Analytics

7/5/2016
04:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

West Point Trains Female Cadets For Cyber Branch

An internship at a Silicon Valley startup is one program aimed at helping close the cybersecurity skills gap.

United States Military Academy students Hannah Whisnant and Jayleene Perez spent the last three weeks in a summer internship program learning about cybersecurity at a Silicon Valley startup. 

The West Point Academy cadets, both rising juniors, were the first to participate in the program via security vendor Vidder, which sells a software-defined perimeter security service. West Point is home to the Army Cyber Institute, which was founded in October 2014 as part of the Defense Department's mandate to build a plan to defend the US against cyberattacks.

West Point's Silicon Valley internship program comes at a crucial time for the cybersecurity industry, which has struggled to keep positions filled with skilled professionals. A recent survey by Spiceworks found that 55% of organizations do not have a cybersecurity expert, and a majority have no plans to hire one. The same survey found that out of 1,000 IT professionals polled, 67% said they did not have any security certifications. 

And of those who do hold a job in cybersecurity, just 10% are women

A year after the ACI was opened, Junaid Islam, President and CTO of Vidder, was asked to give a lecture at West Point on Vidder’s security solution of software-defined perimeters. West Point asked Islam if Vidder would like to host West Point juniors and seniors as summer interns. This would be the first time West Point would offer an internship at a startup, let alone at a security startup. 

“It’s new for [West Point] to be working directly with Silicon Valley startups, and new to be sending their cadets right to Silicon Valley companies so they directly understand everything from how do product works, how do they invent it, how do we identify cyberattacks, how do we figure out how to stop them," Islam says. The cadets get to see "the whole lifecycle, and the idea is that this lifecycle will go back into the army’s thinking about how they should think about cybersecurity,” he says. 

Retired Major General Dan Balough, Vidder board member and a graduate of West Point, says the internship is important because it goes beyond the traditional government and Pentagon internships that West Point typically offers.

“I’m hoping this is a door opener -- it will broaden the ability of the Academy to get people out here to what I consider the heartbeat of the 21st century,” he says, referring to the tech revolution currently happening in the Bay Area and Seattle.    

For West Point's Perez, an information technology major at West Point, shipping out to the Silicon Valley for this internship was an opportunity to learn about how civilian network structures vary from a military networks. Both she and Whisnant see the program as a way for West Point to spur interest in the new cyber branch of the US Army. 

Jayleene Perez
Jayleene Perez

While a trip to Facebook headquarters and Big Basin did make their way onto the agenda, this was no vacation for the cadets. They spent three intensive weeks learning about cybersecurity and Vidder’s product, and during the final week, created a report based on their own analysis of everything they’d learned at Vidder. This report will be transmitted back to West Point to go toward an assessment of the cadets in their training to become officers and will remain in their files for the rest of their careers.

Perez and Whisnant spent three days learning how to hack into a fake internal network, which gave them the chance to practice the new skills they had learned at Vidder with hacking tools such as Metasploit and Nmap. Whisnant, a double major in math and computer science, says they also got to see a lot of hacking tools that they are not allowed to use on a Department of Defense-issued computer. That was a lot of fun, she says.

Hannah Whisnant
Hannah Whisnant

They also got a deep-dive into public key infrastructure technology beyond what you can learn in the classroom, and were also taught a little bit about business and how to market a product at a startup.

Gender Gap

Perez and Whisnant weren't fazed by the gender demographics in Silicon Valley. West Point is at about 83% male and 17% female, according to a Forbes college listing based on enrollment numbers from Winter 2014-Spring 2015 school year. 

“I’ve definitely hit a point in my life if I walk into a classroom and I’m the only girl in the room, I barely notice unless someone points it out to me,” Whisnant says.

Says Perez, “It’s just the environment we’re in, it’s normal for there to be like a 20% female and 80% male population.”

Both of these young women also agree that exposure to the cybersecurity field for women is sparse and there’s room to change that.  

“Women are present in small numbers in computer science and IT to begin with,” Whisnant says. “In my life, I've found that if just one parent or teacher takes a moment to encourage someone or suggest they would be good at something like computer science, it really can change their whole life,” she adds.

Perez knows this firsthand: “If it wasn't for my IT105 instructor,” she says, “I would have never considered information technology as my major or consider cyber as a possible [army] branch choice.”

This program is helping train young women -- and likely men, too -- for the dearth of cybersecurity jobs available. It has also opened the cadets’ eyes to new ways of thinking about cybersecurity.

“The most interesting thing I’ve experienced is it’s really broadened my idea of what cybersecurity can be,” says Whisnant. “I sort of had this very set view of like, oh, security is you have a firewall and you have to have a password to get around it -- the breadth of what it can be and what products are available has been good for me to learn about.”

Both cadets were drawn to cybersecurity because of the potential for growth and development in the new cyber branch of the Army.  

“I like that security is a very technical discipline, but also requires understanding of human nature and how people operate. A lot of security is about trying to think like a potential attacker and anticipate their actions, which appeals to me,” Whisnant says.

Perez says there are multiple dimensions to the field. “People normally think that there are two parts of cyber -- defense and offense. I think it's one of the few branches in the army in which you have very diverse jobs you can be doing in order to complete the same mission," she says.

Related Content:

 

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.