Since it’s my new chosen field…
This is really fascinating. The days of teenage “script kiddies” have long since passed. The new hackers are professional, ruthless and in many cases waging a new form of asymmetrical warfare.
If you’re online and you’re not securing your data you really need to change your ways.
Any advice?
I was planning on going into that field until I figured out that while most companies know they need to secure their data. Very few are willing to pay for security. So I decided to stick with server management.
I’m just starting out on my Masters and I’m more on the Policy/Management end so I couldn’t give you much more advice than making sure all your software is updated and that you have good antivirus protection.
I’m sure there are more expert opinions than mine on specific things to do outside of your common sense precautions. I was just trying to give everyone a head’s up.
Like anything else there is a cost/benefit aspect and many companies fear the repercussions from public relations (though I’m not sure I agree) from having their networks compromised.
National security apparatuses don’t have that luxury but the new hacker is professional, skilled and disciplined.
There’s more money made in cyber-crime worldwide, than in illegal drug trafficking.
Let that sink in for a minute. Then think about how many “cops” you have working on each issue.
(Note: I’m not starting a urination contest about legalization of drugs, just pointing out numbers.)
M4fundi - do some Googling with “United States Secret Service” “Carnegie Mellon University” and “cybercrime”. Throw in identity theft and some other terms.
There are a lot of resources there, and good advice. Be really careful who you give data to. Don’t let companies keep your CC data on file. Shred everything you throw away that has PII - Personally Identifiable Information.
I do this for a living for a Fortune 100 company. It’s not a matter of if you get breached, it’s when. It’s exactly like terrorism. You have to be perfect all the time, and they only have to get lucky one time.
What do the smart folks say on this board? An amateur plans for success, a professional plans for failure.
Doc, are you working on a CISSP, or a MA in Information Assurance? If you have a chance, you might want to look into the IA program at VMI. NSA also has some great resources for IA programs, and are sponsoring some great opportunities.
I had my CC # stolen and a false CCs created with it. CHASE caught it and called me. They told me there was record CC# theft that month and that it was the future and there was nothing I could do to protect myself from the pros as they were hacking corporate data bases and stealing the CC#s a few million at a go.
I have a friend who recently worked as a VP for a computer security company and after talking to him about how it all works it just seems like your info is the ball in a cyber rugby scrum just getting moved back and forth between being safe and unsafe with little ability to genuinely protect it.
Is anyone familiar with the agents within a chip?
My program is an MS in Information Security and Policy Management at Carnegie Mellon. My advisor was the guy who figured out that you could predict SSNs by publicly available information at more than 85% success rate.
Seriousstudent offered some very good advice.
On the management side you will want your CISSP. If you are considering working in or for the government you will also want your NSA 4011 & 4012. Most schools work all three in to their Masters programs anymore.
Excellent school! Good luck there, CMU has a terrific rep. Turning out folks like Mark Russinovich, Bryce Cogswell and others.
Thanks for the kind words.
I also agree with Preferred User. The trifecta is an IA degree, with a CISSP and a TS/SCI security clearance. That’s a license to print money. Did you have a Secret when you were in the Navy?
M4Fundi - you want to know the cast-iron beyotch is?
Large corporations like mine DO NOT WANT to store your credit card info. But the CC companies make us store it, in case there is a dispute. We have to be able to prove the transaction, with the actual CC number. Not a transaction ID, not a validation code issued by the card company, but the freaking number.
Sigh…
The concept you are mentioned is frequently referred to as “chip and PIN”. The Brits use it.
http://en.wikipedia.org/wiki/Chip_and_PIN
Honestly, until companies put together a better system that utilize good multi-factor authentication, and standards better than PCI, crap like this will continue.
I actually carry and use cash a lot. In some ways, it’s safer than using a credit or debit card.
Scary, huh?
They’ve got me in front of CERT right now for a research position and that may be where I’ll end up interning but they’ll have to do a check before I get accepted. I’m actually pretty interested in private sector so I may not go that route. Health record security/privacy has a lot of appeal for me given my medical background. Thanks to UPMC Pittsburgh is something of a medical mecca.
IIRC every member of the armed forces gets a “secret” clearance. No one did a full-on FBI check that I know of. TS/SCI is about a $20K process if memory serves and they would have to perform it regardless of my military background.
CMU is a very good school, since I’m one of two History/Liberal Arts types in the entire program I’m still waiting for someone to tap me on the shoulder and say “WTF are you doing here?” :neo:
You would know (as would your neighbors, friends of your friends, former employers, schoolmates, etc.). TS/SCI requires quite a bit of paperwork on your part to even get started.