CyberTECH to Host CISOpen Roundtable: Bio and Healthcare Security by Design

The CyberTECH Chief Information Security Officer (CISO) Round Table is part of a series of CISO Round Tables focused on fostering information sharing in the public and private sectors in order to build a community of interest and trust within the Cybersecurity domain.

Co produced with our friends from BIOCOM, this special event focuses on Cybersecurity issues pertinent to biotech, life sciences and healthcare companies. Our goal is to create a safe and trusted space for CISO’s to learn, share information and build long term relationships with one another.

Event sponsors include Gartner, BIOCOM, Bird Rock Systems, CyberUnited, Perry Commercial, and ScaleMatrix.

To register for the event please click here.

For additional information about sponsorship opportunities please contact Darin Andersen.

Mayor Kevin Faulconer to Officially Open NEST, San Diego’s Largest Co-working Tech Startup Space

NEST-NEW

Mayor Kevin Faulconer will preside over a ribbon-cutting ceremony to commemorate the official opening of NEST, downtown San Diego’s largest co-working space for tech startups, on Wednesday, April 6 at 10:45 am.

The NEST ceremony will be held at 1855 First Avenue, 2nd Floor of the Manpower building, located in Bankers Hill adjacent to downtown. Covering more than 16,000 square feet, the newly-opened space reflects San Diego’s fast-growing leadership role in the hi-tech and cybersecurity sectors.

 

Along with Mayor Faulconer, more than 100 elected officials, business, civic and tech leaders are expected to attend including event MC Reo Carr, Executive Editor, San Diego Business JournalSherri S. Lightner, San Diego City Council President District 1; Shelley Zimmerman, Chief of Police, City of San Diego; Erik Caldwell, Director of Economic Development, City of San Diego; Phil Blair, Executive Officer, Manpower San Diego; and Greg McKee, CEO, CONNECT.

In addition to saluting the new tech space, Mayor Faulconer is expected to announce San Diego’s role as an innovator within the new “Smart and Safe Cities” campaign, part of the recently launched state-wide initiative, CyberCalifornia.

NEST Ribbon-cutting Ceremony with Mayor Faulconer
Wednesday, April 6, 10:30-11:30 am
Manpower, 1855 First Avenue, 2nd Floor, San Diego, CA 92101

Funding for NEST derives from a $40,000 City of San Diego grant, part of the city’s Regional Economic Development Corporation Transient Occupancy Tax funding program. Under the guidance of San Diego-based cybersecurity executive Darin Andersen, NEST is supported by resident and non-resident membership fees, plus sponsor partners and grants. The space is fully leased with 42 resident members. That total is expected to grow to 80 companies by mid-2017. For every resident member, NEST also supports an additional four non-resident members through its Community Social Incubation Model.

“We’re grateful that Mayor Faulconer and his staff fully recognize that our newest co-working venture will serve to further accelerate the region’s startup sector, with its growing emphasis on downtown,” said Andersen, chairman of CyberCalifornia, a non-profit security alliance of industry, government and academic leaders. “We’re equally grateful for the generous support and vision of the San Diego Regional Economic Development Corporation.”

Additional tech-themed working spaces within the Manpower building include: CyberHive, iHive, and xHive, featuring an array of incubators, shared workspaces, temporary workspaces and co-working spaces.

To RSVP for the ceremony please click here.

For more information about NEST please click here.

Randstad Technologies

Ranstand

Randstad US is a wholly owned subsidiary of Randstad Holding nv, a $22.9 billion global provider of HR services. As the third largest staffing organization in the United States, Randstad provides temporary, temporary-to-hire and permanent placement services each week to over 100,000 people through its network of more than 900 branches and client-dedicated locations. Employing over 5,300 recruiting experts, the company is a top provider of outsourcing, staffing, consulting and projects and workforce solutions within the areas of Engineering, Finance and Accounting, Healthcare, Human Resources, IT, Legal, Manufacturing & Logistics, Office & Administration, Pharma and Sales & Marketing. Visit website.

CyberFlow Analytics Wins First Place at the Cisco Innovation Grand Challenge

It has been a long but exciting journey for CyberTECH Member, CyberFlow Analytics, a San Diego-based cybersecurity company specializing in “anomalytics”. In successive rounds since June competing against more than 3,000 entries from more than 100 countries, CyberFlow Analytics took first place at the Cisco Innovation Grand Challenge at the IoT World Forum in Dubai for securing the IoT with Anomalytics, taking home the Grand Prize of $150,000.

The Six finalists from Canada, Finland, Germany and the United States delivered Shark Tank-like pitches and demos before a live audience and finalist judges – themselves a “who’s who” of IoT industry leadership.

Beyond the cash prizes, the winners earned VIP access to industry, investment and business experts, including Cisco’s global Innovation Centers and Cisco investments team for potential business acceleration and joint go-to-market strategies.

A big congratulations to CyberFlow Analytics!

Cybersecurity Awareness – Identity Theft (Part 2)

It’s been a few months since the Part 1 article on identity theft awareness. National Cyber Security Awareness Month in October and National Data Privacy Day on January 28th are both behind us. However, the need to be safe in cyber space is an ongoing process. In the previous article on Identity Theft, we covered four types – (1) stolen debit/credit cards for financial gain by stealing money from the victim, (2) criminal ID theft for committing crimes in the victim’s name, (3) medical ID theft for treatment, supplies or services in the victim’s name, and (4) child ID theft for misrepresentation to acquire money or jobs. We also covered some physical security methods to help protect your personal information. Another earlier article on cybersecurity awareness covered some general actions to take in protecting your computer at home, which also help prevent Identity Theft, so that won’t be repeated here. In this article, we will start where we left off with physical security steps and cover some other basic steps you can take to protect your information in cyber space.

Keep in mind that many cyber criminals gather information from several different sources in order to learn as much about a person’s identity as possible, so you need to protect the different places your information may be stored or used. Also remember that even if you do not actively use the internet for online purchases, financial transactions or medical purposes, there are probably many companies that have your personal information in online databases because you have done business with them. You have probably seen the news about major data breaches in 2014 at stores such as Target, The Home Depot, and Neiman Marcus, and also at JPMorgan Chase bank. You can’t stop those breaches, but you can limit some of the possible impact to yourself by the way you protect your identity across multiple businesses, so the cyber criminals can’t use your information from one location to access your accounts or information at other locations.

After the physical security steps from the previous ID Theft article, there are several basic steps you can take to help protect your digital information, both at home and what is stored online. One thing the cyber criminals are trying to get are user account credentials (a user name and password). So, one of the first steps you can take to guard your information is use different user names and passwords for each online account you have. In some cases, companies require your email address and use that as the user name for login, so you might feel limited on changing it. However, you can get free email accounts from several sources, and you can create separate accounts for specific online services. This step may be too complex and cumbersome for most people, because you would have to keep track of which email account is used with which online service (and its related password). Most people will simply use their primary, personal email account when needed. For those online services which allow you to create your own user name, you should actually create a specific user name for that service and, of course, keep track of that information.

More importantly, especially when having to use your email account as the user name for several different online services, you need to create separate passwords for each online account. If you don’t, once a cyber criminal steals user names and passwords from one company’s database, they will try to use that information on many other online sites until they find another place where it gives them access to that person’s online account, and so on. Passwords should be “long and strong,” meaning they should contain at least eight characters (having more will make it harder for criminals to crack them) and they should use a combination of lower-case letters, upper-case letters, numbers, and special characters (usually the ones on the keyboard above the numbers, by using the shift-key). For instance, “password” is weak, “Pa$$woRD” is better but still weak, and “p@$5W0rD%” is stronger (just as an example). You should not create passwords which contain your first or last name, names of family members or pets or any common dictionary words. You can also create a password from a phrase or your favorite song lyrics – for example, a password might be “MhAlLWfWwAs” which doesn’t have any numbers or special characters, and it came from “Mary had a little lamb whose fleece was white as snow” (taking the first letter of each word). Lastly, you should change your passwords on a regular basis, at least every six months or more often.

Keep your passwords in a secure place, never leave them out in the open (such as on a notepad) and don’t share them with anyone else. If you create a file on your computer to save your passwords, do not name the file anything that relates to “password” or something similar, where cyber criminals would look if they hacked into your computer. Also, you should encrypt such a file (using a unique password with 12 to 16 characters), so that if it is stolen, it can’t be opened easily. Instead of creating and updating your own password file, you might want to use a password manager, which is a software program, that can be used either from your local computer or from the Internet. The online password managers are regular targets for cyber criminals and most cybersecurity experts recommend against using them, in favor of using a password program on your local computer.

Now, let’s move on to some other security steps you should take to prevent identity theft. Most of us get email messages from our banks and credit card companies, and they usually provide an “easy” link to their website, so you can check your balance or make a payment. Many people click on those links to do just that; however, I recommend that you do not use the email link. Tens of thousands of fraudulent “phishing” email messages are sent each week, looking exactly like they came from your financial institution – because the criminals simply copied all the logos and other information from the original site. They may have even been able to obtain the last four digits of your credit card number, so now it really looks legitimate, including the website that you are taken to when you clicked on the link. So, you enter your user name and password, then you are asked to verify your full account number (which you provide), and you get some sort of message that says “the website is not currently available, try again later” (or something similar). Now the criminals have everything they need to not only take all the available funds from that account, but also to open new credit card accounts which will be charged to you. The point of this scenario is, don’t click on email links – you should go to your web browser and manually type in the correct address, then bookmark it (add it to Favorites), so you can come back to it later. That way, you know you are going to the correct website and you should be able to perform whatever transactions are necessary. In a similar fashion, if you get a phone call from someone saying they are from your bank or credit card company, never give them personal or account information. You should initiate the phone call to your bank or the toll-free number for your credit card, and they will ask you to confirm some identifying information to ensure it’s you – in this case, you made the call and should know with whom you are speaking.

As mentioned in the prior article, checking your credit report on a regular basis is another way to help find out if you might be a victim of identity theft. You should also be checking and verifying your monthly bank account statement and all credit card statements, looking for any unusual activity or any transactions you didn’t make. Contact the institution immediately, if you find errors or suspicious activity. Consider setting up your online account with email or cell phone alerts for account activity that would be unusual (e.g., large withdrawals or transfers). Read the privacy statements and information disclosure options for your online financial sites, to see what information they collect, how they use it, and what rights you have to tell them not to share your information with other companies (and often for cross-sales within the company). It’s best for you to control who has your information, as much as possible.

As stated in the previous articles, if you think you have been a victim of a cybercrime, whether it’s identity theft or something else, contact your local law enforcement agency, or businesses can file an online complaint with the Internet Crime Complaint Center (www.ic3.gov). In the San Diego region, local, state, and federal law enforcement agencies are linked together through the regional Computer And Technology Crime High-tech (CATCH) Response Team (www.catchteam.org) and cybercrime cases are actively pursued. The San Diego region is also fortunate to be home of the nationally recognized Identity Theft Resource Center (www.idtheftcenter.org), as well as Securing Our eCity Foundation (securingourecity.org), a non-profit organization with public-sector and private-sector participation, whose purpose is to help educate the public and small/medium businesses in cybersecurity awareness.

This blog was written by Alan Watkins, Adjunct Professor at National University.

So you want to be a CISO

The position as Chief Information Security Officer (CISO) is not for the faint of heart, it requires knowledge of disparate security technologies, risk management frameworks, as well as network and security architectures. This position will also require you to interpret the applicability of numerous Federal and State Laws, Regulations, and Compliance regimes against your standing Cyber Security strategy and assess required changes to your organization’s security program. So with these daunting requirements in mind, I am writing this article as a road map for the new CISO.

I have been in the Information Technology and Cyber Security fields for over 25 years and have been a CISO for the last 7 years. As a CISO, I rely heavily on my experiences as a Network and Security Architect and Security Auditor to provide context in evaluating the health of my networks and security program. As CISO, I have used five steps to provide me with a foundation to improve my organization’s Cyber Security strategy and protect my networks and other critical organizational assets.

These steps are:
1. Meet & Greet – “Walk About”
2. Inventory
3. Assessments
4. Plan
5. Communicate

Read more here.

What’s Next for Tech?

During a recent IoT (Internet of Things, for those not familiar) Startup breakfast I realized a few things; the internet is going places most people can’t fathom, and I should have tried harder in Science class.

While we are still a long way from flying cars and ‘Rosie’ the robot maid, scientists and entrepreneurs are creating devices which will be embedded into everything from farm equipment, to your refrigerator, to your jeans; more importantly, these devices will communicate with manufactures, service stations, medical personnel, and even each other. The processors for these embedded devices are getting smaller, cheaper, more powerful, and thanks to visionaries like SIGFOX, low power networks will exist globally to efficiently allow these devices to communicate, and retain a longer service life.

As I was dreaming of a future utopia that would make Doc Brown gasp, a presenter from Wind River (leaders in embedded software for connected systems) brought up the reality that interoperability, or the ability for devices to communicate with each other, has yet to be solved. The issue, today’s innovators are creating devices utilizing their own protocols with no standard way of translating that language. Add the implications a network security breach could have on a country full of connected, semi-automated devices or wearables, and we unveil the hurdles entrepreneurs face before I can safely own a self-driving vehicle that tells my self-maintaining refrigerator to order more beers after a long day.

How do we bridge the gap between today’s standard of living, and tomorrow’s standard of excellence? As technology entrepreneurs create applications for the future, the means by which to fund these innovations has become more robust. According to San Diego Venture Group’s David Titus “venture capital investment is up to its highest level since 2009, an estimated $30 billion in funding.”

While these investment dollars are primarily chasing companies with market traction, angel investors have been seeding start-up and early stage companies that show promise in solving some of these issues.

Venture capital used to look for companies in a great market, or a product and team, now they also want companies to be killing it,” says Titus.

The growth of start-up communities, hubs like CyberTECH, and incubators like EvoNexus that encourage collaboration will help bring well researched solutions to investors, and then to market.

The future is bright, and my sunglasses will know it.

This blog was written by Jamal Brown.

WHAT I LEARNED AT CODEDAY SAN DIEGO

Yes, learned. There was a whole lot of learning going on this past weekend at the CodeDay San Diego event held at the Ansir Innovation Center. In the words of Tom Paulus, Regional Manager and Lead Evangelist for CodeDay San Diego, “CodeDay is an inspiring event for students, many build skills and all leave with higher confidence.”

I was invited to serve as a judge for this event and arrived with the confidence of age and experience, “I’m the adult, not only will this be fun, it should be easy.” Fun? Yes. Easy? Not even close.

I arrived to a scene I imagined opening a can of worms might look like. The student participants ranged from 7th graders to college age. They were everywhere, talking about everything to everyone.

Future Women CodersThere were all-male, all-female and co-ed teams each assembled randomly. The focus was on skills and trust, not gender.

“I’m here with my sister” said one. When asked, “Where is your sister?” she pointed to a lumpy sleeping bag under a worktable. They had been working on projects all night and had achieved great things. Games were imagined, designed, built and successfully launched. By 7th graders. The same effort and result was true for the App developers, cloud-based start ups and all the other projects.

Best Overall team of Dreamers and DevelopersA cloud-based SaaS start up to foster idea collaboration was inspired by a team of dreamers and developers because “We really didn’t have an idea of what to work on.” They successfully launched their app that connects dreamers and developers to move projects forward. They won the Best Overall award.

Technology Throwback

It was quarter century throwback for me. Ric French, Jeff McBride, Judy Shulman and I attended Windows 1st birthday in Atlanta with Bill Gates. All of us and all of the students had experienced the same wonder, curiosity, problem solving, sleep deprivation, exhilaration and most importantly, courage.

To suspend disbelief, to leap into the unknown is the privilege of the young. What I learned this weekend is that it is alive and well here in San Diego.

Are You Ready to Learn?

I find that whenever I serve in the role of teacher, mentor, coach or judge, I’m often the one who learns the most. As a seasoned professional, no matter what your field of endeavor, I encourage you to seek out opportunities in your community like CodeDay. Yes it was fun and it wasn’t easy to pick winners from the entries. That’s because those who have the courage to leap are all winners.

This blog was written by Jerry Gitchel

ObjectSecurity OpenPMF is Ready for the Industrial Internet of Things (IoT)

CyberTECH Member, ObjectSecurity, an information security leader and the company driving model-driven security policy automation globally have positioned their OpenPMF model-driven security policy automation product for the industrial Internet of Things (IoT).

OpenPMF can now enforce access policies across interconnected IoT device landscapes interconnected via DDS, the predominant middleware platform for the industrial IoT. DDS is the Object Management Group (OMG)’s Data Distribution Service (DDS) middleware
standard, which is widely used across the industrial internet of things due to its unique
features, including real-time properties, publish-subscribe paradigm etc.

OpenPMF integrates out of the box with the market-leading DDS implementation by Real-Time Innovations, Inc. (RTI), a top influencer in the industrial IoT according to Forbes. In particular, OpenPMF integrates into RTI’s recent implementation of the OMG DDS Security specification, which adds a number of security features for DDS. This way, OpenPMF ties into DDS in a standards-compliant way, allowing the model-driven authoring and management of rich access control policies (information flow based, attribute based, proximity-based etc.).

OpenPMF enables the consistent, easy-to-administer management and enforcement of rich access control policies for the industrial internet of things (IoT).

Visit the ObjectSecurity Website to learn more.

View the Press Release Here.

THE ART OF THE SOCIAL ASK

“Should I put a QR code on my business card?”

Jenny Olding posed this question not on Google but on Facebook. She got a better answer, and much more.

SEO will always be important, but there’s a significant shift in how people find information on the Internet. It comes from the combination of social and mobile. When business professionals need immediate answers to tough questions, their first move is to reach out to their social networks from a mobile device. As a marketer or business owner, you need to be there waiting to respond to their very special invitation.

Savvy business professionals are discovering that social shouting is not only ineffective, it drives prospects away. Social listening on the other hand, engages new contacts and builds relationships.

The Art of the Social Ask

J. Summer Rogers, CEO of nPruv, Inc. finished her presentation yesterday with, “Here’s my ask.” For me it was the best idea to come out of the, IoT (Internet of Things) Start-Up Table Breakfast.The technology start-up community here in San Diego gets it. Asking questions engages prospects, investors and prospective team members.

Would you like to increase your social engagement? All you have to do is ask.

5 Tips to Improving Your Social Engagement

Pose a genuine, thought-provoking question – If your question is self-serving or self-promotional, don’t bother. Most folks on social have their BS filter on max.

Answer a thought provoking question, thoughtfully – Have an opinion? State it, but respectfully. I think QR Codes, like all technology that include the word “Cool” in their definition, as stupid. I simply shared why I thought they were less than effective. What I liked best about Jenny’s thread was the real world examples and multiple points of view.

Honor the Conversation and Contributors – I adding an update to Jenny’s thread stating clearly what I liked best.

Engage Contributors – I use social engagement to build relationships with those I serve best. As suggested by Jon Ferrara, CRM Pioneer and Founder of Nimble.com, “Walk in your prospects digital footprints.”

Close the Loop – If you start a social ask, finish it. Thank everyone, share what you decided and most importantly, your results. Handle this right and you will earn the right to ask a second question.

My Social Ask

I’m considering closing comments on my blog. I’m finding that ideas spread faster via social. If you find value here, please consider sharing it socially.

This blog was written by Jerry Gitchel, Make Technology Work