Homepage Job Seeker Employer Customer Service 1.800.919.8284 v3.7a
Search Jobs Your Resume Career Events Facebook Ask the Guru RADIO

Monthly Archives: December 2011

Criminal Minds ~ Researchers Explore How Cyber~Attackers Think Like Regular Crooks, Maryland

Cybersecurity Jobs | Cybercrime Jobs

COLLEGE PARK, MD /PRNewswire-USNewswire/ ~~ In a unique collaboration, an engineer and a criminologist at the University of Maryland, College Park, are applying criminological concepts and research methods in the study of cybercrime, leading to recommendations for IT managers to use in the prevention of cyber attacks on their networks.

Michel Cukier, associate professor of reliability engineering at the A. James Clark School of Engineering and Institute for Systems Research, and David Maimon, assistant professor of criminology and criminal justice in the College of Behavioral and Social Sciences, are studying cyberattacks from two different angles – that of the user and that of the attacker. Both are members of the Maryland Cybersecurity Center.

Their work is the first look at the relationship between computer-network activity patterns and computer-focused crime trends. “We believe that criminological insights in the study of cybercrime are important, since they may support the development of concrete security policies that consider not only the technical element of cybercrime but also the human component,” Maimon said.

In one study that focused on the victims of cyberattacks, the researchers analyzed data made available by the university’s Office of Information Technology, which included instances of computer exploits, illegal computer port scans and Denial of Service (DoS) attacks.

Applying criminological rationale proposed by the “Routine Activities Perspective,” Maimon and Cukier analyzed computer focused crime trends between the years 2007-2009 against the university network.

According to this perspective, which is designed to understand criminal victimization trends, successful criminal incidents are the consequence of the convergence in space and time of motivated offenders, suitable victims, and the absence of capable guardians. The researchers hypothesized that the campus would be more likely to be cyberattacked during business hours than during down times like after midnight and on weekends. Their study of the campus data confirmed their theories.

“Our analysis demonstrates that computer-focused crimes are more frequent during times of day that computer users are using their networked computers to engage in their daily working and studying routines,” Maimon said. “Users expose the network to attacks,” Cukier said. Simply by browsing sites on the Web, Internet users make their computers’ IP addresses and ports visible to possible attackers. So, “the users’ behavior does reflect on the entire organization’s security.”

Maimon, a sociologist, takes the study a step further. “Your computer network’s social composition will determine where your attacks come from,” he said. In a similar vein, “the kinds of places you go influence the types of attacks you get. Our study demonstrates that, indeed, network users are clearly linked to observed network attacks and that efficient security solutions should include the human element.”

Cukier adds, “The study shows that the human aspect needs to be included in security studies, where humans are already referred as the ‘weakest link.’”

Cukier and Maimon said the results of their research point to the following potential solutions:

1. Increased education and awareness of the risks associated with computer-assisted and computer-focused crimes among network users could prevent future attacks; 2. Further defense strategies should rely on predictions regarding the sources of attacks, based on the network users’ social backgrounds and online routines.

“Michel and David’s research exemplifies the interdisciplinary and comprehensive approach of the Maryland Cybersecurity Center,” noted Michael Hicks, director of the Maryland Cybersecurity Center. “Resources are not unlimited, so true solutions must consider the motivations of the actors, both attackers and defenders, as well as the technological means to thwart an attack. Michel, an engineer, and David, a criminologist, are considering both sides of this equation, with the potential for game-changing results.”

More Information:

Maryland Cybersecurity Center: www.cyber.umd.edu

Michel Cukier Profile Page: www.enme.umd.edu/facstaff/fac-profiles/cukier.html

David Maimon Profile Page: www.ccjs.umd.edu/faculty/faculty.asp?p=209

About the Maryland Cybersecurity Center

Launched in 2010, the Maryland Cybersecurity Center was created as an interdisciplinary research center to bring together experts from computer science, engineering, business, public policy, economics, and the social and behavioral sciences to address our nation’s growing needs in cybersecurity. Maryland researchers will apply their unique expertise in wireless and network security, cryptography, secure software, cyber supply chain security & cybersecurity policy to generate ground-breaking, innovative solutions to current and future cybersecurity threats.

SOURCE University of Maryland

CONTACT: Missy Corley, mcorley@umd.edu

Web Site: http://www.eng.umd.edu/

===============

IEEE Experts Predict Smartphone Hacking Will Soar in 2012

Cybersecurity Jobs

PISCATAWAY, NJ /PRNewswire/

“Free Isn’t Necessarily Free,” Warns IEEE Fellow Jeffrey Voas

Experts at IEEE  – the world’s largest technical professional association – say smartphone owners are increasingly paying a high price for free mobile applications, with 2012 set to be a disruptive year of widespread mobile hacking. Research by IEEE Fellow Dr. Jeffrey Voas in the US has so far uncovered malware in more than 2,000 free smartphone apps. Voas says free, rogue applications like this will be the most common access-point for hackers over the next year.

“The issue with free apps is that you’re paying a price you don’t know about,” says Voas, who is also a computer scientist at the National Institute of Standards and Technology (NIST). “Of free mobile applications, approximately 1 in 100 now visibly contain malware – and that doesn’t even account for the ones where the malware is so hidden it’s impossible to spot. This number is growing by the day and with most of these rogue apps offering good functionality for free, it’s easy to be victimized.”

Adds Voas, “Smartphone users need to remember that free isn’t necessarily free. It can lead to hackers accessing all of the information stored on your phone and transmitting it within two to three seconds.”

Dr. Madjid Merabti, an IEEE Senior Member and Professor of Networked Systems at Liverpool John Moores University, UK, says while the public has been trained to recognize cyber-security threats associated with their PCs and laptops, they do not see their smart phones as computers and subject to the same threats. And in some ways those threats are even worse.

“Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection,” Merabti says. “These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment.”

Kevin Curran, a Senior Member of the IEEE and Head of the School of Computing and Intelligence Systems at the University of Ulster, UK, says businesses will be the main victims in 2012. “With more people using the same phone for business and personal reasons, the upsurge in smartphone hacking presents a real issue for businesses as well as consumers,” he says. “A company can have all appropriate firewalls in place, but it takes just one employee to download malware onto their phone. In fact, with more senior employees using phones for work, it is likely to be C-suite executives exposing businesses to vulnerabilities.”

According to Curran, a “trusted app” approach is needed to combat hackers, something he hopes can be in place by 2013. He says he expects an increased number of people hacked via mobile phones in 2012 will motivate the industry and governments to define and implement such a system.

IEEE and its members are responding to the growing cyber-security threats by sharing knowledge and understanding through publications such as IEEE Security & Privacy as well as the Silver Bullet Security Podcast with Gary McGraw. You can subscribe to the security podcast here. IEEE also holds an annual IEEE Symposium on Security and Privacy, with the next one being held 20-23 May 2012 in San Francisco. The full proceedings of the 2011 conference are available free online . In addition, IEEE’s 2012 International Conference on Information Security and Intelligence Control will be held 14-16 August 2012 in Yunlin, Taiwan.

Other resources from IEEE:

- IEEE Spectrum recently reported that there were approximately one million cyber crime victims each day last year across 24 countries. – Watch an IEEE.tv video interview with McAfee Vice President of Strategy Vimal Solanki on current threats from the 2011 NIKSUN World Wide Security and Mobility Conference. – The IEEE Xplore Digital Library provides subscribers with both conference proceedings and peer-reviewed, research, including a proposal for an “application lockbox” for mobile device security outlined at the 2011 International Conference on Information Technology: New Generations.

Curran said the numbers game is working to attract hacker attention. “We saw 2011 as the year of the social network attack,” he says. “But with the number of smartphone users now representing approximately 20 percent of the mobile market, we will now see an explosion in smartphone attacks, both by technical experts and by novices buying tools from dark websites and conducting low-tech but effective scams. It only takes a couple seconds to steal personal information.”

For more information on IEEE, or to speak with a member about cyber security, please contact: ieeeteam@webershandwick.com.

About IEEE

IEEE, the world’s largest technical professional association, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Learn more: http://www.ieee.org.

Source: IEEE

Fiona Bates of Weber Shandwick, +44-207-067-0703, fbates@webershandwick.com, for IEEE; or Gailanne Barth of IEEE, +1-732-562-5315, g.barth@ieee.org

===============

FYI Tidbits // S. 1747 ~ Computer Professionals Update Act would eliminate overtime payment for IT professionals

The Computer Professionals Update Act, which amends provisions in the Fair Labor Standards Act of 1938, would exempt IT professionals who make at least $26.73 hourly from the overtime payment requirement. IT professionals in this case are defined as those whose duties relate to “computers, information systems, components, networks, software, hardware, databases, security, Internet, intranet or websites,” whether it is analysts, programmers, engineers, designers or developers, according to the bill.

Read S. 1747 – Computer Professionals Update Act

Read more/learn more: http://fcw.com/Blogs/Management-Matters/2011/12/Proposal-to-eliminate-overtime-pay.aspx

Hot Job ~ Project Manager ~ Disaster Recovery, Washington DC

Semper Fi Staffing Solutions LLC is a veteran owned and operated placement service. Companies hire us to identify and screen candidates for available positions. Our specialties span all industries from physical security to program developers.

TITLE: Project Manager – Disaster Recovery (interfacing w/ Coop)

Salary: $85 – $100k

LOCATION: Washington DC

Position Type: Full Time

Experience Requirement: Six years of experience providing management for DoD and/or the IC

Education Requirement: Bachelor’s degree or Equivalent Experience

Security clearance required: Active TS/SCI (SSBI w/ in last 4 years)

Certifications: Project Management Institute (PMI) Project Management Professional (PMP)certification or advanced degree in management.

Semper Fi Staffing Solutions LLC is currently seeking candidates with a current TS/SCI for a Project Manager position currently open in Washington, DC. Contact Joseph Reagan for more information. 225-281-8881 or email resume and cover letter to joseph.reagan@hirewarriors.com for more information.

Description: Support a DoD customer, whose focus is on the fusion and analysis of Intelligence information.

Duties: Provide project management and planning support for Disaster Recovery (DR) (cooperating with the Continuity of group) coordination and planning. Attend all DR planning and exercise execution sessions. Develop project plans developed in unison with stakeholders and other internal organizations. Manage financial, personnel, and equipment resource availability for assigned DR project actions. Coordinate internal and external tasking related to DR, as well as coordinating planning efforts to ensure an enterprise wide DR policy is developed and maintained. Position will also serve as the cognizant authority for employee designation and site assignment in the case of a COOP event. On a continuing basis, member will conduct risk assessments and adjust DR policy accordingly. Member will coordinate with system engineers to develop detailed engineering plans for DR. Ensure each service owner develops their own Disaster Recovery Plan (DRP) to identify how each service will be recovered in the event of a disaster or failed hardware/software operation. Support new project identification and tracking and project requirements evaluation and functional analysis. Lead the evaluation of preliminary design, schedule and cost estimates to include a list of materials including hardware and software. Validate project concepts with the customers and stakeholders to create or validate business cases for management decisions. Create or review and finalize project implementation plans. Define, manage, monitor and control project scope, cost, risk and schedule. Plan for and ensure adequate project documentation is completed. Provide oversight of system installation, system testing, and monitoring of deployment into the production environment. Define requirements for end-user training and system administration and operational support staff. Perform or lead project close-out activities and define plan for system deactivation and/or retirement. Provide weekly status reports of projects, and when required brief status reports (quad charts) to senior government management.

Minimum Qualifications (continued):

  • Experience managing Disaster Recovery
  • Project Management Institute (PMI) Project Management Professional (PMP) certification or equivalent certification
  • Working knowledge of MS Office products such as Word, Excel, PowerPoint, Project (including EPM),SharePoint and Visio
  • Experience creating systems engineering work products including manuals, SOPs, training aides, installation and deployment documents
  • Have excellent listening, interpersonal, written and oral communication skills
  • Ability to effectively prioritize and execute tasks while under pressure
  • Strong customer service orientation
  • ADDITIONAL DESIRED QUALIFICATIONS:

  • Management of infrastructure solution development experience
  • Excellent creative problem-solving skills
  • ITILvS certification
  • Behavioral Requirements:

  • Mission oriented – we are crucial to mission success
  • Good communication, interpersonal and professionalism skills are required.
  • Must be reliable
  • Highly motivated and results oriented professional who enjoys working in a fast paced environment
  • Strong communicator who can work directly with client users of all levels of staff and management
  • Demonstrates initiative and adaptability
  • Values achievements and action
  • Strong analysis and problem solving skills – always looking for the better way
  • Candidate must be customer oriented as our success is heavily based upon their satisfaction, which has at least as much to do with people skills and communications as technical capabilities. In addition to technical excellence, our clients judge us on promptness, attention to detail, presentation, and communication with their staff. Benefits Summary:

  • Holiday and Leave Benefits
  • Medical and Dental Insurance
  • Life Insurance
  • Retirement Plan
  • Flexible Spending Accounts
  • ===============

    Sotera Defense Solutions, Inc. ~ An employer you should know

    Sotera Defense Solutions, Inc. (Sotera) is an mid-sized national security technology company delivering systems, solutions and services in support of the critical missions of the Intelligence Community, Department of Defense, Department of Homeland Security and federal law enforcement agencies charged with ensuring the safety and security of our nation.

    It has 1,400 employees focused on counterterrorism, cyber operations, intelligence, C4ISR and force mobility solutions to our customers throughout the national security community.

    Services

    Sotera delivers services and solutions ranging from command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) systems and advanced engineering to counterterrorism, intelligence and expeditionary field support for customers in the Department of Defense, Department of Homeland Security, Intelligence Community and federal law enforcement agencies.

    Technology and Intelligence Services

    Counterterrorism Intelligence and Analysis

    Sotera assists the Intelligence Community and other national security customers by facilitating the flow of critical information between U.S. government agencies to enhance decision making to protect the safety and economic well-being of our nation.

    By providing IT specialists, software developers and counterterrorism subject matter experts to a number of agencies, Sotera contributes to the creation and analysis of actionable intelligence.

    A key area of its expertise involves the monitoring of multiple classified and unclassified networks for potential terrorist-related threats and threat notification for rapid decision-making. Sotera is an industry leader in the field of terrorist watchlisting.

    Cyber Intelligence and Cyber Operations

    Sotera delivers cyber security systems and software engineering expertise in support of the critical intelligence, counterterrorism, and cyber security missions of our national security customers.

    It is an industry leader in the design, development and deployment of next generation net-centric mission solutions that collect, analyze and protect vital information in cyberspace, leveraging core competencies in systems engineering and architecture, software engineering, content exploitation and defense analytics.

    Data Analysis and Intelligence Information Sharing

    Sotera deploys analytical tools and subject matter experts to facilitate faster and more thorough analysis of threats for critical intelligence-related, federal law enforcement, homeland security and counterterrorism missions, and it enables information to be shared across multiple agencies.

    By integrating key data sources and exploring direct and non-obvious relationships of interest, its solutions support collaboration and information sharing and threat detection, helps ensure the mitigation of risks to our national security.

    C4ISR and Mission Systems

    Sotera designs and delivers C4ISR and mission-related systems to support U.S. Warfighters, wherever they operate.

    It enhances command and control systems, develops C4I mission applications and mission planning solutions, as well as research, develop and evaluate electronic countermeasure techniques. Sotera designs and deploys computer-based navigation systems and geospatial information systems that integrate data from multiple sensors providing decision-makers with real-time situational awareness of the coastal waterways and port/harbor environments.

    In addition to the maritime domain, these systems are used to protect critical infrastructure, secure borders, provide physical security information management and improve decision-making capabilities of national security customers.

    Assured Enterprise IT

    Sotera delivers mission-focused Assured Enterprise IT services and solutions to national security agencies operating in mission-critical environments and zero tolerance settings.

    The expertise of Sotera IT specialists is focused on enterprise architecture and systems engineering, IT & network security, network engineering and intelligence analysis. Customer intimacy, technology leadership and development of its technical staff are essential elements in its approach and adeptness at delivering quick reaction solutions to mission-critical scenarios.

    Network Design and Management

    Sotera develops, deploys and operates sophisticated and secure networks for agencies across the defense, homeland security, intelligence and federal law enforcement communities.

    Its network solutions support data and system integration, information security and cross-agency collaboration critical to operations in a complex and evolving cyber-security environment. Solutions include network topology design, data encryption, algorithm development, cross domain solutions development, data visualization and high assurance guard (HAG) development, which enables the transfer of classified and unclassified data to and from multiple security enclaves.

    Learn more about Sotera Defense Solutions, Inc.

    ===============

    Job Interview Tips

    Job Interview Tips

    An interview gives you the opportunity to showcase your qualifications to an employer, so it pays to be well prepared. The following information provides some helpful hints.

    Preparation:

  • Learn about the organization.
  • Have a specific job or jobs in mind.
  • Review your qualifications for the job.
  • Be ready to briefly describe your experience, showing how it relates it the job.
  • Be ready to answer broad questions, such as “Why should I hire you?” “Why do you want this job?” “What are your strengths and weaknesses?”
  • Practice an interview with a friend or relative.
  • Personal appearance:

  • Be well groomed.
  • Dress appropriately.
  • Do not chew gum or smoke.
  • The interview:

  • Be early.
  • Learn the name of your interviewer and greet him or her with a firm handshake.
  • Use good manners with everyone you meet.
  • Relax and answer each question concisely.
  • Use proper English—avoid slang.
  • Be cooperative and enthusiastic.
  • Use body language to show interest—use eye contact and don’t slouch.
  • Ask questions about the position and the organization, but avoid questions whose answers can easily be found on the company Web site.
  • Also avoid asking questions about salary and benefits unless a job offer is made.
  • Thank the interviewer when you leave and shake hands.
  • Send a short thank you note following the interview.
  • Information to bring to an interview:

  • Social Security card.
  • Government-issued identification (driver’s license).
  • Resume or application. Although not all employers require a resume, you should be able to furnish the interviewer information about your education, training, and previous employment.
  • References. Employers typically require three references. Get permission before using anyone as a reference. Make sure that they will give you a good reference. Try to avoid using relatives as references.
  • Transcripts. Employers may require an official copy of transcripts to verify grades, coursework, dates of attendance, and highest grade completed or degree awarded.
  • Source: Occupational Outlook Handbook, 2010-11 Edition

    ===============