyst for TechVision Research, where he covers IoT, Identity Management and emerging technologies such as the block chain. In addition to his role at TechVision, he spends what spare time he has as a technology evangelist, especially in the Information Security space.
    • Bill Bonney

  • Patryk Laurent – Existing and Emerging AI Technologies for Personal IoT
    • Patryk Laurent has a PhD in Cognitive Neuroscience, and specialized in understanding how neural systems learn to act and pay attention based on reinforcement. He moved to San Diego three years ago to work at Brain Corporation, a late-stage startup that focuses on making brains for robots.
    • Patryk Laurent

  • Tom Caldwell – How we’re using AI to secure “things
    • A veteran of Cisco and Microsoft, Tom has deep expertise in delivering Cloud-based software products and large scale software systems to large enterprise and service providers. Tom is a founder and currently leads the engineering effort at CyberFlow Analytics, a Network Behavioral Analytics company focused on securing Industrial IoT and Enterprise IT. Prior to that he served as President of LonoCloud, a cloudPaaS company acquired by ViaSat. With a MS in Computer Science, he has more than 20 years in business and software engineering.
    • Tom Caldwell

  • Jeff Debrosse – Teaching robots about context
    • A member of our community for the last 13 years when Jeff came to San Diego to join an Intel spin-off that was acquired by LSI, ran the research department for ESET as well as Websense, which was also acquired, and co-chaired the Federal law enforcement working group for Securing Our eCity for over 4 years. He recently launched is latest company in San Diego, NXT Robotics (pronounced “next robotics”), which provides a B2B subscription-based security monitoring and reporting service for data centers, commercial property and parking management companies. NXT provides this service using autonomous security robots on the customers premise and provides analytics/reports via their cloud-based infrastructure.
    • Jeff Debrosse

The event kicked off with a CyberTECH Members Meetup at 4 PM followed by our first CyberTECH Video Game Developers Meetup at 5 PM where we discussed ideas for upcoming Meetups.  At 6 PM we started our IoT Meetup led by Co Chairs Bill Bonney and Don Larson and lasted to about 9:00 pm, that’s when I left anyway.  Food and drinks were served (tasty chicken and waffles and new beer from our brew master Ace Sklar was a hit – we dusted an entire keg.) The gathering was very energetic with plenty of time for social networking and speaking with the presenters in an informal setting.

One of my long-time friends, Paul Webber, President of the San Diego Java Users Group, came and he expressed an interest in Robotics. I pointed him towards C-level folks who manage companies that develop commercial robots. I also mentioned CyberTECH’s XHive Incubator for more information.

The next event is Mayor Faulconer’s Ribbon Cutting on 6 April from 10 AM to 5 PM – sushi on the menu for that!

Please consider attending CyberTECH’s future Meetups. I’ll look for you there. :-)

Launch of CyberCalifornia to be Announced at RSA Conference

CC Logo Screen Shot

Non-profit Initiative to Promote State as Epicenter of Commercial Cybersecurity

More than ever, California stands at the forefront of new technologies based on the Internet of Things (IoT), the phenomenon of people and things (devices) connected to the Internet and communicating vast amounts of valuable data.

Yet we are also increasingly vulnerable, a fact underscored by breaches of corporations and government agencies that have impacted millions across the nation. Reports of cybercrime, data breaches, theft of proprietary information, hacking and malware incidents have become alarmingly frequent.

Toward that end, a state-wide alliance of cybersecurity leaders, companies, educators and elected officials – CyberCalifornia – has been formed. The non-profit coalition will work closely with select representatives from government, industry and academia to accelerate the state’s standing as the industry’s epicenter of commercial cybersecurity.

The announcement will be made March 1, 2016 at CyberTECH’s Cyber+IoT Bangers & Mash eWEEK Roundtable Breakfast as part of the RSA Conference 2016, the annual global cybersecurity conference, San Francisco’s Moscone Center, Feb. 29-March 4.

RSA Conference 2016: “Bangers and Mash” eWEEK Roundtable Breakfast
The Chieftain Irish Pub, 198 Fifth Street, San Francisco
Tuesday, March 1, 2016, 7:30 am to 9:30 am

The connection between cybersecurity and overall economic vitality is especially robust in California, given the state’s leadership position in so many advanced sectors. These sectors are highly dependent on technical cybersecurity solutions, skilled cybersecurity professionals, and collaborative processes in cybersecurity.

Indeed, companies that lack these cybersecurity assets risk losing sensitive company and customer data, putting them on a perilous path. By contrast, businesses that proactively incorporate cybersecurity into their research, product design, and workforce development plans can gain competitive advantages.

Given the inextricable link between cybersecurity and overall economic vitality, it is crucial that businesses, universities, and other collaborative assets throughout California work together to enhance the security of the state’s digital infrastructure.

“In today’s digital age, trust is imperative,” said Ryan Gillis, Vice President, Cybersecurity Strategy and Global Policy at Palo Alto Networks. “We believe that with industry, government and education leaders working together to improve defenses against advanced cyber adversaries, we can affect positive change to build back the trust in our digital infrastructure.”

Added Craig Harper, ‎Chief Technology Officer at Sysorex: “Those of us with leading roles in cyber security fully realize that we’re faced with the urgency of now.”

Spreading that compelling message – along with providing critical informational strategies and tools – is the goal of CyberCalifornia.

The mission:

CyberCalifornia will advance the goals and promote the accomplishments of the State of California’s Cybersecurity Task Force, with a particular emphasis on the connections between cybersecurity and economic development.

CyberCalifornia will help organize public-private partnerships in cybersecurity, with the goals of facilitating research and innovation in cybersecurity, educating

California businesses about cybersecurity needs and resources, and connecting the state’s robust workforce development system with employers and their needs.

CyberCalifornia will collaborate with the Innovation Hub (iHub) Network, a program administered by the Governor’s Office of Business and Economic Development. The iHubs provide innovation platforms for startup companies, economic development organizations, business groups, and venture capitalists by leveraging such assets as research parks, technology incubators, universities, and federal laboratories.

The action plan:

Create a standing Board of Advisors to work with the California Cybersecurity Task Force, with a particular emphasis on the Economic Development Subcommittee.

Assist in organizing private sectors by vertical industry such as banking and finance, high technology, agricultural technology, and others. These advisory groups will encourage sector-specific cybersecurity innovation in their respective domains, in partnership with the statewide Innovation Hub (iHub) network. These groups will also publicize exemplary cybersecurity practices for industry members.

Assist in development and promotion of cybersecurity career pathways, in close partnership with the Workforce Development and Education Subcommittee and the Economic Development Subcommittee of the California Cybersecurity Task Force.

Partner with local and regional economic development organizations, including the Innovation Hubs (iHubs), economic development organizations, small business development centers, workforce investment boards, and other strategic partners, to inform California’s business community about cybersecurity needs and solutions.

Establish connections between the Cybersecurity sector and the Internet of Things sector, through such activities as conferences and media events.

About CyberCalifornia:

A non-profit coalition based in San Diego, CA, CyberCalifornia organizes public-private partnerships in cybersecurity, with the goal of facilitating research and innovation in cybersecurity, educating California businesses about cybersecurity needs and resources, and connecting California’s robust workforce development system with the needs of California employers.

About RSA Conference 2016:

Launched in 1991, RSA Conference drives the information security agenda worldwide with annual industry events in the U.S., Europe and Asia. Throughout its history, RSA Conference has consistently attracted the world’s best and brightest in the field, creating opportunities for conference attendees to learn about IT security’s most important issues.

About CyberTECH:

San Diego-based CyberTECH is a global cybersecurity and Internet of Things (IoT) network alliance providing cybersecurity and IoT resources, strategic programs and thought-leadership events. Membership includes business and financial leaders, academic and research institutions, government and non-profit organizations.

Contact:

Darin Andersen
CEO/Founder, CyberTECH
619-341-4086
darin@cyberhivesandiego.org

 

CC Logo Screen Shot

a CyberTECH Initiative

Evolution of the CyberTECH Newsletter

Since August 2014, the CyberTECH Newsletter has been a great source for our members, partners, sponsors, industry experts and all other CyberTECH supporters to stay up-to-date with the latest news, trends, events and more.

NL1

Elements of the newsletter

With the many activities and rapid growth of the CyberTECH Community, the newsletter has provided the opportunity to highlight key announcements such as office space expansions, new advisory board members, community members, industry news and trends, events, and more.

While the look and feel along with the format has changed over time, many of the key elements of the newsletter remain the same.

Header Image

This is typically the first part of the newsletter that people see. The image often aligns with the theme of the newsletter which is discussed in more detail in the introduction section. For example, the February 2016 newsletter is primarily focused on the upcoming RSA Conference hence the CyberTECH Securing the Internet of Things (SIOT) Masters event image that can be found in various places including the SIOT webpage and the event registration page.

Screen Shot 2016-02-16 at 4.20.19 PM

Screen Shot 2016-02-16 at 4.19.02 PM


Introduction Section

This is the first text section of the newsletter. The introduction section is where the newsletter theme comes to life. It includes background or supporting information, why the topic matters, and how it relates to relevant CyberTECH activities or initiatives being discussed or announced. Examples of past newsletter themes include San Diego Startup Week, the Good Neighbor Event, the launch of CyberCalifornia, or the office expansion and launch of xHive co-working space.

Screen Shot 2016-02-16 at 4.31.03 PM

Screen Shot 2016-02-16 at 4.28.58 PM

Industry News

The emerging technology, cybersecurity and IoT industries are constantly changing. Through information sharing and leveraging the brilliant minds of the community, we constantly strive to be a trusted resource for the latest news and trends. Some examples of industry professionals who contribute to the newsletter include Alan Watkins, Neal Leavitt, Charles “Chuck” Brooks, Jerry Gitchel, Gary Hayslip, Cleve Adams, Darin Andersen, Fer O’Neil, Chuck Benson, Don Larson, Bill Bonney, and more.

Screen Shot 2016-02-16 at 4.42.49 PM

Screen Shot 2016-02-16 at 4.45.12 PM


Featured Members

The CyberTECH Members are the engine of the community. With over 50 “resident members” working from the office spaces and over 50 “non-resident members”, the CyberTECH membership includes a diverse blend of public and private entities with interests and operations across the nation. As a CyberTECH member, individuals and organizations have access to CyberTECH Incubators and Co-Working Spaces (CyberHive, iHive, xHive and nest), business development services and programs, and a distinguished network of professionals focused on fostering innovation and economic development.

The newsletter has been a great way to spotlight members, share member news and encourage other organizations to get involved.

Screen Shot 2016-02-16 at 4.51.09 PM

Upcoming Events

Having produced approximately 200 local and national events over the last 3 and a half years, the newsletter is a popular way to keep the community in the loop with previous and upcoming events.

Screen Shot 2016-02-16 at 4.57.27 PM

Screen Shot 2016-02-16 at 4.57.58 PM

Sponsors

The CyberTECH sponsors are a critical part of the overall success of CyberTECH. As a non-profit organization, our success and ability to be a sustainable organization, helping to advance the adoption of cyber and emerging technologies, depends on the support and contributions of our sponsors and partners. The newsletter is an ideal platform to promote and show our appreciation for our supporters.

In additional to the dozens of organizations and individuals who have contributed to the CyberTECH Community, there are a handful of organizations who have stepped up to sponsor the monthly newsletter. These companies include Webpass, Manpower, CyberUnited and CyberCalifornia.

Screen Shot 2016-02-16 at 5.00.13 PM Screen Shot 2016-02-16 at 5.00.26 PM

So what’s new?

While there are not currently plans to alter the main elements of the newsletter (if anything, add!), we have decided to make adjustments to the overall layout and amount of information that is included in the newsletter.

At the top of the newsletter, you will notice that a table of contents section has been added. You will also see that the bulk of the news and information now lives on our blog. There are more images too!

Because we do have a great amount of information to share, we are leveraging the CyberTECH blog. We believe this will give supporters the opportunity to refer back to information, news, updates, etc. while also being able to easily scan the topics and news.

These changes have been inspired by generous feedback provided by the community, advisors and members.

We are excited about the new direction and welcome any additional feedback, suggestions, etc. If you have any thoughts, please contact us here.

We appreciate your feedback and continued support!

Randstad Technologies Joins CyberTECH as a Member and Partner

CyberTECH is excited to highlight our newest member and partner, Randstad Technologies.

Randstad US is a wholly owned subsidiary of Randstad Holding nv, a $22.9 billion global provider of HR services. As the third largest staffing organization in the United States, Randstad provides temporary, temporary-to-hire and permanent placement services each week to over 100,000 people through its network of more than 900 branches and client-dedicated locations.

Ranstand

As a long time provider of IT outsourcing, Randstad recently joined forces with the CyberTECH community to expand its expertise in the cybersecurity and emerging technology arena.

Employing over 5,300 recruiting experts, the company is a top provider of outsourcing, staffing, consulting and projects and workforce solutions within the areas of Engineering, Finance and Accounting, Healthcare, Human Resources, IT, Legal, Manufacturing & Logistics, Office & Administration, Pharma and Sales & Marketing.

Randstad is on the cutting-edge of HR services when it comes to staying current with industry and technology trends. The company recently announced the appointment of Chief Innovation Officer, Graig Paglieri. Earlier this year, they announced the details of its first-ever digital HR showcase. You can read about other recent Randstad news here.

In addition to joining CyberTECH as a member, Randstad recently sponsored the CyberTECH Pre-RSA Bangers and Mash Security Table Breakfast. They will also participate in the CyberTECH CEO Roundtable Dinner on March 2nd during the RSA Conference in San Francisco.

With over half a million open cybersecurity jobs in the US, we believe Randstad is a perfect partner for the CyberTECH community.

Please see the below information to contact Randstad:

Kirin Quackenbush
Account Manager
Randstad Technologies
4660 La Jolla Village Drive, Suite 800
San Diego, CA 92122
T: 858.431.2184
C: 925.487.3506
F: 858.458.1830

kirin.quackenbush@randstadusa.com
www.randstadtechnologies.com

For more information on how you can participate in the CyberTECH Community, please contact us here.

Scrambling to Communicate: Privacy Policy Content for Safe Harbor and Privacy Shield

By Fer O’Neila Knowledgebase Technical Writer at a security software company and a Ph.D. student.

As the news of the demise of the Safe Harbor data sharing framework is replaced with statements regarding the completion of the EU- U.S. Privacy Shield, companies are scrambling to undertake compliance. One often unnoticed — yet important — component of compliance is how companies draft the text within privacy policies to communicate conformity with the law clearly to their customers. As over four thousand U.S. companies are affected by the invalidation of Safe Harbor, updating privacy policies to communicate the changes will be a priority for many.

This post takes a brief look at the existing content companies who have included Safe Harbor in a select corpus of privacy policies. The purpose is to determine how companies addressed the communications of Safe Harbor information in their official privacy policies and likewise, what new documentation may be required for the forthcoming Privacy Shield commitments.

The data used below was taken from a larger data-mining project that examined all of the content within privacy policies and whether principles of Privacy by Design (PbD) were met. The most important principle of PbD is “to keep it user-centric.” In other words, privacy policies exist to communicate how a person’s information and data are collected, handled, and used by the companies that collect this information. The PbD framework equally applies to analyzing the content of individual sections of privacy policies, such as Safe Harbor in this post, as well as for Privacy Shield when it is available.

In brief, the data from the larger data-mining project has been adapted to analyze the privacy policies, in order to look specifically at how companies document Safe Harbor. Once the Privacy Shield requirements are published, the same methodology can be used to examine and compare the content of both.

Method of analysis

This project examined the privacy policies of the “top 10 most trusted companies” from the eponymous 2014 Ponemon Institute study because it is an established corpus and the study suggests that a poorly written and disclosed privacy policy can actually diminish trust. Because of a tie, there are twelve policies included in the list:

  • Amazon
  • American Express
  • PayPal
  • Hewlett Packard
  • IBM
  • Nationwide
  • USAA
  • LinkedIn
  • Apple
  • USPS (tie)
  • Intuit (tie)
  • Mozilla

I used Provalis Research’s QDA Miner data analysis software to assign and analyze the codes and coding frequencies. I assigned codes based on each privacy policy’s self-named content sections — for instance, the section “What Choices Do I Have” would be coded as the high-level category, and within each category, identified individual codes such as “Cookies” and “Email or Mail Communication Preferences”. For this post, I show the results of the code “Safe Harbor” within the category “Privacy Complaints”, along with other categories and codes for context.

Results and discussion

In total, there were 28 codes across six categories. The following is a list of the six categories and the number of codes contained in each:

  1. How Information is Used (8 codes)
  2. What Personal Information is Collected (7 codes)
  3. What Choices Do I Have (7 codes)
  4. How Information is Kept Secure (2 codes)
  5. Privacy Complaints (3 codes)
  6. Minors (1 code)

For this post, I am focusing on category five, Privacy Complaints, which includes the following three codes:

  • Safe Harbor
  • File Complaint or Dispute
  • TRUSTe

In particular, I focus on Safe Harbor and how often the “top 10 privacy policies” discuss their Safe Harbor policy, and how much of the total privacy policy content is devoted to that content (i.e., total word count).

In total, there are 479 code uses across all twelve privacy policies. The top use was within the category “How Information is Used,” which comprised the three codes most used (124, or 25% of total). In contrast, Safe Harbor only comprised 8, or 1.7% of the total.

Cybertech Feb graphic

What does this tell us?

On the surface, the total counts can show us which categories are most important for companies to include in their privacy policies. Another factor is word count for each code section. A total of 33,798 words were used throughout all twelve privacy policies. However, only five policies included a Safe Harbor section at all (six of which were required to include this content by the U.S. Department of Commerce, but one of the policies did not include it). These five devoted only 1.9% of the privacy policy content to their Safe Harbor policy section. Further linguistic analysis of the content is needed to make an evaluation of the efficacy of this content (e.g., readability, PbD adherence, etc.), but suffice to say that from these results we can see which categories within the published policies are most important to companies.

Because the original project and data collection did not focus on the Safe Harbor section, I do not have the data to make any further inferences about the actual content within each Safe Harbor section. Further research and analysis are needed to evaluate the effectiveness of the privacy policy content to meet both compliance needs and to inform the public. However, this could be a suitable starting place as companies look to update their privacy policies with the new Privacy Shield data transfer agreement information. The same methodology and principles of design apply and we can look to see how data subject complaints are documented, how users seek redress, and most importantly how companies publish their commitments to the Privacy Shield framework to address the “robust obligations on how personal data is processed and individual rights are guaranteed.”

Conclusion, limitations, and additional resources

If a privacy policy does not explicitly discuss certain information, it is possible that the information is covered by existing laws, rules, or regulations. Consequently, we cannot determine with certainty that something missing within a policy is not covered somewhere else.

From the literature we can see what information is most important to users and, when combined with the analysis performed in this project for what information companies communicate, the most common elements are 1) what information is collected and 2) how that information is used. In order to recommend changes to privacy policies to meet the PbD framework (i.e., to be user-centric), we would need to make use of not only the PbD framework but also user testing and feedback. Hopefully, the EU-U.S. Privacy Shield agreement will encourage companies to devote more attention to creating robust and effective content in their privacy policies.

Privacy Policy, Safe Harbor, and Privacy Shield resources

Cranor, Lorrie Faith, Praveen Guduru, and Manjula Arjula. 2006. “User Interfaces for Privacy Agents.” ACM Trans. Comput.-Hum. Interact. 13 (2): 135–78.

EU-U.S. Privacy Shield fact sheet: https://www.commerce.gov/news/fact-sheets/2016/02/eu-us-privacy-shield

“Know Privacy.” 2015. Accessed August 2. http://knowprivacy.org/.

Safe Harbor Resurrected as EU-U.S. Privacy Shield: http://www.bna.com/safe-harbor-resurrected-n57982066887/?

Other research by Fer O’Neil

Fer O’Neil. 2015. Target data breach: applying user-centered design principles to data breach notifications. In Proceedings of the 33rd Annual International Conference on the Design of Communication (SIGDOC ’15). ACM, New York, NY, USA, 8 pages.

Fer O’Neil. 2015. Say What? Required contents of notice in data breach notifications. WeLiveSecurity http://www.welivesecurity.com/2015/02/21/required-contents-of-notice-data-breach-notification/

This post was written by Fer O’Neila Knowledgebase Technical Writer at a security software company and a Ph.D. student.

CyberTECH Intern Shares Experience and Future Plans

Tomorrow’s technology, today.

The future of technology innovation lies in the hands of our youth. Through internships, CyberTECH supports STEM education by encouraging our youth to explore science, technology, engineering and math related to cybersecurity and Internet of Things. CyberTECH interns are provided with the opportunity to make a real impact while developing technology, business, marketing and operational skills in a stimulating and innovative environment.

One of the first CyberTECH Interns was Jah’neice Mitchell, a student at e3 Civic High School. Jah’neice joined CyberTECH as a Sophomore and has been an important part of the CyberTECH organization. From planning, organizing and promoting events to managing the day-to-day operations, we are fortunate to have Jah’neice part of the CyberTECH team and community.

To get a better understanding of her experience at CyberTECH and the organization has and will continue to prepare for her next adventures, we asked Jah’neice to share her story.

How your time as a CyberTECH intern prepared you for college? Other jobs?

“CyberTECH has prepared me in multiple ways. For example, the meaningful relationships I’ve been able to develop with others. I’ve met so many people who have made a significant impact on me as a person and on my outlook on life. I’ve built relationships with professors, experts, retired and active military, and many other types of professionals.

I have also learned a lot about time management. Not only with managing school and the internship, but also with events and all of the preparation that’s required. The experience has taught me how to better manage my time – I know this will benefit me in college as well.”

How do you think your experience as a CyberTECH intern will prepare you post graduation?

“Working at CyberTECH, I had the chance to learn about marketing systems and tools that I didn’t know much about. For example, the CRM system. I have also become familiar and comfortable working in programs such as excel. 

Working at many of the events I also learned how to better organize, prepare, and execute events. From 10 person to 100+ people, I gained a great amount of experience that I’ll be able to apply going forward. 

One of my dreams is to eventually own my own business. Having worked with so many entrepreneurs and within the local startup community, I learned some of the fundamentals about starting a business.”

What was the most important lesson you learned as a CyberTECH intern?

“One of the biggest lessons I learned during my time at CyberTECH was to think things out on your own. Its okay to ask for help but its important to try and do things by yourself especially when it requires little assistance.”

How would you describe your overall experience as a CyberTECH Intern?

“Tremendous. I’ve met some exceptional people and it opened my eyes to a whole new world. It also helped to develop my confidence.”

 

Jahneice1


What advice can you give to other high school interns who are interested in working with CyberTECH?

“Don’t be shy and make connections – you really are surrounded by hard working people and successful people. If you have questions – ask – make as many connections as possible. Familiarize yourself with your surrounding – it’s good to know where things are.”

What are your plans post high school graduation?

” After graduation, I plan to attend a 4 year university and major in Chemistry or Chemical Engineering that way I can become a pharmaceutical toxicologist for the FDA or an engineer.

I have applied to over 20 schools and been accepted to 14 colleges thus far. I have also been offered academic scholarships from 4 of the schools I’ve been accepted to.

In March, I will find out if I received the Gates Millennium Scholarship.” 

Driven by her desire to learn, grow and make a positive impact, Jah’neice Mitchell has always demonstrated a high degree of integrity and potential to be a leader in every task and project assigned to her. We are excited for Jah’neice to start her next chapter and know she will continue to make a positive impact not only our community but any organization or project on the horizon.

Jahneice 3

CyberTECH Launches IoT Meetup in Seattle, Washington

Seattle-Meetup

This month, CyberTECH started an IoT Meetup Group in Seattle for anyone interested in the IoT including emerging technologies, security and privacy issues. All skill levels are welcome.

“We are moving toward a world of connected devices at an aggressive pace,” said CyberTECH Co-Founder, Darin Andersen. The Internet of Things, commonly referred to as the “IoT”, is the use of data by business, systems and people to make informed decisions in real time. LTE estimated 2B devices alone by year’s end 2017. We are expected to reach 4% of connections by 2015 and 10% by the end of 2018.

As we move closer to connecting every person and device in the world, our economic future will depend even more on maintaining a unified global Internet. As a result, the billions of interconnected intelligent devices will generate insurmountable amounts of data that will need to be secured. This reality will require companies of all shapes and sizes to work collaboratively to ensure efficiency and security.

“We strongly believe this is a very important topic that will continue to grow and affect each industry through what we are calling convergence,” commented Mr. Andersen.

The first Meetup is scheduled for Thursday, March 17 at the SURF Incubator in Seattle Washington.

Please visit the Meetup Group for additional information and to sign up.

CyberTECH Expands Co-Working Space for a Total of Over 16,000 Feet!

CoWorking

CyberTECH Third Co-Working, Incubator and Startup Collaboration Space, nest, Now Open!

The Fourth Space, xHive, to Open May 15, 2016!

CyberTECH is providing a special offer to Co-Merge Members. Lease a space at nest by March 15 for 6 months and get a 7th month free! Contact us now for more information.

NEST-NEW

This month, CyberTECH launched its 3rd co-working, incubator and startup collaboration space in San Diego, nest. Perched with amazing views overlooking downtown and the San Diego Bay, nest is 5,000 square feet of full service co-working space with a full kitchen, gym, showers, coffee bar, telephone booths, a meditation and relaxation room, and many work options.

The nest space is currently 63% leased with companies including reTech Labs, CyberUnited, Wescor, Mojo Marketing, Live Well San Diego, MaFe, LLC, Amgen Tour of California, and Strength by Ciani.

photovisi-download (2)

The new co-working space is part of CyberTECH’s 16,000+ square feet network of work spaces located in the Manpower building in Bankers Hill just adjacent to downtown and Little Italy. CyberTECH’s work spaces in the Manpower Building include a coffee shop, 4 kitchens, 3 conference rooms, 2 telephone rooms, a meditation and relationship room, a gym, 2 patios, a live music and DJ stage and many other amenities.

nest has 20+ reserved and non reserved “hot” desks accessible on a daily, weekly or monthly basis. There are also numerous private offices suitable for 1 person to entire 12 person teams.  “Our CyberHive and iHive co work and incubator spaces are 100% occupied, so we are opening nest (and xHive announced late last year and currently under construction) to accommodate additional Members” says Mohammed “Mo” Rahseparian, CyberTECH’s General Manager of Operations.

Pricing for nest starts as low as $200 per month and private offices range from $600-$3000 per month. Membership to nest provides access to all of CyberTECH’s incubators.

xhive-IMG_2525single

Approaching its fourth year, CyberTECH continues to lead the IoT and innovation community with plans to work with another 20-30 companies in 2016. With software-defined everything on the frontier, along with robotics, 3D printing, drones and other advancing technologies,

CyberTECH will launch its 4th incubator and shared workspace, xHive, on May 15, 2016 with 12 new offices. xHive will provide a collaborative environment to drive the innovation that leads to the development of advanced new technologies including devices powering the IoT, software and app development including robotics, 3D printing and drones.

According to CyberTECH Executive Director Shirley Adams, “xHive is our 5th expansion in the Manpower building in Banker’s Hill. This will increase our floor space by 40% and add new parking space options and other new member amenities.”

Additionally, xHive has partnered with SD3D to construct a highly automated medium production 3D printing studio inside the expansed facility. There will also be a new Robotics and Drone Lab and a full service coffee shop, shower facilities and a new second outdoor patio area will provide CyberTECH Members with exciting new workspace options.

Opening May 15, 2016, xHive will offer shared workspace for as little as $100/month, options for dedicated desks and/or private offices, access to conference rooms, robust connectivity, and a variety of other benefits that can be found here. Members gain priority access to mentorship and other resources including 100+ fellow cybersecurity, high tech and IoT incubator and shared workspace companies.

In addition, CyberTECH is providing a special offer to Co-Merge Members. Lease a space at nest by March 15 for 6 months and get a 7th month free! Contact us now for more information.

For additional information on working from any of the CyberTECH work spaces please contactMohammed “Mo” Rahseparian here.

CyberTECH Co-Founder Featured in Cloudmark Spear Phishing Video

Cloudmark, provider of carrier-grade messaging security and infrastructure solutions for the world’s most demanding fixed, mobile and social networks, recently produced a video panel on “The Insiders’ View – Spear Phishing and the Enterprise” where CyberTECH Co-Founder, Darin Andersen joined famous hacker, Kevin Mitnick, CEO of Stealth Works, Ken Baylor, and SVP of Engineering for Cloudmark, Leon Rishniw for a discussion on Spear Phishing in the Enterprise.

“Lively and instructive, our 24-minute discussion centered on how last year’s alarming data breaches and cyber attacks have created a new  – palpable fear, really – among every-day consumers, businesses and CEOs alike,” said Mr. Andersen. “At the core of these attacks, our panel agreed, was spear phishing – the e-targeting of individuals for malicious purposes. All it takes is one curious click and the bad guys pounce.”

In the video panel discussion, Mr. Andersen discussed how “Hacking the Human” is really the point of least resistance. Historically, that’s meant all of us and our desktops, laptops, even our smart phones. Now it’s expanding to be all the things I call the wearables, the live-ables and the drive-ables.  Everything that we rely on to be more productive becomes another part of an attack vector, a footprint, that the bad guys can exploit. 

CloudMark

Check out the full video here.

Pre-RSA Cyber+IoT Bangers and Mash Roundtable Breakfast

In 2014, CyberTECH developed the Cyber+IoT Bangers and Mash Roundtable Breakfast to bring together cyber and IoT professionals to network, hear 1-2 security presentations and have the opportunity to participate in an interactive panel discussion led by eWEEK Magazine.

The tradition began during the Black Hat Conference in 2013 when a handful of CyberTECH and industry leaders were looking for a place to have breakfast meetings, the one restaurant to accept reservations was an Irish Pub. The ad-hoc breakfast was well attended with meaningful conversations and relationships being developed. This inspired CyberTECH to evolve the breakfast into what is now the CyberTECH Cyber+IoT Bangers and Mash Roundtable Breakfast with “Irish Pub style” with Bangers & Mash and other classic Irish breakfast foods.

The Cyber+IoT Bangers and Mash eWEEK Roundtable Breakfast will take place on Tuesday, March 1 at the Chieftain Irish Pub in San Francisco, CA during the RSA Conference.

To prepare for the upcoming breakfast, CyberTECH and Cooley, LLP partnered with the San Diego Business Journal to produce a Pre-RSA Bangers and Mash during the CyberTECH Security Table Breakfast on Friday, February 12.

IMG_0823

The Security Table Breakfast is the ideal setting for cybersecurity and IoT professionals to connect with members of the CyberTECH community to evaluate the current cyber landscape, and build awareness around the most relevant and hot-button issues in cybersecurity.

At this San Diego Meetup, we talked about this year’s RSA conference theme “Connect and Protect” and about the hottest Cyber, IoT and Emerging Technology Trends with regional and national peers and media.

Reo Carr, Editor of San Diego Business Journal and Bill Bonney, Principal Consulting Analyst and Information Security Executive at TechVision Research interviewed today’s leading experts about the hottest security trends at this year’s RSA conference.

IMG_0824

IMG_0826

Special Guests included:

1.  Dave Titus – SVP, Cooley

2.  Gary Martino – Director of Information Security, West Health Group

3.  Scott King – CISO, Sempra

4.   Gary Hayslip, Deputy Director, Chief Information Security Officer, Department of Information Technology

5.  Erik Caldwell – Economic Development Director, City of San Diego

6.  Council President Sherri Lightner – City of San Diego

7.  Jonathan Parnell – CEO, Tuliva

8.  Rusty Sailors, CEO, LP3-SecurIT

9.  Adib Nasle, CEO, Xendee

10.  Loren Stocker, 800.net (privacy expertise)

11.  Rick Moy, CEO and President, EdgeNext (former NSS Labs Founder)

12.  Steve Nye, President and CEO, CyberFlow Analytics

13.  Darin Andersen, CEO, CyberUnited

14.  Michael Linehan, Member Technical Staff, Industrial Internet Consortium

15.  Emory Roane, Juris Doctor Candidate, California Western School of Law, Co-Host, This Week in Law

16.  Joseph A. Oregon, Information Security Program Manager, IT Security/Cyber Intelligence Unit, San Diego Law Enforcement Coordination Center (SD-LECC)

17.  Jauher Zaidi, Chairman & Chief Innovation Officer, Palmchip Corporation

18.  Paul Martini, CEO iboss

Event sponsors included Cooley LLP, Randstad USA, CyberUnited, SquarMilner, CyberCalifornia and our Media Sponsor San Diego Business Journal.

For more information on the March 1 Cyber+IoT Bangers and Mash eWEEK Roundtable Breakfast at the Chieftain Irish Pub in San Francisco, CA during the RSA Conference, please contact Darin Andersen.

CyberTECH Kicks Off CyberCalifornia Initiative at National Data Privacy Day Securing the Internet of Things Masters Event

CC Logo Screen Shot

On January 28, 2016, CyberTECH, a leading cybersecurity and IoT network, the Governor’s Office of Business and Economic Development, and the nation’s most distinguished privacy think tank research institution, the Ponemon Institute, hosted the “Securing the Internet of Things: Data Privacy Day 2016” event in Sacramento, California. This event addressed these privacy concerns and provided a clearer understanding of the perceptions and potential threats that will affect the collection, management and safeguarding of private information about individuals and organizations.

2016-01-28 07.55.44

It was during the morning session at the California Governor Brown’s Office that Director of the Governor’s Office of Emergency Services (calOES), Mark Ghilarducci and State of California CISO, Michele Robinson joined CyberTECH Co-Founder, Darin Andersen and other members of the Governor’s Office and Cybersecurity Task Force including Louis Stewart and Oliver Rosenbloom to announce a new California Initiative, CyberCalifornia, to promote the state as the epicenter of commercial cybersecurity.

With over 60 attendees and participants present, the group was among the first to learn how the CyberCalifornia Initiative will help further position California as a leader in cybersecurity as it relates to commerce and the Internet of Things (IoT) technology.

The mission:

CyberCalifornia will advance the goals and promote the accomplishments of the State of California’s Cybersecurity Task Force, with a particular emphasis on the connections between cybersecurity and economic development.

CyberCalifornia will help organize public-private partnerships in cybersecurity, with the goals of facilitating research and innovation in cybersecurity, educating California businesses about cybersecurity needs and resources, and connecting the state’s robust workforce development system with employers and their needs.

CyberCalifornia will collaborate with the Innovation Hub (iHub) Network, a program administered by the Governor’s Office of Business and Economic Development. The iHubs provide innovation platforms for startup companies, economic development organizations, business groups, and venture capitalists by leveraging such assets as research parks, technology incubators, universities, and federal laboratories.

The action plan:

Create a standing Board of Advisors to work with the California Cybersecurity Task Force, with a particular emphasis on the Economic Development Subcommittee.

Assist in organizing private sectors by vertical industry such as banking and finance, high technology, agricultural technology, and others. These advisory groups will encourage sector-specific cybersecurity innovation in their respective domains, in partnership with the statewide Innovation Hub (iHub) network. These groups will also publicize exemplary cybersecurity practices for industry members.

Assist in development and promotion of cybersecurity career pathways, in close partnership with the Workforce Development and Education Subcommittee and the Economic Development Subcommittee of the California Cybersecurity Task Force.

Partner with local and regional economic development organizations, including the Innovation Hubs (iHubs), economic development organizations, small business development centers, workforce investment boards, and other strategic partners, to inform California’s business community about cybersecurity needs and solutions.

Establish connections between the Cybersecurity sector and the Internet of Things sector, through such activities as conferences and media events.

2016-01-28 10.26.56

Following the announcement, eWEEK Editor, Chris Preimesberger led the interactive Cyber + IoT Bangers & Mash eWEEK Roundtable discussion. The second half of the Masters event took place at the Leland Stanford Mansion where security and privacy professionals participated in a panel on Government and Academic Initiatives related to IoT security and privacy and a panel on security, privacy and trust in IoT platforms. The day concluded with a group exercise on securing the IoT supply chain for connected devices.

An international effort to empower and educate people and organizations to protect their privacy and control their digital footprint, Data Privacy Day also raises awareness about existing cybersecurity partnerships in California and help to facilitate further collaboration amongst key cybersecurity stakeholders in the Golden State. Given the inextricable link between cybersecurity and overall economic vitality, it is crucial that businesses, universities, and other collaborative assets throughout California work together to enhance the security of California’s digital infrastructure.

Main Image

For additional information or to participate in the CyberCalifornia Initiative, please visit the CyberCalifornia website.

 

Comments on Startup Week Convergence Tech Crawl

Friday night, the San Diego CyberTECH organization initiated Startup Week Convergence Tech Crawl attracting about 150 people. The space was large enough to accommodate the gathering and plenty of good food and drink present.

CyberTECH-Crawl

 

CyberTECH itself  invests volunteer activities for California State’s, CyberCaliforniaprogram. We are a dedicated community and events like this one are not only fun and informative, they serve as a public relations forums to spread the news among the many participating companies including numerous incubator startups.

A number of attendees spoke in support of the participating organizations and how the combined efforts continue to make San Diego a focal point for technology. I quote a part of that linked 2015 article in support of what takes place in this region:

“As long as this level of interest continues, there is nothing to keep San Diego from expanding to a point where it could even eclipse Silicon Valley. For now, entrepreneurs and established tech companies will keep taking advantage of the many viable opportunities in this area, and tech workers can choose between a wide variety of high-paying jobs that can put their skillsets to work.”

CyberTECH’s Co Founder and CEO, Darin Andersen, asked me to present topic of 5-7 minutes for two different segments of this meeting. I chose to speak on: Leadership;  Teamwork; and Mentoring. Those three elements must always be present as strong foundations to build effective and supportive organizations.

I believe CyberTECH provides a motive force in that regard and formed its presence, being referenced as a template for other related volunteer organizations to evolve themselves.

In closing, I always think a meeting is successful when much conversation takes place. Friday night’s event succeeded on that point very well.

This blog was written by Don Larson.

San Diego CyberTECH Annual Planning Meeting Comments

The San Diego CyberTECH Annual Planning Meeting early today was very productive. Six hours later we created a set of activities to guide the organization going forward.

Some of the next steps for the Directors and we Advisors to the Board are to help standup the committee for the organization’s 2016 goals, develop the strategies and tactics to manage those deliverables. This setting lets me practice my leadership and project management skills.

Also, I was appointed as a second Co-Chair for the Internet of Things Meetupsthroughout the coming year. It’s a great opportunity to help shape this very important element of this large CyberTECH organization.

Blog written by Don Larson, Co Chair Internet of Things (IoT) Meetups, CyberTECH.

CyberTECH to Launch 4th Incubator and Shared Workspace, NEST

On February 1, CyberTECH will launch NEST, a co working, incubator and startup collaboration space in San Diego.  Perched with amazing views overlooking downtown and the San Diego Bay, NEST is 5,000 square feet of full service co working space with a full kitchen, gym, showers, a meditation and relaxation room, and many work options.

The new co working space is part of CyberTECH’s 15,000 square feet network of work spaces located in the Manpower building in Bankers Hill just adjacent to downtown and Little Italy. CyberTECH’s work spaces in Manpower include a coffee shop, 4 kitchens, 3 conference rooms, 2 telephone rooms, a meditation and relationship room, a gym, 2 patios, a live music and DJ stage and many other amenities.

NEST will have 20+ reserved and non reserved “hot” desks accessible on a daily, weekly or monthly basis. There are also numerous private offices suitable for 1 person to entire 12 person teams.  “Our CyberHive and iHive co work and incubator spaces are 100% occupied, so we are opening NEST (and xHive announced late last year and currently under construction) to accommodate additional Members” says Mohammed “Mo” Rahseparian, CyberTECH’s General Manager.

Pricing for NEST starts as low as $200 per month and private offices range from $600-$3000 per month. Membership to NEST provides access to the all of CyberTECH’s incubators. CyberTECH is a global cybersecurity and Internet of Things (IoT) network ecosystem providing cybersecurity and IoT resources, strategic programs and thought leadership events across the nation. Our membership includes business and financial leaders, academic and research institutions, government and non-profit organizations.

CyberCalifornia: The Epicenter for Commercial Cybersecurity

Acknowledging the truths about cybersecurity, protecting critical infrastructure, addressing the importance of information sharing and collaboration, and developing the cyber workforce are just a few examples of the many initiatives top of mind for California’s cyber leaders. 

In a recent United States Cybersecurity Magazine article, “California Gold: Cybersecurity’s Emerging Epicenter”, members from the California Governor’s Cybersecurity Task Force and CyberCalifornia’s Advisory Board discussed current efforts that support the Golden State’s position as a beacon of leadership in cybersecurity. 

As the most populous state in the country, and home to hundreds of startups, emerging automation technologies and ever expanding critical infrastructure, California is an example where the universal need for cybersecurity takes on interesting new connotations and challenges. Many of the State’s disruptive companies are focused on the Internet of Things (IoT), leveraging the Internet to boost speed, convenience, and productivity. 

“A lot of traditional industries…have never been faced with the need to create secure devices, because their products haven’t been connected to the internet and therefore they’ve never worried about those devices being hacked,” said Darin Andersen, founder of global cybersecurity and IoT community, CyberTECH, cybersecurity consulting firm, CyberUnited, and the CyberCalifornia initiative. “It’s one thing if you get a blue screen on your computer; it’s another thing if a bad guy can maneuver your car off the road into a ditch, or hack a pacemaker.” 

As for solutions, information sharing was high on the list for the cyber experts suggesting that the best way to prevent future compromises is to provide organizations with fast, advanced, and secure frameworks to facilitate the exchange of information. 

The development of this type of exchange is the focus of the Information Sharing Subcommittee of the Task Force, “working diligently to promote cyber hygiene and situational awareness by streamlining the exchange of cybersecurity information,” said Justin Cain, Cybersecurity Coordinator for the Task Force. 

Gary Hayslip, CISO for the City of San Diego, CyberTECH Co-Chair, and member of both the Task Force and CyberCalifornia stressed that “cybersecurity is a team sport. You can either collaborate with your peers to better defend your organization or get eaten.” 

Plans for protecting the present and securing the future were discussed by several other Task Force and CyberCalifornia members including Alberto Yepez, Managing Director at Trident Capital, Oliver Rosenbloom, Co-Chair for the Cyber Task Force’s Economic Development Subcommittee, William Britton, Director of California Polytechnic University at San Luis Obispo’s Cybersecurity Center (CalPoly), and Bob Ackerman of Alleges Capital.

CyberTECH Launch New Incubator and Shared Workspace for Emerging Technologies

This week, Gartner confirmed that 21 billion Internet of Things (IoT) devices will flood the market by 2020 and that IoT devices will encompass more than 6.4 billion connected objects in use by 2016, a 30% rise from this year. According to the Internet of Things 2015 Report released by Business Insider this month, nearly $6 trillion will be spent on IoT solutions over the next five years. The report confirmed businesses will be the leading adopter of IoT solutions with goals to lower operating costs, increase productivity and expand new markets or develop new product offerings to improve their bottom line. Governments are not far behind businesses when it comes to adopting the IoT with focus on increasing productivity, decreasing costs, and improving their citizens’ quality of life. Consumers will lag behind businesses and governments but will still invest in IoT ecosystems.

Approaching its fourth year, CyberTECH continues to lead the IoT and innovation community with plans to work with another 20-30 companies in 2016. With software-defined everything on the frontier, along with robotics, 3D printing, drones and other advancing technologies, CyberTECH will launch its third incubator and shared workspace, xHive, in February 2016.

xHive will provide a collaborative environment to drive the innovation that leads to the development of advanced new technologies including devices powering the IoT, software and app development including robotics, 3D printing and drones.

According to CyberTECH Executive Director Shirley Adams, “xHive is our fourth expansion in the Manpower building in Banker’s Hill. This will increase our floor space by 40% and add new parking space options and other new member amenities.”

Additionally, xHive has partnered with SD3D to construct a highly automated medium production 3D printing studio inside the expansed facility. There will also be a new Robotics and Drone Lab and a full service coffee shop, shower facilities and a new second outdoor patio area will provide CyberTECH Members with exciting new workspace options.

Opening in February 2016, xHive will offer shared workspace for as little as $100/month, options for dedicated desks and/or private offices, access to conference rooms, robust connectivity, and a variety of other benefits that can be found here. Members gain priority access to mentorship and other resources including 100+ fellow cybersecurity, high tech and IoT incubator and shared workspace companies.

Interested in xHive? Contact us today to visit the new space, discuss partnership opportunities, and learn more about how you can join.

Think Nationally, Act Locally

“Technology experts believe 2016 will be remembered in years to come as the tipping point where emerging technologies like driverless cars and virtual reality finally went mainstream.” – Neil Keene, The Daily Telegraph.

Neil Keene was among the 6,000+ members of the media who observed the 2016 Consumer Electronic Show (CES), the 1,278,870 mentions of the #CES2016 hashtag and 15.2 billion total potential social media impressions from January 5-9.

With approximately 3,800 exhibitors and more than 170,000 industry professionals gathering in Las Vegas for the world’s biggest technology showcase, CES is one testament to the tens of thousands of ways that technology is changing the world as we know it.

While emerging technologies like those observed at CES are considered more “mainstream”, the reality is technology is already considered to be “everywhere”. According to the Internet World Stats, there is an estimated 3,366 million Internet users worldwide – almost 50% of the world’s population. As modern technologies like the Internet of Things (IoT) continue to flood the markets, it is becoming increasingly difficult to keep up with evolving technology landscape and the cyber attacks that follow.

A Global Cybersecurity and Internet of Things Network, CyberTECH has made it our mission to stimulate innovation and advance the adoption of cyber, IoT and emerging technologies, locally, nationally and globally.

CyberTECH understands information sharing of best practices, trending technologies, and the latest threats is essential to individuals and businesses looking to better understand, manage and consume emerging technologies. Because technology, and cyber threats, are not confined to one location and many of the best minds in technology don’t live in one region, state or even nation, CyberTECH is expanding efforts to produce thought leadership events both locally and across the nation.

We invite you to travel with CyberTECH in 2016 as we bring together the world’s top industry experts and cyber professionals to lead discussions around emerging technologies, IoT security, privacy, innovation, the influence of policy and to provide forward thinking and actionable intelligence in an evolving, competitive marketplace.

Visit the CyberTECH Events website to learn more about our local and national efforts.

Children of Light: Riding the Insecure Internet of Things

During a middle school field trip to my hometown power utility, the Plant Manager and our tour guide for the day, made a statement that stuck in my mind, “our customers are children of light and when they flip a switch, they expect light.”

The notion that we are “children of light” has served as a kind of guidepost to me about the nature of human expectation and the relationship we have to the technology that powers our daily life.

The Internet of Things (IoT) phenomenon brings convenience and new capabilities via smart devices and gadgets but at a cost; namely IoT devices are susceptible to the same malicious hackers that have plagued computer users for decades.

Connected drones are an emerging technology that will play a central role in the IoT ecosystem.  Drones can communicate images and audio, sense various conditions including chemicals and certain radio frequencies.  They are relatively cheap and simple to operate and can also carry payloads such as a package for Amazon.com or an explosive for military purposes.

Recently, we have seen rash a of incidents involving drones whereby they have interfered with police and fire operations, buzzed (and crashed) on sports field and violated the privacy of average citizens.  With a million customer drones expected to be sold over the Holidays, drones hold both great potential and some danger.

The fact is most Internet connected devices including vehicles, medical and fitness devices, cameras and drones have been successfully hacked for years.  A recent study by Hewlett-Packard showed that 70 percent of Internet connected devices are vulnerable to some form of hacking.

Our societies, comprised of children of light, are becoming heavily dependent on IoT devices. As such, it is important that we continue our efforts to secure these devices while protecting privacy and delivering expected improvements to the quality of our lives.

Blog written by Darin Andersen, Chairman and Founder, CyberTECH, President and CEO, CyberUnited, Co Chair for Economic Development Subcommittee on California Governor’s Cybersecurity Task Force.

CyberTECH to Partner with Cutting-Edge Hybrid Service Provider ScaleMatrix

CyberTECH is partnering with ScaleMatrix to bring our Resident and Community Members the world’s most cutting edge data center technology. By partnering with best of breed technology providers like ScaleMatrix, we are able to provide the diverse CyberTECH community with the right platform and performance criteria based on their needs.

As developers of ground-breaking data center efficiency technology, ScaleMatrix delivers an array of cloud, colocation, managed services, data protection and connectivity options under one manageable umbrella. The company has developed a revolutionary high-density, high efficiency Data Center driving down the cost of cloud, HPC and colocation services.

“CyberTECH and ScaleMatrix share the same spirit of innovation and drive to stay ahead of the evolving technology landscape,” said CyberTECH Founder, Darin Andersen. “ScaleMatrix understands the importance of robust, reliable and secure IT infrastructure. Because the companies working with CyberTECH all have different objectives and problems they are solving, uptime, scalability and security is extremely valuable. We are looking forward to building a long lasting relationship with ScaleMatrix.”

USD Center for Cyber Security Engineering and Technology

The University of San Diego recently launched its first Cyber Security degree program, a fully online Masters of Science in Cyber Security Operations and Leadership. In keeping with their strategy for a robust cyber security education program, approvals for their next degree, a Masters of Science in Cyber Security Engineering, is scheduled to launch in January 2016 as a fully on-ground program.

This degree is accelerated and focuses on the engineering aspects of cybersecurity.  It is designed for those with computer science, electrical engineering, or computer engineering bachelor degrees.  While work experience will certainly be considered in admission decisions, because of the rigor of this offering, it is very important to have a fundamental background in order to succeed.

The program will consist of 30 units of coursework and is designed for the working professional.  It will take 5 semesters or approximately 20 months to complete.  It is an extremely specialized degree of the Shiley-Marcos School of Engineering – not only is it the engineering school’s first Masters degree, but it is part of USD’s first center (CCSET).  While the term is often overused, students in this program will truly be pioneers at USD.

The program is being led and developed by Dr. Winnie Callahan, an educator with 20 years of experience at the University of Nebraska and the University of Southern California. She brings together experts in national defense, business, information technology and education to train a new generation of cybersecurity professionals.

“It made sense to me with the things I was seeing that we needed to address this national problem at a couple of levels, including better trained cyber professionals,” said Dr. Callahan.

CyberTECH Executive Director, cyber professional and program champion, Shirley Adams stated, “The center will play a key role in San Diego’s regional efforts to be recognized as the National Center of Cyber Security Excellence. Working together we can help produce the high quality cyber security engineers that our nation so desperately needs.”

Confessions of a Social Engineer: What Every Business Needs to Know

While the global media consistently churns out a deluge of reports about “sophisticated” hacks against prominent individuals, organizations and institutions, the Social Engineer uses well known tactics and techniques to “hack the human” leveraging “bugs” in human phycology.

Exploiting these “bugs” allows the Social Engineer to gather information, implement fraud to further a purpose, agenda or actually access a government or corporate system. The Social Engineer typically uses non-technical methods to gain access to sensitive systems and platforms by tricking one or more people into breaking normal security polices, procedures and protocols. It is one of the greatest threats facing organizations today.

There is a lot that organizations can do to defeat the Social Engineer. The best defense is to create a “security culture” inside your organization. Security culture is all about building awareness, common goals and best practices around protecting sensitive and confidential information. It teaches everyone in an organization to develop situational awareness and begin actively looking for the tell-tale tactics of the Social Engineer.  Further, your organization can conduct security assessments, determine your Cyber Value at Risk and prepare for a sensitive data breech before,during and after it occurs to build organizational resiliency.

Blog written by Darin Andersen, Chairman and Founder, CyberTECH, President and CEO, CyberUnited, Co Chair, Economic Development Subcommittee for the Governor of California’s Cybersecurity Task Force.

Protecting the Internet of Things and living in Smart Cities

Last week both the FBI and the Department of Homeland Security warned of risks associated with the emerging Internet of Things. The term IoT often refers to devices that are readable, recognizable, locatable, and controllable via the Internet. Gartner estimates there will be around 26 billion networked devices on the Internet of Things by 2020. Certainly, there are many risks inherent with so many objects connected to networks, but there are also many smart technologies that can enhance security and DHS’s mission to protect the nation.

In public safety, sensors, embedded security systems and surveillance cameras that can monitor public behavior are becoming a norm. In 2005 in London, closed-circuit TV cameras helped lead to the identification of those who carried out the attack on London’s subway and bus systems. More recently, the identification of the prime suspects in the Boston Marathon bombing came in part through security-camera images. Because of the limitations of personnel to constantly patrol areas of cities, surveillance monitoring by video and acoustic devices have enabled law enforcement to magnify their reach and also keep an electronic record of forensic evidence.

The integration of sensors, networks and data analytics is what composes a “Smart City”. Smart Cities integrate transportation, energy, water resources, waste collections, smart-building technologies, communications, and security technologies and services. Frost & Sullivan estimates the combined global market potential of these smart city segments to be $1.5 trillion ($20 billion on sensors alone by 2050, according to Navigant Technology.)

The IoT for Smart Cities has received much attention from DHS, especially from the under secretary of science and technology,Reggie Brothers. His S & T Directorate is continually seeking, developing and sharing innovative technologies. In its own words, “S&T is looking for your best ideas on how we can mobilize and repurpose cutting-edge smart technologies to strengthen the safety and security of our nation. Focusing on wearable tech and Internet of Things, this discussion is a ‘call to action’ to challenge you to think differently about the role science plays in preparing for future threats and risks. S&T envisions a future where mobile sensors, communications, materials, and visualization technologies seamlessly work together to enhance the safety of the public and our responders.”

For DHS, this mission directly correlates to incorporating technologies for shared situational awareness and enabling integrated operational actions to prevent, mitigate, respond to and recover from cyber incidents as well as crime, terrorism and natural disasters.

Specifically for DHS and law enforcement, there are a variety of key areas of IT, Smart Cities — or in the case of homeland security, “secure cities” — component roles:

  • Physical and cyber security;
  • Intrusion prevention/surveillance;
  • Resilience;
  • Public safety services (first responders);
  • Sensors, detectors, biometrics, wearables;
  • Drones, robots;
  • Data analytics, urban informatics;
  • Cameras;
  • Command & control centers;
  • Interoperable communications;
  • Crime mapping;
  • Social media monitoring.

The primary focus of DHS has always been to detect and mitigate weapons of mass destruction. The defense against chemical, biological, radiological, nuclear, and explosive threats will continue to be priorities of DHS because of the asymmetrical terror consequences they present From its onset, the agency has been working with sensors and networks that detect the presence of toxic gas, pathogens, radiation and explosives. The automation, deployment and analytic derived from these systems continues to be enhanced as components are integrated in to smart and secure cities.

Wearables is on one of the newer promising technology areas for DHS. The S & T  Directorate recently announced a business accelerator program named EMERGE! That is aimed at developing new interoperable wearable technology for the public safety community. Future first responder technologies will likely include headset systems with cameras for visual awareness with embedded, computers that will analyze visual data. They will have sensor technologies for sharing information in real-time with hospitals that will be invaluable for rescues in disaster. This summer, S &T launched  the Incident Management Information Sharing (IMIS) Internet of Things pilot to apply IoT to the challenge of vastly improving responders’ situational awareness during emergencies.

I would be remiss if I did not mention DHS’s role in cybersecurity. DHS is responsible for overseeing the protection of the .gov domain and for providing assistance and expertise to private sector owners and operators. Because the IoT touches both government and private sector networks, DHS in an integral part in deterrence, ameliorating risk, and ensuring resilience to the IoT networks. As a society on the verge of unparalleled exponential connectivity, DHS’s role is in cybersecurity is a critical one.

New risks, privacy issues, and unforeseen issues will no doubt confront us as the Internet of Things continues to evolve and expand. DHS will be at the forefront of addressing those developments and will continue to fulfill a vital role in its mandate of keeping citizens safe by harnessing new technologies for secure and smart cities.

Blog Written by Charles “Chuck” Brooks, Vice President of Government Relations and Marketing, Sutherland Global Services.

Path to a Career in Cyber

When I started my career in the US Navy, almost three decades ago, I originally went into the field of advanced electronics. It was close to what I wanted to do, which was work on computers. However, in the mid- 1990’s, I read a book that changed my life.

The book, “Information Warfare,” was written by Winn Schwartau and after reading it I became fascinated with not just computers, but the idea of global networks and how computers could be used as both an offensive and defensive weapon. The book started me down a long twisted path full of curiosity and after 25+ years of walking that path I find I am always curious.

Information Technology (IT) today permeates every facet of our daily lives. We would be very hard pressed to find a place in the world where some type of IT is not being used. With that said, because this technology is such a multi-faceted tool, it can be used in an exponential number of ways for both good and evil.

So, over the years as I have walked this twisted path in IT I have sought to expand my knowledge into the field of what we now call Cyber Security. I have purposely worked in many positions to learn new ways to use computers and increase my understanding of enterprise networks and how to protect them.

Over time I even built a lab in my garage, to the dismay of my wife, made from way too many shopping sprees on eBay and Fry’s. Before you knew it I had a full rack of Cisco equipment and several rows of Windows and Linux desktops and servers (pre-virtualization days – I feel old). I used this equipment over many long nights to teach myself networking, a little hacking – who am I kidding a lot of hacking, and computer forensics. I also used this lab to help me study for my first certifications and as I changed jobs I would reconfigure the lab to study for new certifications.

This lab would teach me that to work in the field of Cyber Security you need to start small. You need to figure out what you don’t know, lay out a plan for where you eventually want to be, and then put your head down and get to work.

I used the lab to experiment and increase my knowledge, I used it to break things and then figure out how to fix them. Sometimes, humbling that it may be, I learned I was not as smart as I thought I was and I would have to ask for help after breaking something. In spending this time, over several years, working in that lab and taking any class I could find at the local colleges and junior colleges I developed what I called my Cyber Career Map.

This map consisted of a certification tree, a tree where I mapped out what certifications and experience I would need to eventually be at a certain skill level. The hope was someday I would have an interesting job in Cyber Security. As I look at where I am at today I would say that plan worked very well.

So fast forward to today, I was recently asked to describe how I developed my map and to write an article with some mind maps as a visual tool so readers would better understand my process. There are three tools that I used to develop a Cyber Career Map, those are the Certification Maps, Employment & Networking Web Sites, and Education & Cyber Web Sites. This article is centered on Cyber Certification Maps and its three sub component areas:

• Certification Maps
o World of Cyber
o Cyber Career Map
o Cyber Career Map – My Career as an example

Before I get started, I want to say I am by no means an expert. This article is just based on what I learned from experience over the last 25+ years as my career has progressed in both IT and Cyber Security.

I believe my experience in having moved through multiple disciplines within the IT and Cyber Security fields gives me a unique perspective on the experience and insight a senior cyber security professional gains from having a broad range of IT knowledge. So with that said I plan to describe some of the tools and web sites I used to help me in my career and why I used them. Let’s get started.

Continue reading…

Blog written by Gary Hayslip, Deputy Director and Chief Information Security Officer for the City of San Diego.

Before there Were CISOs – Part 2 (Into the 21st Century)

In Part 1, I covered my first two decades of ‘growing up’ in Information Technology (IT) and cybersecurity before the Chief Information Security Officer (CISO) title existed. I left off with the early stages of implementing security measures at the birth of the World Wide Web (WWW) and the explosion of connected computer usage that we know today as the Internet. In reality, the Internet existed years before the WWW, which took advantage of new graphical user interfaces (GUIs) to make the user experience easier and friendlier; because, after all, the Internet is just a network of networks interconnected across the globe.

In Part 2, I continue with my third decade, breaking out of the “IT box” into aspects of security for operational systems, industrial control systems (ICS), and underlying information assets, as well as the transition of cybersecurity becoming a recognized business function with newly defined areas of responsibility. The technology changes that seemed to be happening so radically during those earlier years (e.g., moving from a mainframe, text-based environment to desktop PCs with graphical interfaces), slowed down during this next period. While new technologies were still being released frequently, they weren’t major shifts in the paradigm (yet).

To me, the most important characteristic to have in this type of position is integrity – always speak the truth, say what you’re going to do, do what you promised you would do, and maintain confidentiality.
During this time, the private sector was taking steps toward identifying what was ‘cybersecurity’ and the roles associated with it; this, sadly, was not the case for municipal government where I was working. I found that municipal, regional, and even state governments were not yet concerned with creating formal cybersecurity roles. Instead, they were still using a single job title to cover a dozen different roles, such as my general umbrella role as “IT Manager.” During the early part of this time period, we were all dealing with resolving the Y2K date issues (to this day, I still write my dates as mm/dd/yyyy). I became involved with control systems and other embedded systems which were, at the time, not considered within the realm of IT – they belonged to the process control engineers. These systems had two positive things going for them; (1) the systems were on a closed, internal network located at each facility and not connected to any office network or the Internet, and (2) work crews would simply take over manual operations of the equipment in case of a system failure. However, with Y2K approaching, we performed the Y2K assessments on these control systems and the results revealed some potential security issues which needed to be addressed. While the latter condition (taking manual control) remains true, the former condition would change in the years ahead, by enabling secure, remote access into certain control systems. In addition to the ICS located in major facilities, we also had Supervisory Control And Data Acquisition (SCADA) systems to monitor small (and often remote) pumping stations. These systems were mostly secure, based on the fact that they were used for only monitoring the local process controls and not managing them (the “supervisory” function being disabled), and they were not connected to any network. The SCADA systems communicated through either dedicated telephone lines or across point-to-point, restricted frequency radio signals, and later used licensed, spread-spectrum radio frequencies. While I provided recommendations, SCADA security was handled by another division. As you can see, at this time, security was not centralized or managed, it was spread out among many divisions and was still not a formal discipline within municipal government.

Soon afterwards, my view of system security took a new twist for several months, as I was unexpectedly pulled out of my regular job for a special assignment – overseeing city-wide electronic discovery (eDiscovery) in response to a federal subpoena. I managed 15-20 IT technicians & analysts, taken from a dozen different departments for this task. I was assigned a system administrator and network security analyst who helped modify user rights for the eDiscovery team members, as they went into numerous work sites in over 15 departments to collect data from local PC systems. Another small team had the task of searching for and retrieving data from dozens of departmental file servers. We had to manage “just-in-time” security rights to give team members access to the specific workgroup data when they went to collect potential evidence, and then remove that access when they were done. We also had to coordinate physical security for access into closed office spaces, including having security guard escorts in restricted work spaces (at least they preferred having my team come ‘visit’ them, rather than the FBI). Needless to say, this brought the whole data security issue to the forefront for almost all managers and executives, because their files were the primary focus of the investigation. In addition, while many of the IT analysts had some previous exposure to system security, this was a new area for them as well, especially having to log and track their activities. In my administrative group, we had online system logs to maintain and keep secure, and we had to document which team members were given access to specific server or workgroup data, when it was activated and terminated, and a summary of the files retrieved.

Later, when I returned to my regular job assignment, I was fortunate to become a Department Information Officer (department-level CIO) which brought all of the technology functions under one central division. I managed four sections which were responsible for control systems engineering design (planning new control system installations), control systems administration (setup, management, and ongoing maintenance of the systems), SCADA & telemetry support (managing & administering SCADA systems), and IT services (Help Desk & technical support, application management, network administration, and security). It was during this time that the ICS designs started including cross-over access points between the control systems network and the operational (office) network, so that data could be exported out of the control systems for administrative reporting purposes. My staff worked cooperatively in both the planning and implementation of necessary security controls, at first making this a one-way connection to get the data out, and later providing secure connections for specific remote access into the control systems by designated and authorized system administrators. The team also coordinated integration with physical security systems, so that certain control systems alarms would display at the facility security guard consoles.

It was at this time that information security became a recognized service area and we had to start reporting monthly and annual performance metrics to senior management. I’ll digress for a moment – how many of you had the discussion (some may consider it an argument) with senior management about how to report attempted intrusions? They wanted to know how many attempts were blocked each week or month and didn’t understand that the volume would normally fluctuate from 10s of thousands in a week to 100s of thousands, because it depended on who was targeting our local government or any “dot-Gov” domain. I told them the performance goal should not be blocking X-number of attempted intrusions, the goal needs to be zero actual intrusions. After two years, they accepted my goal, but still wanted to know how many intrusions were blocked. One benefit of having more visibility of security metrics, was being able to use them as part of the business case for our budget. While there wasn’t a line item in the official budget for security, the underlying documentation outlined the security-related costs (i.e., staff, hardware, software or third-party services); however, I still had no designated security positions.

Now that we were finally growing a departmental security program, organizational changes were made, in the name of “streamlining government,” resulting in my position and my boss’ position being re-engineered out of existence. Fortunately, the teams I was leaving behind were now established and self-sufficient, and I moved into a position as city-wide Enterprise Architecture and Infrastructure Manager (which included security functions). During my last five years, there was further turn-over in senior management and the city changed from a City Manager to a “strong Mayor” form of government. My new role morphed into IT Operations and Security Manager, where I worked under three different CIOs and, when there wasn’t one, I reported to the Assistant COO and was responsible for operational management of the IT Department. At that time, I was also responsible for managing data retrieval for confidential internal investigations, including senior management, locking down user accounts, and impounding hardware.

Over the last several years, I had made a point to create working relationships with department directors and other senior management, offering assistance and guidance to support their IT functions. I believe these developed relationships were critical for me in my new position, because, when it came time to interact with them on a regular basis as part of the IT governance process, I already had their trust and respect. To me, the most important characteristic to have in this type of position is integrity – always speak the truth, say what you’re going to do, do what you promised you would do, and maintain confidentiality.

One of the last tasks in my position was helping implement a new IT Strategic Plan, which included forming an Information Security Committee. Committee members were appointed from a minimum of twelve departments by their directors and at least half the members were from operational management positions, not IT functions. This was a strategic requirement in forming the committee, to ensure that business needs were being addressed as security measures and solutions were proposed. The committee’s first task was to update the incomplete set of security policies and procedures. We obtained the current ISO/EIC 27000-27005 set of standards and used applicable ones to incorporate into a detailed set of information security guidelines and standards to augment a new set of information security policies.

As I ended my career with the City, I convinced the CIO and COO they needed to create a specific position for security, and relegate my other job functions to other IT managers. In the end, I was able to define an “IT Security, Compliance, & Risk Manager” position – which a few years later would be formalized as the Chief Information Security Officer (CISO) role with overall responsibility for cybersecurity on all City networks. This was especially important because the city’s IT services transitioned from a hybrid, internal/external service model, to one that was almost all outsourced and having a cybersecurity role to provide overall governance would be critical for the City of San Diego. The CISO position has since been held by two very competent professionals – first, Derek Sandland, and currently, Gary Hayslip.

Blog written by Alan Watkins, Cybersecurity Consultant, Adjunct Professor for MS-CSIA Program, Member of InfraGard San Diego. 

Before There Were CISOs – Part 1 (The ‘80s and ‘90s)

Some close friends and colleagues in cybersecurity encouraged me to write about ‘growing up’ in Information Technology (IT) and cybersecurity during the computer era before there were CISOs (Chief Information Security Officer). I’m sure there are other Baby Boomers out there, who have similar stories to tell and understand what it was like as technologies rapidly advanced and became business assets that needed managing (the “Rise of the CIO”) and, much later, securing those assets became a business risk management concern (the “Rise of the CISO”).

My point of view is from public sector experience; although, I have had much contact with my private sector counterparts. My public service started in high school as a volunteer swimming instructor and lifeguard, then working in a public library in a small southern California city. My professional civil service history covers over 36 years with the City of San Diego, California, including over 12 years in law enforcement as a sworn officer and almost 25 years in positions related to IT. My last 10 years were in IT management, retiring as the city-wide IT Operations & Security Manager.

The intent of this two-part article is to share how information security needs and functions existed before the roles were defined, as has been the case when new inventions cause shifts in business operations (i.e., the industrial revolution). What follows in this Part 1 is the first two decades of my cyber evolution, climbing the career ladder while ‘growing’ IT staff, and the requirement for open communication, cooperation, and collaboration between both IT operations and business operations. In Part 2, I will continue with my third decade, breaking out of the “IT box” into the strategic aspects of security for operational systems, industrial control systems, and underlying information assets. It is in the second article where I will discuss how the rising cybersecurity functions become identified as major roles created to manage newly defined areas of responsibility.

As I look back over the decades, a couple of sayings come to mind – “what goes around comes around” and “what’s new is old” (or vice versa, “what’s old is new”) – meaning that the underlying security needs in today’s environment really aren’t new, they’re just using different technologies (which will continue to change).

So with that, let’s get started – in my last two years in law enforcement, I got hooked on technology and developed some simple applications to issue and track certain permits and accident data. While I was not consciously aware of performing any security measures at that time, I realized not everyone should have access to the data being collected, so these simple applications did require a user ID and password. To keep this in a technology perspective, these were all mainframe-based, using ‘dumb terminals’ (some of you remember – the ones with black screens and green text). To be honest, the mainframe seemed mostly secure – you needed an ID and password just to login to the host system, then a different password for each application (usually assigned by the System Administrator) – long before the days of Active Directory® (AD) and Single-Sign-On (SSO).

After leaving law enforcement, I took an administrative position in a six-person division, which would, over the next several years, become a major department with over 1100 employees, plus hundreds of contractors. [A note of reference for those in the private sector – the city structure consists of departments (e.g., police, fire, library, water, etc.) which are comprised of several divisions. This is generally opposite of a private corporate structure where divisions are the larger business unit.] In my first six months, I was given the task for our first staffing growth to purchase and outfit 100 employees and contractors with new “personal computers” which had to be networked to a MicroVAX server. The mainframe team said, “these personal computers are just a fad, stick with the tried and true…” A few months later, while starting to configure the new PCs on an Ethernet network, the existing network team said, “why are you testing that Ethernet technology, you should stick with the standard token-ring technology…” We all know the outcome of those statements (can you say, Sony Betamax?). In that first growth spurt, our IT budget went from $150,000 in the first year, to $1 million in the third year and, needless to say, the designated security budget was zero. As the department continued to grow each year, I was able to justify hiring more IT staff, and, as a result, getting myself promoted to oversee the new staff. How did that happen?

While I was given mostly free reign in the area of new technologies, I had close working relationships with senior management and also the operations supervisors, engineers, scientists, facility & field maintenance supervisors, and administrative staff. I needed to understand their basic job functions and operational requirements in order to obtain the necessary technology to meet their needs. This is nothing new (today) for a customer-centric approach to IT services. At that time, executive management understood the need for new technology, without understanding the technology itself. They trusted that I didunderstand what was necessary to maintain and improve work efficiencies by implementing appropriate technologies. I had to earn that trust by demonstrating system capabilities (usually a live demo) and providing cost-benefit analyses in selecting a product for purchase. Keep in mind that, with government budget cycles, I was justifying the technologies and costs about 14 months before the budget would be approved. In those early years of having PCs, products mainly included desktop productivity tools for word processing, databases, and spreadsheets, well before there were any integrated “office” packages. Email was still based on the mainframe for several years.

As we added department staff, I was able to find several national surveys describing the recommended number of IT staff to adequately support a specific number of users for desktop support. I started with a ratio of 1-to-200 when I was the only IT person, then as we grew, I changed the ratio to 1-to-100, which was still nearly double the national average. At this time, I justified and added the first two new IT positions, and I became a lead IT Analyst. In the following year, the department would experience explosive growth and expand to nearly 600 employees at five sites. Of course with this growth I was able to justify four more IT staff, and have my position elevated to an IT Supervisor. This was achieved partially through the rapport with senior management, who were not focusing on the technology itself, they were relating to how the increased use of technology required skilled IT support technicians to maintain efficient business operations – a very novel concept at that time. I believe I helped influence this executive support with internal and external help desk call statistics I had collected. I used those collected metrics to provide an estimated cost impact of employees’ lost productivity due to system degradation and the average mean time to resolve, in relation to how many IT staff were available to provide critical support services. The projected reduction in costs were used to more than offset the cost of increased staffing, and I was able to justify the four new IT positions, while now managing an annual department IT budget of nearly $12 million.

One critical viewpoint I believe assisted me during this time, is my understanding that management, engineering, and operations needed to be fully “in the loop” when moving ahead with new technologies and their companion security measures, so I made sure to provide them with this visibility. However, it should be noted, that with these new technologies came increased responsibilities for my growing IT section. The IT staff had to meet increasing operational and performance requirements. They also had to ensure the security of its systems and permit public access to records when necessary. At the time, this was a daunting task; remember this is in the early stages of enterprise IT and there were no published functional frameworks on how to manage large, distributed networks. To get this far in building out the IT program and continuing its forward momentum, in retrospect, I now find that I was (unknowingly at that time) following most of the steps described by my good friend and colleague, Gary Hayslip, in his LinkedIn article, “So you want to be a CISO” (Jan. 17, 2015), and his five related, follow-up articles (Jan. – March 2015). I was actually executing the steps of a CIO and CISO before anyone knew what these positions were – it was definitely the wild, wild, west in IT back then.

So, now that I have given you some idea of the explosive growth in IT that we were experiencing, let’s discuss the security side of technology during this time period.

It was during this time, in the early-1990s, when we implemented our first Local Area Network (LAN) with 30+ PCs and one server. We had to design file structures to segregate different work groups and we had to manage user accounts and access rights. Since the city staff already had assigned user IDs, we had to create a naming convention for the contractors. Remember, at this time in the world of IT, there we no written policies or procedures related to IT management or security. The combined experience of myself, a network analyst, and a contractor’s system administrator, we proceeded to build our first network infrastructure. We defined user and group naming conventions, server directory structures & naming conventions for groups, user security groups, group access rights, system login requirements (including two-factor authentication, minimum password length, and password age/expiration – no ability to require or enforce password complexity), and system logging requirements (only for performance monitoring, not security). We also set up system administration tasks to be done on the server using its Unix-based VMS operating system, while the desktop PCs ran on MS-DOS with no client/desktop security software. It’s amazing, at that time, that we built this out with no industry guidelines and it actually worked!

Later, during another staffing expansion, which included multiple sites, the single MicroVax server was replaced with Novell NetWare servers at each location. This new network operating system provided several built-in security features, and also required IT staff to understand the platform and how to manage the five LANs across our new Wide Area Network (WAN). It was during this time of expansion that the first version of Windows was released; so, needless to say, the IT staff and I had to take new training classes, because again, technology changes proceeded to speed up and we had to support our users. I want to mention that at this time when Windows came onto the scene, we concurrently had a contingent of Macintosh systems, used for technical drawing and graphical rendering. It was at this point in my career, I started creating written internal procedures, documenting current practices for consistency across the IT staff, so expectations were set and system administration was standardized. I now had two staff dedicated to security and system management; still primarily concerned with internal security issues (i.e., someone gains access to another group’s files without proper authorization), and still no official designated security budget. In addition, we did create procedures for how and when a modem could be connected to a networked PC, including security precautions which would hopefully prevent unauthorized people from dialing-in and connecting to our computer or internal network. This was the birth of our cybersecurity efforts, on the cusp of the World Wide Web!

So it is here, as we are about to step into a new era of online computing, that I will defer the remainder of my article about how I have observed the progression of cybersecurity into today’s current cybersecurity paradigm. As I look back over the decades, a couple of sayings come to mind – “what goes around comes around” and “what’s new is old” (or vice versa, “what’s old is new”) – meaning that the underlying security needs in today’s environment really aren’t new, they’re just using different technologies (which will continue to change). Stay tuned for Part 2 of this article…

Blog written by Alan Watkins, Cybersecurity Consultant, Adjunct Professor for MS-CSIA Program, Member of InfraGard San Diego

Houston, We Have A Problem (Cyber)

We all know every city has this same problem, so why share what’s up in Houston?   This city is in many ways like San Diego, as is Texas and California, so collectively they can set the cyber tone in the west. That is, doing collaborative, actionable things versus just continuing to admire the problem (threat).

Houston is the 4th largest city in the USA (SD is the 8th), both are very diverse in culture, business and academia (with SD the lead on the latter).

Houston has a large port district and maritime influence, SD has an even larger, more global port ecosphere.

Both have an economic and symbiotic relationship with Mexico and cross border opportunities (with SD the more mature effort).

Houston has a strong high technology effort, while SD leads in the cyber startup / incubator support infrastructure.

The academia, university, overall educational efforts are similar as well, with SD leading in education, especially with SOeC.

Houston is second only to New York with the most number of fortune 500 companies – thus business does business there.  SD has a wide industry base of government, academia, research, diverse businesses, etc. The two can complement each other in a highly symbiotic relationship.

So in short, it’s natural to link up the two as cyber sister cities, as well as the larger CyberTexas and CyberCalifornia initiatives. The ability to share cyber information can be geometrically increased, highly leveraged, and better integrated as partners between all three – government, business and academia.

So what’s Houston doing?  They have the usual professional security groups of course: ISSA, ISC2, Infragard and Houston InfoSec (a monthly happy hour, network, presentation affair), and a few others.

Infragard is especially active and has several SIGs, of which I support two – Maritime and Technology.

We’ve recently initiated a “Cybersecurity Solutions SIG” as a Houston MeetUp (though open to anyone) to better harmonize the various security groups as well as take a project, action oriented cyber focus, going beyond just information sharing. http://www.meetup.com/Cyber-Security-Solutions-SIG/

Something we think every city needs to do in some manner.. aka, start DOING more cyber.

Blog written by Mike Davis, Deputy Director and Senior Manager, IT Security, American Bureau of Shipping (ABS).

Webpass Brings Disruptive Innovation To San Diego

Webpass entered the San Diego market in 2012 with the idea of making people rethink their Internet. They did this by designing a product that was better and less expensive than what their competitors could provide, making them one of San Diego’s newest disruptive innovators. Through the simplicity of set-up, absence of contracts, blazing fast speeds and personable customer service their business model has proven successful. Disruptive innovation in the telecommunications industry will force companies to develop forward-thinking technologies otherwise they will start to see a decrease in customers and eventually be put out of business. It’s time for the industry to seize the opportunities the disruption presents or face the consequences of not adapting. Webpass is a driving force in changing the Internet and we are excited they have landed in San Diego. We look forward to partnering with them at our Good Neighborhood Taste of Downtown event this April.