Analytics

7/5/2016
04:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

West Point Trains Female Cadets For Cyber Branch

An internship at a Silicon Valley startup is one program aimed at helping close the cybersecurity skills gap.

United States Military Academy students Hannah Whisnant and Jayleene Perez spent the last three weeks in a summer internship program learning about cybersecurity at a Silicon Valley startup. 

The West Point Academy cadets, both rising juniors, were the first to participate in the program via security vendor Vidder, which sells a software-defined perimeter security service. West Point is home to the Army Cyber Institute, which was founded in October 2014 as part of the Defense Department's mandate to build a plan to defend the US against cyberattacks.

West Point's Silicon Valley internship program comes at a crucial time for the cybersecurity industry, which has struggled to keep positions filled with skilled professionals. A recent survey by Spiceworks found that 55% of organizations do not have a cybersecurity expert, and a majority have no plans to hire one. The same survey found that out of 1,000 IT professionals polled, 67% said they did not have any security certifications. 

And of those who do hold a job in cybersecurity, just 10% are women

A year after the ACI was opened, Junaid Islam, President and CTO of Vidder, was asked to give a lecture at West Point on Vidder’s security solution of software-defined perimeters. West Point asked Islam if Vidder would like to host West Point juniors and seniors as summer interns. This would be the first time West Point would offer an internship at a startup, let alone at a security startup. 

“It’s new for [West Point] to be working directly with Silicon Valley startups, and new to be sending their cadets right to Silicon Valley companies so they directly understand everything from how do product works, how do they invent it, how do we identify cyberattacks, how do we figure out how to stop them," Islam says. The cadets get to see "the whole lifecycle, and the idea is that this lifecycle will go back into the army’s thinking about how they should think about cybersecurity,” he says. 

Retired Major General Dan Balough, Vidder board member and a graduate of West Point, says the internship is important because it goes beyond the traditional government and Pentagon internships that West Point typically offers.

“I’m hoping this is a door opener -- it will broaden the ability of the Academy to get people out here to what I consider the heartbeat of the 21st century,” he says, referring to the tech revolution currently happening in the Bay Area and Seattle.    

For West Point's Perez, an information technology major at West Point, shipping out to the Silicon Valley for this internship was an opportunity to learn about how civilian network structures vary from a military networks. Both she and Whisnant see the program as a way for West Point to spur interest in the new cyber branch of the US Army. 

Jayleene Perez
Jayleene Perez

While a trip to Facebook headquarters and Big Basin did make their way onto the agenda, this was no vacation for the cadets. They spent three intensive weeks learning about cybersecurity and Vidder’s product, and during the final week, created a report based on their own analysis of everything they’d learned at Vidder. This report will be transmitted back to West Point to go toward an assessment of the cadets in their training to become officers and will remain in their files for the rest of their careers.

Perez and Whisnant spent three days learning how to hack into a fake internal network, which gave them the chance to practice the new skills they had learned at Vidder with hacking tools such as Metasploit and Nmap. Whisnant, a double major in math and computer science, says they also got to see a lot of hacking tools that they are not allowed to use on a Department of Defense-issued computer. That was a lot of fun, she says.

Hannah Whisnant
Hannah Whisnant

They also got a deep-dive into public key infrastructure technology beyond what you can learn in the classroom, and were also taught a little bit about business and how to market a product at a startup.

Gender Gap

Perez and Whisnant weren't fazed by the gender demographics in Silicon Valley. West Point is at about 83% male and 17% female, according to a Forbes college listing based on enrollment numbers from Winter 2014-Spring 2015 school year. 

“I’ve definitely hit a point in my life if I walk into a classroom and I’m the only girl in the room, I barely notice unless someone points it out to me,” Whisnant says.

Says Perez, “It’s just the environment we’re in, it’s normal for there to be like a 20% female and 80% male population.”

Both of these young women also agree that exposure to the cybersecurity field for women is sparse and there’s room to change that.  

“Women are present in small numbers in computer science and IT to begin with,” Whisnant says. “In my life, I've found that if just one parent or teacher takes a moment to encourage someone or suggest they would be good at something like computer science, it really can change their whole life,” she adds.

Perez knows this firsthand: “If it wasn't for my IT105 instructor,” she says, “I would have never considered information technology as my major or consider cyber as a possible [army] branch choice.”

This program is helping train young women -- and likely men, too -- for the dearth of cybersecurity jobs available. It has also opened the cadets’ eyes to new ways of thinking about cybersecurity.

“The most interesting thing I’ve experienced is it’s really broadened my idea of what cybersecurity can be,” says Whisnant. “I sort of had this very set view of like, oh, security is you have a firewall and you have to have a password to get around it -- the breadth of what it can be and what products are available has been good for me to learn about.”

Both cadets were drawn to cybersecurity because of the potential for growth and development in the new cyber branch of the Army.  

“I like that security is a very technical discipline, but also requires understanding of human nature and how people operate. A lot of security is about trying to think like a potential attacker and anticipate their actions, which appeals to me,” Whisnant says.

Perez says there are multiple dimensions to the field. “People normally think that there are two parts of cyber -- defense and offense. I think it's one of the few branches in the army in which you have very diverse jobs you can be doing in order to complete the same mission," she says.

Related Content:

 

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.