News

Shining Light on Leakage of Private Information Via the Web

Published: April 27th, 2012

Joint CISE/RISCS Seminar and Computer Science Colloquium

Friday April 27, 2012 / 3:00pm – 4:00pm
Location: 8 St. Mary’s Street, PHO-203

View Details >

IT Network Security Analyst Openings

Published: February 17th, 2012

Interested candidates please contact Barry Jones at bjones@secureworks.com

JOB DESCRIPTION:  Security Operations Analyst

Dell SecureWorks is a market leading provider of world-class information security services with over 2,800 clients worldwide spanning North America, Latin America, Europe, the Middle East and the Pacific Rim. Organizations of all sizes, including more than ten percent of the Fortune 500, rely on Dell SecureWorks to protect their assets, improve compliance and reduce costs. The combination of strong client service, award-winning security technology and experienced security professionals makes Dell SecureWorks the premier provider of information security services for any organization. Positioned in the Leader’s Quadrant of Gartner’s Magic Quadrant for MSSPs, Dell SecureWorks has also won SC Magazine’s “Best Managed Security Service” award for 2006, 2007, 2008 & 2009.

POSITION SUMMARY

Security Analysts perform real-time log analysis to provide network and data security for Dell SecureWorks client leveraging Dell SecureWorks’ Sherlock technology platform. Analysts provide excellent client service while evaluating the type and severity of security events by making use of packet analyses, and an in-depth understanding of exploits and vulnerabilities. Resolve client issues by taking the appropriate corrective action, or following the appropriate escalation procedures. Document all client communications. Work in a team environment and monitor the health and wellness of security devices on our client’s networks.

Preferred Technical Experience:

  • Significant experience with Linux, TCP/IP, UNIX, NT, IP Routing
  • Firm understanding of regular expressions
  • Understanding of database structure and queries
  • Understanding of basic network services, vulnerabilities and attacks
  • Good knowledge of NDIS platforms, as well as exploits and vulnerabilities

Essential Duties & Responsibilities

  • Respond to inbound phone and electronic requests for technical assistance with Dell SecureWorks products
  • Manage all customer situations in a professional manner with emphasis on customer satisfaction
  • Configuration and troubleshooting of Dell SecureWorks iSensor and associated infrastructure
  • Assess incident severity and escalate to the next level as needed
  • Keep customers abreast of changes in status during issue resolution
  • Set clear expectations and provide timely follow-up to customers as appropriate
  • Utilize internal guidelines for effective call processing and escalation and client service
  • Interact with network intrusion detection devices and other security systems via proprietary and commercial consoles, both local and remote

Additional Responsibilities

  • Must be able to manage customer accounts and confidently communicate technical information to Dell SecureWorks client base
  • Maintain keen understanding of evolving Internet threats to ensure the security of Dell SecureWorks Client networks
  • Learn prerelease products in the area(s) of support responsibility in order to support them when released
  • Write technical articles for internal knowledge base
  • Participate in knowledge sharing with other analysts and develop customer solutions efficiently
  • Coordinate or participate in individual or tem projects to ensure quality support for our clients
  • Perform other essential duties as assigned

Knowledge, Skills, & Abilities

  • Must have strong written and verbal communication skills
  • Customer Service background and good written and verbal communication skills
  • Cisco Security Agent experience is a plus
  • Attention to detail and great organizational skills
  • Good interpersonal, and organizational skills, as well as phone and customer service skills
  • Ability to maintain focus while performing in depth log analysis

Education and Experience:

  • Bachelor’s Degree or equivalent in Computer/Electrical Engineering or Computer Science or equivalent work experience.

Desirable:

  • three or more of experience as Network Intrusion Analyst
  • Experience / Knowledge of Cisco NIDS devices
  • Experience / Knowledge of Cisco Security Agents, Cisco Pix , ASA or CheckPoint Firewalls desirable
  • Experience / Knowledge of variety of Intrusion Detection platforms
  • Experience with VPN, SSL, other encryption methodology / technology a plus

Certifications Desired

  • CCNA, CCSP, CSPFA Certifications a plus
  • GIAC, GCIA, GCIH, GCFW, GHTO, GSEC or similar certification desirable

Security Unveiled: How and Why People Hack

Published: February 8th, 2012

Presented by the CAS Computer Science DepartmentBU RISCS Center, and Hariri Institute

Wednesday, February 8, 2012, 4:00 – 5:00 PM
The Hariri Institute Conference Room (MCS 180) at 111 Cummington Street
Speaker: David Seidman, Microsoft

View Details >

Security Informatics: An Artificial Intelligence Approach to Security

Published: December 9th, 2011

Friday Theory Seminar at BU presented by the CAS Computer Science Department and BU RISCS Center

Friday, December 9, 2:00 PM in MCS 148
Speaker: Amy Sliva, College of Computer Science and Political Science Northeastern University

View Details >

The First Charles River Crypto day

Published: December 2nd, 2011

Friday, December 2, 9:30 am in the Hariri Institute

View Details >

Cyber Citizen Forum—University Focus

Published: October 24th, 2011

stopthinkconnect
~ November 16, 2011
5:00-7:30pm ~ Open to the Public

8 St. Mary’s Street, Photonics Building, Room 206,
Boston University

View Details >

Capture The Flag Cybersecurity Competition

Published: October 11th, 2011

Congratulating the following students from BUILDS http://builds.cc for their success in the first round of CSAW Capture The Flag Cybersecurity Competition http://www.poly.edu/csaw2011/csaw-CTF:

Kyle Brogle – Computer Science / Mathematics Danny Cooper – Computer Science Jeff Crowell – Computer Engineering John-Nicholas Furst – Computer Engineering Monica Gribouski – Computer Science Andrew Mohn – Biomedical Engineering George Silvis – Mathematics / Ancient Greek Liam Wang – Computer Science

They placed in the top ten out of 74 teams, which means they get to send a four-person team to New York City for the finals in early November.

The four people planning to go to NYC are Kyle, Danny, John-Nicholas, and Andrew.

Wish them luck in the finals in November!

Cyber Security CPR: Coordinated Private Response to Computer Security Incidents – Oct 12-13, 2011

Published: October 4th, 2011

Presented by The Institute for Information Infrastructure Protection (I3P) and the CERT® Program at Carnegie Mellon Universitys Software Engineering Institute

October 12-13, 2011 at the National Rural Electric Cooperative Association (NRECA) Conference Center, 4301 Wilson Blvd, Arlington, VA
Pre-Workshop Historical Perspectives Discussion: September 8 (online event)

View Details >

2012 Information Assurance Internship Program

Published: September 20th, 2011

Information Assurance Internship-Summer 2012

An exciting summer internship opportunity for undergraduate students in Information Assurance at the Air Force Research Laboratory (AFRL/RI) under the auspices of the Air Force Senior Scientist for Information Assurance.

INFORMATION ASSURANCE INTERNSHIP

The Information Directorate seeks outstanding undergraduate students for paid research internships. The summer 2012 internships focus on the science of mission assurance in a cloud computing environment, with emphasis on assuring Air Force mission essential functions in a contested environment. We invite applications from juniors and seniors in mathematics, computer engineering, electrical engineering, physics and computer science.

THE SCIENCE OF MISSION ASSURANCE

We seek to investigate information assurance at all six phases of the information life cycle:

  1. Information generation
  2. Information processing
  3. Information storage
  4. Information transmission
  5. Information consumption
  6. Information destruction

We aim to develop mathematical representations of critical functions, decompose them into atomic elements, define the relationships among elements, assess fractal properties of subsystems and systems, identify potential vulnerabilities and risks, and develop mitigation strategies for assured operation in a contested environment.

Interns will work on teams with government mentors to research vulnerabilities and threats, participate in facilitated discussions, solve complex problems, present and discuss solutions, and write and submit reports on time.

APPLICATION PROCESS

Candidates who hold US citizenship and qualify for a Department of Defense security clearance may apply by emailing a resume, an unofficial transcript of grades, a 100-word biography, two letters of recommendation and a headshot photo to iast@rl.af.mil no later than 2 December 2011. For more information contact: IAST 315-330-4370.

For more information visit AFRL Information Directorate at http://www.wpafb.af.mil/afrl/ri/ or the IA Internship website at http://iainternship.com/

reference: Dr. Kamal Jabbour, ST & Dr. Sarah Muccio, “The Science of Mission Assurance” Journal of Strategic Security Volume IV Issue 2 2011, pp. 61-74.

Approved for Public Release; Distribution Unlimited (88ABW-2010-4756)

Feel free to contact Regina Recco with questions on the logistics of this internship.

Regina Recco, Contractor (ITT)
Director of Operations, IA Internship Program
Office of the Senior Scientist for Information Assurance
Air Force Research Laboratory Information Directorate
525 Brooks Rd
Rome NY 13441
315-330-4833

Information Systems Security Analyst, AVP

Published: July 30th, 2011

Corporate Information Security – Job Description
Information Systems Security Analyst, AVP
Job Code: IT 1221

Background
The Corporate Information Security team is managed by State Street’s Chief Information Security Officer and consists of approximately 20 people located in North Quincy, Massachusetts. The group’s charter revolves around 7 programmatic Information Security cornerstones, encompassing:
1) Policies
2) Measurement of controls effectiveness
3) Risk Reviews
4) Information Security Risk Management
5) Vendor Management
6) Education and Awareness
7) Customer and business support
Currently the team is overseen by two senior managers each reporting directly to the CISO

Description
Entry level Information security analyst focused on identifying, gathering, analyzing, and reporting of key information security/ risk indicators. The candidate must be able to leverage his/her understanding and analysis of the key data points to produce meaningful reports to be used to drive business value via the promotion of changes in business and information technology operations that improve security, lower cost and enrich the quality of the company’s processing environment.
Leverage models, data bases and spreadsheets to create management reports used to illustrate risk relevance gleaned from statistical and correlated data.
Ensure work is completed within budget and on schedule.
Competencies
Qualified candidates enjoy a fast paced work environment with many time deadlines and have an interest in Information Security in the financial sector. The successful candidate will demonstrate:
• The ability to work with a reasonable level of guidance and be a self-starter
• Excellent teamwork
• Strong analytic skills / Systems thinking
• Good communication skills
• Ability to learn quickly and work on multiple projects concurrently
• A strong penchant for driving processes through to completion
Education/Experience
A Bachelor’s Degree is required. An understanding of the concepts of LEAN and/or Six Sigma is beneficial. An understanding of key infrastructure technologies such as Active Directory, UNIX, Open systems, Emails, and other platforms is a plus.

Key Responsibilities
This position will affect the operation of a programmatic cornerstone; Measurement of controls effectiveness. Day to day responsibilities include:
• Perform identification, quantification and research for business cases to be provided to Sr. Management, recommending mitigation of Information Systems risks and vulnerabilities for the Corporation
• Acquire information security metrics, implement models that leverage metrics data to provide business value
• Support and maintain Enterprise-wide Information Security programs that maintain State Street as a market leader
• Respond to management to provide Information Systems Security recommendations in support of business strategies and goals