Week 12

Week 12 - Final Week 

Wow, finally I am in my final weeks of grad school. I remember when I had to write a letter explaining why I had a bad GPA in my bachelor's degree and I wanted to prove myself that I am better than the GPA I had gotten in bachelor's. If nothing unexpected happens, I should be able to graduate MS in Cyber Security with good GPA. I know GPA is not a big concern for someone with many years of work experience, but it just makes me happy that I was able to accomplish something that I wasn't able to before. Thanks to the Air Force and Client Solution Architects for helping me financially to get my degree. Without their support, I would not be able to finish college quickly and with debt free. Who doesn’t like to graduate college debt free? The best part of the Grad school was improving my writing skills and learning necessary cyber skills. I think I have improved myself writing better which something I needed. Thanks to professor and friends who read my assignments and provided valuable comments. The company I work for is excellent who cares about their employees and professional development, so I am not rushing to get a direct cyber-related job. Hopefully, new cyber opportunities show up within the company. I always as a question to myself, did college prepare me for a cyber-job? I think it provided me a basic understanding of the field and how to write various cyber-related reports. At least I know where to start if I ever have to write a threat management, audit, and governance? The ethical hacking class was high technical and taught me how to install a virtual environment, Kali Linux and conduct basic ethical hacking activities in a virtual environment. Overall it is a significant relief to myself finishing college, so I can go back to my normal life spend time with my family and get some certification. I think I can use this picture now..

   

Week 11 Post

Week 11 update:

Wow, finally we are in the final two weeks. It's been an incredible journey, and I am close to graduation. Overall journey with the master's degree was harder than I had initially expected. I am not a big fan of writing long papers, but I think I have improved my writing skills. Still, I have to work on my grammatical mistakes. It's amazing that how professor's feedback helps to improve student style of writing. I have some professor that would not provide any feedback on any assignments. I think all professor should more actively engage with the students and challenge students. In my CYBR 515 class, I had some assignment where I felt like I was challenged and I have to talk to the professor. Also, Cybersecurity program should be more technical rather than just write. It prepared student general security stuff, how to write governance, cyber trends, etc. other than an ethical hacking class, we didn’t have any high technical class. I am close to finishing the degree and surprise to know that we didn’t learn any tools that are being used from the bad/good guys. There got to be the tools which are being utilized by the black hat or white hat hackers. Other than the installation of Linux in a virtual environment, NMAP, etc. tools. I think we didn’t go deep to learn about the cyber tools and methods being utilized from both sides. The university should consider adding a class which is very technical based on programming, scripting, modern tools where student required to involve research and group project. I know traditional universities don't prepare students for a mid-level career, but it should prepare students to take entry-level technical jobs.      

Week 10 Update

Week 9 has been the most challenging week. Writing an action plan for the Harry & Mae's Inc. vulnerabilities made me feel like I had a second full-time job. I would have more time to write an action plan if this was a for my regular job, but unfortunately, I had only a week to come up with a good plan. Also, I had other assignments to complete in the same week. The action plan could be for anything that requires a well-documented list of measures to fix something. For example, an action plan for IT Department to remediate vulnerabilities or a plan to build something. It provides guidelines to fix issues so that the particular goal could be met during a given period. According to an Internet source "An action plan is a document that lists what steps must be taken to achieve a particular goal. The purpose of an action plan is to clarify what resources are required to reach the target, formulate a timeline for when specific tasks need to be completed and determine what resources are needed". Reviewing other students action also helped to understand the process better and efficient way of remediating vulnerabilities. However, there were some big differences in the length of documents. Mine was about 11 pages, but I read some were about 22 pages. I know we don’t have specific length requirements, but I still think that it should be an easy to follow and read for the leadership.

Article 1 review:   

It has been a crazy couple of weeks in the cyber field with the rise of new sophisticated attacks. Malicious software attack around the world and took control of sensitive information demanding money. The most affected area is the healthcare organizations in the Europe where multiple hospitals could not operate because of these attacks. They still trying to figure out who, what and the damages. The name of the ransomware attack is called WannaCry malicious piece of code which attacks various organization around the globe. Computers around Russia, Taiwan Spain and Britain was the severely impacted. They are claiming that it was a leaked program from NSA. This coordinated attack infected thousands of computer and encrypted data. Hackers demanded money to decrypt data. This shows the scale of damage hackers can cause and a good signal of the cyber future. There is no place of weaknesses, and we must secure out content as much as possible. Especially who does business related to sensitive information, they are at high risk. Here is the link if you are interested reading. It is just amazing about the cyber attacks that it is tough to find who was behind the attacks. Here are some pictures about the attacks which are trending online for many days. 

https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20

Week 9 Post

Week 9 update:
It is just amazing how time passes. It feels like last month I decided to go back to college for masters and here I am trying to complete final four weeks. Most people say online college is easy, but I do not agree. It is hard to keep up with the grade because if you lost a couple of discussion board post and lost some points here and there, you are in the B+ category. However, if you invest your time and ask questions, you should be able to overcome the obstacles and finish your degree. There is no place for procrastination in the grad school. I am just sharing my experience, and I can't wait to finish my college. And finally, focus on other things.

Article 1 review:
There is some major cyber news trending online in this week. First one is the phishing attack attempts from Google Docs. I read an article written on RAWSTORY site page about this incident, and it was titled as " Google Docs phishing scam hammers home the importance of safe email habits." This title makes sense as many users don’t care about the security of email content. The phishing scam got so sophisticated that even someone with good cyber knowledge could fall into their trick. Users received an email with an invite to view a document from Google Docs from someone's email address they know. Once you click on it, it spreads to the user's contact list and multiplies. The take a way point from this article was about the importance of knowing the cyber threats and why you shouldn’t click on suspicious emails.

Source:
https://www.rawstory.com/2017/05/google-docs-phishing-scam-hammers-home-the-importance-of-safe-email-habits/

Week 8 update

Week 8 update:

Final four weeks remaining! I am not sure how other students manage their life as most of us work full time, college and family responsibilities. I have two jobs and taking two classes plus wife and 16 months old baby. This was my first time taking two classes. Even though it is very challenging finishing assignment on time, I think eventually it will worth of hard work and dedication. Hopefully, I can finish well and focus on other things I wanted to do. I wanted to go for PHD as soon as I finish my masters, but I have a second thought. First, let me get into the cyber market and get a cyber-related job. My current IT experience will definitely help. Once I have some years of direct experience with the cyber field and add some certification like CEH, CISSP, I will go for PHD. Many of my friends who I went college with are about to finish their PHD in Physics. They are my motivation and I am very committed to have PHD and I know it is not easy.

The challenging part is to improve case assignments each week. If you didn’t do well on the last assignment, most likely you won't do well in the coming weeks since each assignment is built on previous weeks assignment. I lose some points here and there because of my grammatical errors. Otherwise, I am doing well. CYBR 515 assignments are getting easier. First couple of weeks, assignments were very challenging. I really like CYBR 650 assignments format where students get to students work and add suggestion. This helps us to improve our work and improve assignments.

Article 1:
I had to share this even though I also posted this on our class security trends forum.

I am Gmail user for long time and Gmail is no exception when it comes to cyber attacks. hopefully they come up with a solution soon.

Rise of phishing attacks

I am sure most of you have read the news about the recent phishing attacks targeting Gmail users. Very sophisticated phishing scam attack is targeting about one billion Gmail users. Once a user clicks on the phishing email, it spreading to all contact list of the user who clicked on the email. The tricky part is that the email seems to come from a trusted contact and ask users to check out an attachment on Google Docs. Once a user clicks on the link, it spreads to all user contacts. Eventually, hackers will control of your email content. Even someone with good cyber threats knowledge could fall into this. The only thing Google saying is not to click on the link for now. If you read the email carefully, sending field looks as the sender is your contact, but in the recipient field, it is "hhhhhhhhhhhhhhhh@mailinator.com." Most users don’t read an email that carefully. As soon as it comes from someone you know, most likely you will attempt to open it. Some of the recommendations include - first, don’t click on it but if you do open the email, don’t grant access when fake Docs app ask for it. But if you went that far and granted access, go to Google connected sites console and remove access to that app and finally change your Google account password. The scary part is that once the worm enters the Google user's domain, it is very challenging to remove it. Hopefully, Google finds a way to fix this soon. I am a Gmail user and haven't gotten any those types of email, but people are talking about it a lot. It's been trending on the social media for some time now, and some people are having fun and other providing recommendations which will help to educate users about the risks. Phishing attacks are definitely a growing cyber threat trend that something we all should be careful. If you are interested reading the news in detail, here is the link.                    
http://www.nbcnews.com/tech/security/massive-phishing-attack-targets-millions-gmail-users-n754501

Some people are making fun out of it. Here are the some examples from the Twitter.

     

Week 7 Update

Week 7:

So far so good! I had never thought CYBR 515 class would be very challenging. It's not because I am getting a bad grade, but it's because of lack of resources. I know I am not that bad searching for resources online or library. Thanks to the professor who is very responsive and provides guidance if asked. I need to survive six more weeks then I am done. Despite close to finishing my Masters, I still have issues writing especially with the grammar. I take professor's suggestion seriously and try my best to improve. Sometimes when you are close to due and don’t have enough time, there is always a chance of mistakes. I am not a procrastinator though. I start my assignments early. The discussion board has been a great place to learn. The professor making to choose from the different topic is also helpful, so many students don’t end up writing on the same subject. Since this is my final semester, I have to say that online college is not easy. It gives students flexibility, but that doesn’t mean it is any easier than the traditional format. I would highly recommend others to go online if they want to be independent learners. You don’t get to ask questions directly to the professor being an online student, but you are saving time and improving yourself by doing research and asking a question on the class online forum.  I am glad I decided to go back to college, and I am close to finishing. As long as you are dedicated, finish assignments on time, you are good. You should think twice going for masters if you don’t love writing. I am more of a math and science student who likes solving a problem but not necessarily just writing. In the Cybersecurity field, there were many technical assignments, but you still have to write a report for the assignment. For example: if you design a wireless solution for a company, you still write a lengthy report how you would implement the design. Wow, I went little too far sharing my experience. Let's get back to regular topic "What's trending?".

Week 6 Updage: 
Thank God, I am almost half way through my final semester! It's been very challenging. I have to admit I am not good at designing network diagram. Hopefully, I get better since this was my first time designing a network diagram. Reading other students assignments and network diagram helping me to understand better. As usual, discussion board has been my source of learning and understand the different views of students. Some of the assignments from by Security Architecture class are tough. I wish professor would provide us additional information about the topic. We had some assignments where I couldn’t find much information on the Internet or textbook. Well, this is a part of learning. Sometimes you have to go deeper and work hard to find resources. Cyber Security field not meant to be so easy. Also, I read other students question on the professor's online board, and makes me feel ok that I am not doing that bad. We all are on the same page except those smartest ones. I think milestone types of assignments are difficult because if you mess up the first assignment, most likely there is a good chance you won't do good on the next milestone since you didn't build the base well. Applying students and professor's suggestion has been helping me to improve. This is good enough about my experience in week 6. So let's roll back to our usual blog writing style.

Article 1:
I read some news this week. They are talking about the United States might be behind the North
Korea's missile test failure. This may or may not be true, but if it is true, it would be good news for the United States, but the future, it may not be good unless we continue to develop new ways of fighting in the cyber domain. I liked how the news was written on this website (http://www.maxim.com/news/us-hacking-north-korea-missiles-2017-4). If this is true, I hope they always keep this secret as no-one needs to know how they did. Imagine if countries like Iran or North Korea could do the same to the other countries. No matter how sophisticated tool you build, if the hackers can somehow penetrate, your tool is useless since you can't operate how you want. For North Korea, this was an embarrassing moment especially when they were celebrating the 105th birthday of Founder Kim Sung.  

Article 2:

It's unusual and surprising what hackers are capable of doing. In a way, they are the troubleshooters for the good guys. If we didn’t have black hat hackers, I think the newer technology development would be much slower. There are the ones who make IT companies think twice before the design anything or release new products. Whenever a company releases a new tool and claims to be the most secure, hackers eventually hack the tool. This is the fate of the current technology. It's easier to break then build but what hackers are doing is very smart even though they do for various negative reasons. I am trying to refer to this news I read this week which is titled as "Stealing your PIN by tracking the motion of your phone." How is this even possible?

This article says, "Cyber experts have revealed the ease with which malicious websites, as well as installed apps, can spy on us using just the information from the motion sensors in our mobile phones. Analyzing the movement of the device as we type in information, they have shown it is possible to crack four-digit PINs with a 70 percent accuracy on the first guess — 100 percent by the fifth guess — using just the data collected via the phone’s numerous internal sensors.".

Wow, this tells us why we shouldn’t download apps that we see on the app's store. Malicious apps can spy users from the motion sensors which are used in our mobile phones. Even though the study has shown only 70 percent accuracy on the first guess of the PIN used in a mobile, the fifth try got 100 percent score. Most cell phone users are unware of this and continue to use the mobile as usual. It sounds like a serious threat, but this article didn’t give any ideas to prevent from happening. But I think it is always a smart not to click or download any unknown apps. Reading the apps reviews gives a good idea where the apps are good or bad. Some of the smart phones allow having 6 to 8 digit pins or using biometric to log into the cell phones. 

http://www.homelandsecuritynewswire.com/dr20170412-stealing-your-pin-by-tracking-the-motion-of-your-phone

Week 5 Update:
It's been a very busy week. Taking two classes is no joke especially when you have a family and full-time work. A lot of writing and writing. I like the fact that CYBR 515 offers some challenging and technical questions. Also designing network diagram of a company when you only have a script can also be difficult. I designed it but have to wait until professor grades it. Not sure how i did but I am not happy with the work I have done. Even this week there are so many assignments. Thank god, only 7 more weeks left!

Article 1: 

A bit old news but I was still interested reading the news posted on technewsworld.com. I recently bought a new laptop, and it came with Windows 10 Operating system. As soon as I did initial settings, the first thing I googled was "Windows 10 security issues", I saw a lot of sites talking about security issues with the window 10. According to this article, Microsoft has been pushing new security updates to keep their newest version of OS secure. So far Win 10 has been the most secure, fast and reliable operating system. This article mentioned that if a user wants to have a more secure means of OS, they must pay the additional cost. There are many updates since Windows 10 came out and it includes mitigation techniques with the Edge browser. Microsoft is focusing on mitigation techniques that counter classes of exploits rather than an emphasis on a single vulnerability. I just didn’t like the fact that there are some different versions of OS and if a user willing to pay more, he/she would have to pay more. Also, Microsoft says there is always a chance of newer vulnerability, so they will continue to fight against the threats and keep the OS secure. What is new about this? Every tool developed always say they are working to make their tool efficient and secure. I think it's all about business and money. When you buy a computer, at a minimum, you should get basic software like Office and antivirus software. On the top of the additional cost to the software, they are asking more money for the security features.

http://www.technewsworld.com/story/84233.htm

Article 2:

I read a news titled "Global investors lose billions to cyber-attacks." This news was posted on CNBC.com written by Ryan Browne. It reports that the cyber-attacks have caused about $53.4 billion loss to the stock market. As cyber-attacks continue to grow, the share prices fall and decrease the market value. Especially the bigger companies are losing the stock value because of the breaches. According to the vice president of cyber security at CGI in the U.K., Andrew Rogoyski estimated that around 10-20 percent of the major breaches companies suffer in Europe are currently made public. I think there is a problem here. Why are almost 80% of breaches not made public? Either the statistics are wrong, or they don’t to release the information because of the fear of losing business. For example, if I know my personal information will be used without my authorization, I won't be doing business with the company. It has become a reality that hackers are getting smarter and sophisticated every day. What can we do to protect ourselves and businesses? This week couple of my classmates wrote about the easy access of hacking tools to the public adding challenges for the security professionals. I agree with them, and these tools should not be easily available unless you are a security professional. Anyone with basic computer skills can download a software and start causing damage. Many users are unaware of the consequences. Plus it is hard to hold them accountable for their actions especially when the attacks coming from outside of the countries. Overall this article was great information to read, and it also shows the dark side of the hacking activities. The only way of preventing these types of attacks in business is by adding security layers, training employees and coordinate with other companies and share knowledge.

Week 4 update:

I never thought CYBR 515 (Security Architecture) class would be this challenging. Especially the technical type of questions is taking most of my time. Week 3, we had to use ASCII chart and convert characters into hex and then binary. The most challenging part was to use XOR function to multiple binary digits. After asking many questions to the professor, I was able to figure this out. Again challenging but fun! CYBR 650 is going well so far. There are a lot of reading assignments. I love two weeks assignment format even though each week has some assignment, but it gives students more time to work on the projects. Week 4 we are to update our week one threat model and add improvements based on the professor's comment. Hopefully, we will have a professional looking final "Threat Model Process" which can be used in any business.

Article 1:

I read a very surprising news on CNBC titled "Cybersecurity firm: More evidence N. Korea linked to Bangladesh heist". I thought North Korea would target countries like United States/South Korea. The cyber security company Kaspersky researcher has found additional evidence that the North Koreans were behind stealing the money ($81 Million) from the Bangladesh Central Bank's account. Usually, hackers make big target where they can get the most benefit; however, this time Bangladesh's bank was a target. I think they wanted to take the most advantage of the weakly secure banking system. So it was an easy target for them. I was little surprised to see Russian-based security company investigated the incident. The company is still working on finding additional information about the crime. This proves that if there are any monetary benefits, hackers can target anyone.  

This also shows the countries like the United States need to coordinate with the countries to gather information about the tactics they use to steal money or sensitive information. If this can be proven, North Koreas are taking money from the banks. It was kind of crazy to hear that a country who doesn’t have easy access to the computer and the Internet can do all this. Imagine what they could do if the public had easy access of the computer and Internet.

Source: http://www.cnbc.com/2017/04/03/cyber-security-firm-more-evidence-n-korea-linked-to-bangladesh-heist.html

Article 2:

Next, I wanted to research more about the news. I googled "hacking news." The very first thing shows are about North Korea is attacking banking systems worldwide from CNN. The news CNN also mentioned about the Bangladesh's bank but added more to it by providing additional examples of hacking incidents. Like always CNN writes about the possibility of Russian government involvement with the cyber security firm Kaspersky, but the company strongly denies the allegation. Like in 2014, the US government blamed North Korea for the hacking of Sony pictures. How they found about where the attack came from sounds fascinating. According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea, and Taiwan to set up that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea, CNN writes.

In summary, this is an alarming finding to the world banking system that their banking system is vulnerable and they must do everything to protect their banking system; otherwise, they will lose the trust of the customers and eventually lose customers.

Article 3:

I read another news this week and it is titled as " US cyber-attack could have caused North Korea's
failed missile test, the expert suggests." This would be very interesting if it is true. I am sure government agencies are working to achieve this but not sure if the United States did. The article writer doesn’t really validate the authenticity of the claims but suggests that a rocket test came just before a crucial meeting between Donald Trump and Xi Jingping. Recently, North Korea has tested multiple missiles, but one was failed. Now some experts suggest that the U.S. was behind of failing the test. It is a fascinating reading if you are interested. Here is the link to the article.

http://www.independent.co.uk/news/world/asia/north-korea-missile-test-fail-us-cyber-attack-barack-obama-kim-jong-un-intervention-a7669686.html

Week 3 - Challenges and new cyber threats

Week 3 update:
As usual, I am starting sharing my experience with the world how my classes are going. So far great but I have to admit CYBR 515 class is challenging and highly technical. I with some other classes were like this one. Assessments are not about just writing papers but also encryption and decryption using the double transposition cipher method. The second-week assignment made me feel like "If you don't get it, you don't get it" like the Washington Post commercial. My Internet research helped me figure out how to decrypt a message using double transposition. It reminded my college math class where I had to learn 4 X 4 matrix. Hope coming weeks, we get similar technical assignments. There is a possibility that this class can be my two feature class after Ethical Hacking class.

Article 1:

Most Apple products users think Apple is less vulnerable and secure which is true when we compare with Windows products. I read an article, and it explains how Apple is becoming vulnerable as the number of users is growing worldwide. According to the article "Apple released security patches for its MacOS and MacOS Server, iOS, watchOS, tvOS, Safari, and Pages, to address over 200 vulnerabilities." The affected OS was mostly recent products which believed to be less vulnerable which isn't the case anymore after finding the vulnerabilities.
In MacOS, some of the flaws include memory corruption, user interface issues, access and validation issues, buffer overflow, profile uninstallation problem, etc. Reading this sounds like Apple got more flaws than Windows to me. I never heard or experienced profile uninstallation problem in my Windows OS even though I am a MAC user also.

According the researchers "An application that passes a malicious certificate to the certificate validation agent could trigger this vulnerability. Possible scenarios where this could be exploited include users connecting to a web site which serves a malicious certificate to the client, Mail.app connecting to a mail server that provides a malicious certificate, or opening a malicious certificate file to import into the keychain,". This is why it is critical not to click on suspicious links or open unknown websites. Reviewing all the Apple OS, it seems to they got some work to do if they want to have their customer's trust like before.

Here is the direct link if you interested reading the full article.
http://www.securityweek.com/apple-patches-hundreds-vulnerabilities-across-product-lines

Article 2:

I read another article this week which was posted to the Nationalinretest.org website. The title of the
article says it all "Why the Pentagon Needs to Leverage National Guard Cyber Skills." However, I disagree with the writer because National Guard is a part of the military and they support every federal and state mission based on the need of the country. It shouldn't matter whether it's a cyber mission or natural disaster mission. Next, the article talks about the consequences of the cyber attacks. Imagine if they could shut down a power grid or water system, railway systems. I think it's coming and it just the matter of time we will see all these disasters if we don't do enough to protect ourselves. It is surprising that we are trying to come up with a cyber team when enemies are already attacking government systems. We could have prepared well and ready to fight in the cyber domain if there is an attack. Especially the Air National Guard is trying to come up with a cyber team and support the federal/state mission. Now the National Guard has over 32 units focussing to the cyber mission.

According to Senator Ernst, “Cyber warfare is an emerging and ever-evolving battlefield, and we must use all available tools to protect our nation’s security, including those that already exist in our National Guard units.” I think most of us agree with Senator Ernst about his views about the threats and cyber being a new battlefield.
Overall this was a great article and explains well about the current activities of National Guard regarding the cyber mission.


http://nationalinterest.org/blog/the-buzz/why-the-pentagon-needs-leverage-national-guard-cyber-skills-19920

Week 2 - Cyber trends

Week 2 update:
It has been a very challenging week. This term I am taking two classes, and there are some tools that I had never used before. Visio seems to be easy to use a tool but coming up with a plan to write about a threat model process was challenging. Time will tell how I did after the assignment grading. I can already tell this CYBR 650 is a challenging class than any other any other classes I have taken. It is understandable that this class supposed to be difficult since it is a capstone class. I like the two weeks format since it gives students more time to work on a project. So far classes assignments are going well with some challenges. Currently I am talking CYBR 515 where we had a assignment to decrypt a message using given code (double transposition cipher). This assignment drove me crazy but I think I finally solved it. There isn't much information about the double transposition cipher in the Internet which made it difficult. I had to put some time and thought process to solve it and hopefully I solved it correctly.

Article 1:

I read an article this week titled "How online hate infiltrates social media and politics" written by Adam G. Klein. It is a known fact that social media has become a part of life for those users who have internet access. Many don't have access to the digital platform. Many groups around the world have been using the social media for their interest, and it has a significant impact on the politics. Some users make a decision based on what they see or read on the news or social media. We can take a recent US election where social media played a significant role in sending messages to the general people. Many leaders around the world use social media as their news sharing platform. Many hate groups are spreading fake messages to the world users. This article provides an example news commentary website which received 2.8 million monthly visitors for just one article. The article was titled "Jews Destroy Another One of Their Graveyards to Blame Trump." The scariest part of this story is that it is not even true. All these articles are floating around the web, and some people start believing which makes a significant impact on the communities. Hate rhetoric has been going on for a long time but nowadays with the access of social media and digital platform, it has become easy to spread rumors and propaganda news. Overall the cyber domain is becoming a big pile of digital information where some are good and bad. Readers and followers need to be smarter and make their decision. All the news are not news anymore because they are biased to particular party or religion or believes. They don’t give any fair news, and it becomes challenging to the normal people to understand what's going on.      

http://www.homelandsecuritynewswire.com/dr20170317-how-online-hate-infiltrates-social-media-and-politics

Article 2:

I don’t even know if I can trust major news organization like CNN, Fox News, etc. I read another news this week which is talking about how US Air Force is planning to fight against the cyber-attacks. This news caught me since I am coming from the military background. The writer warns that hackers could potentially disable weapon systems, power grids, chemical plants, etc. What is exactly the government doing to prevent this from happening? I agree with the author on this. Cyber domain war is going on, and it can be catastrophic if not handled quickly. The air force has been training new cyber operators, and new cyber careers have been added. But I wonder why, so we waited so long to train and prepare for the cyber war. I think we failed to predict the cyber threats. Now we are trying to prepare for the fight when hackers are destroying our systems. The article talks about how Air Force is preparing for cyber domain fight. It also talks about different types of cyber-attacks and US Army also increasing the number of cyber warriors. Overall this article was good to read about how the military is working to prepare cyber operators.

Another reason why this news caught my eyes how it was mentioning about the Air Force training cyber warriors. Being in the military, I always wanted to get into the real cyber career field (1BXXX). I had an interview like four months before with the cyber squadron in my unit and finally received an email saying that I was accepted. There is a lot of unknown of this career field, but I am excited to be a part of the cyber warriors. Hopefully, my college education helps me to get through the Air Force long technical school and OJT.
     
https://www.daytondailynews.com/news/local/the-war-you-can-see-wright-patt-trained-cyber-warriors-protect-from-daily-attacks/2kYpgKyutTmXvPg1QUhLPP/

Finally, I want to talk about some of the websites which talk about current threats, vulnerabilities, security updates, and news in general. There are many websites related to cyber news. The good thing is that these news sites are not biased like the major news organizations. Here are some sites I usually visit and read the cyber-related news.

1. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability
This website posts security news about new cyber threats. For example, Operation Pawn Storm Uses New Adobe Flash Zero Day in Latest Attacks was the topic of a new attack.
2. https://www.us-cert.gov/ncas/current-activity
This is a good place to read news about government security issues and what is being done to prevent new cyber threats.
3. http://www.securityweek.com/virus-threats/vulnerabilities
This website updates security report on weekly basis and contains new vulnerabilities
4. http://www.darkreading.com/vulnerabilities-threats.asp
This is not a dark website as it sounds. It is also similar to other news organization focussing on the Internet and new threats.

Many other websites post cyber-related news. All the sites contain similar updates; however, there are some go deeper and try to find the actual cause behind the attacks or threats. Mostly I will use these websites to read the news and continue my blog posting. 

Week 1 Post - Introduction

Hello world,

My name is Dipak Acharya, pursuing a master's degree in Cyber Security from Bellevue University. It's about that time I go back to search my CYBR 608 class blog and learn about blogging. Luckily I found it. I am close to finishing up with my Masters in cyber security, and this is my final semester if everything goes as planned. I am using the same blog for my last class CYBR 650. It feels amazing when you realize you had a dream and wanted to accomplish so bad and finally dream coming true. Some of the classes were challenging especially the ethical hacking course, but other than that I had fun learning about cyber. Hopefully, I can utilize Master’s Degree to get to the cyber career field and continue to improve myself. Once I finish my degree, I am planning to work on certification like CISSP and CEH. I hear a lot of things about how it can help in your IT field and potentially help to land a job in a cyber-career field.

All the classes I took at Bellevue University were very helpful as far as knowledge wise, and I am sure it will help me to strengthen my knowledge in the overall cyber field further. The best part of the online college is an opportunity you get to read other students perspective on the similar topic and adding your ideas to it. I was never a fan of the online student until I joined Bellevue University. It helps to become an independent researcher. All the professors I had were very helpful and would respond promptly. Now, I think back, and I can never think of going back to traditional schools. Thanks to Bellevue University.

I think writing a blog is an excellent idea to share knowledge and experience. Also, it encourages to research and increases knowledge on a particular topic. Also, it helps to raise awareness about the new threats, trending cyber news and prevention methods. Hackers have gotten so sophisticated that sometimes it seems they are outsmarting government agencies and cyber-related companies. We have seen many incidents of cyber threats where hackers can cause grave damage to national security, especially to the United States. The United States has been a big target for cyber criminals. The virtual world makes it harder to find those criminals, so the best options we have are to secure our systems and use the best security methods applicable. The examples of cyber incidents were SONY hack and OPM cyber breach. It is pretty common that as soon as significant incident happen, the government most likely to blame other countries like China/Russia/IRAN. I always thought of why we can’t do better than this. I believe we should be able to identify the exact location and individuals responsible for those attacks. With the growing number of cyber professionals in the United States will contribute to protecting the critical infrastructure better. I think we are little behind the pace of training and protecting computer systems; otherwise, hackers should not be able to attack from the government to banking systems. For example: In my eight years of experience working as a federal contractor, I have seen many systems or application that is outdated, missing patching and very vulnerable to the overall systems. Many tools and services have been used for many months. This is where hackers take advantage of our weaknesses. The government should audit every IT infrastructure and remove the ones that are not being used for extended time. This will help to decrease cost, labor and increase security effectiveness. Again, this is just my opinion, and I could be wrong.

That is all for today. Please visit my blog often and comment. Thanks.

Update: Wow I just read news about the recent Yahoo hack. Finally, government agencies like FBI and DOJ coming with concret actions aginst the hackers and hopefully they can bring to the justice. It is pretty alarming when you see Russian diplomat and Russian government officials directly involved in the hacking activities. Events like this will definitely help to decrease the cyber incident in some cases but time will tell how two countries react each other.         

here is the news link if you are interested reading.
             

http://www.cnn.com/2017/03/14/politics/justice-yahoo-hack-russia/index.html