If you are an InfraGard member, they are sharing a great, no cost, online training opportunity provided by the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The ICS-CERT works to reduce risks within and across all critical infrastructure sectors. The Virtual Learning Portal (VLP) provides online training for those involved in the security of Industrial Control Systems (ICS). Please sign in to register for free VLP courses: https://ics-cert-training.inl.gov/lms/

The INMA Education Committee is working to compile a directory of free and/or low cost training opportunities, like the one above, provided online and/or in-person by government and other non-profit organizations. We understand that there is a lot of excellent training available in the “for profit market” but for now we are focusing on government and nonprofits sources only.  Consider joining InfraGard (free) at https://www.infragard.org

CornCon Kids’ Hacker Camp (The Children of The CornCon) will feature dozens of kid-friendly activities in 2017. These activities range from lock picking and dumpster diving, to learning about electronics, coding and blacksmithing. The intention of the kids’ camp is to open the eyes of kids to the benefits and vulnerabilities of technology. This is done every fall in the Quad Cities, 100 kids at a time.

For the first time, kids at “CornCon 3: The Courne Ultimatum” will be able to “Hack The Pentagon”. This program started as a bug bounty, developed by the DoD to uncover vulnerabilities in their computer systems and web applications. The program uncovered 138 vulnerabilities and now the U.S. Army Cyber Command is sending First Lieutenant Daniel Lim on the road to show kids and adults how bug bounty programs work, and the methods used by penetration testers to uncover and responsibly report vulnerabilities. Responsible disclosure is key, as finding and exposing vulnerabilities to the public can lead to malicious attacks, if it is not preceded by software patches to address the vulnerability first. Read More

(via POLITICO) Senate lawmakers will mark up bills this week aimed at boosting cyber skills among small businesses and expanding the cyber workforce more broadly. On Wednesday, the Small Business Committee will consider legislation that would require workers at small business development centers to be certified in cyber training, and the Commerce Committee will consider a bill to expand cyber scholarships to people pursuing associate’s degrees. The scholarships bill would also create a National Science Foundation study on the success of the cyber scholarship recruiting program. Scholarships for young cyber professionals have emerged as a key tool to fill what experts say is an alarming and growing workforce shortage. Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus, recently introduced an amendment to the 2018 Pentagon funding bill that would add money to DoD’s own cyber scholarship initiative.

In related news, I was happy to offer Representatives Jim Langevin and Will Hurd a tour of R00tz at DEF CON this past weekend. It is great to know that Congress is taking cybersecurity and education seriously as we face a shortage in our field.

Lookout mobile security company develops the Mobile Risk Matrix for looking at the spectrum of mobile security risks for your enterprise and to help in developing a comprehensive strategy. I think this basic framework could be extended to other areas, besides mobile.

Security researchers at Check Point have claimed that a single adware malware is infecting as many as 250 million PCs worldwide.

In this WSJ article, the author posits: What is the greatest threat to liberty in America? Constitutional scholar Philip Hamburger responds: overreach and lack of oversight by the regulatory state or Deep State, where the Bill of Rights has been gutted and citizens have not guarantee of due process.

Full data enrichment profiles for more than 200 million people have been placed up for sale on the Darknet. The person offering the files claims the data is from Experian, and is looking to get $600 for everything.

http://www.csoonline.com/article/3149713/security/data-enrichment-records-for-200-million-people-up-for-sale-on-the-darknet.html Read More