actorartathleteauthorbizcrimecrosspostcustomerservicedirectoredufoodgaminghealthjournalistmedicalmilmodpostmunimusicnewsworthynonprofitotherphilpolretailscispecialisedspecializedtechtourismtravelunique

TechnologyI'm Kristin Judge, Cyber Security Education and Awareness Expert AMA!

Jan 30th 2017 by VCSolutions • 8 Questions • 157 Points

My Bio Hi, Reddit!

I'm Kristin Judge, Director of Special Projects at the National Cyber Security Alliance. We are a public-private partnership helping businesses. We also work closely with private sector board members like Google and Microsoft and federal partners like DHS, FTC, SBA, FBI, the White House and more. Our site has easy to use tips, blogs and events at www.staysafeonline.org and www.vcsolutions.com

Myself and a couple technical volunteers at Vision Computer Solutions will be answering all of your questions for the next couple of hours, so shoot away!

My Proof http://imgur.com/a/gkbob, http://imgur.com/a/dnGdQ

UPDATE: Leaving the desk at 4pm! This was fun, and I look forward to doing this again. Thanks for making my first AMA so interesting. Kristin

Q:

Despite having "easy tips" for people to stay safe online, people still fall for phishing/scams every day (possibly at an increasing rate, as more people come online around the world). It's only going to get worse.

Do you feel that your current advice is getting the message across?

I work in IT, and despite numerous lectures from me, my parents still ended up getting scammed. I genuinely don't know how to help them!

A:

Well, my parents got scammed too...so no perfect answer. What I have found out is after there is a breach, we need to teach. I try to capitalize on when someone is a victim for the first time. They are more likely to listen then. Before then, I think most people are intimidated by the process. If you sit down and put 2FA on your parents' accounts, that may work. That's what I did.


Q:

Thanks for replying!

They got scammed due to some fake anti-virus, so sadly 2FA won't be of much help.

I will point them in the direction of your website - I might even make it their homepage ;-)

A:

Good point..same can be said about putting real anti-virus on their computer and blocking their pop ups. I put all the security on my parents and family computers. I do sit in small groups with folks to teach in private. People are embarrassed that they don't understand. I remind everyone that this Internet thing is very new. The smart phone has really only been around for 10 years. You are not expected to be an expert in this yet! Be patient with yourself. That seems to help!


Q:

what certificates do you recommend going after. Are there multiple ones you would recommend? Also I am in college now, and ive had this talk with a few people. Do you think you should do college still with getting certificates, or just certificates. Some people even say don't get your certificates and just do college. Whats your take on that?

edit: also thank you so much for replying!

A:

That is the question we are struggling with nationally in many of the discussions I take part in. There is no one answer! My best advice would be to talk to a few companies you would want to work with and ask them what requirements they have. The educational institutions, HR departments and security department leaders are sometimes not talking the same language. We are working on that, but we are a bit behind. I will post some resources here for you to start looking around: Find out what you like by looking at some free training: http://www.tomsitpro.com/articles/free-infosec-training-for-it-pros,1-2707.html

You can take these free online courses and add them to your resume: https://ics-cert-training.inl.gov/lms/ Just make up a Company name when you register.

You should take the SANS CyberTalent Test here. Scroll down to find it. It will help you better understand what you need.  https://app.brazenconnect.com/events/sans-cybertalent-fair-may2016#!eventLanding;eventCode=sans-cybertalent-fair-may2016

This is a good site to check for student or internship opportunity. I put in network security and came up with this search: http://www.internships.com/search/posts?Keywords=network+security&Location=&Radius=Hundred&Company=&ListingType=EntryLevelJob&Sort=MostRecent&FilterBy=&Page=1

Cyber Career Research http://www.npower.org/Our-Programs/Symantec-Cyber-Career-Connection-NYC.aspx http://www.cyberdegrees.org/ http://www.cyberdegrees.org/resources/free-online-courses/


Q:

What kinds of certs. Online or in-person courses?

A:

The NIST Cybersecurity Framework lists all the potential jobs and what it takes to get there: https://www.nist.gov/cyberframework


Q:

Thanks for doing this Kristin, is the NCSA going to change any of it's messaging with the recent public ransomware attacks IE: people locked in hotel rooms, the CCTV camera's taken out in WashingtonDC? And does the current executive administration bear any issue or pressure towards the NCSA and what your trying to do?

A:

We are working on an IoT campaign that helps people understand the security for their online devices like cameras, baby monitors etc. The technology is changing fast, so it will be a constant effort to get best practices out. I tell people to bring IoT devices in their homes if they are willing to read the privacy statement, set the security settings and update the software when needed. That will take some work!


Q:

As a cyber professional what was your reaction to Trumps outright denial of Russian involvement in the US election.

What more past PCAPs should the tech community provide as "proof"?

A:

You say "as a cyber professional" but ask a political question...This is not really the best forum for me to give my opinion on that while representing NCSA. The conversation will continue for many years though...


Q:

They also help if for some reason you have a keylogger on your computer

A:

I use one too...my advice is to put "best password manager in 2017/2016" into a search engine and find the one that works best for you. Having a passphrase instead of a password and adding 2FA are critical. Two factor authentication could have stopped so many of the big breaches we have seen in the past few years. Read the articles on the breaches, and it usually spells it out.


Q:

Thanks for the answer! I have actually used the cyber range before (I actually graduated from UofA; hopefully you are not ASU), but I will check out the other resources.

A:

I am a Sun Devil, but we can all get along :-)