The CyberWire Daily Briefing 07.10.15
Those curious about how terrorist organizations establish persistent networks will find Perspectives on Terrorism's study interesting.
This week's outages at the New York Stock Exchange and United Airlines remain under investigation, but the emerging consensus is that they were unrelated and not the result of an attack. (Complex systems do fail, and their very complexity can constitute in effect a vulnerability, as discussions of ERP systems suggest.) The incidents have pumped up the valuations of some cyber security stocks.
The OPM affair in the US looks worse: over 21 million individuals' records are now acknowledged to have been compromised. Director Archuleta resigned this morning.
The consensus on the just-patched OpenSSL certificate verification bug is that it's serious, but not quite as serious as Heartbleed. Nevertheless, patch.
Hacking Team's data are still out there. Netragard, whose name appears amid those data, says it's pleased to be mentioned in dispatches, since the data make it look pretty good.
Those interested in the difference between bug hunting for fixes and bug hunting for exploitation may contrast accounts in (unrelated) stories by OpenDNS (the former) and Ars Technica (the latter).
VMware patches three products against a privilege-escalation vulnerability.
Singer and Cole make flesh creep with visions of what a World War III would look like (no spoiler: lots of cyber action).
Splunk buys Caspida, Avast Remotium, Fortinet Meru Networks.
The FBI still hasn't convinced encryption advocates that backdoors are either desirable or realistic (even after announcing it stopped terror attacks planned around Independence Day).
Today's issue includes events affecting Estonia, Iraq, Israel, Italy, Japan, Palestine, Syria, United Arab Emirates, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
How Jihadist Networks Maintain a Persistent Online Presence (Perspectives on Terrorism) Jihadist groups have used the opportunity created by the proliferation of social media platforms to create a persistent as well as ideologically cohesive presence for jihadist propaganda online which is intended to attract fighters and fundraisers to the cause. This article uses a range of big data techniques including network analysis, combined with examples of Jihadist communication strategy to identify the elements which have allowed groups to maintain a permanent presence for their content online, despite the efforts of western Governments working with social media platform providers
New York City Comptroller Office Website Hacked by Pro-Palestinian Hacker (HackRead) Hackers have a passion for hacking, but the way they choose their targets is something hard to understand. Just like this unpredictable hack we are about to report
Day of the bugs: Disruptions at NYSE, United Airlines and WSJ.com heighten cybersecurity concerns (Dallas Morning News) The cyber-outages came one after another: one of the nation's biggest airlines, its largest financial news publication and its main stock exchange
Akamai says it doesn't see any 'anomalies' after major Internet outages (Boston Business Journal) A spokesperson for Akamai Technologies, a Cambridge-based Internet content delivery firm, on Wednesday said the company hasn't seen any unusual activity in the midst of mysterious series of website outages that have impacted organizations including the New York Stock Exchange
United, NYSE and WSJ Glitches Were Not a Cyber Attack (Security Debrief) There's an old axiom in science and statistics: correlation does not imply causation. It's a caution against deducing too much from a seeming connection. Sometimes what walks and talks like a duck isn't actually a duck
OPM Announces More Than 21 Million Affected by Second Data Breach (National Journal) The federal personnel agency finally announced Thursday the scope of a massive hack of security-clearance information first revealed last month
Hackers Scored Personal Data on Over 21 Million Americans (Atlantic) The federal cyberbreach is now five times larger than initial estimates, and even the new figure captures only a fraction of those affected
OPM hack hit potentially millions of troops, vets (Military Times) Social Security numbers, family information, health records and even fingerprints of 21.5 million federal employees — including potentially millions of military personnel — were included a massive data theft last month from the Office of Personnel Management, officials acknowledged Thursday
OpenSSL bug serious — but no Heartbleed, say experts (ComputerWeekly) OpenSSL certificate verification flaw lets attackers impersonate cryptography-protected websites, email servers and virtual private networks (VPNs)
The OpenSSL "CVE-2015-1793" certificate verification bug — what you need to know (Naked Security) If you have anything to do with web security, like we do, you've probably been in "bated breath" mode this week
Hacking Team vendor calls breach a 'blessing in disguise' (CSO) In the aftermath of the Hacking Team incident, Netragard, a security firm in Acton, MA, called it a blessing in disguise after emails between the two companies were indexed and published by WikiLeaks
Dyre times ahead: Zeus-style trojan slurps your banking login creds (Register) List of countries targeted in cash theft scam oddly doesn't include Greece
Are Secure Communications Really Secure? Government Sites Affected by Weak DHE (TrendLabs Security Intelligence Blog) How secure is online public communication? Last May, a paper was published that discusses about the Diffie-Helman (DH) crypto-strength deployment, which gives strong evidence that the current DH usage is weak and suggests that 1024-bit size parameters can be broken with a nation state's computing power resources
Down the Darknet Rabbit Hole Again (Dark Matters) I've been back down the rabbit hole, into the Darknet again and it's been a hell of a hostile and discordant excursion this time. For those of us who are merely researching the cybercriminal ecosystem, it can become an extremely precarious place to visit sometimes
DDoS ransom notes: why paying up will get you nowhere (DDoSInfo) DDoS attacks are getting more frequent and more harmful, but the key is not to be blackmailed If a large man stopped you on a street corner and told you that if you hand him five dollars, he won't punch you in the face, what would you do?
"Internet Capacity Warning" Phishing Scam Aims to Steal Your Login Details (HackRead) Internet users are receiving an email that claims to be sent from the "Information technology Services' Support Department." It informs users that their internet capacity has reached 70% and, therefore, they need to contact support department to avoid problems
Detroit Zoo, eight others across the county experience POS breach (SC Magazine) The Detroit Zoo along with eight other zoos across the country announced that Service Systems Associates (SSA), a third party vendor that handles retail and concession payments, experienced a point-of-sale (POS) breach that affected customers between March 23 and June 25 of this year
Credit Card Breach at a Zoo Near You (KrebsOnSecurity) Service Systems Associates, a company that serves gift shops and eateries at zoos and cultural centers across the United States, has acknowledged a breach of its credit and debit card processing systems
Anonymous is Relatively Much Bigger Than You Anticipated (HackRead) The global Anonymous network is relatively much bigger than your actual anticipation, a recent visual analysis by a University of Copenhagen graduate suggests
Security Patches, Mitigations, and Software Updates
Alternative chains certificate forgery (CVE-2015-1793) (OpenSSL Security Advisory) During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate
OpenSSL CVE-2015-1793: Man-in-the-Middle Attack (Mattias Geniar) As announced at the beginning of this week, OpenSSL has released the fix for CVE-2015-1793
VMSA-2015-0005 (VMware Security Advisories) VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability
Apple drops Recovery Key in new two-factor authentication for El Capitan and iOS 9 (Macworld) Apple said at WWDC it would build a more integrated and comprehensive two-factor security system into its next OS releases, and today explains what that means
The Reality of Cyberwar (Politico) World War III would be unlike any other conflict
The Rise of Endpoint Threat Detection and Response (ETDR) — How Vulnerable is your IT Infrastructure? (Information Security Buzz) As security breaches are becoming almost commonplace in the finance, retail, healthcare, and entertainment industries, many CISOs are asking the question: How vulnerable is my IT infrastructure?
Intrusion Protection Spending Stays Steady, Monitoring Lags (Infosecurity Magazine) A look at the intrusion detection and prevention (IDS/IPS) sector shows that security spending is remaining strong, with 37% of enterprise security managers expecting to increase their budget in the next 90 days
9 emerging trends to watch in access control (Security InfoWatch) As new and evolving access control technologies continue to deliver improvements in performance, efficiency and cost-effectiveness, the potential applications for these systems are expanding far beyond their traditional deployments. In particular, networked and software-based solutions have had significant impacts on the growing role of access control systems in security, as well as other areas
Risk management programs lack maturity, new strategies needed (Help Net Security) With cyber attacks and data security threats looming at insecure access points, the increased scrutiny of regulators and the focused attention of boards of directors, the outsourcing of critical services to third parties requires a robust vendor risk management program and stringent oversight — now more than ever. Yet the results of a new study suggest that many companies may be underperforming in these areas
5 reasons why newer hires are the company's biggest data security risk (CSO) Millennials are now in the majority in the workforce, which means a bigger headache for security IT folks
Stolen financial info worse than leaked nude pics: Survey (CNBC) Just how concerned are consumers with protecting their financial information?
Worldwide cybersecurity market continues its upward trend (CSO) Cybersecurity market growth continues in North America, Latin America, EMEA, and Asia-Pac regions
The Insurance Industry's Unique Vantage Point On Cyber Security (Forbes) Scott Kannry is the Chief Executive Officer of Axio Global. Scott's entire career has been in the commercial insurance industry with a focus on cyber and previously spent 10 years in the Financial Services Group at Aon. He works with clients in all industries but specializes in those with evolving cyber risks, such as energy, utility, transportation and manufacturing
Managing Manufacturing Risk: Cyber Enters the Picture (Property Casualty 360) As cyber threats top the list of concerns for manufacturers, a continued uptick in business activity presents growth opportunities for brokers. But when crafting coverage, they must be vigilant to guard against both traditional risks and new exposures
Cybersecurity Stocks Surged on the Back of the Big NYSE Trading Halt (BloombergBusiness) Palo Alto Networks, AVG, and others moved up
Cybersecurity stocks rally day after NYSE/United/WSJ tech issues (Seeking Alpha) Security tech plays are outperforming amid a 0.4% gain for the Nasdaq. The rally comes a day after the NYSE suffered a lengthy outage, United Airlines grounded flights, and the WSJ's site briefly went down
Splunk Makes Smart Acquisition — Maintain Outperform (FBR Capital Markets) Last night, Splunk announced it had acquired Caspida, Inc., a leader in behavior analytics and machine learning, for $190 million. Caspida provides advanced threat detection and covers unknown threats that have already penetrated the enterprise. When coupled with Splunk's existing security solutions, the company should have the ability to detect advanced, hidden, and insider threats, improve threat detection with targeted incident response, and increase security operations center (SOC) efficiency. Caspida was launched in 2014 and is based in Palo Alto, California. Strategically, we believe this is a smart acquisition as it combines Splunk's existing response technologies with Caspida's advanced threat detection capabilities and broadens Splunk's product footprint and customer reach, key ingredients in the company's recipe for success on the security front, in our view
Fortinet Closes Acquisition of Meru Networks (MarketWatch) Fortinet FTNT, +0.51% the global leader in high-performance cyber security solutions, today announced it has closed the acquisition of Meru Networks MERU a leader in intelligent Wi-Fi networking
Avast acquires mobile virtualization firm Remotium (ZDNet) The deal allows Avast to extend itself further beyond the consumer market
Thoughts On Possible Symantec Corporation (SYMC) Veritas Leveraged Buyout — Merrill Lynch (Bidness Etc) Merrill Lynch reiterated its Sell rating and price objective of $20 on Symantec stock, following rumors that Veritas could be sold to private equity
Cloud-based Physical Security Startup Octopus Raises $2.5M From Singulariteam (TechCrunch) Octopus, a Tel Aviv startup that makes cloud-based physical security systems for large facilities, has raised $2.5 million from Singulariteam
LookingGlass Cyber Solutions Honored as Fastest Growing IT Company of the Year at 10th Annual 2015 IT World Awards (BusinessWire) LookingGlass wins two awards from Network Products Guide for Fastest Growing IT Company and bronze for Best IT Software Company
Products, Services, and Solutions
Google fine tunes spam catching tools (IDG via CSO) Google has reduced spam reaching inboxes to a fraction of a percent, but in the process sometimes misclassifies bulk-mailed messages like monthly statements and ticket receipts
Startup Tanium Adds Security Smarts to System Management Platform (The VAR Guy) Systems management startup Tanium has expanded into the security space with a new platform component that can help enterprises detect cyberattacks across numerous endpoints, replacing what's typically a time-consuming process with fast and accurate results, the company said
Solutionary Announces New Tools and Resources for Enterprise Security Monitoring (MarketWatch) First MSSP to integrate raw log search analytics for clients
Can Eyeprint 'selfies' replace hardware tokens? (SC Magazine) Eyeprints — of veins in the white, not the iris of an eye — captured via selfie are another biometric option for 2-factor security, but concerns about the implications of compromise remain
IOActive Announces Internet of Things Assurance Services (BusinessWire) Company also joins forces with Cloud Security Alliance to drive global awareness
Balabit releases Blindspotter real-time user monitoring tool (ComputerWeekly) Balabit's Blindspotter real-time user behaviour analytics monitoring tool for identifying malicious activity throughout IT systems has been released to market
Technologies, Techniques, and Standards
How IKEA Does PCI-DSS (eSecurity Planet) Attaining PCI-DSS compliance is no easy task, but IKEA's common sense approach makes it a bit less taxing
Why is ERP security so difficult? (Help Net Security) ERP (Enterprise Resource Planning) security has been all over the news lately. From high profile breaches, like the recent U.S. Office of Personnel Management breach, to researchers presenting vulnerabilities in ERP systems at recent security conferences, the visibility of ERP in the security community has never been higher
Tips and Tricks on How to Safeguard Android Devices From Getting Hacked (International Business Times) Android mobile OS is the world's biggest smart device ecosystem. It has more than 80 percent share of the global OS market and expectedly attracts most number of attacks from hackers and cyber criminals
Hacker Search Engine Becomes the New Internet of Things Search Engine (SecurityWeek) At DEFCON 17 in 2009, John Matherly debuted a search engine named Shodan (after the villainous computer in the cult-classic video game, System Shock). Shodan was received with some alarm in the media, who named it "The world's scariest search engine"
How to prepare for and respond to a cyber attack (Network World) Cybercriminals are constantly looking for new ways to bypass security measures. In a survey conducted by the SANS Institute on the behalf of Guidance Software, 56% of respondents assumed they have been breached or will be soon, compared with 47% last year
5 security tips to defeat cybervillains at Comic-Con 2015 (We Live Security) We are just days away from the start of Comic-Con in San Diego, and if you are heading on an away mission into the crowd of fellow fans, you may be wondering how to keep your data and devices safe. Being in the midst of such a large group of people provides a lot of tempting targets for cybercriminals who aim to misbehave, and the opportunity for both direct attacks, like physical theft, and more subtle attacks like malware infection
Design and Innovation
Carmakers to tech partners: Keep your hands off our data (Reuters) Carmakers are limiting the data they share with technology partners Apple Inc and Google Inc through new systems that link smartphones to vehicle infotainment systems, defending access to information about what drivers do in their cars
For Fun and Profit: The Right Way to Run a Bug Bounty Program (OpenDNS) Here's to the crazy ones
How a Russian hacker made $45,000 selling a zero-day Flash exploit to Hacking Team (Ars Technica) "Volume discounts are possible if you take several bugs"
Research and Development
Bitglass Granted Patent on Unique Searchable, Full Strength Cloud Encryption Read more: http://www.digitaljournal.com/pr/2606165#ixzz3fVN2WVNz (Digital Journal) Bitglass, the Total Data Protection company, today announced that it has been granted a patent for its breakthrough searchable full-strength 256-bit AES encryption for cloud applications
Liverpool Hope University project could banish remembered passwords (Liverpool Echo) Liverpool Hope University is working on a smartphone project that could rid the world of remembered passwords
Single photons for quantum cryptography (Keio Research Highlights) Carbon nanotubes that emit single photons at telecommunication wavelengths and room temperature could be useful for quantum cryptography
Classifying Data Objects (United States Patent Application 20150178383) (Free Patents Online) Methods, systems, and apparatus, including computer programs encoded on computer storage media, for classifying data objects. One of the methods includes obtaining data that associates each term in a vocabulary of terms with a respective high-dimensional representation of the term; obtaining classification data for a data object, wherein the classification data includes a respective score for each of a plurality of categories, and wherein each of the categories is associated with a respective category label; computing an aggregate high-dimensional representation for the data object from high-dimensional representations for the category labels associated with the categories and the respective scores; identifying a first term in the vocabulary of terms having a high-dimensional representation that is closest to the aggregate high-dimensional representation; and selecting the first term as a category label for the data object
Firewalls replace bonfires at Monroe Tech's cyber security camp (Loudon Times-Mirror) "Time's up! Step away from the laptops." A camp counselor of sorts yelled as 60 students typed in their final keystrokes
Legislation, Policy, and Regulation
Sawab means the right path, ISIL the wrong one (National) For a year now, the terrorist group ISIL, or Daesh as it is known throughout the Middle East, has seized attention through its rapid growth and expansion. To fuel this growth, ISIL has maliciously twisted and corrupted the peaceful teachings of Islam, using sensationalist brutality to appeal to the most vulnerable members of our societies
Katherine Archuleta, Director of Office of Personnel Management, Resigns (New York Times) Katherine Archuleta, the director of the Office of Personnel Management, will resign effective Friday, according to a White House official, one day after it was revealed that sweeping cyberintrusions at the agency resulted in the theft of the personal information of more than 22 million people
John Boehner, John McCain join growing calls for OPM director's resignation (Politico) House Speaker John Boehner and Sen. John McCain are joining a growing chorus of lawmakers demanding the ouster of the federal government's top personnel manager, blaming her for a pair of damaging security breaches that compromised sensitive data of more than 22 million people
Prepare for more cyber attacks on US (Financial Times) Washington needs to answer the question that Kissinger once asked of Europe: 'Who do I call?'
Prepare for Breaches (The Hill) The data breach at the Office of Personnel Management that saw millions of sensitive personnel records stolen is a teaching moment for information assurance, but policymakers are cutting class
DHS Secretary: 'Federal cybersecurity is not where it needs to be' (Nextgov) Department of Homeland Security Secretary Jeh Johnson on Wednesday reaffirmed his goal to make the latest version of a cybersecurity intrusion detection and prevention platform — known as EINSTEIN 3A — available to all federal civilian agencies by the end of 2015
FBI director insists Silicon Valley can solve the encryption dilemma — if they try hard enough (Help Net Security) On Wednesday, the US Senate Judiciary Committee got to hear from FBI director James Comey and DOJ Deputy Attorney General Sally Quillian Yates on how end-to-end encryption employed by certain companies (but mostly Apple) is becoming a problem for law enforcement's investigations
This is the most outrageous government tirade against iOS 8 encryption (Ars Technica) "Criminal defendants across the nation are the principal beneficiaries of iOS 8"
WPI professor co-authors cybersecurity report (Worcester Telegram) Somewhere in cyberspace, ISIS operatives are busy planning something and the Federal Bureau of Investigation's concern is that thanks to today's stronger encryption technology, it's increasingly difficult to figure out what that something is
U.S. Government Wades into Vulnerability Disclosure (Threatpost) Security researchers and software vendors have spent decades trying to work out the process of vulnerability disclosure, with limited success. Now the federal government is joining the fray in hopes of getting the two sides to play nice
House Democrat pushes new data breach bill (The Hill) Rep. David Cicilline is trying to restart the stalled debate on legislation that would require companies to tell customers they have been hacked
Do Americans have the same right as Europeans to be "forgotten" by Google? (Naked Security) Europeans have the right to request the removal of links in search engine results — what is now commonly referred to as the "right to be forgotten," thanks to a May 2014 court ruling
After 25 years, the EFF is still defending your rights online (Ars Technica) Ars chats with EFF head Cindy Cohn about a quarter century of advocacy
Litigation, Investigation, and Law Enforcement
FBI says it thwarted Islamic State-inspired July 4 attacks (Reuters via MSN) U.S. authorities foiled attacks planned around the Fourth of July, arresting more than 10 people in the month before the holiday who were inspired by Islamic State online recruitment, FBI Director James Comey said on Thursday
DHS has 'leading suspect' in OPM hack but won't point fingers (FierceGovernmentIT) The federal government has a "leading suspect" in its investigation of two information technology system breaches at the Office of Personnel Management that compromised the sensitive data of millions of people
Two US telecom companies to pay $3.5 million for data breach (IDG via CSO) Two sister mobile and telecom service providers will pay a combined US$3.5 million after the U.S. Federal Communications Commission found that they were storing customers' personal data on unprotected servers accessible over the Internet
Esthost/Rove Digital Mastermind Pleads Guilty, Faces Six-Year Sentence (TrendLabs Security Intelligence Blog) In November 2011 the Federal Bureau of Investigation (FBI), with the help of the Trend Micro Forward-looking Threat Researchers, conducted what was, at the time, the largest takedown in the history of online crime
Federal cyberstalking case sent to Delaware jury (AP via KLTV) Jurors began deliberating Wednesday in the federal conspiracy and cyberstalking case against the widow and children of a man who killed his ex-daughter-in-law at a Delaware courthouse in 2013
Aspiring singer jailed for hacking Madonna and stealing unreleased tracks (WeLiveSecurity) Late last year, Madonna logged furiously into her Instagram account in order to complain that hackers had broken into her computer, and stolen photographs and music tracks
Man charged for naming sexual assault victim on police Facebook page (Naked Security) A UK man who named a victim of a sexual offence on a police Facebook page has been charged
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, Jan 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation
Inside Data Science 2015 (Monterey, California, USA, Nov 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and dissemination of information you must leverage the proper organization, extraction and analysis of data. In today's data-driven society, your best offense to stay ahead of the game is to become scientific in your approach and systematic in your execution
National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, Jul 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program. There is no cost to attend this meeting
National Cybersecurity Center of Excellence (NCCoE) Speaker Series: Janet Levesque, Chief Information Security Officer at RSA (Rockville, Maryland, USA, Jul 16, 2015) Traditional security models are failing. While the idea of a shift from prevention to detection has gained traction, most current approaches to detection rely heavily on the same techniques that have rendered preventative tools ineffective. The ultimate goal — disrupting and stopping attacks — has continued to elude security experts. The next stage in the industry's evolution is to move to a stance of "dynamic defense," which combines the ability to detect an attack and fully understand its scope and potential impact on the business, and then use the information to disrupt the attack before adversaries can accomplish their goals
TakeDownCon Rocket City (Huntsville, Alabama, USA, Jul 20 - 21, 2015) TakeDownCon is a highly technical forum that focuses on the latest vulnerabilities, the most potent exploits, and the current security threats. The best and the brightest in the field come to share their knowledge, giving delegates the opportunity to learn about the industry's most important issues. With two days and two dynamic tracks, delegates will spend Day 1 on the Attack, learning how even the most protected systems can be breached. Day 2 is dedicated to Defense, and delegates will learn if their defense mechanisms are on par to thwart nefarious and persistent attacks
CyberMontgomery 2015 (Rockville, Maryland, USA, Jul 30, 2015) Montgomery County, Maryland, is home to the National Institute of Standards and Technology (NIST), the National Cybersecurity Center of Excellence (NCCoE), the FDA, NIH, NOAA, NRC and more than a dozen other Federal agencies, plus regional State and local agencies, educational institutions (such as Montgomery College, the Universities at Shady Grove, a satellite campus of Johns Hopkins, and the Bethesda-based SANS Institute), plus scores of cyber companies, ranging from start-ups to multinational corporations such as Lockheed Martin, employing upwards of 37,000 people in cyber-related jobs. With cybersecurity constituting a major growth engine in the region for many years to come, and with leading Federal government, industry and academic assets already in place in the region, the annual CyberMontgomery conference serves to bring them together so that they can coalesce and elevate the cyber ecosystem to a level of national prominence. In that light, CyberMontgomery provides clear direction on finding business opportunities, contracting, forecasted demand areas, workforce development, recruiting & staffing, legal responsibilities for businesses, updates on technologies being developed in the County, and summary updates regarding our NCCoE neighbors, federal civilian agencies and commercial sector leaders
Career Discovery in Cyber Security: A Women's Symposium (New York, New York, USA, Jul 30, 2015) Our annual conference brings together some of the best minds in the industry, with the goal of guiding women with a talent and interest in cyber security into top-flight careers