The Brandeis GPS blog

Insights on online learning, tips for finding balance, and news and updates from Brandeis GPS

Information Security has the perfect mindset to facilitate decision-support red teaming

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

We hear the term “red team” liberally used these days, applied in the security space for both force-on-force scenario testing (subverting hardened facilities and assets) and in the information security space, primarily referring to “white hat” hacking to assess security posture for systems, devices, network perimeters and web applications.

A “red teamer” in the decision support or strategic space is formally trained and uses critical thinking tools and techniques to provoke analysis, stress test strategies, plans and perspectives. At the heart of this work is the modeling or reframing of the problem space from the adversaries perspective.  Red teamers and Security Pros are by nature contrarians, and it is this contrarian mindset we want to capitalize on.

While cybersecurity “red teaming” as penetration testing is vital to an organization’s testing of its security and data protection posture, it has a narrow scope. However, everyone these days in this space wants to refer to his or her work as red teaming. The practice of decision support red teaming is the area that I am submitting an organization can immediately benefit from and are not currently employing. This is an area where your security team can add value by adopting the tools and techniques to facilitate red teaming. Information security professionals are diverse thinkers and often “see” across the entire enterprise. Equipping them with red team tools and techniques can enhance their value in guiding the organization to make better decisions.

Red teaming and the value of a premortem

So how do we do it?  How do we immediately capitalize on our existing stance as contrarians to serve as strategic red teamers? There are a number of available tools such as the U.S.Army’s Applied Critical Thinking Handbook, and Bryce Hoffman’s Red Teaming. We start with, most importantly, is buy-in and genuine support from the top of the organization, and the admission that we will trust our decision to conduct red team analysis and we will be true to the results. There are a number of short tools to use to try this, one of the most straightforward is to have your security staff conduct a premortem on your most important security project for the upcoming year.

The basic approach of the premortem is to visualize, prospectively, about the project failing and using this to illuminate the cause(s) of the failure.  This is not a risk assessment. We are not speculating on what could harm our project, we are identifying what actually caused the failure. This is pathology; we are engaged in diagnosis, not prognosis. Supplies needed are easy to acquire, you will need paper or index cards and pens/pencils and a white board or projector.

  • The leader (security staff facilitator) level sets with the group by reading out the summary from the business case or a summarized version of the project. The leader tells everybody that they should assume that their team, the project team, has made the decision to go forward and that the project has gone forward and has concluded. We are in the future now, a year into the future, and the project has been an utter failure. It has crashed and burned with no redeeming outcome or benefit.
  • Exercise: Each player (project team member) takes the paper in front of him/her and writes a brief narrative or cause of the failure. Take 5 minutes and work in silence.
  • The facilitator collects the paper or cards and generates a list of all the points on a whiteboard or projector. The facilitator can now work with the group to solicit further failure ideas, inspired by the list.
  • Engage in a game to further determine the top five causes for the failure. [A practical note here: if you conduct a premortem and determine a set of failures that are agreed universally by the group as being actual failures, you have a fundamental problem with your project. Stop it immediately and take a step back and rethink the plan.]

Red teaming is best conducted with as diverse a group as possible, and often times those who have had the least to do with the project plan formation can provide insights into points of failure. As you look to expand your tool set in the future, a master’s degree in security leadership can help engender this contrarian mindset and improve the value of security in your organization.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps

Image source: LeadX.org

Meet our newest GPS faculty members

The first week of the October session is here and we are excited to introduce the newest Brandeis GPS faculty members. These industry leaders come to Brandeis GPS with expertise and established networks within their fields. We have no doubt that the knowledge and experience they bring will provide for meaningful learning opportunities in the online classroom.

Garrett Gillin – RDMD 110: Principals of Search Engine Marketing

Garret Gillin Headshot

Garrett Gillin, MBA, is a co-founder and Principal at 215 Marketing, a Google Premier Partner agency located in Philadelphia, PA, where he oversees the development and execution of integrated digital marketing initiatives with a concentration on programmatic advertising, marketing automation, and advanced analytics.

David Bauer – RSAN 190: Project Management for Analytics

David Bauer, MBA, PMP, is an Infrastructure and Operations Project Manager for Utica National Insurance Group where he works on a team of IT professionals on projects including cloud migrations, database & server operations, and infrastructure lifecycle upgrades. He received his MBA from Syracuse University at the Whitman School of Management. David also served for 15 years on active duty in the U.S. Air Force where he held roles in project and program management from squadron level to the headquarters level. He also has experience in the defense contracting industry where he worked for a cyber security defense contractor as a program manager.

Todd Chapin – RUCD 185: Design for Non-screen User Experiences

Todd Chapin HeadshotTodd Chapin is a co-founder and Chief Product Officer at ShopClerk.ai. He has experience in product management and UX, as well as expertise in personal mobility, speech recognition, and e-commerce. He has worked at Zipcar, Audible, and Nuance Communications. He has graduate and undergraduate degrees in Human Factors Engineering from Tufts University.

Ernest Green – RSAN 160: Predictive Analytics

Ernest Green Headshot

Ernest Green MS, MBA, PMP, is Vice President of Data Mining at a large financial institution in Dallas, TX. Prior to this role, he worked as a Data Scientist with General Motors and has 10+ years of diverse analytics experience. He holds multiple college degrees and most recently completed a Master’s in Predictive Analytics from Northwestern University. His research and expertise are in analytics, machine learning, natural language processing and artificial intelligence.

We are so pleased to welcome these new faculty members to Brandeis GPS and look forward to seeing how they bring their expertise to their online classrooms.

Faces of GPS is an occasional series that profiles Brandeis University Graduate Professional Studies students, faculty and staff. Find more Faces of GPS stories here.

How to recruit and manage the best cybersecurity candidates

By Joseph Dalessandro

October is National Cyber Awareness Month, and we’ll be spotlighting cybersecurity content on the blog all month long.

People management is one of the hardest and most rewarding experiences of one’s working life. With the advent of the “gig” economy, I am curious how we are faring in hiring in the cybersecurity space.

Cybersecurity hiring has been universally difficult for some time. It’s not that there is a lack of quality candidates. The issue is that we are missing each other. This is due in large part to the “traditional” hiring approach that many mangers adopt when they have open roles. They head to HR, or pick up the phone and call HR, and ask HR to find them candidates.

This happened to an acquaintance of mine not too long ago. He was looking for a junior information security analyst: a basic role that requires entry-level experience. He received more than 600 resumes, and realized that solid candidates were getting lost in a sea of unqualified applicants who know security is hot and want in.

If you are a manager in security, it’s time to change your hiring paradigm. To find a better applicant pool, cast your net more efficiently and do the following immediately:

  1. Use your network. Get into your network and spend some time talking to your peers.  Learn how to recruit and get out and start recruiting. If you have people in your network that would be perfect, call them. If they do not want to move, find out if they have contacts looking for work.  Ask your peers where they are finding hires. Share information on candidates, someone who is not a good team fit for you may be a good team fit for a peer of yours.
  2. Set the expectation up front in postings that you are different and you are serious. Include information in job postings that candidates will be tested on role skills during the first interview. Those without skills and basic security knowledge immediately fall out. This works well for junior roles. For more senior roles, make it known up front that for technicians they will need to demonstrate skills and for managers, they will need to discuss culture, training and retention.
  3. Make candidates provide a cover letter or cover email that explains how their experience aligns to the role, or provide them a platform to do this in a structured way. This will, once again, weed out those who do not align with the expectations of the role. If I need to describe in a table how my experience and skills relate directly to the role skills, I know that the manager is serious and is looking for the right candidate, and not just “looking” for candidates. Demand that candidates communicate, and get them together to be interviewed by other managers, from other non-IT departments, to interview them more objectively.
  4. Look for skills and education that shows the candidate is more than a CISSP. CISSP’s are everywhere, but show me a CISSP with a master’s degree who can write a business case or executive memo and I’ll scoop them up.

Once you build a team, you need to cultivate it. You want to develop your employees, and yes, eventually you want them to move on, to be successful in another department or another company. However, at the outset, for all your hires, you want to retain them, develop them and let them thrive.  This will also pay when you need to hire. Some of those employees will develop into their next role with you, and if you know those employees and what they want and where they want their career to go, you can help. Do a better job of knowing your current employees and how you can develop them for that next role. Look at your team for diversity, and for diversity of thought, and make sure you employ some contrarians. Diversity in thought is especially important in cybersecurity. A diverse team will be a high performing team. For roles where you have great staff but they are taking leave or need a different structure to their job, consider altering your approach and preconceptions about the traditional working day or the traditional working role rather than replacing those employees.

There are candidates for roles, but they need to be discovered. If you’re looking for a position, differentiate yourself from the masses. Why do I want to hire you? Stop memorizing port numbers and show me you know what P&L is and that you understand budgeting, or, develop your presentation skills, or, develop data analysis or data visualization skills. Or, better yet, get a master’s in security leadership and I’ll know you can handle the role.

Joseph (Joe) Dalessandro is the program chair of the Information Security Leadership program at Brandeis University Graduate Professional Studies, and the Head of Security & Technology Audit and Audit Data Analytics, Australian Unity.

Brandeis GPS offers a Master’s of Science in Information Security Leadership. The part-time, fully online program prepares graduates for leadership roles in information security with a cutting-edge, industry relevant curriculum that builds leadership savvy and skill in leveraging technical know-how. For more information, contact gps@brandeis.edu, call 781-736-8787 or visit www.brandeis.edu/gps

Image sources:

https://www.cyberdb.co/wp-content/uploads/2017/11/LinkedIn-cybersecurity.jpg

https://image-store.slidesharecdn.com/be4eaf1a-eea6-4b97-b36e-b62dfc8dcbae-original.jpeg

Cloud Computing

Data hubs are becoming increasingly virtual. According to the most recent annual cloud computing survey by North Bridge venture partners, 50 percent of organizations had either a cloud-first or cloud-only policy and 90 percent used the cloud in some way. As the cloud continues to grow, it is essential that software engineers looking to advance in their field have a working knowledge of cloud-based services.

Brandeis GPS will be offering Cloud Computing as a part-time, fully online course this October. During the 10-week course, students will explore cloud-based services, using internet-based software suites such as Google Docs or Salesforce.com, through platform-based systems (PaaS), such as Microsoft’s Azure environment, that make it easy to focus on developing new apps or services, to complete cloud-based infrastructure (IaaS), such as Amazon’s Web Services.

The course also explores how use of the cloud changes how we “do” IT. Cloud-based services are especially well-suited to Agile development and Lean Startup thinking. This leads to new ideas such as DevOps and “continuous deployment.” In addition, use of SaaS security systems changes how we integrate systems, how we handle identity and access management (IAM), opening up new threats and new opportunities to keep data secure. Finally, the course looks at how the cloud enables us to work with more data than ever before, “Big Data”— NoSQL databases and scalable infrastructure (e.g., Hadoop).

Throughout the course, students will learn how to evaluate the various cloud-based services and how to communicate that evaluation to decision-makers in the organization.

It also includes a hands-on practicum using Amazon Web Services (AWS). Students will explore the most common features of Infrastructure as a Service (IaaS), and how IaaS, overall, differs from older paradigms of systems management and program architecture.

At the end of the course, students will be able to:

  • Describe the major categories of cloud-based services and the major trends in cloud computing and be able to explain the impact of cloud computing on the role of corporate IT;
  • Describe new roles and approaches to software development tuned to the cloud, starting with DevOps and the idea of continuous development;
  • Assess specific services, evaluate whether or not they are appropriate to specific challenges, and plan their implementation, where relevant;
  • Describe how the cloud has enabled enterprises to rethink how data are gathered, analyzed, and processed, using NoSQL databases, and scalable infrastructure such as Hadoop;
  • Evaluate security challenges in the cloud and understand current best practices;
  • Successfully carry out backup, system imaging and disaster recovery;
  • Successfully set up, monitor, and maintain a reasonably complex web-based service on Amazon Web Services (the course practicum).

At Brandeis GPS, you can take up to two courses before enrolling in one of our 12 online master’s degrees. If you’re interested in exploring the Master of Software Engineering, or would like to learn more about cloud computing for professional development, contact the  GPS office for more information or to request a syllabus: 781-736-8787, gps@brandeis.edu, or submit your information.

Healthcare Delivery in the U.S.

The healthcare system in the U.S. is made up of both public and private programs. Clinicians, hospitals, patients, insurance plans, and regulators intersect to form a complex, interconnected network. To navigate the U.S. healthcare system successfully, health and medical stakeholders must have a fundamental understanding of the events and policies that have shaped the current environment in which they operate.

Brandeis GPS will be offering Healthcare Delivery in the U.S. during our upcoming October session. The fully online, 10-week course will provide an overview of how the U.S. system has developed, and place a substantial focus on how healthcare data has developed over time and informed changes to the delivery system.

The course examines how health informatics supports, influences, and is influenced by the business side of health care. It is an introduction to health care business systems and models with a particular emphasis on the value of health information technology (HIT) to the organization. Upon successful completion of this course, the student will be able to:

  • Discuss knowledgeably the state of health care in the United States
  • Evaluate options for measuring health status and financing health care and examine options for
    providing health care both acute and chronic
  • Examine public health care and the role of the government in the delivery of health care
  • Explain the role of information systems in providing health care and measuring health care quality

At Brandeis GPS, you can take up to two courses before enrolling in one of our 12 online Master’s degree programs. If you’re interested in exploring the MS in Health and Medical Informatics or would like to learn more about healthcare delivery in the U.S. to fill a skills gap, contact the  GPS office for more information or to request a syllabus: 781-736-8787, gps@brandeis.edu, or submit your information.

The best discounts for online students

From retail to technology to travel to entertainment, student discounts provide you with many ways to save. At Brandeis GPS, all students receive student ID cards that you can use in addition to your .edu address to obtain discounts. We’ve compiled a list of some of the best discounts available to graduate students:

Retail:

Whether you’re looking for professional attire or something to wear on the weekend, you’ll want to check out the following student deals on clothing and other items:

A with an arrow

AmazonUsing your student (.edu) email, get 6 months of free Amazon Prime Student (trial) then 50% off the annual Amazon Prime subscription fee. Get unlimited free Two-Day shipping as well as special offers and promotions.

EXPRESS: Get 15% off both online and in-store. Simply register and verify your student status with UNiDAYS.

J.Crew:  Get 15% off in-store purchases with a valid student ID.

Tommy HilfigerGet 15% off your online purchase by confirming your eligibility through SheerID.

Nike SwooshNike: Get 10% off your online order by verifying your student details through SheerID.

Travel:

One of the benefits of an online graduate program is that you can do your work from anywhere. For discounts on the go, read about the following student travel deals:

CheapOair.comFind cheap tickets and save big with CheapOair’s student deals and promotions.

Logo for American AirlinesStudentUniverse/American AirlinesStudentUniverse and American Airlines have teamed up to offer students great prices for inexpensive travel. See link for more details.

E-Z Rent-a-Car: Save 10% using the code 7192E. Coupon expires on 01/01/2019. See link for participating locations.

Electronics & Technology:

Technology is essential for students, especially those taking courses online. Here are some top discounts to use for completing coursework and beyond:

Microsoft and window logoMicrosoftStudents can get Office 365 for free (including Word, Excel, PowerPoint, OneNote, and now Microsoft Teams, plus additional classroom tools) and save $200 on Surface Pro and Surface Laptop plus 10% off Surface accessories.

AdobeGet over 60% off Adobe Creative Cloud All Apps plan in your first year.

DellSave on select computers and earn up to 6% back in rewards through Dell University. Get free expedited shipping on your purchase as well as other exclusive offers.

News & Entertainment:

We know you have a life outside the classroom and may want to take some time to relax and stay updated on relevant news. Here are some ways to stay connected:

Bloomberg Businessweek: Students can get 12 weeks of all-access and digital access for $12.

Round red circle with the economistThe Economist: Students can get 12 weeks of print and digital subscription for just $12.

The New York TimesStudents can save on print and digital subscription. Get 4 weeks free then $1 a week for Basic Digital Access.

The Wall Street JournalGet up to 50% off the annual student rate or pay $15 for 15 weeks.

The Washington Post: All students are eligible for a 50% discount on digital subscriptions. Sign up with your .edu email address and verify with SheerID to activate the Academic Rate.

Green circle with 3 lines and spotifySpotifyPay only $4.99 for Spotify Premium, Hulu Limited Commercials, and SHOWTIME. Simply provide your student email when prompted during registration.

Learn more details and read about other student discounts available here.

 

If you’d like to learn more about other benefits of a Brandeis GPS education, contact our admissions team at 781-736-8787 or gps@brandeis.edu

Molecular Biology, Genetics, and Disease

Biotechnology and pharmaceutical organizations are increasingly viewing bioinformatics as an integral part of their research processes. Biomedical industries are seeking to make use of vast amounts of genomic data to produce complex and accurate biological models.

Brandeis GPS will be offering Molecular Biology, Genetics, and Disease  as a part-time, fully online course this October. The 10-week course will introduce students to the basic concepts of molecular, cell, and developmental biology. It will cover classic genetics, from Mendelian inheritance to quantitative and complex traits, associations and population genetics. It will address the anatomy and function of genomes from humans and model organisms. Using the Human Genome Projects as an example, students will learn sequencing and mapping technologies. Basic sequence analysis methods will be introduced, along with techniques to navigate genome browsers and other relevant databases.

At the end of the course, students will be able to:

  • Navigate genome browsers and databases relevant to genetics and genomics.
  • Analyze pedigrees and apply genetics to identify disease associations.
  • Use techniques of physical and genetic mapping and sequencing.
  • Use comparative genomics to detect homologous sequences within and between organisms and to define evolutionary relationships.
  • Predict possible consequences of mutations and genetic variation within and outside of genes.
  • Use examples from developmental biology, human disease and immunology to illustrate genetic control mechanisms and mutations.

At Brandeis GPS, you can take up to two courses before enrolling in one of our 12 online master’s degrees. If you’re interested in exploring the MS in Bioinformatics, or would like to explore molecular biology to fill a bioinformatics skills gap, contact the  GPS office for more information or to request a syllabus: 781-736-8787, gps@brandeis.edu, or submit your information.

Brandeis graduate student publishes new book on AI and Robotics

We are excited to announce that Brandeis Project and Program Management student, Francis Govers, recently published a book, Artificial Intelligence for Robotics. Govers provided us with the following description:

Artificial Intelligence for Robotics starts with an introduction to Robot Operating Systems (ROS), Python, robotic fundamentals, and the software and tools that are required to start out with robotics. You will learn robotics concepts that will be useful for making decisions, along with basic navigation skills.

As you make your way through the chapters, you will learn about object recognition and genetic algorithms, which will teach your robot to identify and pick up an irregular object. With plenty of use cases throughout, you will explore natural language processing (NLP) and machine learning techniques to further enhance your robot. In the concluding chapters, you will learn about path planning and goal-oriented programming, which will help your robot prioritize tasks.

By the end of this book, you will have learned to give your robot an artificial personality using simulated intelligence.

What you will learn

  • Get started with robotics and artificial intelligence
  • Apply simulation techniques to give your robot an artificial personality
  • Understand object recognition using neural networks and supervised learning techniques
  • Pick up objects using genetic algorithms for manipulation
  • Teach your robot to listen using NLP via an expert system
  • Use machine learning and computer vision to teach your robot how to avoid obstacles
  • Understand path planning, decision trees, and search algorithms in order to enhance your robot

Francis Govers’s paperback and e-book can be found on Amazon here.

For software engineers seeking to develop an advanced set of robotics technology skills, Brandeis GPS offers an MS in Robotic Software Engineering. For more information about the part-time, fully online program, contact the  GPS office: 781-736-8787, gps@brandeis.edu, or submit your information.

What’s next for EdTech

Education technology is constantly evolving alongside the development of new tools, processes and resources. Each year, an expert panel of community members publishes the NMC Horizon Report, which lays out the latest trends and developments in EdTech and identifies new impacts on learning, teaching, and creative inquiry.

This year’s key findings include:

  • In the short-term, a growing focus on measuring learning and new learning spaces;
  • In the mid-term, an increase in open educational resources and the rise of different forms of interdisciplinary studies; and
  • In the long-term, advancing cultures of innovation and cross-institution and cross-sector collaboration

The report predicts that analytics technologies and makerspaces will likely influence EdTech in 2019. Within the next five years and beyond, educators can expect to see the adoption of more adaptive learning technologies and artificial intelligence, mixed reality and robotics.

Be at the forefront of EdTech

Brandeis University is proud to offer master’s degrees for practitioners seeking to make an impact on the future of education technology:

MS in Instructional Design and Technology

MS in Strategic Analytics

MS in Robotic Software Engineering

Brandeis GPS programs are part-time, and 100% online. To learn more about our master’s degrees, request more information or contact the GPS office: 781-736-8787, gps@brandeis.edu.

Cognitive and Social Psychology of User-Centered Design

For those who build things designed for human use, the understanding of human behavior is critical, and the design and development of digital properties is no exception. More and more designers are working to produce technologies that adapt to the user rather than attempt to force behavioral change. It is important for these designers to apply social and psychological principles to predict user responses.

Brandeis GPS will be offering Cognitive and Social Psychology of User-Centered Design as a part-time, full online course this October. The 10-week course will  explore the behavioral, cognitive and social aspects of human activity. Throughout the course, students will examine the psychological and social aspects that impact human interface interaction in both physical and virtual environments. Topics will include Signal Detection Theory, Gestalt Theory, Cognitive Load Theory, and various motivational theories as well as the cultural and social implications of design.

By the end of the course, students will be able to:

  • Identify the cognitive and social psychology principles that impact the use of a particular design, and offer design solutions that will ensure effective user experience
  • Explain Cognitive Load Theory, apply the theory to designs, and explain the whys and hows of reaching optimal cognitive load
  • Explain Signal Detection Theory and apply the theory effectively to designs
  • Make reasonable predictions of human behavior with regards to a user interface and/or design by applying their knowledge of perception, attention, and cognition
  • Apply knowledge of emotion and motivation theories to designs in order to make them more effective, and explain the choices and applications
  • Identify where a particular design may create a cognitive error, or why a particular design may have caused a cognitive error, and offer solutions to reduce error
  • Effectively communicate design solutions to stakeholders

At Brandeis GPS, you can take up to two courses before enrolling in one of our 12 online master’s degrees. If you’re interested in exploring the MS in User-Centered Design, or would like to learn more about cognitive and social psychology as part of your own professional development, contact the  GPS office for more information or to request a syllabus: 781-736-8787, gps@brandeis.edu, or submit your information.

« Older posts

Protected by Akismet
Blog with WordPress

Welcome Guest | Login (Brandeis Members Only)