Chris's CYBR650 Blog

Week 8 Blog Cyber Warriors? My organization, the US Air Force, is eyeing a major shift in how it approaches what was considered “IT” when I first entered the service. Most personnel in computer career fields spent 100% of there time on fielding and supporting whatever computer systems were deemed necessary for mission success. The new initiative is driving the effort to transition these support personnel to cyber defensive personnel. Gone will be “blue suiters” imaging computers, mapping home drives, or managing e-mail boxes. These personnel will transition into defense teams with specialized missions of defending critical cyberspace terrain. This isn’t new, as a lot of organizations are looking at something similar. In many cases though, I would imagine they can often hire new staff and rapidly train those that remain. In a large and relatively slow-moving organization though it will be interesting seeing how this unfolds. It may seem like a natural transition to take someone...

Week 7 Blog Its National Cybersecurity Awareness Month! October is designated as Cybersecurity Awareness Month , generally a time of the year for the Government to post some helpful guidelines for everyday people to read about how cyber security could impact their lives. Typically, these involve a good exposure of common threats and vulnerabilities to personnel without much direct cybersecurity knowledge. This year there are four themes for the four weeks of the month: Cybersecurity at home, careers in cybersecurity, workplace cybersecurity, and critical infrastructure cybersecurity.   More specifically, week 4, Oct. 22–26 will be about safeguarding the Nation’s Critical Infrastructure. When most read this they correctly assume this means energy, financial, and emergency systems or maybe centralized communications and transportation. Those are all considered critical infrastructure, and afforded enhanced protection resources through that designation. One item that many ma...

Week 6 Blog, but more a review of “Self-Defending Networks: AI and the Future of Cyber Defense” I wrote an article review for a Risk Management class this week. The article discussed the need for financial IT risk analysts to start capitalizing on the advent of new technologies such as AI, blockchain, and cognitive computing. The article was mainly about framing how these technologies might introduce new risks or threat vectors, or how they can be leveraged to help them manage risks and controls better. Not a lot of specifics on what actually is going to change. AI sounds great, but what does it actually do? Also, what is now obsolete? This got me thinking about what the future of cyber security is going to look like. I have never actually worked in the industry (19 years in the military), receiving most of my knowledge through formal education, so my thoughts on this are still developing as I learn and gain experience. Enterprise Immune System I stumbled across a video fr...

Will Harry and Mae’s Diner Ever Listen to their Paid Consultants? This week in class we are working through the familiar (at least for Bellevue Cybersecurity students) Harry and Mae’s case study . This examines a franchise of diners, and depending on the class you are in, you examine it through the lens required…it could be risk management, secu re network design, or threat analysis. One item I got to thinking about this week is the individual franchises under a company like this, and how much leeway they have when deciding how to run their own infrastructure. This is especially important when the headquarters policies dictate an insecure implementation of the IT equipment, such as is the case with Harry and Mae's. In my specific experience with them, this will be the third time I have recommended basic security configurations without any visible action on their part. Point of Sale Security Certainly, a hot-topic over the last few years, point of sale devices a...