STEMRules + UMaryland Host Top Cyber Security Pros

Photo: Guenet Abraham, University of Maryland, Baltimore County.

On at December, 2, 2016, a STEMRules event, sponsored by The University of Maryland, Baltimore County, The Center for Women in Technology, and STEMRules.com featured experienced cyber security specialists.

The photo, above, includes on the far left, the STEM Rules publisher, Seni Hazzan, and on the far right, Frank McCoy, the STEMRules founder and Executive Producer. The five cyber security professionals, in the middle, spoke to students and are profiled below.

STEMRules presented professionals, working for public, private, and nonprofit organizations, who investigate, analyze and thwart cyber vandals . They are also committed to expanding opportunities underrepresented group members to help fill an estimated one million new IT security jobs that will be created by 2018.

The STEMRules black, Hispanic, Native, and Women of Color digital defenders include a Fortune 500 financial institution executive, entrepreneurs, a cyber defense tester, specialists at the Justice, and Treasury Departments, and the founder of a national cyber security organization for women.

Note: Each professional lists in their profile what they attend, view, read, and listen to stay sharp in CySec and related sectors.

Plus: Cyber Security Pro Tips for Success Follow the Profiles

[Check out a rapper freaked out over password security.]

–

Veda Woods May Need to Clone Herself

Woods is a busy professional. She is an executive at a Fortune 500 financial institution that she won’t disclose, a board member of multiple nonprofits, and the executive director of the International Consortium of Minority Cybersecurity Professionals. It seeks to create a pipeline of diverse cyber security talent. She also advocates to deter human trafficking and child exploitation in cyberspace. Follow at @vedatwoods.

At her firm, she fosters information sharing to identify, validate, and address cyber security needs. Woods also uses best practices in cyber research and policy to support strategy on national, and local, security and resilience projects.

Woods says that, “STEM is the foundation of our way of life and fundamental to human sustainability and technological innovation, and cyber security is a driver to manage risk which threatens to constrain innovation and growth.”

At heart, Woods who has an MS in Information Assurance from Norwich University, is a tech gadget maven—loving functional and stylish devices–and a Lego enthusiast. She also has a Graduate Certificate in Public Health Informatics from the University of Maryland College Park

The admitted “fitness and health nut,” has one regret about studying STEM. She never indulged a passion for the arts or pursued it further.

From 2009 until 2015, Woods was the Chief Information Security Officer and Deputy CIO of the US Recovery Accountability and Transparency Board (RATB) until it shut down. The RATB was the agency that managed Recovery.gov. It provided access to data related to Recovery Act spending and allowed the reporting of potential fraud, waste, and abuse.

She received her BS in Information Systems Management from the University of Maryland University College.

Woods tips: Read CSO: security and risk management news, follow ISACA (previously the Information Systems Audit and Control Association), IAPP (International Association of Privacy Professionals), Insider Threat at the Software Engineering Institute at Carnegie Mellon University, IEEE Cybersecurity, and Dark Reading.

Pursue certifications relevant to your portfolio. Understand the certification body’s methodology. Leverage study guides, online quizzes, and other preparation materials.

Favorites:

App(s): Lumosity, Waze, for traffic, Signal, a scalable encryption tool.

Book: “Citizen: An American Lyric” by Claudia Rankine.

Social pages: Pinterest, Houzz: Home Design, Decorating and Remodeling Ideas, LinkedIn.

Movie: T-Rex: Meet the Fiercist Teenager in America. Claressa “T-Rex” Shields won gold in Women’s Middleweight Boxing at the 2012 and the 2016 Summer Olympics.

Music: Her playlist is on repeat with Solange: “A Seat at the Table” (Full album here.) and artist Kiiara – “Gold:. Past: Phyllis Hyman

Podcast(s): PRI’s The World, How I Built This-NPR – about innovators, entrepreneurs, and idealists, The CSIS (Center for Strategic and International Studies), Still Processing: The New York Times.

Twitter feed(s): @MissingKids, Michelle Obama: @FLOTUS, World Health Organization: @WHO, @cyberwar, @crackerhacker00, @Forbes, @CNN, Writer, Director and Actor Ava DuVernaty: @AVAETC, Linda Scott, Emeritus World Chair for Entrepreneurship and Innovation, Oxford U: @ProfLindaScott, @LegoAcademics

Web sites: ChicagoTribune.com, News, Fashion and Lifestyle: SharpHeels.com, NYTimes.com, NPR.org, Hottest trends: PopSugar.com

Video game: Bejeweled

Leisure activity: Music and more music; relaxing at home or at a weekend getaway; reading a favorite novel or watching a documentary, strength training, and traveling.

–

William McBorrough Is a Cyber Defender

McBorrough, a second-generation engineer says he never considered another discipline. At George Mason University (GMU), he began in electrical engineering but graduated with a BS in Computer Engineering – Digital Networks, and a keen interest in network security.

The founder and Managing Director of Washington, DC-based McGlobalTech, McBorrough says he is an information security and risk management consultant. His firm helps clients build and apply programs, processes, and technology to protect systems, and customers, from data breaches.

A career surprise, McBorrough says, has been observing “the disconnect between what students are taught in academic programs and what skills are in demand in the workforce.”

He says it is critical to prepare the next cyber workforce, as the stakes are so high for US security, economy, and citizens.

His geekiest and non-geekiest habit is the same: he’s a gym rat, and for five-days-a-week for 20 years has worked out, often while often while listening to a fantasy audio book.

McBorrough also has received another degree from GMU, his MS in Information Security and Assurance. He is an active mentor, and cyber security speaker. Since 2007 he has also taught cyber security classes at various schools including the University of Maryland University College currently.

McBorrough’s tips: He regrets not taking more business management classes. “I have contemplated going back to school for an MBA but there aren’t enough hours in the day for that now,” he says.

Use Linkedin, and Twitter for security related news. Twitter aggregates security interests of security professionals globally.

[Follow his personal tweets @InfoSec3T and company tweets @MCGlobalTech.]

Favorite:

Book: “The Malazan Book of the Fallen”, a fantasy series by Steven Erickson

Movies: “The Avengers”.

Musical artist: I’m currently very impressed by Kendrick Lamar.

Web site(s): Google News for morning news fix daily.

Video game(s): “Dungeon Siege”.

Leisure activity: Working out and spending time with family.

Dream job: None…. I’m living the dream.

–

Otis Alexander’s Quintrafecta Entry Into STEM

Alexander’s path to choosing a STEM major and becoming a STEM professional needs the coining of a new word. A quintrafecta: the use of five-related approaches to reach a desired destination.

He was a Lego fanatic as a kid, disassembled things, aced AP middle school science, tinkered with computers in high school, and after graduation landed his first technology job.

Alexander is a Senior Cyber Security Engineer at The MITRE Corporation. The nonprofit runs multiple federally-funded research and development centers.

His responsibilities include securing Cyber Physical Systems–the integration of computation, networking, and physical processes–specifically in the energy sector but also in manufacturing, and medical devices. Alexander also researches and implements secure architectures and adversarial tactics and techniques.

Full geek mode is part of, but not all, Alexander’s life. His living room has a whiteboard however. He can also connect quotes or scenes from the show “South Park” to what occurs in any episode, and he tracks his sleep cycles with a wearable that has a bioimpedance sensor.

On the flip side, Alexander, a Washington state native, is an avid snowboarder traveling home to carve snow there or at Whistler Blackcomb in British Columbia.

Alexander has also mentored high school summer interns at MITRE, and participated in outreach events to expose young people to STEM. And do so again is a goal.

He received a BS and an MS in Computer Science and Systems from the University of Washington, and an AS in Computer Science from Tacoma Community College.

Alexander’s tips: Read “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon”; subscribe to the SCADASEC mailing list: infracritical.com for information on securing and mitigating security-related issues, follow the Industrial Control Systems Joint Working Group (ICS-CERT ICS-JWG), and Security BSides for community-based information security.

Develop skills to work in and lead teams, manage budgets, and communicate in ways to showcase your capabilities.

Favorites:

App(s): Slack, Grubhub, Amazon, Waze: because DC Metro use traffic is awful, and, Alltrails: for hiking and backpacking, and an airlines app to earn points.

Books: C. Arthur Clarke’s “The Sentinel”. It is the book on which the movie, “2001 – A Space Odyssey” is based, “The Richest Man in Babylon” a 1926 financial advice guide, “The Peter Principle: Why Things Always Go Wrong”, the “Harry Potter” series, “The Revenant: A Novel of Revenge”, “South Park”, “The Boondocks”, the Sci-Fi horror Netflix series, “Stranger Things”, and “Narcos”.

Social media: @reedobrown, @tonybakercomedy, @hahadavis – when I need a good laugh.

Movie(s) recent or past: “Fresh”, “I am Legend”, “Training Day”, “Fight Club”, “City of God”, and anything by director Stanley Kubrick.

Musical artists: Miles Davis, John Coltrane, and Jimi Hendrix.

Podcast: I listen to “The Joe Rogan Experience” every once in a while. His tendency toward conspiracy theories amuses me.

Video game: I don’t really play video games but I had a short addiction to “Plague”.

Dream job: Urban farm architect/engineer. I’m talking about automated farming in the city on a massive scale.

–

Pamela E. Carbajal’s Curiosity Led to Her Profession

Carbajal says her inquisitiveness about all things tech began in childhood, and drew her to computers and electronics. Then cyber security and its active role as a technology defender focused her attention and commitment.

At Booz Allen Hamilton (BAH), a global management and technology consulting and engineering services firm, Carbajal is on the front lines. In her job, as a Cyber Security Compliance and Policy Analyst, Senior Consultant, she provides direct support to the US Navy-Littoral Combat Ships program.

Carbajal says her tech-driven and –dependent generation has witnessed near-constant cyber attacks, which showed her “that what I do in cyber is positive and a piece of the full spectrum in creating a safe, reliable trustworthy Internet where knowledge can be shared.”

While her natural geek bent is to want to learn all things tech, and particularly in the IT, cyber, and graphics fields, Carbajal’s life is balanced by loving all music genres.

The holder of an MS in Cyber Security from Marymount University helps to prepare would-be tech and cyber security professionals through sharing her experience, concerns, and opinions. Carbajal received her BA in Technical and Scientific Communication from James Madison University.

Carbajal‘s personal goal is to earn one or two certifications annually. As a “visual and audio learner,” she prepares for testing by watching videos and visual graphics, and takes advantage of free resources.

Carbajal’s tips: Read the Krebs On Security blog, polish skills with Lynda.com courses, and peruse Naked Security news by Sophos, a security software and hardware firm. Follow the DEF CON Hacking Conference, and the RSA Security, Black Hat and Adobe Max conferences.

Favorite(s):

App(s): VSCO, an art and technology company, Pinterest

Book, graphic novel, anime, or web series:-“Sailor Moon”, “The Picture of Dorian Gray”, “Lord of the Flies”, “A Lesson Before Dying”.

Social page: Facebook: Pamela E. Carbajal

Movie(s): Big Fish, Cooley High, The Secret Garden, The Warriors

Musical artist/group/song: So many to list. Of Monsters and Men, A Tribe Called Quest, J.Cole, Sublime, Nas, George Frideric Handel: The Best of Handel, Los Adolescentes.

Web site(s): Kith.com, sneakers and apparel, CreativeBoom: Art & Design Blog, Wired.com, Ted.com, Krebsonsecurity.com, TrendLand: Design & Culture Online Magazine, Techcrunch, and BuzzFeed.

Video game(s): Some favorites and classics of mine are PacMan, Golden Eye, Mortal Kombat, Street Fighter, Sonic, Mario Kart

Leisure activity: Watching sports, working out, attending live performances/concerts, being active and exploring new scenes, and Graphic Design.

Dream job: Becoming an Attorney

–

Irene Suazo and Cyber Security: A Considered Match

Suazo’s curiosity, smarts, and doing well in an internship, brought her into cyber security. Today, she is an Information Technology (IT) Specialist in the Office of the Comptroller of the Currency (OCC) at the US Department of the Treasury.

As a girl, in the Dominican Republic, she was introduced to IT while trying to understand her family computer’s capabilities. That led her to a BS in IT from Florida International University, and an MS in Information Systems Technology from The George Washington (GW) University.

While attending GW, her internship at the OCC led to being hired after graduation. Suazo is part of a team, monitoring the network and systems for security and compliance risks.

The Certified Ethical Hacker says the surprise in her career was learning the benefit of advanced programming skills.

Suazo’s tips: Attend or follow the Black Hat USA Conference remotely. Subscribe to the SANS institute‘s newsletters, frequent DarkReading.com, read SC Magazine online, listen to Federal News Radio, and follow Hacking News & Tutorials on Facebook.

Know that a cyber security certification may not be a must-have, but it shows potential employers what you know. Consider the CISSP (Certified Information Systems Security Professional) one of the most respected certifications.

Favorites:

App(s): Functional apps such as Amazon, airline apps, WhatsApp to keep in touch, Kindle, Pandora, YouTube, Pinterest for entertainment, and CNN for world news.

Book: “I was the farthest thing from an avid reader, until I read ‘Angels & Demons’ the summer I graduated from high school. It’s the book the showed me that I can enjoy reading.”

Social media sites(s): Instagram, and Facebook.

Movies: “The Matrix”, “Back to the Future”, and “Love Actually”.

Musical artists: Currently obsessed with the Cuban band, Orishas, after seeing them live in D.C. Her All-time favorites include Juan Luis Guerra, Ricardo Arjona, and John Mayer.

Web sites: Google, Amazon, Wikipedia, Netflix, and YouTube.

Tech or non-tech toy or device: PlayStation4 for its versatility.

Dream job: Still discovering what that would be.

–

Brandon Benallie Does More Than Computer Security

Benallie, in his consultancy, works on confidential and sensitive computer forensic, electronic discovery, malware analysis, and network security matters for private and public entities, state, tribal, federal, and foreign government, clients.

In his private life, he collaborates on problem-solving on behalf of Native Americans and other Indigenous peoples. In September 2016, Benallie travelled, with other Northern Arizona tribal members, to the Sacred Stone Camp on the edge of the Standing Rock Sioux reservation, in North Dakota, to protest against the Dakota Access Pipeline. Since 2013, he has been the Chief Information Security Officer for the Fort Defiance Indian Hospital Board.

From 2005 – 2012, Benallie, who rose to Director, Computer Forensics from Senior Computer Forensics Investigator, worked on over 400 computer forensic, electronic discovery, and network security cases for Lightstone Solutions. It is a computer forensics, research and private investigations firm.

In 2011, the SANS Institute, a cooperative research and education group, awarded Benallie with the SANS Lethal Forensicator Coin. It is given to individuals who “demonstrate exceptional talent, contributions, or helps to lead in the digital forensics profession and community.

Benallie has also been an EnCase® Certified Examiner since 2009. The EnCase® is one of the most difficult-to-obtain certifications, and Benallie, of Navajo and Hopi descent, is the first and only Native American to hold that credential.

He is also co-founder of For the People. It is an Indigenous grassroots movement to collect and distribute food and clothing victims of floods and fires in Navajo Territory

From 1998-1991, studied at the Institute for Advanced Study, in Princeton, NJ.

When not working, Benallie can listen to beautiful, and insightful music, sung by his wife, Radmilla Cody, a renowned performer and a former Miss Navajo Nation who is of Navajo and African American descent. Watch her videos.

–

Sean Chung Was a Grey Hat. Now He’s on Team MITRE

Chung was unfamiliar with STEM, until as a University of Hawaii at Manoa (UH) student he opened a MySpace account. “I began editing the HTML, and things, and realized I liked code,” he says.

The recipient of a BS in Computer Science was also introduced to cyber security. He joined the UH Grey Hats club, where students assumed black hat and white hat roles to analyze cyber defenses.

Now, Chung, a Senior Cyber Security Engineer at The MITRE Corporation, tests and evaluates the cyber defenses of government agencies. MITRE is a nonprofit that operates multiple federally funded research and development centers.

He says, “I have fun being on the MITRE [penetration testing] team, but it’s not like on [the TV show] ‘Mr. Robot’, I was surprised by the amount of non-tech stuff that also happens.”

Chung says the geeky thing about him is that he prefers to stay at home rather than going out with friends. He also lifts weights, and has been jogging semi-consistently.

As an undergraduate, Chung, who is 25 percent Native Hawaiian and also of Japanese and Chinese descent, says he was involved with AISES (American Indian Science and Engineering Society), and the UH Native Hawaiian Science & Engineering Mentorship Program.

Chung earned his MS in Computer Science and Systems at the University of Washington, and worked as an IT intern with Washington state’s Snoqualmie Tribe. The internship was part of the CyberCorps Scholarship for Service program, which supported his living expenses. Chung is currently pursuing an MS in Systems Engineering at The Johns Hopkins University.

Chung’s tips: Learn to communicate effectively and translate technical work into benefits and costs for clients. If interested in management, obtain business skills, and acquire broad knowledge to assist decision makers.

Follow DefCon, Black Hat, the Sophos blog, SANS, Tech Bytes, Security Bsides, and smaller events and general news.

Favorites:

Manga series: “Naruto”, the Japanese manga series.

Social media: Chung’s NetVibes Public page has feeds from a IT and cyber security sources. Otherwise, he says there is no “time for social media pretty much except Facebook.”

TV: “Mr. Robot”.

Dream job: I like doing what I do now. What’s next doesn’t matter as long as it is similar.

–

Samantha Hoang Digs Until an Answer is Found

Hoang is an Information Technology Security Specialist for the US Department of Justice (DoJ), with responsibility to train and raise cyber security awareness within the federal department’s staff.

The surprises of cyber security work, she says, were the high demand for her skills and the dearth of women in the field.

The geek side of Hoang surfaces when she is confronted with a new problem. She won’t give up until the answer is found.

Reflecting on earning her BS in Electrical Computer Engineering at Virginia Commonwealth University, Hoang has one regret. She never found time to study biology.

Prior to the DoJ, Hoang, an amateur photographer, had a similar position as a Small Business Administration contractor, and at the Recovery Accountability and Transparency Board (RATB). It managed the Recovery.gov site, and administered spending under the American Recovery and Reinvestment Act of 2009.

Hoang tips: To gain certifications take training classes, and consult with professionals who have passed the exams.

Favorites:

App: Pinterest.

TV Show: “Big Bang Theory”.

Movie: “Live Free or Die Hard”.

Musical artist: Katie Perry

Web site(s): The National Cyber Security Alliance.

Dream job: To become a chef.

–

Lisa Jiggetts Always Wanted to Hack

Jiggetts founding, in 2012, of the Women’s Society of Cyberjutsu (WSC), a nonprofit dedicated to empowering women to succeed in the cyber security field, was a natural step.

The childhood geek decided to become a hacker after watching the movie, “Sneakers”. “I’ve been intrigued by the challenge of how one breaks into systems, buildings, or anything. I love when I’ve figured out something or made something work,” she says.

Jiggetts says her “aggressive drive” to learn how things function spurred her to work full-time and gain an education. While in the US Air Force, she earned an AS in Information Technology. Then she received a BS in Information Technology from the University of Maryland University College, while doing cyber security work in a federal department, as a contractor, and for a private firm. Jiggetts received her MBA in Marketing from Strayer University.

Now, besides running the WSC, she does mobile security assessments that allow her to stay current on the tech side.

During down time, Jiggetts, who is of African American and Japanese descent—hence Cyberjutsu–takes apart and rebuilds computers, loves shopping, but just for techie stuff, and wishes she had learned to do car repair.

Giving back, the WSC, which has chapters in 6 cities, created the Cyberjustu Girls Academy program. It hosts workshops that introduce girls to cybersecurity, coding, and electronics.

A self-learner, Jiggetts has CISSP, ECSA, CEH, SCNP, MCSE, SCSA, Net+, and A+ certifications.

Favorite:

Apps: Google Cast, Twitter, Square cash, Duo Lingo – learn languages for free

TV series: “Mr. Robot”.

Podcasts: the Security Weekly Podcast, and KrebsOnSecurity.

Videos: She watches those from Derbycon, in Louisville, Kentucky, and Blackhat

Movies: “The Matrix”.

Musical artist: Sade

Web site(s): Reddit Net Security and DarkReading.com

Leisure activity: Painting and playing soccer

Dream job: Painting

–

Mahalakshmi Venkataraman Helps Catch Crooks

Venkataraman, as a child in India, never considered that she would stop cyber theft. From early on, she found math and science interesting and loved solving problems and puzzles. A critical mentality now as she tries to see that fraud is never in your wallet.

At Capital One, a major bank holding firm, Venkataraman is a Senior Manager in the Software Engineering unit, and the technology lead for the anti-money laundering investigation team. It helps uncover money laundering activities and files suspicious activity reports to the US Department of the Treasury’s Financial Enforcement Network.

Venkataraman’s career path is shaped by tech’s diversity and interconnections. After receiving her MS in Computer Engineering from The University of Texas at Austin, she became a Java programmer. She also worked in outsourcing, technology support and process transformation, before entering cyber security and privacy, and her current post.

Venkataraman, who also has a BS in Electrical and Communication Engineering from the University of Madras, wishe she had mastered conflict resolution while in school.

Her geekiness flourishes when reviewing her two daughters’ math assignments. She says still being able “to solve a quadratic equation without too much trouble is a way to bond, and share an aspect of myself.”

The active member of her firm’s Women in Technology group volunteers for Capital One Coders. It provides a 10-week program for kids learn and build mobile apps. A sad contrast, she says is seeing a “heartbreaking” disinterest about STEM among her daughters’ girl friends.

Venkataraman tip: Leverage what you learn in each job to enhance your future value.

Favorite:

Movies: The Matrix Trilogy.

Music: American pop, Indian Bollywood music, Classical: both Indian and Western.

Leisure activity: Hiking with kids, relaxing by the beach.

Dream job: Psychologist.

–

Tips on How to Have a Great Cyber Security Career

Veda Woods‘ tips: Read CSO: security and risk management news, follow ISACA (previously the Information Systems Audit and Control Association), IAPP (International Association of Privacy Professionals), Insider Threat at the Software Engineering Institute at Carnegie Mellon University, IEEE Cybersecurity, and Dark Reading.

Woods on certifications: Be selective, pursue certifications relevant to the subject matter in your portfolio. Understand the certification body’s methodology. Leverage study guides, online quizzes, and other preparation materials.

William McBorrough’s tips: Use Linkedin, and Twitter, as sources of security related news. Twitter aggregates security interests of other security professionals globally.

Otis Alexander’s view: Read “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon”; subscribe to the SCADASEC mailing list: infracritical.com for information on securing and mitigating security-related issues, follow the Industrial Control Systems Joint Working Group (ICS-CERT ICS-JWG), and Security BSides for community-based information security.

Develop skills to work in and lead teams, manage budgets, and communicate in ways to showcase your capabilities.

Pamela Carbajal‘s tips: Read the Krebs On Security blog, polish skills with Lynda.com courses, and peruse Naked Security news by Sophos, a security software and hardware firm. Follow the DEF CON Hacking Conference, and the RSA Security, Black Hat and Adobe Max conferences.

Irene Suazo tips: Attend or follow the Black Hat USA Conference remotely. Subscribe to the SANS institute‘s newsletters, frequent DarkReading.com, read SC Magazine online, listen to Federal News Radio, follow Hacking News & Tutorials on Facebook, and hone advanced programming skills.

Sean Chung’s tips: Learn to communicate effectively and translate technical work into benefits and costs for clients. If interested in management, obtain business skills, and acquire broad knowledge to assist decision makers.

Follow DefCon, Black Hat, the Sophos blog, SANS, Tech Bytes, Security Bsides, and smaller events and general news.

Samantha Hoang’s tips:

Web site: The National Cyber Security Alliance.

To earn certifications take training classes, study on your own, and consult with professionals who have taken and passed the examss successfully.

Lisa Jiggetts’ tips:

Podcasts: the Security Weekly Podcast, and KrebsOnSecurity.

Videos: She watches those from Derbycon, in Louisville, Kentucky, and Blackhat

Consider earning CISSP, ECSA, CEH, SCNP, MCSE, SCSA, Net+, and A+ certifications.