Hacked! ISU intensifies fight against cyber theft
Months before graduation, Ben Bradley ’17 already had a cybersecurity job lined up as an analyst searching for threats to his employer’s computer network. But he couldn’t disclose the name of the company.
Such is the world of cybersecurity, which is one of the coolest and hottest jobs out there. Security analysts work to prevent, detect and block attempts by hackers to infiltrate a computer system or network. Starting salaries make for good dinner conversation with parents, as new grads start at $60,000 or more. There are more openings than candidates to fill them.
Illinois State is taking steps to meet the need, launching a new cybersecurity major this fall. ISU is only the second public university in the state to offer the undergraduate major. Enrollment has already reached nearly 150 students, exceeding the target of 125.
The level of interest doesn’t surprise Glen Sagers, assistant director of the School of Information Technology. He worked for three years to shape the curriculum with faculty, as well as leaders in business and higher education.
“By all projections, this will be one of the most in-demand jobs in the computing industry,” Sagers said. “When we started talking about the major, coincidentally, State Farm came to us looking for some more highly qualified security professionals and asking what we could do.”
A corporate call for help is easily understood, given hardly a day goes by without a headline about hacking or a data breach that has hit a government agency, retailer or corporation. These incidents do more than alarm individuals, who worry about identity theft. They are also incredibly expensive. Lloyd’s of London reported in 2015 that hacking costs businesses $400 billion annually. Global spending to fight the threat is expected to reach $170 billion by 2020, according to Gartner Inc., which is a leader in information technology research.
The University is more than ready to provide solutions and prepare graduates to meet the growing challenge. ISU is ranked among the top U.S. institutions for cybersecurity education.
The Center for Information Assurance and Security Education, housed within the School of Information Technology, is designated as a National Center for Academic Excellence in Cyber Defense Education by the National Security Agency and the Department of Homeland Security. Beyond an endorsement of excellence, the ranking makes more federal scholarships available to students pursuing the 80-credit-hour major.
The degree requires 56 hours in information technology, including in-depth courses in cybersecurity that range from ethical hacking to incident response and forensics. Security courses were previously offered in the information assurance and security sequence, which has been replaced by the new major. Many of those students transitioned into cybersecurity.
To keep pace with changes in the industry, faculty members regularly engage with local business leaders for advice and feedback. The school’s Business and Industry Advisory Council includes representatives from State Farm Insurance Company, COUNTRY Financial, Caterpillar, Discover Financial and Northern Trust Bank, along with other companies.
Elias Sahyouni, a cybersecurity analyst at COUNTRY, serves on the council and its new cybersecurity subcommittee. “Our job is to make sure Illinois State is teaching and training students who are not only going to help at COUNTRY or State Farm or Caterpillar, but the industry,” Sahyouni said.
“The goal is to figure out what companies are seeing and what they need. Dr. Sagers takes the feedback from the advisory council and implements it. If we say we need people who can handle incident response, he makes sure they’re teaching incident response,” said Sahyouni, who warns that hacking will not end because of the financial incentive.
Related Article: State Farm commits $3 million to the Illinois State University cybersecurity program.
The need for information security analysts is consequently projected to grow 18 percent by 2024, much faster than the average for all occupations, according to U.S. Department of Labor statistics. The most recent information from the governmental agency shows that in 2015 the median pay was $90,120 for a candidate with a bachelor’s degree and less than five years of experience.
The new major is already making ISU’s security program more visible to potential employers, as well as prospective students and their parents, according to School of Information Technology Director Mary Elaine Califf.
“I’m excited about the prospect of sending even stronger graduates to the industry partners, who already snap up our highly qualified graduates in the crucially important IT field,” Califf said.
Tal Parmenter, coordinator of academic services in the School of Information Technology, is on the frontline with those companies seeking cybersecurity experts. He spends most of his time overseeing the internship program, building relationships with companies that recruit interns and graduates.
Finding positions for interns can sometimes be difficult because students have access to proprietary information. The University’s reputation for producing highly qualified interns has helped Parmenter open doors for students.
“Everybody wants folks with talent, but at the same time it’s a hard area for students to break into initially because it’s so confidential,” Parmenter said. He noted that beyond Central Illinois companies, a couple of ISU students have interned with the FBI cybersecurity office in Springfield, the state capital of Illinois. This is yet another sign of the prestige tied to Illinois State’s program.
The respect and reputation goes beyond the required curriculum. Illinois State students set themselves apart through activities outside the classroom. The ISU Security Club, for example, is a student organization that supports the School of Information Technology’s annual cyber defense competition for Illinois high school students.
Club members have excelled at collegiate and professional hacking competitions that test offensive or defensive hacking skills. ISU teams regularly participate in THOTCON, a hacking conference and competition created by Nick Percoco ’97. A computer information systems graduate, Percoco is chief information security officer of Uptake in Chicago. He is also an inaugural member of the College of Applied Science and Technology’s Academy of Achievement.
With more than 19 years of information security experience, Percoco’s research in the field captures global media attention. He was named Security Researcher of the Year in 2011 by SC Magazine, a leading source in the cybersecurity field. He is also closely connected to the University, speaking regularly with students preparing to enter the field.
Success of alumni such as Percoco inspire current students and recent graduates just entering the field, including Bradley. With his degree in information assurance and security completed, he is ready and eager to start his career. He is confident future graduates will have even more opportunity to excel in the field of cybersecurity with the University’s new major.
“All of our classes touched on the surface, and now they’re going to be able to dig deep into this topic. It’ll make the students more prepared,” Bradley said. “And there are a lot of very good professors at the wheel.”
The combination of stellar faculty and talented students puts Illinois State at the forefront of the fight against cyber crime, creating yet another point of pride and pocket of excellence at the University.
$3 million gift
A gift of $3 million from State Farm Insurance will advance Illinois State University’s cybersecurity program.
This gift establishes an endowed chair position that will provide leadership for the new major, as well as funding for program enhancements and renovations that will strengthen the learning environment.
“Illinois State’s new cybersecurity program will focus on a topic of critical importance to society,” said Illinois State University President Larry Dietz. “This innovative new major is one additional way we can help our students succeed in a technology-driven world. We are thankful State Farm recognized the importance of this program and
chose to support us by funding learning space updates and a leadership position.”
The State Farm Chair in Cybersecurity will take the lead in overseeing curriculum, setting personal and team research agendas, securing grants, and maintaining the School of Information Technology’s designation as a Center of Academic Excellence in Cyber Defense Education.
“State Farm and the State Farm Companies Foundation are pleased to provide this gift to help support the beginning of the cybersecurity program at Illinois State,” said Kellie Clapper, assistant vice president of human resources/philanthropy at State Farm. “We realize the growing need for talented students to meet the challenges of online security in the 21st century. We believe this program is a critical part of providing qualified professionals across all industries.”
Empowering tips for consumer protection
There is a growing anxiety with the rise in hacking, as individuals fear having their identity stolen. The worry is founded, according to ISU Associate Professor Glen Sagers, who has a checklist of what can be done to make personal information more secure.
Personal information/credit cards
- Change to e-delivery of bills, as information can be stolen out of mailboxes.
- Shred anything with your name, address or account numbers.
- Check accounts regularly for fraudulent charges.
- Carefully choose which sites you store your credit card information on.
- Only use credit cards online because of liability limits, not debit cards.
- Use anti-malware software and keep it updated. Malicious software captures keyboard information and ships data to attackers. Even good anti-malware software is only 50 percent effective.
- Chip cards are much more secure than magnetic stripe cards, as they can’t be copied. They are not, however, any more secure for online purchases.
- Apple/Android/Samsung Pay applications are more secure.
- Eight characters is not enough!
- Use the first letter of each word of a sentence, then add case changes and punctuation.
- Use a password manager that stores all your passwords in an encrypted database. Examples are 1Password, LastPass, KeePass, mSecure.
- Set a network name that is not personally identifiable.
- Set up a strong (minimum 20 characters) passphrase for joining WiFi with WiFi Protected Access 2 encryption.
- Turn off one-button (WPA) connections.
- Set a strong login password for the router.
- Email and texting are insecure communication channels. Don’t include personal information in email.
- For texting, use Signal, WhatsApp and other secure messaging systems.
- Online, secure websites will start with HTTPS://. Don’t click past warnings.
- Secure your WiFi.
- Choose good password recovery questions, and don’t include that information (i.e., mother’s maiden name) on social media.
If you’ve been hacked
- Respond to retailer notifications of breaches.
- Change your password.
- Go to https://haveibeenpwned.com to see if your data was exposed.
- Subscribe to alerts.
If you experience identity theft
- Notify the company where fraud occurred.
- Report it to the Federal Trade Commission at FTC.gov.
- File a police report.
- Close or freeze accounts.
- Change logins and passwords for those accounts.
- Place a 90-day free fraud alert with one of the credit bureaus.
- Monitor your credit report for newly opened accounts, and close any opened in your name.
- Add a seven-year credit freeze via a credit bureau.
Kate Arthur can be reached at kaarthu@IllinoisState.edu.