Happy National Cybersecurity Awareness Month! In its 17^th year of existence, National Cybersecurity Awareness Month (NCSAM) is continuing to raise awareness about the importance of cybersecurity across the nation. In an age where almost every week we are being notified of breaches of digital information, NCSAM offers the opportunity to continue to educate Americans and corporations about the importance of their cybersecurity teams, their software, and the importance of securing their customer’s information online. The NCSAM’s theme this year is “Do Your Part. #BeCyberSmart” and in supporting that theme, Black Girls Hack is doing our part to highlight the impact of the lack of diversity in Cybersecurity.

While Cybersecurity has many diversity problems, none are more glaring than the lack of women, and the lack of African Americans. In 2019, the Bureau of Labor Statistics performed a survey of employed persons detailed by occupation, gender, race and ethnicity. In that survey, African Americans represented 7.6% of Information Security Analyst positions and women represented 17.1% of those roles. Similar statistics exist for all the Professional and Related Occupations including Systems Analysts, Programmers, Software Developers and Network and System Administrators to name a few. The lack of diversity in Science, Technology, Engineering and Mathematic (STEM) roles, is a direct reflection of the amount of diversity in STEM undergraduate and STEM graduate programs and in STEM programs in high school, and middle school and elementary school. *Insert infinity mirror*

More than just lacking representation, and role models, the lack of diversity in Cybersecurity has many unintended side effects such as adding bias to artificial intelligence, signature analysis and definition, and systems themselves. Malicious actors are creative and diverse in their way of thinking and to stay ahead of the game, cybersecurity professionals must be reflective of that trend and of society.

Organizations are using artificial intelligence to do everything from deciding what to watch next, to driving, to interviewing and determining the best candidate, and criminal justice. Analysis has shown that the over-representation of men in the design of artificial intelligence leads to both cultural and gender bias in the developed systems. Machine learning, which is how systems gain their “intelligence” is built off the data that it is provided with and  if that data, and the design and development of the algorithms are biased, the resulting application of the technology will perpetuate that bias (Leavy, 2015).

More advanced intrusion detection systems for example use Artificial Neural Network based Intrusion Detection Systems (IDS) to help detect attacks. These Artificial Neural Network IDS systems analyze large volumes of data and use that data to help predict attacks and learn from its mistakes (Garzia, Lombardi, & Ramalingam, 2017). Recent studies have shown that examination of facial analysis software shows an 0.8 percent error rate for light skinned men, and a 34.7% error rate for dark-skinned women (Hardesty, 2018). Three reviewed commercially released facial analysis programs from major technology companies showed both skin color/skin type and gender related biases. What that means for us, as consumers of these systems, is that these systems, having learned how to respond based on the data it was provided will have difficulty in identifying the way women make decisions, and differentiating black faces in video footage, and determining if a Black woman is a good fit for a job when it can’t accurately interpret her facial expressions.  Some companies are replacing first round interviews with AI assisted technology. Applicants are asked to use a webcam to respond to interview questions on video. The employers can then use AI to “review” the interviews to evaluate if the candidate matches in demeanor, enthusiasm, facial expressions, or word choice (Burke, 2019). Based on this evaluation the candidate is then recommended (or not) for the next round of interviews. When AI cannot properly analyze darker skin or gender based differences, and is built from data and developers with inherent biases, this serves the purpose of both eliminating diverse applicants from the hiring process, and reducing the number of diverse employees within the companies.

So why isn’t this being shouted from the mountain tops? It’s because research has shown that the people who often address gender and racial bias in Artificial Intelligence and developed software are often those affected by the bias (Leavy, 2015). Susan Leavy in her white paper on Gender Bias in Artificial Intelligence argues that by recognizing the bias, women are more likely to understand its impact and attempt to resolve it (Leavy, 2015). The problem? While women represent 47% of the occupational workforce, they represent 27% of Chief Executives, 28% of Computer and Information Systems Managers, 20% of computer programmers, 18% of software developers, and 17% of information security analysts. African Americans fare far worse representing 4% of Chief Executives, 9.6% of Computer and Information Systems Managers, 8.5% of computer programmers, 5.8% of software developers, and 16.6% of information security analysts (BLS.gov, 2020).

Cybersecurity has a diversity problem and until minority and gender discrepancies in hiring, education, and access to resources are resolved, America and its citizens will be worse off in every aspect of the industry.

BLS.gov. (2020, January 2020). Labor Force Statistics from the Current Population Survey. Retrieved from BLS.gov: https://www.bls.gov/cps/cpsaat11.htm

Burke, L. (2019, November 4). Your Interview With AI. Retrieved from insidehirered.com: https://www.insidehighered.com/news/2019/11/04/ai-assessed-job-interviewing-grows-colleges-try-prepare-students

CISA.gov. (2020, October). National Cybersecurity Awareness Month. Retrieved from CISA.gov: https://www.cisa.gov/national-cyber-security-awareness-month

Garzia, F., Lombardi, M., & Ramalingam, S. (2017). An integrated internet of everything — Genetic algorithms controller — Artificial neural networks framework for security/safety systems management and support. International Carnahan Conference on Security Technology (ICCST).

Hardesty, L. (2018, February 11). Study finds gender and skin-type bias in commercial artificial-intelligence systems. Retrieved from MIT News: https://news.mit.edu/2018/study-finds-gender-skin-type-bias-artificial-intelligence-systems-0212

Leavy, S. (2015, May 28). Gender Bias in Artificial Intelligence: The Need for Diversity and Gender Theory in Machine Learning. Retrieved from https://ame-association.fr/wp-content/uploads/2018/11/17.188_gender_bias_in_artifical_intelligence_the_need_for_diversity_and_gender_theory_in_machine_learning.pdf

Network and computer systems administrators are responsible for the day-to-day operation of computer networks.

Entry Level Education – Bachelor’s degree

2019 Median Pay – $83,510 ($40.15/hour)

Job outlook – 4%

What they do: Network and computer systems administrators are responsible for the day-to-day operation of computer networks. Network and computer systems administrators work with the physical computer networks of a variety of organizations and therefore are employed in many industries[1].

Where do I start:

Certifications: Network+, CCNA

Where do they fall in the NIST[2] – Network systems administration fall under the Network Services Specialty area. They most closely align to the Network Operations Specialist in the NICE Framework.

[1] https://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

Web developers design, create and maintain websites [1].

Entry Level Education – Associate’s degree

2019 Median Pay – $73,760 ($35.46/hr)

Job outlook 8%

What they do: Web developers design, create and maintain websites. They can work in design, publishing, management consulting or advertising to name a few.  

Where do I start: Learn HTTP, Javascript and CSS.

Where do they fall in the NIST[2] – T0195 Provide a managed flow of relevant information (via web-based portals) , T0380 Plan instructional strategies such as web-based courses T0601 Collaborate with other team members to develop a diverse program of information materials (e.g web pages) are all tasks identified in the NICE Framework. These skills can be used by Cyber Instructional Curriculum Developers

[1] https://www.bls.gov/ooh/computer-and-information-technology/web-developers.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

If you’re interested in ethical hacking and penetration testing in general, much of the practice and home lab set up includes setting up various Linux machines and using them to practice your scanning, enumeration, hosts, ports, services, and vulnerabilities exercises are done with Linux machines. To set up a Kali machine which is at the beginning of many home lab set up guides, you need to put it on a Linux machine. Also, many of the tools you will find yourself using are command line tools and many commands do not work the same in Windows as they do in Linux. This is why if you’re interesting in pursuing a career involving ethical hacking that it is important that Linux be on your world domination plan and why its a refresher on mine.

I used to be well versed in Linux in undergrad but haven’t really had to use it since then except in vms that I was putting together for my home lab. Part of this effort for me is Linux specifically, and part of it is just an overall command line refresher. Either way, this is one of those topics that I have an abundance of resources, many of which are free or cheap.

• Codecademy (Command Line Refresher)
• TryHackMe (Learn Linux Box)
• Comptia Linux + Study Guide and Practice Tests
• Udemy Linux
• Udemy Linux Privilege Escalation
• Pearson Advance Linux
• Edx Introduction to Linux
• Easy Linux for Beginners (Humble)
• Linux Command Line (Humble)
• 101 Linux Labs (Free on Kindle Plus)
• How Linux World (Humble)
• Linux Pocket Guide (Humble)
• ITPRO Linux Essentials

What time is it? Its Java time! Today is Java day in the world domination plan and so the discussion is resources to help you learn Java. I tend to lean heavily on the free and cheap resources so this list is by no means exhaustive. Also just a caveat, I have programmed with Java for a few years in the past so my Java day is moreso of a refresher and to learn how to do it more efficiently and securely.

• Codecademy
• Test Automation using Selenium WebDriver with Java: Step by Step Guide
• Core Java Volume I–Fundamentals
• freecodecamp
• Git (You can use GitHub as a repository for your code and Git to push and pull it from the command line)
• Coursera
• edX
• Humble Bundle Software Development
• Humble Bumble Programming by Packt
• Java 11 Cookbook by Packt
• Learn Java 12 Programming by Packt

Can I tell you the real reason APIs made my world domination list. The real real reason??? Well my husband and I order a lot of door dash, and I got it into my head that my next project I want to make a program in Python to find out how much we spend per month on door dash. That’s the real reason why. But regardless of how it got on the list, its on there so we need some study resources. I have the following:

• An Intro to APIs by Brian Cooksey is available on Kindle for FREE

• API info on FreeCodeCamp.com

• Udemy APIs

• Code and Supply Crash Course on YouTube

Web development got on my plan for a couple reasons. One, because I need to put up a website, and two, full stack development skills are good to have. Regardless, i’ve got lots of resources that you might find of use. I actually took a web dev course in undergrad where I designed my first website using dream weaver. There’s so much more to web development. There is nothing backend on this list… there should be

• Dreamweaver
• Codecademy HTML
• Codecademy Javascript
• Codecademy React
• Pentester labs (more on the what to look for that makes them insecure than the building)
• Udemy Front End Web Development
• Udemy Full Stack Web Developer
• Learning JavaScript Data Structures and Algorithms (Packt) Humble Bundle
• Multimedia Web Design (Mercury) Humble Bundle
• HTML 5 Programming Video (Mercury) Humble Bundle
• Udemy
• Coding Dojo https://www.codingdojo.com/blog/best-free-web-development-courses-beginners

Software developers create the applications or systems that run on a computer or another device. [2].

Entry Level Education – Bachelor’s degree

2019 Median Pay – $107,510 ($51.69/hour)

Job outlook 22%

What they do: Software developers create applications using programming languages to solve complex problems.  They work in computer design and services and create programs that fix problems or that can be used to fix problems.

Where do I start: Programming languages such as Java, C++, Python, Cobol, C#, and Go

Where do they fall in the NIST[2] –Software Developers fall under the Software Development Specialty Area.

[1] https://www.bls.gov/ooh/computer-and-information-technology/software-developers.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

I’m getting a head start on tomorrow, tomorrow’s (Sept 22nd) world domination plan topic is Networking. Networking is one of those foundation level things that you’ve got to be strong in for a lot of the higher level cybersecurity options. For me i’m studying for the Network+ as well as trying to master subnetting. I’ve got some Network+ resources including a few text books from Humble Bundle, a Network+ Course from Wiley Efficient Learning as well as one of YouTube’s influencers Professor Messer who also helped me pass my security+ exam.

• Wiley Efficient Learning Network+ Course – (from Humble Bumble but course is offered by Wiley)
• CompTIA Network+ Review Guide: Exam N10-007 (Humble Bumble)
• CompTIA Network+ Study Guide: Exam N10-006, 3rd Edition (Humble Bumble)
• CCNA Routing and Switching Complete Study Guide: Exam 100-105, Exam 200-105, Exam 200-125 (Humble Bumble)
• Network Security Bible, 2nd Edition (Humble Bumble)
• Cisco Networking Essentials, 2nd Edition (Humble Bumble)
• Network Attacks and Exploitation: A Framework (Humble Bumble)
• Microsoft Windows Networking Essentials (Humble Bumble)
• Professor Messer YouTube
• Udemy Subnetting Fundamentals
• Udemy Python for Network Engineers
• classcentral.com Computer Networking Courses including (The Bits and Bytes of Computer Networking, Peer to Peer Protocols and Local Area Networks and TCP/IP and Advanced Topics to name a few)

Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. [2].

Entry Level Education – Bachelor’s degree

2019 Median Pay – $99,730 ($47.95/hour)

Job outlook 31%

What they do: Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems.

Where do I start: Security+ shows foundational security knowledge

Certifications: CEH, Certified Information Security Manager, Security+, Certified Information Systems Security Professional (CISSP)

Where do they fall in the NIST[2] –Information System Analysts can fall in the Systems Development and Systems Analysis Specialty Areas

[1] https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf