Monday, September 18, 2017

CCleaner and bestill by beating heart.

I was working on NewsBites upcoming story:

CCleaner Utility Was Infected with Malware (September 18, 2017)

Researchers at Cisco’s Talos have found that download servers used to distribute the CCleaner utility were also surreptitiously delivering malware along with the software. The legitimate, signed version of CCleaner, 5.53, included malware that gathered user information and sent it to a third party. Avast, which distributed CCleaner, estimated that the infected version of the utility had been downloaded by 2.27 million users. The infected version of CCleaner is no longer available for download.

Read more in:
Cisco Talos: CCleanup: A Vast Number of Machines at Risk
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

So I clicked on the link and:













Now you know and I know it had to be coincidence, but I run CCleaner so this one took a few deep breaths.

Sunday, September 10, 2017

Rest in Peace Jerry Pournelle

Sci-Fi author, Byte magazine product review columnist, (Chaos Manner), but also many early pertinent observations about cybersecurity. He will be remembered as a good guy, knew how to work a party. He gets credit for one of the best tall tales, (young guy on a farm for the summer, playing with explosives, pretty much emptied the pond, that last being the part that suspended belief), I ever heard.

My copy of Footfall is in Hawaii, guess it is time for a re-read. Best obit I have seen is here.


Tuesday, September 5, 2017

ISE ISM 5600 Grading Tips (yes, this one is real)

The purpose of this blog post is to provide guidance and coaching to STI students writing their leadership essay.

When the paper is submitted, the FIRST thing I do is run it through Grammarly. As a graduate student at SANS.EDU you have access to the tool; use it. As a grammar checker it is not perfect, but it can find and point out avoidable errors.

Writing mechanics is the last item on the rubric, but if your writing is sloppy, that impacts several other dimensions of the assignment. Clean and concise are two keys to victory.   If you use Microsoft Word, the green and red squiggles can also alert you to writing that can be improved.

If the submission scores below 90 on Grammarly, I tend to stop and pour a mug of hot green tea and settle in; this paper is probably going to take a while. Marginal papers require more effort to grade than exemplars.

A final note on writing quality, several of the rubric items require the reader/grader to understand what the author intended. Slapdash writing does not achieve that goal.

The assignment asks for a single aspect of transformational leadership. Rehashing the definition detracts from your message. If we ask for a focused exposition of “something”, we probably already know what that “something” is. Try to break new ground instead of repeating the fundamentals.

Your grader will also look at the literature research, or, references. The key to winning is quality. If you have thirty ill-chosen, vaguely related references you can expect a low appraisal. There is nothing wrong with using printed literature, but your grader may not have access to those items, consider at least a few Internet references that can be validated.

Speaking only for myself, I tend to grade style gently, (8.0 is neutral), If it is extraordinary, I will mark the paper higher, if it is painful to read, I choose a lower evaluation, but I am not a literary critic and know it. That said, when the rubric mentions transitional sentences at multiple scoring levels, take the time to put a few in! 

Finally, your graders are rooting for you. We want you to succeed. A day where we get to nominate a paper as an exemplar is a good day indeed. Please take the time to give this your best effort. If you shoot for the minimum passing score and miss, nobody wins.


How I grade ISE/M 5600 Leadership Essays (parody)

NOTE: this document is an attempt at humor after a long day. There is a serious version of the same basic topic on my blog.

After a string of either failing, falling, low, or lower grades, We thought it might be helpful to offer a peek behind the curtains. This is how we, at the great and powerful Oz really grade Leadership Essays.

When the paper comes in, the FIRST thing we do is flip a coin, you can check the blockchain. Heads, we run it through Grammerly. As a graduate student at SANS.EDU you have access to Grammerly; think about using it, (it even checkz spellin). It is the last item on the rubric, we do that to trick you into thinking it is not important. But if the truth be told, if your writing is sloppy, that impacts several other dimensions of the assignment such as time, height and weight. Crisp and clear are too keys two victory.  If the paper scores 95 or higher on Grammerly, I usually don't take a break, I dive right in and fill in the rubric without reading it.

If the paper scores below 90 on Grammarly, I tend to stop and pour a mug of cold beer; this one is going to take a while. Marginal papers require actual work on the part of the instructor. That is a bad situation for both you, the student and the economy, please avoid it.

A final word on writing quality. Several of the rubric items require the reader/grader to understand what the author intended. It would help if you actually intend something.

The assignment asks for a single aspect of transitional leadership. A rehash of what transitional leadership is probably detracts from your message. We have all been through re-organizations, job creation, abolishment and economic restatements. Try to break new ground instead of repeating the fundamentals.

Your grader probably won't look at the literature research, or, references. The key to winning is quantity. If you have thirty ill-chosen, vaguely related references you can expect a high score, because they don't know. One or two references is, however, a losing proposition; this isn't a book report. There is nothing wrong with using printed literature, your grader may not have access to that, consider at least a few Internet references that can be validated in the unlikely event they check.

Most graders are fairly neutral about style, 8.0 is fairly neutral and that is what you should expect to receive. If it is extraordinary, they may go higher, if it is painful too read, they may score lower, but they are not movie critics, hence, the neutral score on style. That said, HINT, when the rubric mentions transitional sentences at multiple score levels, put a few in! The key is to repeat the same word in the last sentence of one section, then use it again in the next. Consider, putting these repeated words in bold for ease of grading, as well as to make grading easier.

Finally, your graders are routing for you. We want you to succeed. We get a dollar bonus if a paper we nominate as an exemplar is approved as a nominated exemplar and posted on the nominated exemplar section of the web page.

Wednesday, July 19, 2017

Senior Enterprise Architect Wanted - I think this is in the Washington DC area


(Please forgive the grey shading, this is what I got from the recruiter)

For further info, please call:
Gregory Price
Vice President of Defense Programs
Trowbridge & Trowbridge, LLC

Cell: 815.531.9667
1430 Spring Hill Road, Suite 200, McLean, VA  22102 |  www.tt-llc.com  |  O: 571-298-8478 | F: 571-499-4153


= = = = =
Senior Enterprise Architect 

Work Experience, min 12 years:
5+ years primary role operating, troubleshooting, installing network routers and switches
5+ years primary role designing, architecting routed and switched networks
2+ years as senior or lead network architect in multi-tenant network
2+ years as senior or lead network architect in planning, designing, and building software defined networks 3+ years DoD environment

Certifications:
At least two nationally recognized certifications for senior network administrators/engineers/architects, and one of these certifications must be tied to the proposed solution’s routers and switches.
IAT Level III in accordance with DoD 8570.01-M http://iase.disa.mil/iawip/Pages/iabaseline.aspx
Education:
Bachelor’s degree in Information Systems, Engineering or Equivalent; Master’s degree preferred
Demonstrated Skills:
Ability to analyze requirements; plan and develop technical solutions and frameworks; develop test and implementation plans, analyze and evaluate networks,
Use of current and emergent network design principles and protocols
Experience with network virtualization technologies and vendors
Experience with multi-tenant network architectures
Experience with specific designing and modernize a complex network to separate control from data planes. Familiarity with a width variety network routing and switching equipment devices from multiple vendors Scripting languages such as Pearl, Python.

Awareness of DoD JIE-JRSS architecture, and design experience for a DoD network within the last 3 years.
Clearance:
Active or current Top Secret clearance, SCI eligible, adjudicated through DoD Central Adjudicative Facility (CAF).
67 of 79 SDN Solution Final PWS v1.0 As Of: 23May17_1700hours 

Friday, July 14, 2017

Cybersecurity research: What and How

Friday July 7, 2017, I was asked by the folks at SANS.EDU to help the graduate students submit research proposals to be evaluated by the STI research committee. It was fun work, and a glimpse at a new, (to me), part of the research process at STI.

In the first batch there were a number of potentially great proposals, but only one student took the time to clearly articulate what she was going to do and how she was going to do it. Not surprisingly, when this proposal reached the committee for a go/no go decision, the answer was go, (approved), and several faculty members volunteered to be the advisor on the project.

The experience led me to wonder, "what is the difference between the successful project proposals and the ones we evaluate as not yet ready?" From the title of the blog post you can probably guess the answer is the successful students clearly articulate what they are going to do and how they are going to do it. Before we examine that, let's take a minute to define a Cybersecurity Research Proposal. There are, amazingly, three key words to consider:

    Cybersecurity: all of the proposals fell into the realm of computer security, so we don't need to belabor this point. We can leave Better methods of picking daisies to some other worthy institution.

    Research: we ran into some problems here.  Research is studious inquiry. Research is not regurgitation of already published information, or an opportunity to recount one's personal experience.

    Proposal: this is where the student defines what they are going to do and how they are going to do it.

As mentioned, most of the proposals had potential in the sense that the topics were timely and interesting. So where did so many miss the mark?  There seemed to be two major pitfalls, overly broad topics, (failure to succinctly define "what") and research process that cannot be practically accomplished, (failure to pragmatically understand/define how).

Since it is frustrating to be sent "back to the drawing board", here are a couple suggestions for success the first time through the process.

1) Know what you want to do. Ideally, your topic will be something that you want to learn more about, or that will benefit your employer. In the best of all possible worlds your topic will satisfy both conditions. If you do not know what you want to do, you will not be able to explain it in the proposal. That results in "fuzzy writing" which ends up frustrating all parties, student and advisor. Only you can know what you want to do.

2) Use the literature search part of the process to explore the uniqueness of your proposal. If there are lots of papers, tutorials, YouTube videos, etc on "Using Wireshark to monitor the TCP/IP 3 Way Handshake", it could be an indication that ground has already been covered. However, keep in mind that just about everything you can imagine has been published on the Internet in one form or fashion. The published material may not be supported by studious inquiry and/or empirical results. In that case, you may still have a valid topic and this is a discussion you should have with your advisor.

Summary: if your research proposal: reflects studious inquiry, covers new ground and adds to the body of knowledge, clearly explains what you intend to do and how you intend to do it, then the odds are better than average it will be accepted the first time.

Wednesday, June 7, 2017

Guy Bruneau Commendation

No one can remember a time when this was issued to a civilian, (maybe Guy has a uniform stashed away in a closet somewhere, eh).