Oversight Committee Mulls a Cyber-Only Digital Service

The federal government has a shortage of cybersecurity talent. Would a corps of short-term recruits, hired from the private sector, fix that gap?

That’s one of the questions a House oversight committee attempted to tackle Tuesday during a hearing on federal workforce challenges. Rep. Will Hurd, R-Texas, chairman of the information technology subcommittee, asked witnesses whether a model similar to tech groups 18F and the U.S. Digital Service might work for cybersecurity.

18F, housed within the General Services Administration, is a consultancy that helps other agencies use technology and adopt principles of agile software development. USDS troubleshoots large-scale federal tech projects; both groups recruit heavily from the private sector, including from companies such as Facebook and Twitter.

The Commerce Department’s former chief information officer, Steven Cooper, described a central team of cyber experts serving 6-month to 2-year terms; those people might conduct penetration tests, deploy security badges or other short-term projects at various federal agencies.

Those people would be most useful in jobs including product testing and forensics, Debora Plunkett, board member at the International Consortium of Minority Cybersecurity Professionals, testified. But deploying members of a centralized cybersecurity cadre to federal agencies experiencing attacks might not be all that useful, because “you’d want to have some a prior understanding of the network,” she said.

“If it really is a ready reserve where they would go anywhere, it would be difficult to send someone in to address a threat when they don’t know the infrastructure and they’re not up on the current vulnerabilities,” Plunkett said.

Coordination between agencies tapping into that group of cyber professionals would be a challenge, said Nick Marinos, assistant director of information technology within the Government Accountability Office. Traditional tech hiring might require a chief information officer and chief financial officer within an agency to coordinate, but the sharing arrangement also may require coordination with more of the C-suite, including the chief human capital officer and chief information security officer as well as other agency officials.

“If the CIO is not actively engaged, the help may not be going to the right places,” he said.

 

http://www.nextgov.com/cybersecurity/2017/04/oversight-committee-mulls-cyber-only-digital-service/136726/?oref=river

 

San Antonio Produces Top CyberPatriot Teams

The group of high school students were surprisingly animated at 7:30 a.m. on a chilly Friday morning. But the students were excited to be on the Alamo Colleges campus, talking about their individual CyberPatriot teams– and they just happened to be among the top ranking teams in Texas.

The Air Force Association created CyberPatriot in 2009, a national youth cyber defense competition designed to inspire high school students into entering careers in cybersecurity or other science, technology, engineering and mathematics (STEM) disciplines. The 2016 CyberPatriot competition included nearly 200 teams from the San Antonio region, more than any other region in the nation.  Seven of those teams are part of the Information Technology & Security Academy (ITSA), a program offered by Alamo Academies. A national award winning STEM-based program, the nonprofit program works in partnership with industry, the Alamo Colleges, area high schools and local cities to provide high school juniors and seniors with two years of tuition-free curriculum that will lead to in-demand STEM skills and critical job fields.

Bussed daily from their respective high schools to the Alamo Colleges campus for 2 ½ hours of instruction early in the school day, ITSA provides high school juniors and seniors with 30 college credit hours that specializes in information technology, which includes networking, security and programming courses. While enrolled in ITSA, students also have the option to participate in the annual CyberPatriot competition.

The CyberPatriot teams compete to defend a national company’s computer system from malicious cyberattacks, while maintaining IT services for its users. Each team is paired with professional mentors in the community who volunteer through the CyberPatriot Mentor Program. ITSA’s CyberPatriot teams are currently mentored by Jacek Materna from SecureLogix, Troy Touchette, chair of computer information systems at San Antonio College, and Mike Matuszek at San Antonio College.

During the CyberPatriot’s State Round earlier this month, a team of ITSA seniors earned a perfect score, which resulted in a tie for first place nationwide with a team in Colorado. The round also named a team of ITSA juniors as fourth in Texas and 22nd nationwide. The next competition, held Feb. 19-21, will determine the top 12 teams in the nation before the National Finals are held April 10 to 14 in Baltimore.

“Considering this is the first time the junior high school student team competed in CyberPatriot, ranking 22nd place nationwide is pretty impressive,” said Jacek Materna, the team’s mentor. “The senior team’s perfect score on an incredibly difficult cybersecurity competition makes them stand out among all the U.S. teams. I’m sure employers will take notice also.”

The San Antonio area top ranked senior team included: Kyle Volz of Alamo Heights High School, Hector Iruegas of Warren High School, Reed Eggleston of Marshall High School, Carlson Lindley and Eli Ross, who are both homeschooled and Brendan Downs of Warren High School.

The San Antonio area junior team ranked 22nd in the nation included: Isaac Knotts of East Central High School, Eddie Flores of McCollum High School, Rameez Shaukat of Brandeis High School,Ryan Yu of MacArthur High School, Jackson Teige of Seguin High School and Jorge Gomez of New Braunfels High School, who is a senior in his first year of competition.

When the students were asked what led them to CyberPatriot, almost everyone responded that a teacher or fellow student had encouraged them to compete. All but one of the students had professed an abiding interest in computers from an early age.

“I remember first messing with computers when I was four years old,” junior Eddie Flores said.

On the other end of the spectrum, junior Hector Iruegas confessed that he knew nothing about computers before joining the CyberPatriot team.

“My dad is a computer geek who works for Southwest Research Institute,” Flores said. “When I heard about CyberPatriot, I thought it would be interesting to try it out.”

Apparently, it was interesting enough that Iruegas is spending his second year in CyberPatriot as a member of the the top ranked high school senior team in the nation. Iruegas has already been offered admission into Stanford University as well.

Long-term plans for these students point to promising career opportunities. “I’d like to work for either Google or NSA,” said junior Issac Knotts.

“I’m interested in pursuing a double major in cybersecurity and physics,” junior Rameez Shaukat said.

“I’m looking forward to my internship with (the locally based cybersecurity company) Delta Risk,” senior Reed Eggleston said. “I was able to find a possible vulnerability on their website and brought it to their attention.”

The most impressive part of the student answers from both teams was what they considered to be the factors contributing to their CyberPatriot success. Their answers were consistent, regardless of age or year in high school. The students gave answers that were thoughtful, mature and indicative of a great work ethic.

Recognizing the importance of strong leadership figured prominently for both the junior and senior teams.

“Reed (Eggleston) is a huge part of our success—he sets the team dynamic and prepares the team scripts for us to work on,” said senior Carlson Lindley.

“Issac (Knots) and Eddie (Flores) carry our team; they prepare the scripts for the team to practice and they make sure the scripts work beforehand,” junior Ryan Yu said.

Hard work and recognizing the strengths and weaknesses of each team member means each team comes together to form a cohesive package of cybersecurity skills.

“We get along well and we all know who excels at what system, and that contributes to our multilayered understanding of all the systems, how they work together and how deep to look for vulnerabilities,” senior Brendon Downs said.

Both teams agreed with senior team leader Eggleston’s bottom line: “We are all confident in each other’s abilities.”

All CyberPatriot students are offered internships with companies, internships that often lead to job offers. Given the work ethic and skills these students possess, it’s no surprise.

Current high school sophomores from across the greater San Antonio, New Braunfels, and Seguin areas are eligible to apply online now. Early consideration deadline for fall 2016 admission is March 4. For more information visit www.alamoacademies.com.

 

Opportunity knocking in San Antonio

Douglas MacArthur once reminded us, “Even when opportunity knocks, a man still has to get up off his seat and open the door.” As I consider the look of the business community, growing startup mentality and the enthusiasm for progression in local health care, technology and other industries, I think about what our city is capable of and all the opportunities that are knocking.

In the past year, we’ve watched local investment funds, such as the San Antonio Angel Network launch and the Geekdom Fund continue to grow. Build Sec Foundry, the Cyber Security Incubator was created and is making waves in its progress over the past six months, and the growth does not seem to be slowing. According to the recent 5-Year Economic Impact Study by Geekdom, more than $68.8 million has been raised by local startup companies. There is both incredible brainpower and money to be invested and spent right here in our city.

From a staffing perspective, since I reside in that world, I expect to see the greatest growth in hires and staffing to be industries including cybersecurity, health care and mobile applications. According to the most recent release of the Global Entrepreneur Indicator by Entrepreneurs’ Organization (EO), more than 50 percent of local business owners surveyed anticipate making new full-time hires by the end of Q1. Economic growth is continuing.

The city and our local government have been supportive of making an effort to enhance the technology and IT scene and bring new companies to San Antonio this past year.
What else can we expect in our local economy in 2017? Well, unemployment levels are still — and should remain — at historic lows, and private investments in San Antonio are on the rise. 2017 looks very favorable, and business tax cuts are coming. Now, it is on us — and I put this call out to all local business professionals and entrepreneurs — to keep growth and momentum going to continue to foster a developing San Antonio and cultivate more and more opportunity — to open every door.

Obviously, we must decide which ones to keep open and which to close, but the key is opening them — getting involved. We have to make our mark as business leaders — to create places where people want to work, progress, and be impactful. Get involved — this is a dual role. Be a part of organizations like EO that build and grow you as a leader and help you to inspect every part of your business to support you in continuing to have an economic impact on your city and consumers. And secondly, be a part of activist groups like Tech Bloc, groups that are there to employ change and active progress.

We must invest locally in our growing city — support local businesses, find startups to invest in and be a part of, share new products and services with friends, family and colleagues.
Create more jobs — not just jobs, but meaningful jobs. As we forecast in the staffing industry, employee costs are increasing and more employers are desiring help in attracting top talent. This talent is expressing now more than ever that they are most interested in culture fits, work-life balance, schedule flexibility and high-level impact roles.
Our city is showing great promise, and as we embark on another year, it is on us — on the business community — to open every door. Get involved, be active, make an impact, and provide opportunities to allow others to do the same.

San Antonio needs our drive and dedication. Opportunity knocks, and it’s our job to get up off the chair and answer the door, time and time again.

http://www.mysanantonio.com/opinion/commentary/article/Opportunity-knocking-in-San-Antonio-10825150.php

SA tech community comes out to honor its own at Tech Titans Awards

More than 220 people came out Wednesday evening to celebrate their colleagues’ achievements at the San Antonio Business Journal’s third annual Tech Titans Awards.

The event, which was held at Pearl Stable, recognized 10 people and organizations, highlighted by the Top Tech Exec Award, which went to Rackspace Hosting Inc. CEO Taylor Rhodes and two Special Achievement Awards that were given to University of Texas at San Antonio Professors Glenn Dietrich and Greg White, both pioneers in developing UTSA’s nationally recognized cybersecurity program.

http://www.bizjournals.com/sanantonio/news/2016/12/08/sa-tech-community-comes-out-to-honor-its-own-at.html

Cybersecurity company in San Antonio raises $3M in capital from investors

Delta Risk LLC, a San Antonio-based cybersecurity company founded by former military veterans, got a boost to help build its midsize business market share after investors pitched in $3 million, according to records on file with the U.S. Securities and Exchange Commission.

The company raised $3 million in debt among six investors, and didn’t specify any minimum investment threshold, records show. It was not in combination with any merger or acquisition activity.

When reached by email, a company spokeswoman said the funds will be used to build its employee base and expand services to mid-market in addition to sales and marketing efforts.

The Chertoff Group, a Washington D.C. advisory firm for security and risk management, has a majority stake in Delta Risk after a major capital influx of $13.8 million was raised through its subsidiary TCG Diamond Holdings LLC in 2015.

David Leach is the president of TCG Diamond Holdings and principal of The Chertoff Group’s private equity operations.

Delta Risk’s headquarters sit along South St. Mary’s Street inside the One Alamo Center in San Antonio.

The company is hiring nearly a dozen employees across all its offices – two employees are expected to be based in the Alamo City. These positions include a cybersecurity business development analyst for federal contracts and a proposal writer for the company, according to its website.

In July, Delta Risk acquired a competitor in the Philadelphia region named Allied InfoSecurity. It is hiring cybersecurity professionals in that market also. At the time, the company had about 90 employees — the new hiring round will likely take the business above 100 workers.

The inspiration for aiming to sell cybersecurity talent to middle market businesses stemmed from experiences with clients who sought out Delta Risk in disaster scenarios. The goal is for more cyber breach prevention, said the company’s CEO.

“There were firms that in some cases had billions of dollars of annual revenue but were very limited in their security staff,” Scott Kaine, CEO for Delta Risk told the San Antonio Business Journal in July. “They would have maybe one part-time security person.”

Among the three co-founders, Chris Fogle remains most closely involved in Delta Risk operations as an executive adviser for the company.

http://www.bizjournals.com/sanantonio/news/2016/12/01/cybersecurity-company-in-san-antonio-raises-3m-in.html

San Antonio TX area teams currently registered for CyberPatriot IX

WHAT IS CYBERPATRIOT?
CyberPatriot is the National Youth Cyber Education Program. At the center of CyberPatriot is the National Youth Cyber Defense Competition. The competition puts teams of high school and middle school students in the position of newly hired IT professionals tasked with managing the network of a small company. In the rounds of competition, teams are given a set of virtual images that represent operating systems and are tasked with finding cybersecurity vulnerabilities within the images and hardening the system while maintaining critical services in a six hour period. Teams compete for the top placement within their state and region, and the top teams in the nation earn all-expenses paid trips to Baltimore, MD for the National Finals Competition where they can earn national recognition and scholarship money.

Cyber venture led by U.S. intel vets with SA roots raises seed capital

A cybersecurity venture created by three former U.S. intelligence analysts with local roots got an influx of capital recently to further its development of software to protect critical infrastructure owned by private industry — like the electric grid.

Dragos Inc. is a hybrid product and services startup that creates cybersecurity tools for businesses to hunt for unauthorized users lurking around industrial control systems inside their networks, from nuclear power plants to chemical manufacturers.

The startup raised $1.2 million from DataTribe — described as a startup studio, which is a mix between an angel incubator and a venture capital firm — based in the Washington, D.C., region.

The seed capital is being used to build a threat operations center, or a cybersecurity analyst hub, that can hunt remotely for known and unknown “threat actors” inside a company’s infrastructure.

It costs about $1 million to hire specialized analysts and the equipment needed for the center, according to estimates from PricewaterhouseCoopers LLP. Most threat operations centers focus on hunting for hackers or malware across a company’s computer system, not typically industrial control systems.

DataTribe is an investor group focused on military veteran-led companies looking to commercialize products across cybersecurity from big data to the Internet of Things. It is backed by Deloitte, Allegis Capital and Yahoo Japan.

Alamo City ties

While Dragos has its main office at DataTribe, the startup has a satellite office in San Antonio for now and aims to hire more cybersecurity analysts in the Alamo City in the coming months.

That’s because the company’s co-founder and CEO, Robert Lee, has lived in San Antonio for years after he was transferred to Joint Base San Antonio Lackland Air Force Base. For about five years, he worked as a cyberwarfare operations officer. Lee is now pursuing a doctorate in war studies at King’s College of London focusing on the attack and defense of control systems alongside developing Dragos.

A few years ago, Dragos built a cybersecurity tool called CyberLens that enabled businesses to watch unauthorized users navigate their networks, like a magnifying glass, although it is not the focus of the company’s products currently under development.

The startup aims to stand out from its competitors, mostly high-growth tech startups based in Israel, by leveraging experience securing the U.S. infrastructure while in the military.

“A lot of what’s being developed in the market are built by pure software developers, so they are difficult to use for analysts,” Lee said in a recent interview. “We have our threat operations center not only generating revenue but driving the development of future workflow and tools so that our platform is easier to use for security analysts.”

Assembling a team

In September, Dragos hired Ben Miller — former associate director at the Electricity Information Sharing & Analysis Center created by the North American Electricity Reliability Corp. — to lead its threat operations center.

The other company co-founders were stationed at Fort Meade, an Army post in Maryland with a high concentration of cyberwarfare-related activity, before forming Dragos.

Co-founder Jon Lavender worked as a data scientist and senior network analyst at the U.S. Department of Defense in Maryland for nearly eight years. Justin Cavinee was a software developer and senior network analyst for the Defense Department.

Dragos was one of several companies from the private sector selected recently to begin working on a test bed with the University of Illinois at Urbana–Champaign. The university was awarded an $18 million grant from the Defense Advanced Research Projects Agency to develop technology that would enable the U.S. electric grid to recover after an attack on its infrastructure.

Dragos was founded in 2013 under the name Dragos Security LLC and was later incorporated as Dragos Inc. Matthew Luallen was one of the Dragos Security co-founders, and in September he started a new company, CYBATI, which focuses on education in critical infrastructure and control system cybersecurity.

http://www.bizjournals.com/sanantonio/news/2016/10/28/cyber-venture-led-by-u-s-intel-vets-with-sa-roots.html

Jungle Disk Launches Weekly Cybersecurity Radio Show

With cybersecurity affecting many aspects of everyday life – from cyberhacking and breaches of personal datadevices connected to the internet, and even voter databases – the new Cyber Talk Radio show on News Radio 1200 WOAI fills a growing need to stay current on the latest in the technology industry, especially the cybersecurity space.

Jungle Disk CEO Bret Piatt hosts the weekly show and features guest speakers who discuss cloud computing, cybersecurity, and internet trends facing businesses in industries such as health care, financial services, real estate, and legal professions.

The Rivard Report interviewed Piatt to find out more about the new Cyber Talk Radio show.

Rivard Report: How and why did you decide to launch this radio show?

Bret Piatt: WOAI came to our Jungle Disk ribbon cutting and said they’ve been looking for someone to host a cybersecurity radio show. This sounds like a lot of work, but we’re passionate about this.

We feel like it’s a matter of preparation and taking advantage of an opportunity. We have a great team at Jungle Disk, with some of our staff who happen to be sound engineers. We were able to build a sound recording studio right here in the (Jungle Disk) office. On our team, we have the people that are experts at building a recording studio and (editing) sound.

We’re passionate about doing this weekly show because we think it’s important to help our listeners by telling local cybersecurity stories. We’re at a point now where we can devote the time and resources to highlighting these local stories.

RR: What’s the general format for the show?

BP: We do a long format sit down interview discussion with experts on various cyber topics. We’re on air for an hour. The first half of the hour we’re generally going through the high level explanation of the topic and providing detailed background. Then in the second half, we have the cybersecurity related discussion on that topic with our guest expert.

We broadcast Saturday at 11 p.m. on 1200 WOAI. We catch the folks leaving the Spurs game, or the ones relaxing on a Saturday night.

In case of a late running West Coast Spurs game we get bumped to a new time – and that’s understandable.

RR: What has the reaction to the show been so far?

BP: The audience is growing every week. The show is now available on the iTunes podcast service after the fifth episode. You’ll see 10 segments so far, with each show split into the learning segment and the cybersecurity segment.

We have gotten multiple requests for guests to come on the show to talk about various cybersecurity topics. That’s the first major milestone – when you have a queue of guests lined up waiting for opportunities to come on the show.

RR: What do you hope to accomplish with this show?

BP: We have guests lined up through the end of the year, with some slots still open in December. We intend to discuss relevant cyber topics which are new even for a highly technical audience, but we’ll use the learning segments to help frame the topic for a general audience. In short, we aim to cover cyber topics typical for the WOAI business listener, “from the dark web to your radio dial.”

To tune into the show live, listen to News Radio 1200 WOAI on Saturdays at 11 p.m.

On Nov.5, Piatt will speak with Paul Querna of Scale FT discuss authentication security and identity management.

 

http://therivardreport.com/jungle-disk-launches-weekly-cybersecurity-radio-show

UTSA cyber researcher building tools to weed out dishonesty online

 Raymond Choo, a former police officer in Singapore turned cybersecurity research professor at the University of Texas at San Antonio, is developing software to detect dishonesty online by running software that scans the internet for similar writing patterns.

The pilot software hones in on word choices, punctuation and context and is able to discern whether multiple comments came from the same source. Sometimes marketers use fake social media accounts to bolster the ranking of businesses on social media and websites that have public reviews of products and services.

As more businesses collect data about how customers interact with companies online, and often dedicate resources to respond to them on social media networks, this type of tool could be used to parse out trolls or artificial intelligence powered posts.

The initial process of this recent study uses n-gram, or a sequence of letters, that can be parsed through for analysis.

“In the initial research we tried to search using psychometric profiles or methods that could be used in intrusion detection and through the course of that research we discovered that — even though sometimes we try to disguise ourselves — our writing gives us away,” said Choo, the new associate professor of Information Systems and Cyber Security at UTSA

The goal is to eventually commercialize the software, but the race against threat actors, or individuals with malicious intent, to develop something that can outlast their techniques remains challenging.

“In the longer term, we are not going to restrict ourselves to n-gram,” said Choo. “We are in the process of fine tuning a few statistical algorithms into something that we can use.”

http://www.bizjournals.com/sanantonio/news/2016/11/07/utsa-cyber-researcher-building-tools-to-weed-out.html

Air Force Takes Center Stage at Cyber Texas

JOINT BASE SAN ANTONIO – LACKLAND, Texas —

Cyberspace is a relatively new but complex battleground and no one at the forefront in the defense of our country is more aware of this than the men and women of 24th and 25th Air Forces.

Col. James R. Cluff, vice commander of the 25th Air Force, joined Brig. Gen. Mitchel Butikofer, vice commander of the 24th Air Force, to present an in-depth look into how the Air Force is operating in this battlefield, at this year’s Cyber Texas Conference held August 23 at the Henry B. Gonzalez convention center.

“Cyber is a domain, no different than air, land, sea or even subsea,” said Cluff. “It’s a domain contested every single day and we have to treat it as a contested environment every single day.”

The 25th Air Force is the military component in charge of collecting intelligence, surveillance, and reconnaissance data, an intricate part in any battle, for the United States.

“ISR is about information,” Cluff continued, “Information is the coin of the realm for modern 21st century information warfare.” How and where we get that information is what the 25th Air Force brings to the table.

“The key to our success,” said Cluff, “are the people who take the data from a myriad of sources and turn it into decision-quality, timely information delivered as fast as possible, to influence today’s fighters for tomorrow’s fight.”

This fight is one of many constant battles in cyberspace against adversaries who, according to Time Magazine’s “The U.S. Is Losing the Social Media War,” are now using our own technology against us. With many network options openly available in cyberspace, the warfighter must be quicker, smarter and more vigilant to operate successfully in this domain.

“It’s not about the technology.” said Butikofer, “If you don’t have the right people, you are not going to accomplish your objectives.”

Having the right people and training is paramount in this environment.

“Securing our infrastructure is just as important as defending it. Pressure is building inside the cyber domain, and it’s getting riskier.”

“The sophistication of the threats is increasing daily,” he added, “Hour by hour our adversaries get better; so we need to get better ourselves.”

According to Butikofer, the 24th Air Force cannot do it alone. They rely on partners like the 25th Air Force to provide warfighters timely information as well as collaborating with the National Security Agency, among other partners, for information on trends in cyber technology; all in an effort to stay one step ahead of the enemy.

“As more and more of our services move to the Cloud,” Butikofer said as he concluded the presentation to the cyber security professionals, “we are going to need your assistance to understand how best to secure our systems, so we don’t have do as much on the defensive side.”

 

http://www.25af.af.mil/News/ArticleDisplay/tabid/6217/Article/939418/air-force-takes-center-stage-at-cyber-texas.aspx