Today’s headlines feature stories describing the acceleration and sophistication of organized cyber crime and State sponsored military and industrial espionage. Numerous universities, Think Tanks, businesses, and blogs research the topic and track the latest attacks to suggest countermeasures (defenses) to targeted individuals and organizations. Verizon Corporation has been publishing a Data Breach Investigations Report (www.verizonenterprise.com/ DBIR/) for several years that is very informative and mentions that 92% of recorded hacking activity was perpetrated by outsiders. Also in 2013, Mandiant, a cybersecurity consulting firm, published a six year study on the Chinese military that showed how they attack numerous American military sites, commercial industries and universities, (intelreport.mandiant.com/Mandiant_ APT1_Report.pdf )Today, most major Cybersecurity software companies (McAfee, Symantec, Trend Micro, etc.), and smaller private firms (iSight Partners) track these “professional” cyber crime groups (many in Eastern Europe) to provide global threat intelligence to their clients so they can better defend against new attacks.
Today the cyber problem is very public and visible. However, five years ago when I was a senior in high school and visiting colleges, this was not the case. I was fortunate that my Dad is in the security business, and guided me toward this growing industry. I selected Oklahoma State University to major in Management Information Systems because they have an outstanding certification program from the National Security Agency (NSA) in Information Assurance (I/A). The program essentially teaches how to protect digital information. I feel strongly that the NSA I/A Certification program helped me attain my internship and pending job offer (two weeks after graduation) with McAfee, a global cybersecurity firm owned by Intel Corporation. I think this certification path would be valuable for incoming freshman and college students across the country regardless of their chosen major. In the future all information is digital and vulnerable to theft, attack or augmentation.
From coast to coast the most sought after jobs in the IT sector are in Silicon Valley and on Wall Street. Google and The Nasdaq are two premiere companies to work for. These jobs are always in high demand because of the pay scale, resume experience, and the level of leading edge technology you are working with. In recent years both of the organizations were very publicly hacked, and both turned to the NSA for help. The situation being that even the best in the IT sector are no match for organized criminal groups and Nation State hackers, (Chinese in the Google case). As hacking has increased in scale and sophistication the NSA has been overloaded with help requests from many commercial businesses. However, outside of our Critical Infrastructure (75% owned privately) and Wall Street, protecting the information assets of most commercial business is not within the NSA mission of National Security.
To educate the next generation of cyber employees, the NSA joined with the DHS (Department of Homeland Security) to build a curriculum for colleges across the country in Information Assurance (protecting digital information). The NSA Centers of Academic Excellence program is offered to over 120 institutions (on-line, junior colleges, universities) and is growing. College students coming into the job market need to understand how to counter cyber threats and make decisions about protecting critical infrastructure systems and information. The map in the following link shows who is accredited and at what level (http://www.nsa.gov/ia/ academic_outreach/nat_cae/institutions.shtml) I thought the program was important enough to start my college search looking for an IA accredited university, preferably in the business school. I met Dr. David Biros while visiting Oklahoma State University. Dr. Biros is a retired Air Force Officer with a PhD. in Information & Management Science. He actually helped evaluate schools NSA packets on behalf of the national program and has been instrumental in the expansion at OSU. He had this to say about the program, “ it may not be as well known as CISSP and similar certifications but our students are able to graduate with this certification and speak intelligently about what they learned while here. In general, it raises awareness for information security and gets universities to pay more attention to it as a curriculum.”
The past two summers I have interned with McAfee Corporation in Dallas, Texas. I will be starting full time in June 2014 in their sales department. My IA option was definitely a factor in my selection and something they were very interested in. McAfee asked me to present on the program to my team this summer and explain why having a baseline understanding of IA was so important to me before starting my business career. The IA program has opened many doors for me throughout my collegiate career and has been a differentiator on every interview I’ve had.
There’s no end in sight to cyber crime or military and industrial espionage (stealing Intellectual Property). Unfortunately, local, state, national, and international law enforcement and the court systems are way behind on how to prosecute and convict cyber crime. The government (NSA) can’t protect the commercial sector, so companies will have to hire people who understand the cyber risk to their business operations and can protect their physical (infrastructure) and information assets (IP, customer & patient records, financial transactions, etc.) Given that problem, this is a great opportunity for students in every major that uses digital information. This also includes protecting their personal information on devices and shared social media sites. Whether you take the certification at your university, a local junior college, or online it is a great addition to your resume and will pay dividends in the long run.