What Can I Do? Information Systems Security Manager

Information Systems Security Manager

Entry Level Education – Bachelor’s degree

2019 Median Pay – $ 146,360 per year($70.37/hr)

Job outlook – 10%

What they do: They are responsible for the cybersecurity of a program, organization, system, or enclave. They are responsible for the planning, coordination and the direction of computer related activities in an organization.

Where do they fall in the NIST[2] – Information Systems Security Managers work in the Cybersecurity Management specialty area.

Where do I start: Information Security Managers typically have advanced level certifications such as the CISSP, PMP, or GIAC. Because they are managing organizations they typically have 5 or more years of experience.

[1] https://www.bls.gov/ooh/management/computer-and-information-systems-managers.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

What Can I Do? Trainers and Educators

Cyber Instructor or Trainer

Entry Level Education – Bachelor’s degree

2019 Median Pay – $61,210 ($29.43/hr)

Job outlook – 9%

What they do: Trainers lead training activities and design and develop training or education of personnel within the cyber domain.

Where do they fall in the NIST[2] – Trainers fall under the Training, Education and Awareness (TEA) Specialty area and they can have jobs such as Cyber Instructor, or Cyber Instructional Curriculum Developers.

Where do I start: Learn something new and teach someone. In addition to a bachelor’s degree, training specialists need work experience in teaching, tutoring, or educating others.

[1] https://www.bls.gov/ooh/business-and-financial/training-and-development-specialists.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

Cybersecurity’s Not So Secret Diversity Problem

Happy National Cybersecurity Awareness Month! In its 17th year of existence, National Cybersecurity Awareness Month (NCSAM) is continuing to raise awareness about the importance of cybersecurity across the nation. In an age where almost every week we are being notified of breaches of digital information, NCSAM offers the opportunity to continue to educate Americans and corporations about the importance of their cybersecurity teams, their software, and the importance of securing their customer’s information online. The NCSAM’s theme this year is “Do Your Part. #BeCyberSmart” and in supporting that theme, Black Girls Hack is doing our part to highlight the impact of the lack of diversity in Cybersecurity.

While Cybersecurity has many diversity problems, none are more glaring than the lack of women, and the lack of African Americans. In 2019, the Bureau of Labor Statistics performed a survey of employed persons detailed by occupation, gender, race and ethnicity. In that survey, African Americans represented 7.6% of Information Security Analyst positions and women represented 17.1% of those roles. Similar statistics exist for all the Professional and Related Occupations including Systems Analysts, Programmers, Software Developers and Network and System Administrators to name a few. The lack of diversity in Science, Technology, Engineering and Mathematic (STEM) roles, is a direct reflection of the amount of diversity in STEM undergraduate and STEM graduate programs and in STEM programs in high school, and middle school and elementary school. *Insert infinity mirror*

More than just lacking representation, and role models, the lack of diversity in Cybersecurity has many unintended side effects such as adding bias to artificial intelligence, signature analysis and definition, and systems themselves. Malicious actors are creative and diverse in their way of thinking and to stay ahead of the game, cybersecurity professionals must be reflective of that trend and of society.

Organizations are using artificial intelligence to do everything from deciding what to watch next, to driving, to interviewing and determining the best candidate, and criminal justice. Analysis has shown that the over-representation of men in the design of artificial intelligence leads to both cultural and gender bias in the developed systems. Machine learning, which is how systems gain their “intelligence” is built off the data that it is provided with and  if that data, and the design and development of the algorithms are biased, the resulting application of the technology will perpetuate that bias (Leavy, 2015).

More advanced intrusion detection systems for example use Artificial Neural Network based Intrusion Detection Systems (IDS) to help detect attacks. These Artificial Neural Network IDS systems analyze large volumes of data and use that data to help predict attacks and learn from its mistakes (Garzia, Lombardi, & Ramalingam, 2017). Recent studies have shown that examination of facial analysis software shows an 0.8 percent error rate for light skinned men, and a 34.7% error rate for dark-skinned women (Hardesty, 2018). Three reviewed commercially released facial analysis programs from major technology companies showed both skin color/skin type and gender related biases. What that means for us, as consumers of these systems, is that these systems, having learned how to respond based on the data it was provided will have difficulty in identifying the way women make decisions, and differentiating black faces in video footage, and determining if a Black woman is a good fit for a job when it can’t accurately interpret her facial expressions.  Some companies are replacing first round interviews with AI assisted technology. Applicants are asked to use a webcam to respond to interview questions on video. The employers can then use AI to “review” the interviews to evaluate if the candidate matches in demeanor, enthusiasm, facial expressions, or word choice (Burke, 2019). Based on this evaluation the candidate is then recommended (or not) for the next round of interviews. When AI cannot properly analyze darker skin or gender based differences, and is built from data and developers with inherent biases, this serves the purpose of both eliminating diverse applicants from the hiring process, and reducing the number of diverse employees within the companies.

So why isn’t this being shouted from the mountain tops? It’s because research has shown that the people who often address gender and racial bias in Artificial Intelligence and developed software are often those affected by the bias (Leavy, 2015). Susan Leavy in her white paper on Gender Bias in Artificial Intelligence argues that by recognizing the bias, women are more likely to understand its impact and attempt to resolve it (Leavy, 2015). The problem? While women represent 47% of the occupational workforce, they represent 27% of Chief Executives, 28% of Computer and Information Systems Managers, 20% of computer programmers, 18% of software developers, and 17% of information security analysts. African Americans fare far worse representing 4% of Chief Executives, 9.6% of Computer and Information Systems Managers, 8.5% of computer programmers, 5.8% of software developers, and 16.6% of information security analysts (BLS.gov, 2020).

Cybersecurity has a diversity problem and until minority and gender discrepancies in hiring, education, and access to resources are resolved, America and its citizens will be worse off in every aspect of the industry.

BLS.gov. (2020, January 2020). Labor Force Statistics from the Current Population Survey. Retrieved from BLS.gov: https://www.bls.gov/cps/cpsaat11.htm

Burke, L. (2019, November 4). Your Interview With AI. Retrieved from insidehirered.com: https://www.insidehighered.com/news/2019/11/04/ai-assessed-job-interviewing-grows-colleges-try-prepare-students

CISA.gov. (2020, October). National Cybersecurity Awareness Month. Retrieved from CISA.gov: https://www.cisa.gov/national-cyber-security-awareness-month

Garzia, F., Lombardi, M., & Ramalingam, S. (2017). An integrated internet of everything — Genetic algorithms controller — Artificial neural networks framework for security/safety systems management and support. International Carnahan Conference on Security Technology (ICCST).

Hardesty, L. (2018, February 11). Study finds gender and skin-type bias in commercial artificial-intelligence systems. Retrieved from MIT News: https://news.mit.edu/2018/study-finds-gender-skin-type-bias-artificial-intelligence-systems-0212

Leavy, S. (2015, May 28). Gender Bias in Artificial Intelligence: The Need for Diversity and Gender Theory in Machine Learning. Retrieved from https://ame-association.fr/wp-content/uploads/2018/11/17.188_gender_bias_in_artifical_intelligence_the_need_for_diversity_and_gender_theory_in_machine_learning.pdf

World Domination – Cloud

Whereas my Infrastructure plan is moreso focused on learning the infrastructure as a code principles to be able to develop and destroy servers and hosts in the cloud, my Cloud study is learning more so about the different cloud providers and the way they offer their services. For this I am looking specifically at Cloud based certifications such as those offered by Azure and AWS and Comptia’s Cloud+.

  • Oracle Cloud
  • Azure
  • AWS
  • Cloud + (Wiley)
  • Udemy Cloud Computing for Beginners with Microsoft Azure
  • YouTube Cloud Computing Course (There’s one by Simplilearn)
  • edX

World Domination – Cloud Infrastructure

My world domination plan includes cloud infrastructure because most of the world’s Fortune companies are running their infrastructures from the cloud. Whereas traditional networks included server farms, and physical infrastructures, cloud computing infrastructure includes all of the networking, storage, power, and virtualized resources that an organization needs. There are currently 3 main companies in the Cloud Computing market Amazon Web Services, Azure, and Google Cloud. Each providing Infrastructure as a Service (IaaS) models where they serve as third party hosts offering core infrastructure for their customers.

While each of the cloud computing companies offers the ability to for example create a Virtual Machine (VM) or a Virtual Network in the cloud, at a large scale companies such as Netflix, Hulu, Amazon, and others need their infrastructures created and destroyed in a much more efficient way. To do that the provisioning, modifications and removal of virtual servers, some organizations use infrastructure as code services such as Terraform and Kubernetes. Terraform is a vendor neutral service that allows you to develop code to provision servers on AWS, Azure, VMware and a number of other cloud services providers in the market. Kubernetes on the other hand takes a container management approach to infrastructure as code to manage system servers and networking. These are both very important to big tech companies and therefore very important areas that are needed for my world domination plan.

Resources I have for my study of Infrastructure include

  • Terraform training (available from their website)
  • Kubernetes training videos (available from their website and youtube)
  • Infrastructure as a Code (I bought from Amazon)
  • Terraform up & Running (I bought from Amazon)
  • Azure
  • AWS
  • Edx has some AWS courses
  • Oracle Learn

What Can I Do? Network and Computer Systems Admin

Network and computer systems administrators are responsible for the day-to-day operation of computer networks.

Entry Level Education – Bachelor’s degree

2019 Median Pay – $83,510 ($40.15/hour)

Job outlook – 4%

What they do: Network and computer systems administrators are responsible for the day-to-day operation of computer networks. Network and computer systems administrators work with the physical computer networks of a variety of organizations and therefore are employed in many industries[1].

Where do I start:

Certifications: Network+, CCNA

Where do they fall in the NIST[2] – Network systems administration fall under the Network Services Specialty area. They most closely align to the Network Operations Specialist in the NICE Framework.

[1] https://www.bls.gov/ooh/computer-and-information-technology/network-and-computer-systems-administrators.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

What Can I Do? Web Developers

Web developers design, create and maintain websites [1].

Entry Level Education – Associate’s degree

2019 Median Pay – $73,760 ($35.46/hr)

Job outlook 8%

What they do: Web developers design, create and maintain websites. They can work in design, publishing, management consulting or advertising to name a few.  

Where do I start: Learn HTTP, Javascript and CSS.

Where do they fall in the NIST[2] – T0195 Provide a managed flow of relevant information (via web-based portals) , T0380 Plan instructional strategies such as web-based courses T0601 Collaborate with other team members to develop a diverse program of information materials (e.g web pages) are all tasks identified in the NICE Framework. These skills can be used by Cyber Instructional Curriculum Developers

[1] https://www.bls.gov/ooh/computer-and-information-technology/web-developers.htm

[2] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

World Domination – Linux

If you’re interested in ethical hacking and penetration testing in general, much of the practice and home lab set up includes setting up various Linux machines and using them to practice your scanning, enumeration, hosts, ports, services, and vulnerabilities exercises are done with Linux machines. To set up a Kali machine which is at the beginning of many home lab set up guides, you need to put it on a Linux machine. Also, many of the tools you will find yourself using are command line tools and many commands do not work the same in Windows as they do in Linux. This is why if you’re interesting in pursuing a career involving ethical hacking that it is important that Linux be on your world domination plan and why its a refresher on mine.

I used to be well versed in Linux in undergrad but haven’t really had to use it since then except in vms that I was putting together for my home lab. Part of this effort for me is Linux specifically, and part of it is just an overall command line refresher. Either way, this is one of those topics that I have an abundance of resources, many of which are free or cheap.

  • Codecademy (Command Line Refresher)
  • TryHackMe (Learn Linux Box)
  • Comptia Linux + Study Guide and Practice Tests
  • Udemy Linux
  • Udemy Linux Privilege Escalation
  • Pearson Advance Linux
  • Edx Introduction to Linux
  • Easy Linux for Beginners (Humble)
  • Linux Command Line (Humble)
  • 101 Linux Labs (Free on Kindle Plus)
  • How Linux World (Humble)
  • Linux Pocket Guide (Humble)
  • ITPRO Linux Essentials

World Domination Plan – Java

What time is it? Its Java time! Today is Java day in the world domination plan and so the discussion is resources to help you learn Java. I tend to lean heavily on the free and cheap resources so this list is by no means exhaustive. Also just a caveat, I have programmed with Java for a few years in the past so my Java day is moreso of a refresher and to learn how to do it more efficiently and securely.

  • Codecademy
  • Test Automation using Selenium WebDriver with Java: Step by Step Guide
  • Core Java Volume I–Fundamentals
  • freecodecamp
  • Git (You can use GitHub as a repository for your code and Git to push and pull it from the command line)
  • Coursera
  • edX
  • Humble Bundle Software Development
  • Humble Bumble Programming by Packt
  • Java 11 Cookbook by Packt
  • Learn Java 12 Programming by Packt

World Domination Plan – APIs

Can I tell you the real reason APIs made my world domination list. The real real reason??? Well my husband and I order a lot of door dash, and I got it into my head that my next project I want to make a program in Python to find out how much we spend per month on door dash. That’s the real reason why. But regardless of how it got on the list, its on there so we need some study resources. I have the following:

  • An Intro to APIs by Brian Cooksey is available on Kindle for FREE
  • API info on FreeCodeCamp.com
  • Udemy APIs
  • Code and Supply Crash Course on YouTube