Women in Cybersecurity

The Current Trend

Despite intense growth in the field of cybersecurity, women continue to form merely a small minority of the cybersecurity workforce.  The industry currently boasts approximately one million available jobs, and the number is expected to increase to 1.5 million available jobs by 2019.  However, women only hold about one in every 10 positions[1] in the cybersecurity industry, constituting a meager 8-13 percent[2] of cybersecurity professionals overall.  Figure 1 below illustrates a comparison of the amount of women in computer science-related studies versus alternative fields:

 

A number of possible reasons have been suggested for the lack of women in the cybersecurity workforce.  For example, the information-security organization CREST discusses a deficiency in computer-science courses among secondary schools.[3]  Without proper exposure to the field, many women remain unaware of their opportunities.  Similarly, the workforce itself has witnessed a lack of mentorship that encourages women to pursue advancement in cybersecurity.[4]  Instead of encouragement, the National Cybersecurity Institute (NCI) argues that the marketing industry tends to use aggressive, more masculine terminology in relation to cybersecurity, selecting phrases such as “combat cyberthreats” or “fortify digital defenses”.[5]  The entertainment industry also tends to portray men more often than women in mathematical, scientific, or technical television and film roles.3  As a result, women may pursue fields that offer a more welcoming environment. Read more

Nessus Compliance Generator

Today we’re releasing a tool called Nessus Compliance Generator as open source under the BSD License.  The full code can be found on the Argonne National Laboratory github.

Nessus has many options to check for audit and compliance issues on databases and systems. However, building the config files to do these types of checks can be tedious and time consuming. To bridge this gap, we’ve built a GUI tool to help you stitch the different pieces together and make building compliance tasks more a data entry task than a task for a sysadmin or a programmer.
Read more

Reddit AMA: The ins and outs of working in cybersecurity

UPDATE: Reddit AMA is here: https://redd.it/5gujag

coffee-and-tea-1359055910Join the live Reddit Ask Me Anything (AMA) online event TODAY at 1 p.m. to learn about available cyber security jobs in Argonne’s  Cyber Operations, Analysis and Research (COAR) team, part of the Risk and Infrastructure Science Center (RISC). Current team members stand ready to answer your questions about what it’s like to work in cyber security at a national laboratory.

Read more

Cyber Security Opportunities at Argonne

COAR is looking for creative individuals with strong problem-solving skills to join our dynamic group! As a cybersecurity team, our mission is to strengthen and defend our nation’s critical infrastructure by analyzing, developing, and implementing novel cyber solutions that penetrate three key areas: cyber intelligence, cyber physical, and cyber resilience.

Those joining in our mission will have the resources to pursue new research ideas, flexibility that supports a healthy work-life balance, and fulfillment through numerous career advancement and professional development opportunities.


This post was written by: COAR

COAR is Hiring!

The Cyber Operations, Analysis, and Research (COAR) team is hiring!
The program is growing and Argonne is opening several positions in cyber security, cyber analysis, and cyber research at all levels of appointment starting at the junior all the way to highest level, including leadership positions.

What We Do in COAR
The COAR team develops and implements the tools and provides the expertise to conduct extensive analysis to support Federal agencies, military sponsors, and commercial organizations in efforts to improve the security and resilience of their network design and operations. The COAR team has analyzed vulnerabilities and potential consequences within cloud infrastructure, blood banks, and industrial control systems, etc. The team also has current research being done in moving target defense, vehicle security, botnet research, and visualizing dependencies.

What do we do at Argonne
Argonne is a multidisciplinary science and engineering research center, where “dream teams” of world-class researchers work alongside experts from industry, academia and other government laboratories to address vital national challenges in clean energy, environment, technology and national security. We pursue big, ambitious ideas that redefine what is possible. Our pursuit of groundbreaking discoveries pushes the boundaries of fundamental science, applied science and engineering to solve complex challenges and develop useful technologies that can transform the marketplace and change the world.

Why Work at Argonne?
The world’s best and brightest cyber minds come to Argonne; minds that have a passion for excellence and a desire to apply their technical expertise to solve problems of national and global significance. The emphasis here is on work excellence in a relaxed atmosphere. Similar to a university campus, you will experience groups of employees working, talking, and walking together within Argonne’s wooded grounds formulating the next scientific breakthrough.

Take a look at the positions that are open within COAR today.
Cyber Security Analyst
Cyber Security Specialist
Cyber Analysis and Research Team Lead
Secure Operations and Hosting Section Lead
Cyber Security Intern : 192-GSS-1 OR 193-GSS-1

If you have any questions regarding these positions or the team please email coar-careers@anl.gov.


This post was written by the COAR team.

VTech Hack Reminds Us that SQL Injection Can Have Serious Consequences

In late November, just in time for the holiday shopping season, toymaker VTech was the victim of a massive SQL injection attack. Members of Congress are now asking for more information about the Hong Kong company’s collection of data on kids after a hacker swiped info from 5 million parent accounts and nearly 6.4 million child profiles.  The data stolen seems to include a wide variety of information, including pictures of children from individual devices.   All of this lost to one of the software world’s oldest vulnerabilities — SQL injection.

Read more

PAM 2man Authentication Plugin for Unix and Linux

Our focus on the ongoing, ever-changing threats and attacks from outside our networks should not distract us from protecting against threats from within—especially the low-likelihood, but high-consequence, insider threat posed by privileged, trusted users. The recent National Security Agency (NSA) information leak incidents have prompted immediate focus on the topic of internal security. In these events, an employee with privileged access disclosed sensitive or classified data to the public without permission [1], prompting government and non-government organizations to review their internal security controls and reassess their effectiveness in protecting against insider threats.

Read more