Analytics

7/5/2016
04:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

West Point Trains Female Cadets For Cyber Branch

An internship at a Silicon Valley startup is one program aimed at helping close the cybersecurity skills gap.

United States Military Academy students Hannah Whisnant and Jayleene Perez spent the last three weeks in a summer internship program learning about cybersecurity at a Silicon Valley startup. 

The West Point Academy cadets, both rising juniors, were the first to participate in the program via security vendor Vidder, which sells a software-defined perimeter security service. West Point is home to the Army Cyber Institute, which was founded in October 2014 as part of the Defense Department's mandate to build a plan to defend the US against cyberattacks.

West Point's Silicon Valley internship program comes at a crucial time for the cybersecurity industry, which has struggled to keep positions filled with skilled professionals. A recent survey by Spiceworks found that 55% of organizations do not have a cybersecurity expert, and a majority have no plans to hire one. The same survey found that out of 1,000 IT professionals polled, 67% said they did not have any security certifications. 

And of those who do hold a job in cybersecurity, just 10% are women

A year after the ACI was opened, Junaid Islam, President and CTO of Vidder, was asked to give a lecture at West Point on Vidder’s security solution of software-defined perimeters. West Point asked Islam if Vidder would like to host West Point juniors and seniors as summer interns. This would be the first time West Point would offer an internship at a startup, let alone at a security startup. 

“It’s new for [West Point] to be working directly with Silicon Valley startups, and new to be sending their cadets right to Silicon Valley companies so they directly understand everything from how do product works, how do they invent it, how do we identify cyberattacks, how do we figure out how to stop them," Islam says. The cadets get to see "the whole lifecycle, and the idea is that this lifecycle will go back into the army’s thinking about how they should think about cybersecurity,” he says. 

Retired Major General Dan Balough, Vidder board member and a graduate of West Point, says the internship is important because it goes beyond the traditional government and Pentagon internships that West Point typically offers.

“I’m hoping this is a door opener -- it will broaden the ability of the Academy to get people out here to what I consider the heartbeat of the 21st century,” he says, referring to the tech revolution currently happening in the Bay Area and Seattle.    

For West Point's Perez, an information technology major at West Point, shipping out to the Silicon Valley for this internship was an opportunity to learn about how civilian network structures vary from a military networks. Both she and Whisnant see the program as a way for West Point to spur interest in the new cyber branch of the US Army. 

Jayleene Perez
Jayleene Perez

While a trip to Facebook headquarters and Big Basin did make their way onto the agenda, this was no vacation for the cadets. They spent three intensive weeks learning about cybersecurity and Vidder’s product, and during the final week, created a report based on their own analysis of everything they’d learned at Vidder. This report will be transmitted back to West Point to go toward an assessment of the cadets in their training to become officers and will remain in their files for the rest of their careers.

Perez and Whisnant spent three days learning how to hack into a fake internal network, which gave them the chance to practice the new skills they had learned at Vidder with hacking tools such as Metasploit and Nmap. Whisnant, a double major in math and computer science, says they also got to see a lot of hacking tools that they are not allowed to use on a Department of Defense-issued computer. That was a lot of fun, she says.

Hannah Whisnant
Hannah Whisnant

They also got a deep-dive into public key infrastructure technology beyond what you can learn in the classroom, and were also taught a little bit about business and how to market a product at a startup.

Gender Gap

Perez and Whisnant weren't fazed by the gender demographics in Silicon Valley. West Point is at about 83% male and 17% female, according to a Forbes college listing based on enrollment numbers from Winter 2014-Spring 2015 school year. 

“I’ve definitely hit a point in my life if I walk into a classroom and I’m the only girl in the room, I barely notice unless someone points it out to me,” Whisnant says.

Says Perez, “It’s just the environment we’re in, it’s normal for there to be like a 20% female and 80% male population.”

Both of these young women also agree that exposure to the cybersecurity field for women is sparse and there’s room to change that.  

“Women are present in small numbers in computer science and IT to begin with,” Whisnant says. “In my life, I've found that if just one parent or teacher takes a moment to encourage someone or suggest they would be good at something like computer science, it really can change their whole life,” she adds.

Perez knows this firsthand: “If it wasn't for my IT105 instructor,” she says, “I would have never considered information technology as my major or consider cyber as a possible [army] branch choice.”

This program is helping train young women -- and likely men, too -- for the dearth of cybersecurity jobs available. It has also opened the cadets’ eyes to new ways of thinking about cybersecurity.

“The most interesting thing I’ve experienced is it’s really broadened my idea of what cybersecurity can be,” says Whisnant. “I sort of had this very set view of like, oh, security is you have a firewall and you have to have a password to get around it -- the breadth of what it can be and what products are available has been good for me to learn about.”

Both cadets were drawn to cybersecurity because of the potential for growth and development in the new cyber branch of the Army.  

“I like that security is a very technical discipline, but also requires understanding of human nature and how people operate. A lot of security is about trying to think like a potential attacker and anticipate their actions, which appeals to me,” Whisnant says.

Perez says there are multiple dimensions to the field. “People normally think that there are two parts of cyber -- defense and offense. I think it's one of the few branches in the army in which you have very diverse jobs you can be doing in order to complete the same mission," she says.

Related Content:

 

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Emily Johnson is the digital content editor for InformationWeek. Prior to this role, Emily worked within UBM America's technology group as an associate editor on their content marketing team. Emily started her career at UBM in 2011 and spent four and a half years in content ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPN,  8/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.