Understanding Cybersecurity & Privacy Best Practices

Understanding “industry best practices” involves a simple process of distilling expectations for both cybersecurity and privacy requirements. This process is all part of identifying reasonable expectations that are “right-sized” for an organization, since every organization has unique requirements. It can be best to visualize “best practices” as a buffet of cybersecurity and privacy controls, where you select what is applicable to your organization, based on statutory, regulatory and contractual obligations.

Source: (18) Understanding Cybersecurity & Privacy Best Practices | LinkedIn

Cybersecurity event @CSUCI on April 20, 2018

On the evening of April 20, 2018 Assemblymember Jacqui Irwin and CSU Channel Islands president Erica D. Beck co-hosted a Cybersecurity event  in Sierra Hall, promoting regional industry partnerships. At this event we had the opportunity to showcase our work – three masters students and one senior student presented research under my supervision:

Zane Gittins spoke about his network penetration testing at HAAS: this work started as a Hank Lacayo Internship at HAAS in the fall of 2017, but since then Zane has been hired by HAAS to continue his work.

Eric Gentry spoke about the SEAKER project, a digital forensic tool that was developed with and for the High Technology Task Force (HTTF) at the Ventura forensic lab. We presented this tool at an event on August 7, 2017.

Geetanjali Agarwal spoke about the Image Recognition project, also inspired by the work done at the HTTF at the Ventura lab, where we aim to identify images from partially recovered files and compare them to a bank of images using the difference hash technique.

Ryan McIntyre presented his work on algorithms in bio-informatics. These results have been published recently in the Journal of Discrete Algorithms, and described in a blog post on March 6, 2018.

Here are the presentation slides.

I introduced the students making some remarks elaborating on president Beck’s statement about partnerships between CI and the Ventura industry. As a CI faculty, I find interdependence in the triad of Scholarship, Teaching and Industry relations. Many of our projects start by addressing a Research & Development need of the community, such as the SEAKER tool for HTTF. We use it to teach our students a hands-on approach to problem solving in Computer Science; we aim to produce quality work that advances knowledge and is publishable.

Scholarship, the first component of the triad, is really composed of three simultaneous activities: the research itself, which is laborious, time consuming, consisting of literature review and the cycle of hypothesis, testing and proving.

The funding component: labs, equipment, salaries, conferences, all these require funds, which can be secured through grants, philanthropic gifts or state support.

And finally dissemination, which is crucial as without it no one is aware of our work, and which takes place through publishing, conference presentations, blog writing, and events such as the one described in this blog. At CI we are lucky in that Advancement facilitates both fundraising and dissemination.

Speaking at the Camarillo Chamber of Commerce

my remarks

  • Thank you for the opportunity to tell you about Computer Science at CI
  • We are a fast growing Dept we doubled our majors to 400 in the last 3 years
  • We are starting a new engineering program in Mechatronics (Mechanical & Engineering) this fall after years of preparation.
  • We have a program in IT, one Computer Science, and the new Mechatronics program. Also programs in Cybersecurity, robotics, and Game design.
  • We work with the local community: with IT & Manufacturing companies, with Navy, HTTF, and we started an Advisory Board consisting of heads of local business & industry.
  • To give you an idea about our work, I will talk about 3 directions, but there are many more:
    • Houman Dallali Mechatronics he was the first targeted Mechatronics hire, and he works in intelligent prosthetics. Cheap Controllers (Raspberry Pi’s) and 3D printers have revolutionized our field, but ours is still an expensive endeavor and we rely on the community for example, companies such as Advanced Motion or Amgen have given us equipment.
    • Jason Isaacs Swarmathon Jason has a PhD in engineering from UCSB, like most of our faculty has years of industrial experience, but loves the University setting and has come back. NASA wants to go to Mars, and Jason and his student are participating in one aspect of that endeavor: a swarm of robots that will be released on Mars to collect raw components to make fuel for the journey back home. We took 3rd place at the competition at Cape Canaveral in Florida in 2017.
    • I work in Algorithms generally speaking, they are the snippets of ideas that become code that run your computers. But I also work, and consult, in Cybersecurity, and we have an ongoing collaboration with HTTF. Set up by the Secret Service and the FBI to aid local law enforcement in dealing with the sophisticated digital crime, they have a lab in Camarillo, at a secret location, and our students have worked on several R&D projects for them, for example SEAKER last summer.
  • Today I have brought two students with me Vlad Synnes and Samuel Decanio who will tell you a little bit about themselves, and a little bit about Voyager” a project that we did for the HTTF.

I will be giving a talk on Cybersecurity for small businesses on December 8

Detective Kimo Hildreth and I will be giving a talk at a breakfast event on Cybersecurity for Small Businesses on Friday December 8, 2017, at 8:30am. To RSVP and view more event details click here. The event is organized by  Assemblymember Jacqui Irwin, and it will take place at 2100 Thousand Oaks Blvd, in the “Oak and Park Room”.

msoltys-talk-dec8-2017

CI Computer Science students build a digital forensic tool

On August 7, 2017, the CI Computer Science students presented a prototype of a digital forensic tool, which we named SEAKER (Storage Evaluator and Knowledge Extraction Reader), as part of their Masters COMP 524 Cybersecurity course. This project was a collaboration between the Ventura County District Attorney (VCDA) Digital Forensics Lab and CI Computer Science, under the umbrella of the SoCal High Technology Task Force (HTTF).

The students presented a live demo with devices supplied by the Ventura County DA.  The SEAKER prototype was able to compile search results in less than a minute depending on the size of the device. According to VCDA officials at the presentation this is a remarkable increase in efficiency and will be a useful tool in the field: while imaging of a hd can take up to 4 hours, SEAKER performs a triage search in minutes.

Digital Forensics (DF) deals with the recovery and investigation of clues from digital devices (computers, handhelds, iPads, routers, modems, DVRs, etc.). The goal of this effort is to support or refute a hypothesis in court. DF is a complex and technical field: it can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources, or authenticate documents.

A DF investigation commonly consists of 3 stages: acquisition or imaging of exhibits, analysis and reporting. The SEAKER tool helps with the acquisition of data from digital devices in a way that prevents tampering.

The SEAKER project was a fantastic learning experience for our students, as its design and prototyping combined many different skills: The C programming language, BASH shell scripting, the Linux Operating Systems and command line, the Raspberry Pi hardware, Gliffy diagrams, Dropbox Paper (which we used as a Wiki); Slack collaborative discussion / brainstorming tool, the GitHub software repository which was used as a collaborative tool in the design of the software that animated the Raspberry Pi, WordPress blogging, AWS S3 which served as a repository of the final product, Grep (regular expressions and pattern matching), working with different file systems, and of course strict performance (speed, read only). All of this had to be combined by a group of 18 students, with different backgrounds and skill sets to produce something that could be used by DF examiners.

One of the CI pillars is Community Engagement and Service Learning. This approach identifies needs in the community, and builds a curriculum around research and development to address those needs. The SEAKER project is a great example of such a symbiotic relation between CI and the community. Also, it is an example of the strength of a pedagogical approach that combines both theory and practice. Without theory a field becomes a collection of ad hoc procedures. But without practice theory becomes an abstract exercise in intellectual virtuosity. We plan to build on the approach that combines the Service Learning and Theory & Practice paradigms as we go forward with our Computer Science program in Security Systems Engineering and our Masters level offering in Cybersecurity.

Some photos from the event:

Original event announcement.

SEAKER presentation at CI on August 7 at 6pm in DEL NORTE 1530

seaker

“Storage Evaluator And Knowledge Extraction Reader”

On Monday August 7, at 6pm, in DEL NORTE 1530, the COMP 524 (Cybersecurity) students will present their final project, a technical solution for the SoCal High Technology Task Force in Ventura. This project implements a digital forensic tool with strict performance requirements.

You are cordially invited to attend; the presentation will take about two hours, and there will be snacks (Short link to this post: https://wp.me/p7D4ee-FJ).

OLLI talk on Cybersecurity June 8 at 10:00am

Michael Soltys OLLI talk on Cybersecurity
June 8, 10:00am-12:00pm.
In Broome Library 2325

Title: Best practices for staying safe on the Internet

Abstract: The Internet enables us to do wonderful things: stay connected with family and friends (e.g., Skype), shop from the comfort of our home (e.g., Amazon), watch movies at the time of our choosing and without commercials (e.g., Netflix), and check news headlines personalized to our interests and tastes (e.g., Twitter). But all this comes with a slew of threats and dangers: like the highwaymen of old, hackers prey on vulnerable victims, without having to leave their house, and covered by a blanket of anonymity. This talk will present best practices to stay safe on the Internet, enjoy its benefits, and reduce its risks.

I will also discuss the recent OAuthy and WannaCry attacks.

See here for signing up for OLLI classes.

CI press release re my forthcoming SAME talk on cybersecurity

CSUCI Cyber-security expert to speak at on-campus engineering convention.

Camarillo, Calif., Feb. 20, 2017—Whether it’s personal information, medical records, national security or election results, computer hacking is a rising national and global concern.

CSU Channel Islands (CSUCI) Computer Science Chair and Professor Michael Soltys, Ph.D., will share his cybersecurity expertise to an audience of professional engineers from 11 a.m. to 2 p.m. on March 23 in the Grand Salon.

“Our society is under constant cyber-threat, as our infrastructure, our economy, and our privacy, depend on secure IT systems,” Soltys said. “My talk will consider the major threats, and present examples of how hackers attack our systems.”

Sponsored by the nonprofit Oxnard Ventura Post of the Society of American Military Engineers, the presentation is geared toward an audience with a high degree of computer expertise, so Soltys plans to share cybersecurity best practices.

“I plan to give more of a technical talk from the engineering point of view,” Soltys said. “How to write code that is more defended. I plan to show techniques hackers use to get into systems.”

One of the principal causes of cyber-vulnerability is faulty software, a problem Soltys addresses in a textbook on algorithms he wrote for software engineers.

Aside from his teaching at CSUCI, Soltys also acts as Director of IT Security for Executek International where he specializes in forensic work.

The public is welcome at the presentation, which is on campus at One University Drive in Camarillo. Cost is $30 a person for lunch.

Follow the directional signage to Parking Lots A-4 and A-11, then follow “walk this way” signage to the Grand Salon.

To register for the presentation, click on:

http://www.same.org/Oxnard-Ventura