Getting A Cybersecurity Education From The Cloud

This is a post series on cybercrime. For more posts click here or the cybercrime tag below.

With the constant new threats and the expanding consequences of those threats there is a growing need for people to handle cybersecurity situations.

The IEEE has a paper on setting up a program that is cloud based.

 Cybersecurity needs for the government, businesses and other parts of society are constantly growing, making cybersecurity training and education a vital need. There is a distinct lack of skilled and trained workers in this specialty area. “Teaching Cybersecurity Using the Cloud”, a technical paper from the IEEE Xplore® Digital Library, explores a solution to this problem that utilizes a cloud computing system to conduct a course for students on cybersecurity.

Teaching students about cybersecurity involves more than reading from a textbook and learning about theories. Students must also have practical and hands-on experiences dealing with cybersecurity threats. The article authors used cloud computing through Amazon Web Services to teach a senior course on cybersecurity across two campuses in a virtual classroom with live audio and video. They studied how cloud-based laboratory exercises could teach students the skills they would need to pursue a career in cybersecurity.

The goal of the course was to expose students to modern network security issues, protocols and technologies, as well as analyzing security solutions and countermeasures. The students were able to learn and perform lab activities all within the cloud. This cloud model of learning can enable students to gain invaluable cybersecurity skills, without having to be at a specific location. In turn, this way of teaching can help to educate more students, without the need for a traditional classroom and lab setup, leading to a growing workforce of cybersecurity experts.

http://transmitter.ieee.org/growing-cybersecurity-workforce-using-cloud-education/

The ongoing evolution of malware means that cybersecurity training has to be an evolutionary and constantly adapting process as well. The techniques learned today are going to be obsolete as the vectors and damage that malware creates changes.  yesterday it was system blockers, until people realized that the data was still there and all you had to was reinstall the operating system. A lengthy process, but not fatal. Now we have ransomware, which encrypts the data.  The problem with that is if the data is encrypted with the intent to recover after the ransom is paid the public key has to be available and it only takes one file to get the other key and decrypt everything. Along with that, ransomware is probably doing good business for the backup people.  So there will come another threat that will need to be addressed.

So cybersecurity education needs to be updated and adaptive. Hopefully the educator understand and keep up with the requirements that will always be changing because the people creating the malware are always looking for a new way to get paid.

http://ieeexplore.ieee.org/document/7089256/

 

The week in ransomware.

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-31st-2017-sanctions-android-and-creepy-skulls/

Advertisements

One comment

  1. rthtgnbs · April 2

    The biggest problems in “cybersecurity” are people not following the best practices as published today. Seriously, had the network and sysadmins followed Cisco’s best practices for security they would have already disabled Telnet completely, even from internal switches and routers, and transitioned to SSH. This would have mitigated the “zero day” exposed by Vault 7. But still, too many companies want, “get it in, get it installed, get it working, so we can make some money” without prioritizing any sort of time for network hardening, auditing, or external pentesting.

    In the “attacker vs. defender” dynamic there will always be space for attackers to create new zero day exploits, but every defender has to stay constantly up to date on the latest best practices, patches in addition to archiving and safeguarding. But…that is really one of the big draws of being a security guy, you don’t have time to get bored!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s