The significant increase in the threats to our computer systems has created a huge demand for professionals with cybersecurity degrees over the last decade. Even though the expertise in information security has been around for a long time, there are estimated 30, 000 cybersecurity related jobs coming to the Baltimore-Washington, D.C. area as DC is specially in need of government IT security specialists according to the University of Maryland University College. This demand has urged many to begin careers in cybersecurity and infosec. Hence the question, what is the best way to prepare for a career in this field?

The other day we put out a quick post on the new 22 NSA Centers for Academic Education (CAE) in Information Assurance. We whittled down all of those schools to just the four in our area and also considered local schools that were already on the list. Many of the schools on the CAE list may offer classes or research in information assurance but lack full cybersecurity programs. Here we attempt to identify those that include formal programs you could apply for.

There are also many programs that offer general degrees with a concentration in infosec but we didn’t include those here. So you may want to check out local schools like George Washington and Georgetown to explore other options.

University of Maryland University College, MD

BS in Cyberseurity: The curriculum focuses on the techniques, policies, operational procedures, and technologies that secure and defend the availability, integrity, authentication, confidentiality, and nonrepudiation of information and information systems, in local as well as more broadly based domains. It is designed for the following career paths: information systems security professionals, senior system managers, and system administrators. (read more)

MS in Cybersecurity: This program is designed for mid-career professionals who wish to help meet the challenges posed by increasing cyber-threats. Using a multidisciplinary approach, the curriculum provides students with a broad analytical framework for evaluating and solving cybersecurity problems.It is designed for the following career paths: Chief security officer, cybersecurity manager or administrator, cybersecurity architect, cybersecurity operations analyst, cybersecurity engineer, secure software assurance engineer, cyber operations planner. (read more)

MS in Cybersecurity Policy: This program is similar to the cybersecurity program but with three alternate classes. The program is designed to provide students with an elaborate analytical framework for evaluating and solving cybersecurity related problems. (read more)

Graduate Certificate in Foundations of Cybersecurity: This certificate examines strategies for enterprise-level responses to cybersecurity threats. Students learn to assess measures to prevent anticipated cyber intrusions, employ experiences from past cyber intrusions to mitigate future cyber threats, and formulate and implement enterprise-level policies to successfully prevent and detect cyber intrusions. The role of government regulation in cybersecurity is explored, as are legal concepts such as privacy, intellectual property, and civil liberties. (read more)

Graduate Certificate in Cybersecurity Policy: The graduate certificate in Cybersecurity Policy examines strategies for societal responses to cybersecurity threats at enterprise and national levels. Students learn to assess organizational controls that can detect cyber intrusions as quickly as possible and to respond to cyber intrusions to restore the operations of an organization. The roles of government, inter-organizational alliances, and international cooperatives are explored, as are legal concepts such as privacy, intellectual property, and civil liberties. (read more)

Graduate Certificate in Cybersecurity Technology: This graduate certificate provides students with the skills to analyze cybersecurity issues from a variety of perspectives, lead teams of cybersecurity professionals, and make strategic decisions to protect entities from cyber threats. The focus is on coherent solutions, including the effectiveness of integrated and coordinated security measures as well as multilevel and multiaspect controls. (read more)

George Mason University, VA

GMU offers several graduate level options for helping fill the need for information security and

While we love security news sites as much as the next person, we really love hearing from people in the local security community. That’s why we started our “Top 3 NoVA Infosec Blog Posts of the Week” feature; it lets us highlight the best of local security bloggers, and gives you the opportunity to read awesome security material produced by members of the local community.

If you’re a local security blogger that would like to be considered for this feature, please feel free to shoot us an email or send us a tweet @grecs. We also have a handy list of local bloggers, so be sure to contact us if you aren’t already on the list!

#3 – Election Woes: Just when you thought the election headache was over, @geminisecurity proves you wrong. Because while the election itself might be over, the controversy over voting machines is just beginning. In their post “AVC Advantage Attack,” @geminisecurity points out the fact that you can learn to hack a voting machine for around $20, and it’s a fairly simple task. That’s right: We are voting on machines that are not only easy to hack, but aren’t even regulated! Something tells us that George Washington is rolling over in his grave. Be sure to check out the full post here. 

#2 – Simple Security: We’ll be honest; this post got our attention before we even read it. With a title like “Simplicity is Security,” how could it not? Taking an interesting look at security by examining the use (or lack thereof) of debit and credit cards in Japan, @mubix makes some excellent points about how our desire to jump on every technological advance that comes along is making it harder to have good security. After talking about how people in Japan usually don’t have credit cards, debit cards, or do any of their banking online, @mubix poses the following question to his readers: “Should we continue down the path of “MORE SECURITY” or should we deviate a bit for simpler, possibly non-technical practices?” While we can’t say that we totally agree with the route of non-technical practices, we do believe that there is a happy medium. To answer the question for yourself, why not check out the full post?

#1 – Careers in Security: With the current economy being what it is, career advice had become rather popular as of late. Richard Bejtlich of TaoSecurity jumped on the career advice train this week in his post “Thoughts on Security Careers.” Quoting a number of different posts that deal with popular career trends and career advice for security professionals, Bejtlich gives his own insight, tips, and tricks. Even if you’re not interested in leaving your current job for another, this post is a must-read.

Well, that’s all for this week. Be sure to check back next week for more great reads from security professionals in your community.

It’s that time of the week again when we bring you the best of local security blogs. But before we get to that, we thought we’d share our tweet of the week along with a #totw that deserves honorable mention to get your afternoon started with a few laughs.

Our official #totw was a RT by @mubix:

grecs RT @mubix RT @secureideas: “When pen tester tells U they luv something, get it off yr network.” @agent0x0: “I luv Sharepoint.” #defcon #totw

Honorable mention belongs to this tweet by @technogeezer because it’s so true!

grecs LOL.. RT: @technogeezer: Someone here at CSC now refers to physical meetings as getting together in ‘meatspace’ #totw

Now, on to the posts!

#3 – Lessons From the Sandbox: If you are  looking for great technical posts, @geminisecurity should be your first stop. Their latest post, “Protect Your Computer By Running Applications in Sandboxie” talks about the Windows utility Sandboxie—a program that allows you to run “applications in an isolated environment on your computer so you can protect yourself from malware, surf the web, and maintain your registry without affecting your host system.” They also note that “Sandboxie is a good alternative to setting up a virtual machine, especially if you just want to run a quick test or two without having to wait for an entire operating system to boot up.” Be sure to read the post and learn more about Sandboxie here.

#2 – The Bureaucracy Is Down: In his post “Blast From the Past,” TaoSecurity’s Richard Bejtlich uses an example from his own life that illustrates the sometimes ridiculous nature of tasks given by large organizations. In Bejtlich’s case, it was the Air Force that had given him and his co-workers what seemed to be an impossible mission: Centralize Air Force email within the course of a few months. Needless to say, such a feat was impossible in such a small amount of time. But now, nearly 11 years later, Bejtlich says that it is finally happening; that Air Force email will be starting the centralization process at Keesler Air Force Base, Miss. But as he says at the end of his post, “[s]o, about 11 years after being told to accomplish the same task, the effort will be done! I think there are lessons here for anyone with a similarly large, bureaucratic, turf-centric, distributed, decentralized, global organization.” Be sure to read the full post here.

#1 – Help Isn’t Coming: Leave it to @rybolov to hit the nail on the head when it comes to the Cybersecurity Coordinator position and why, even after two months, it still hasn’t been filled. In his post “Help Wanted,” he poses the following question: “So let me give you a hypothetical job: You have to give up your high-paying private-sector job to be a Government employee. You have tons of responsibility. You have no real authority. You have no dedicated budget. You have no staffers. The job has had half a dozen people filling it in the last 7 years. The job has been open longer than it’s been staffed over the past 7 years.” Does that sound like a job that any of you would want? Didn’t think so. By being blunt (unlike government officials), @rybolov makes excellent points as to why the Cybersecurity Coordinator position is still empty, and will likely remain that way unless something changes. Be sure to read his full post here.

Well, that’s all for this week. Be sure to follow us @grecs for more great posts throughout the week!

The OWASP – DC/MD Local Chapter is back this month with a meetup that covers two interesting topics: Vulnerability Management in an Application Security World and how SCAP relates to web application security. The presentations will be given by Dan Cornell of the Denim Group and Mike Smith of Deloitte respectively.

For those of you who are itching to hear details about OWASP’s AppSec DC taking place later this year, Doug Wilson will be giving a brief update about it after Cornell and Smith’s presentations.

To get more details about this meetup, continue reading below.

• Who: Dan Cornell of the Denim Group and Mike Smith of Deloitte
• What: “Vulnerability Management in an Application Security World” by Cornell and “SCAP and Web Application Security” by Smith
• When: 08-05, 6:30 – 8:30 PM EST
• Where: George Washington University (2121 I Street, N.W., Washington, D.C. 20052; Duques Hall – Room 553D)

For more information on the OWASP – DC/MD Local Chapter, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information on this meetup.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

Richard Bejtlich and @rybolov return to the top three this week with posts that sum up the recent SANS event and the need for more security folks. @geminisecurity makes the top three with their practical post “DVWA – Damn Vulnerable Web App.”

But before we get on to the posts, a small tangent for this week’s tweet of the week (#totw).

o o o o o

Know a blog that should be considered for our “Top 3 NoVA Infosec Blog Posts of the Week” feature? If so, send us a tweet with a link to the blog and the request for us to check it out.

If you haven’t already, be sure to check out CharmSec this upcoming Wednesday, July 29th. It’s a relaxed way to meet local security professionals through good food and good conversation.

If you’d like more details about this meetup, continue reading below.

• Who: CharmSec
• What: Normal Meeting
• When: 07-29, 7:00 PM EST
• Where: Slainte (1700 Thames St. Baltimore, MD 21231)

For more information on CharmSec, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the CharmSec meetup page.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.

Looking for a low-key way to connect with local security professionals? CapSecDC might just be the event for you.

An informal event where you can meet other security professionals without the pressure of traditional security meetups, the CapSecDC event is accessible by car and by metro.

If you’d like to learn more about the CapSecDC meetup, continue reading below. 

• Who: CapSecDC
• What: Normal Meeting
• When: 07-29, 7:00 PM EST
• Where: Stetson’s Famous Bar & Grill (1610 U St NW; Washington, DC 20009)

For more information on CapSecDC, see its description in our NoVA Meetups section. View our Calendar for a complete list of infosec events in and around the NoVA area. Here is a link to the page with information about this meetup.

o o o o o

If you’re unable to make it to CapSecDC, why not check out some of the other great infosec meetup groups in the area?

With all of the information available on the internet, it’s sometimes hard to decide what you should spend your time reading. That’s why we started our handy “Top 3 NoVA Infosec  Blog Posts of the Week” feature; we tell you about the best blog posts written by local security bloggers each week, and you spend less time wading through the internet trying to find something good to read.

So, without further adieu, let’s get on to the posts.

#3 – Messy Malware: For those of you who become gleeful at the thought of learning about new malware (you know who you are) you will definitely want to check out the post “Microsoft DirectShow MPEG2TuneRequest Stack Overflow P0C” on the @carnal0wnage blog. While the malware may no longer be ‘brand new’ per say (as pointed out in the post, this malware has been floating around on some Chinese forums for awhile), it’s still interesting to read about. You can check out the full post here.

#2 – The Meaning of APT: Can you imagine a topic that only retrieves 34 results from Google? According to Richard Bejtlich of TaoSecurity, Advanced Persistent Threat (APT) is one of those things. Says Bejtlich in his post “You Down with APT?,” “APT is one of those subjects that is very important but not well understood outside the defense industry.” He ends the post by saying “[i]f you’re not down with APT, you need to be.” To ‘get down with APT’ and learn more about it, check out Bejtlich’s full post on APT here.

#1 – Destroy That Data: In their post “Darik’s Boot and Nuke (DBAN),” @geminisecurity tackles a topic that you don’t hear about often enough: Destroying data before retiring, selling, or destroying computer systems. While @geminisecurity says that you can use DBAN for newer systems, what do you do with the older systems? Other than using “a chainsaw and a hammer” to get rid of the data, @geminisecurity suggests the words that make all of the do-it-yourselfer’s cringe: “pay someone else to do it.” While it’s tempting to think that you can handle the complete destruction or removal of data from an older system, sometimes it ‘pays’ to pay a specialist to do it. But for those of you who have the newer systems and would like to know more about DBAN, check out the full post by @geminisecurity here.

Well, that’s all for this week. Be sure to follow me @grecs during the week for more great posts from local bloggers.

o o o o o

Speaking of great local bloggers… we’re looking for some great guest bloggers to feature on NovaInfosecPortal. If you’re interested, feel free to contact us or send us a tweet.

Unless you were a) on vacation, b) avoided all electronic devices, or c) locked yourself away so human contact was impossible for the past week, you are at least a little aware of the big discussion surrounding President Obama’s Cybersecurity speech.

While the Cybersecurity discussion captivated most of the Twittersphere this week, there was some other interesting stuff that happened. (We promise!)

First, the obvious topic of choice.

• RT @TruSecure A Cybersecurity Quiz: Can you tell Obama from Bush?: Shared by Kennedy Risk impact (0)GRC, Mgt Tre.. http://tinyurl.com/lnx74t #
• As expected. RT @truland Still digesting Cybersec speech & report. Nothing really different, now hard part. Will OMB agencies be funded? #
• RT @txitua Next Wk is #cfp09. Follow @edfelten @digitalsista @Gauravonomics @wonderwillow @hellrazr @jdp23 @netfreedom @txitua #privacy #con #
• Wow it’ll be streaming too. RT @txitua Follow Computer, Freedom & Privacy online at http://www.ustream.tv/channel/cfp09 #cfp09 Pls. RT #
• And even a streaming schedule! RT @txitua Online schedule for #cfp09 stream is at http://bit.ly/3pCqj #
• RT @RodBeckstrom Obama cyber speech: http://bit.ly/c8hfB #
• RT @bobgourley New post: White House Cyber Policy Review: And a Cyber Czar (http://cli.gs/sV0Jyz) #novablogger #
• RT @SCMagazine Industry reacts to Obama’s cybersecurity speech: Cybersecurity industry was abuzz Friday after Pr.. http://tinyurl.com/n335e4 #
• RT @securitytwits RT @tqbf: “Jaquith’s review on the ‘Cybersecurity Review’, on HN… http://bit.ly/kCJ43” #
• RT @CSOonline NEW: Cybersecurity Announcement: Obama Moves in the Right Direction http://tinyurl.com/m6fede #
• RT @CSOonline Blog: Will Obama’s New Cyber-Security Plan Make a Difference? We Can Only Hope: Andrew Jaquith read more http://bit.ly/3VelAc #
• RT @werntzp Devil in the details and prose sloppy in places but I think overall Obama said right things in #cybersecurity speech. #
• RT @IBMFedCyber its clear Obama nderstands following: 1.) the threat 2.) the tech & 3.) the mission – wlkng away hopeful. #whitehousecyber #

With the Cyber Czar debate coming in at a close second.

• RT @packetwerks New cyber czar not cab level, no budget, no authority. 2000 called, it’s NIPC and they are laughing. #
• RT @bobgourley My view of wht ths means: He will not choose anyone as Czar that press has pontificated on. None of those met his criteria. #
• RT @cyberwar Cyber Security Czar may be named by end of week. http://tinyurl.com/opgdnv Or at least the position will be announced. #
• RT @danphilpott RT @vaklove: Obama Set to Create A Cybersecurity Czar With Broad Mandate http://ow.ly/9aTM (via @NickHeller) #

We featured Richard Bejtlich’s take on the whole Cybersecurity issue in our “Top 3 NoVA Infosec Blog Posts of the Week” this week along with posts by @mubix and @geminisecurity.

• RT @mubix Blogged Getting your fill of Security – Room362.com: I recently posted blog post to Ex .. http://tinyurl.com/l6pfhw #novablogger #
• RT @geminisecurity New blog post: How does SSL work anyway? http://bit.ly/hVuWr #novablogger #

While the Cybersecurity buzz captured most people’s attention this week, there was some other news.

• NEWSBITES: Playing news catchup. http://bit.ly/7pYN6 #
• GAO SEC REPORT: Getting better but still not good. It’s a hard problem to solve. http://tinyurl.com/pqxcts #
• FBI/U.S. MARSHALS MYSTERY VIRUS: Type of thing we have 2 worry a/b – the unknown unknowns. http://tinyurl.com/phhe78 #cmt #
• SECURITY METRICS GALORE: Nice summary of efforts going on. Did we need another one? http://tinyurl.com/rd8vlk #cmt #
• ADOBE QUARTERLY PATCHES: Slow response should not mean scheduling something to happen 4x/yr. http://www.securityfocus.com/brief/965 #cmt #

As well as a few new tools worth checking out.

• RT @danphilpott RT @DidierStevens: PDF Structazer tool pres at BH EU 2008 released: http://bit.ly/2lqVX <- Deep PDF analysis tool! #tool #
• RT @mubix RT @PortSwigger: Burp Suite Pro v1.2.10 released – http://releases.portswigger.net/2009/05/v1210.html #tool #
• Love these things. RT @sans_isc [Diary] Host file black lists , (5/27): Henry Hertz Hobbit who maintains .. http://tinyurl.com/qq3w94 #tool #
• RT @mubix RT @_defcon_: New DEFCON Tools page is up! Thanks to @mubix for providing the content! http://bit.ly/Qtvz9 #tool #
• RT @ksignal9 The Register covers the ressurection of l0phtcrack: http://bit.ly/TdXUN #tool #

Some of them might come in handy if you end up searching for the most ‘dangerous’ keywords out there.

• Looks interesting. RT @TruSecure Web’s most dangerous keywords 2 search 4: Shared by Kennedy Risk impact (?)Dece.. http://tinyurl.com/ojmnp3 #
• Scary! RT @TruSecure Microsoft Update Quietly Installs Firefox Extension: Shared by Kennedy Risk impact (?)WTF? .. http://tinyurl.com/ncttup #

But moving on, it looks like there’s quite a few cool events that have happened recently/will be happening soon.CharmSec is one of them.

• RT @charmsec CharmSec 13: tomorrow at 7PM, Sláinte, Fells Point, Balt, MD, Earth, Sol System, Western Spiral … http://is.gd/ENF7 #mtg #

As is Dojosec…

• RT @dojosec DojoSec Monthly Briefings next Thursday. Visit http://www.dojosec.com for details. #mtg #

And HacDC.

• RT @hacdc New post: Peter W. Singer and “Wired for War” at HacDC on June 2 http://tinyurl.com/lopsnr #mtg #

There’s also some new information about SANSFIRE that you don’t want to miss.

• RT @charmsec .@sdwilkerson SANSFIRE 09 is in Balt 6/13-22. #charmsec 13.5 the 14th? 21st Tough 2 not clash w/ SANS http://is.gd/HcFD #con #
• And more. Wow, wish could have made it. RT @charmsec …Univ accreditation, and where CharmSec 13.5 should be during SANSFIRE 2009, June 14. #
• RT @charmsec .@sdwilkerson 6/14 it is. There’re lots of places closer 2 SANSFIRE than Sláinte. Will pick one soon (open to suggestions) #mtg #

If you didn’t get a chance to look at it already, there’s also some cool stuff about the history of Memorial Day.

• Remember. RT @planetrussell The Birthplace of Memorial Day, Boalsburg, PA – 5 mins from my home: http://tr.im/boals + http://tr.im/boals2 #

Since there’s no better way to end a post than with a challenge, here’s a packet challenge posted by Chris Christianson.

• RT @mubix FB RT: Chris Christianson Posted a new packet challenge. Have fun. http://bit.ly/p6XTr #edu #

o o o o o

How Ironclad is your information?

Just a quick reminder that the CharmSec infosec meetup event is tomorrow, May 27th. See our original post for more information. View our Calendar for a complete list of infosec events in and around the NoVA area.

o o o o o

Be our guest—guest blogger, that is. Contact us to learn how you can get your ideas on NovaInfosecportal.