Documente Academic
Documente Profesional
Documente Cultură
Stephanie Gan
Brian Robertson
CST 300
September 22, 2015
Hacker Repellent: The Golden Fields of Information Security
When people think of security, they tend to think of large multi-lock safes, prisons, home
security companies like ADT, and banks under heavy surveillance. Physical security isnt the
only form of security that is prevalent in todays world. As Canavan (2001) states, nobody would
have fathomed hiring an entire organization to protect their digital data in the 1980s, as prior to
then, most computers were not part of a network. In 1988, that all changed with Robert Tappan
Morris invention which was aptly named the Morris Worm. Its purpose was to explore and
infect as many computers as possible. It aimed to create a measure of how vast the internet was
in size. However, outcomes can sometimes vary from intentions in a disastrous way. Even if a
system in question was already infected with the worm, it replicated itself anyway, making the
Morris Worm responsible for slowing computers down to the point of no operation (Seltzer,
2013). Morris was both lucky and convenient in the timing of his idea. Although Morris had
originally intended the worm to be harmless, if it were unleashed today, the backlash would be
phenomenal. He would probably have to seek asylum somewhere in space because he wouldnt
Hacking goes back much further than Morris. In the late 1950s, driven to make free
phone calls, some people would spend hours studying how calls were routed. Now known as
phone phreaks, they desired to make free phone calls. Phreaks enjoyed circumventing the
telephone system by reverse engineering the tone system with tone generators called blueboxes.
Some delved into wiretapping while more reasonable phreaks snuck into phone company
buildings at night to hook up their own phone lines to make telephone calls under the radar
Gan 2
(Lapley, n.d.). These early hackers are the reason information security exists as it does today. The
Target data breach occurred over a year ago and has racked up enormous losses. With the
average repercussion of a data breach leveling at around $5.4 million per business, its no
question that companies are developing a focus on information security (Oberman, 2014).
Protecting peoples data and information from misuse has never been a more relevant and
pressing goal. As the pool of companies that are going paperless increases, the demand for digital
security grows. This ever-changing industry would be a fascinating one to be a part of.
It is for good reason that a rising amount of companies solely dedicated to information
security have popped up over the last two decades. Sizeable companies like Google and
Nintendo have entire departments whose goal it is to keep their consumers data out of harms
way. Hospitals like Kaiser Permanente hire people specifically to maintain the security of all of
their paperless files. Universities can have departments for information security, though many
opt to provide training for the users of their online resources to protect themselves. Acquainted
with a new system, even the most careful person in the world could benefit from some basic
security training. Furthermore, vast majority of security professionals believe that their
organizations security systems dont protect their data nearly as effectively as it should
(Oberman, 2014). Firms that are devoted to information security might provide training all
across the board for an entire business. Instead of existing as a section of a bigger business, these
independent companies have been springing up to provide digital security as their main product.
A couple of the big names today include Tetrad Digital Integrity (TDI), FireEye, Lancope, and
AlienVault, all featuring the common goal of threat detection and risk assessment. Individuals
working at an information security company can hold a multitude of different titles. Several of
the ones encountered include security analysts, CISO (chief information security officer),
Gan 3
security consultants, and security systems administrator. Security analysts are responsible for the
safety of data and the analysis of implemented security measures. The job usually consists of
creating plans of action for maintaining security as well as bolstering awareness. Chief
information security officers are executives, responsible for maintaining the company vision and
the maturity level of the security team. They have the job of addressing the key stakeholders
when it comes to the companys risk profile, which can be risky business in itself (Burgess,
2014). Security consultants, somewhat similar to security analysts, explore code until they find a
vulnerability. They can act as the devils advocate for a companys digital safety and poke holes
in the security systems in place, if there are any. Administrators of security systems have
responsibilities that range from installing to maintaining to troubleshooting. In the end, it all
comes down to advising others on how to prevent, detect, and manage threats while
implementing systems to keep threat management in check. Every information security company
FireEye, founded in 2004, has its headquarters in Milpitas, California. They offer
products to detect, analyze, and block incoming threats to mobile devices, networks, email, and
data centers. FireEye also offers subscription-based services and consulting, as many information
security companies do. They wouldnt have the success they have today without their employee
base that reaches upwards of over a thousand people, nor would they be here without their
founder, Ashar Aziz. Aziz was first an engineer at Sun Microsystems. He then went on to create
Terraspring, Inc., a data center automation and virtualization company, before he founded
FireEye. Dave DeWalt was previously the CEO and president of McAfee before working
alongside Aziz. The president of the company is Kevin Mandia, who had previously established
his own security firm named Mandiant back in 2004 (Hesseldahl, 2013). Mandiant was then sold
Gan 4
off to FireEye where Mandia works today. A few more big names in the company include Grady
Summers, senior vice president and chief technology officer; Kara Wilson, senior vice president
and chief marketing officer; and Julie Cullivan, senior vice president of business operations and
chief information officer. Alongside their hundreds of employees and teammates, this group of
people are known for two of FireEyes main products: the central management system (CMS)
and threat analytics platform (TAP). The CMS is a hub that manages FireEyes multiple security
products. It allows all of the security systems to communicate and share data with each other,
allowing for better response time and threat identification (Central Management, 2015). This
type of product is important for overall security in the event that a malicious site attacks through
different means. Fire Eye's TAP sorts through data that streams in as this is how cyber-attacks are
delivered. The program is intended to expose suspicious patterns and identify big attacks. By
acknowledging and prioritizing truly malicious behavior, TAP helps optimize the response time
and efficacy of the security team (Threat Analytics Platform, 2015). FireEye tries to cover all
of its bases when it comes to data security. They even offer a service titled forensics, which is
malware analysis after the digital calamity has settled. They have a solution for most methods by
harmful situations, how the public responds to FireEye plays a heavy role in its business. Despite
its stock values falling in 2014, the company maintains a healthy relationship with the public and
continues to earn more and more revenue (McGrath, 2015). The security companys ratings by
their own employees on GlassDoor also see a positive trend. A favorable reputation signifies a
lot, and just one bug gone unchecked has the potential to cause waves. In SC Magazine, FireEye
was compared unfavorablely to Kaspersky for their response, or lack thereof, to a bug in their
Gan 5
products (Ring, 2015). Being a more recent event, its difficult to say what effects their low
response time will have on their overall public standing. Still, the company has been known to be
a reliable malware buster and will most likely maintain that influence in the tech world.
Information security is a bustling field that I wouldnt mind being a part of, though there
are two other fields that yield just as much interest. Mobile app design and video game
development can be two incredibly profitable lines of work. The opportunity to flex some
creative muscles while earning money would be a dream come true. To obtain work in the
information security field, I would study for my certifications. It would be ideal to have them
before entering the workforce, though the goal is to earn them before my graduation from
CSUMB. CompTIA's Security+ certification is the first one on my list. As an entry level
practices (Tittel, 2015). As of today, it is a single exam that costs about $300. There are no pre-
requisites, but the exam takers skills and knowledgebase must be up to par. Next is the CEH
Electronic Commerce Consultant. The CEH certification is a badge that says the holder knows
how to hack into systems, just like the malicious neighbor across the street that reads your emails
every day at four in the morning. The difference between the CEH certification holder and the
nosy neighbor is that the neighbor isnt breaking into your email account for the sole purpose of
As Tittel states:
CEH credential holders possess skills and knowledge on hacking practices in areas such
Trojans, worms and viruses, sniffers, denial of service attacks, social engineering, session
Gan 6
hijacking, hacking web servers, wireless networks and web applications, SQL injection,
cryptography, penetration testing, evading IDS, firewalls and honeypots and more. (2015)
The examination costs about $500 and unlike CompTIAs Security+ certification, it
requires verified study and experience beforehand. A training course is required, but it can be
replaced by self-study. However, self-study incurs a $100 fee as well as two years of work
experience (Tittel, 2015). This particular certification exam would have to wait until after
graduation. The CEH certification calls for continuing education, and quite similar to the
California real estate license, it consists of 120 credits every three years with at least 20 credits
earned every year. Unlike real estate, technology changes at a rapid pace, so this required
education is fitting.
Mobile app development and video game design necessitate similar preparation. A
completed portfolio is an invaluable asset. I would start working on my portfolio early on in the
program and plan to finish it around the graduation time. The Unity game engine is a beautiful
piece of software that Ill learn inside and out as well. Maya is another resource thats valuable to
All in all, to reach either one of those prospective dream jobs, I will need to meet people
who are in my desired field. Who you know matters a great deal, and I intend to give myself a
head start on knowing the big names, especially in game development. My real estate training
will lend itself very well to my future endeavors in this area. Inspiring somebody to talk about
themselves and exchange business cards is a lot easier than teaching them that proof of funds are
required to buy a home. Graduation on-time and in good standing is also part of the plan. The
local community college offers a wide variety of computer science and design courses. If theres
something that I feel Im lacking, Ill take courses there. As for information security specifically,
Gan 7
Ill be looking more into certification and participating in networking events to scout out who
could be hiring and who would keep me top of mind. Game design and app development require
a solid portfolio in my corner, and graduation is required in both branches of my plan. Ill apply
for internships before my stay at CSUMB is over as well, and if my plan changes along the way,
The security of our personal data has become a pressing issue, but it isnt without
solutions. Whether its due to our carelessness with passwords or a hackers unfortunate version
of fun, the information security field is booming. At any given large company, there will most
information safe. FireEye is that type of company, and it is only one of a numerous other
companies within the information security field. There are also other fields that Im interested in,
namely game design and mobile app development. Ive learned that going down any of these
paths takes a lot of dedication and perseverance, and Ill work as hard as I can to achieve my
goals.
Gan 8
References
Burgess, C. (2014, June 23). What Is the Role of Todays CISOs? 7 Questions Business Leaders
is-the-role-of-todays-cisos-7-questions-business-leaders-are-asking/
https://www.fireeye.com/products/central-management.html
Hesseldahl, A. (2013, April 3). Kevin Mandia to Talk About Fighting Hackers at
http://recode.net/2015/04/03/kevin-mandia-to-talk-about-fighting-hackers-at-
codeenterprise
http://www.historyofphonephreaking.org/faq.php
McGrath, M. (2015, February 11). FireEye Pops After Losing Less Money Than Expected.
http://www.forbes.com/sites/maggiemcgrath/2015/02/11/fireeye-pops-after-losing-less-
money-than-expected
Oberman, E. (2014, July 2). A Lack of Communication on Cyber Security Will Cost Your
http://www.entrepreneur.com/article/235318
Ring, T. (2015, September 8). War of words as researchers reveal Kaspersky and FireEye zero-
researchers-reveal-kaspersky-and-fireeye-zero-days/article/437228
Gan 9
Seltzer, L. (2013, November 2). The Morris Worm: Internet malware turns 25. Retrieved
malware-turns-25/
https://www.fireeye.com/products/threat-analytics-platform.html
Tittel, E. (2015, September 3). Best Information Security Certifications for 2016. Retrieved
certifications,2-205.html