“This is not a good day for South Carolina.” said Nikki Haley, the governor of South Caroline at a press conference after South Carolina suffered one of the worst data breaches in recent years. The South Carolina Department of Revenue leaked over 3.6 million social security numbers and nearly 400,000 debit and credit card numbers (most of which were encrypted) when an external hacker breached the local servers. This breach effected about 75% of the population of South Carolina.
As this breach happened, political analysts predicted cyber security would become one of the hottest topics of coming Presidential elections. That hasn’t happened. Instead, cybersecurity has simply become a more important issue that isn’t always taken care of properly. USA Today reported that four months after South Carolina’s data breach, proper security measures had not been enacted. Full encryption of private data still had months to go, a security consultant hadn’t been hired to analyze the current systems, and since no report had been written by a consultant, state lawmakers had yet to allocate money to further data security efforts.
In the hearings that followed the data breach, security firm Mandiant said that the hack was likely perpetuated with phishing attempts. An unknowing employee clicked a link that gave the hacker access to the Department of Revenue systems. From there, the hacker worked over the course of a few weeks to download over 70 GB of data and log into 44 different systems, resulting in the theft of millions of social security numbers.
Nearly two and a half years later in February 2016, Governor Nikki Hale, along with University of South Carolina President Harris Pastides announced the SC Cyber initiative. SC Cyber is intended to strengthen South Carolina’s cybersecurity systems and train students up to fill about 2,300 open cybersecurity jobs in South Carolina, according to the UofSC.
One of the biggest frontrunners of cybersecurity is a South Carolina based company called PhishLabs, a company that specializes in detecting and preventing phishing attempts at the corporate level and the consumer level. PhishLabs’ Spear Phishing Protector is a multi-tiered effort to stop phishing with a combination of software that analyzes and eliminates potential threats and on site training for employees so they can learn what a phishing attempt looks like, from a rogue link to a piece of software to a fake password reset email. PhishLabs only hires a few people, with less than 100 employees in November 2015. Yet, they work for 4 of the 5 largest financial institutions in America, and are a shining example of how South Carolina is transforming into a hotspot for cybersecurity development.
Earning a Master’s Degree or Graduate Certificate in Cybersecurity in South Carolina
Completing a master’s degree in cybersecurity would prepare engineering and IT professionals to design secure systems and protect sensitive data from malicious intrusion based on an expert understanding of Internet infrastructures, math logic, common routes to cyber attacks, and constant threat analysis.
The National Security Agency and Department of Homeland Security offer two designation classifications applicable to schools that offer graduate programs in information security and cyber defense:
- CAE-CDE – National Center of Academic Excellence in Cyber Defense Education (qualifying colleges and universities offering bachelor’s, master’s, and graduate certificates)
- CAE-R – National Center of Academic Excellence in Cyber Defense Research (schools that participate in research initiatives and that integrate a strong research component into the curriculum of bachelor’s and graduate programs)
For working professionals, it may be vastly more convenient to enroll in a DHS/NSA designated online program, which can be completed without sacrificing current obligations and without compromising a quality education.
Whether the program is in-house or online, a basic master’s program in cybersecurity will require 30-40 total credits, split equally between core classes and elective courses. This will take about 15 months. Someone looking for post-bachelor’s certification can complete a graduate certificate in cybersecurity in about half the time with classes that would cover advanced operating systems, privacy and security issues, data communications and networking, and advanced cybersecurity.
Admissions Requirements for Cybersecurity Master’s Programs
Students applying for a master’s degree in cybersecurity need to have completed a bachelor’s degree in a computer science related field with at least a 3.0 GPA and be able to hold a 3.0 GPA through the length of the master’s program. If a student does not have a 3.0 GPA, they may be able to take a General Record Exam (GRE) to qualify for admission. On the GRE, students need to score a verbal and quantitative combination of 300 and 4.0 on the writing assessment.
Students also need to have functional knowledge bases in the following computer science fields:
- Java or C++
- A year of calculus
- A year of a math class beyond calculus
- Previous courses in computer architecture, object-oriented programming, and data and math related classes
Any classes a prospective student is missing can be taken at the undergraduate level before applying to the master’s program.
Core Courses and Electives
The topics a Master’s student of Cybersecurity will cover at an accredited university may vary depending on the university, but they should cover much of the following:
- Advanced Cyber Security
- Advanced Operating Systems
- Network Assurance and Security
- Privacy and Security Issues
- File System Analysis
- Digital Forensics
- Design and Analysis of Algorithms
- Data Communications and Networking
Elective courses may cover the following:
- Advanced Computer Architecture
- Machine Learning
- Data Mining and Knowledge
- Malware Analysis
- Human-Computer Interaction
NSA and DHS Designated Centers of Academic Excellence in South Carolina
As of May 2016, the options for post-graduate certifications in cybersecurity in South Carolina are limited:
- Master of Science in Computer Science with an emphasis on Cybersecurity
University of South Carolina, College of Engineering and Computing
- Master of Science in Computer Science and Engineering – Cyber Security specialization
The University of South Carolina is designated by the NSA and DHS as a National Center of Academic Excellence in Cyber Defense Education and Research (CAE-CDE and CAE-R), while the Citadel is designated as a National Center of Academic Excellent in Cyber Defense Education (CAE-CDE).
Opportunities Available to Master’s-Prepared Cybersecurity Analysts and Specialists
According to the Huffington Post, Charleston is one of the fastest growing locations for tech related startups with over 200 different companies, and cybersecurity has a strong place within each of those businesses. The aforementioned PhishLabs is one of the fastest growing tech companies in Charleston, and its specific focus on cybersecurity has positioned it for prime growth in this expanding industry.
The following job postings were retrieved May 2016. They serve only as examples of cybersecurity positions that have been offered before, and they are not an assurance of employment.
Cyber Threat Intelligence Analyst at PhishLabs
- Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources
- Significant knowledge in open source intelligence (OSINT) and social media monitoring and analysis
- Strong analytical and critical thinking skills
- Monitor chat rooms, forums, IRC, etc. for activity related to cyber threats, including distribution of malicious tools, sale of compromised data, and underground services
- Monitor underground marketplace activity for any new threats being distributed or discussed by cyber actors
- Identify new open source intelligence products and sources
Cyber Security Analyst with INTECON
- Experience with DIACAP and the certification and accreditation process
- Willing to travel with the military to locations throughout Southwest Asia, as required, to support the military customer at their location(s) via military air/land convoy
- Ability to maintain a professional and courteous manner in difficult situations
- Execute and manage the certification and accreditation process for multifaceted and geographically separate networks
- Develop custom certification and accreditation documentation
- Personally negotiate approvals with the certification agent/ DAA
Cyber Security Analyst at Leidos
- Fully Qualified Navy Validator
- Compliant with DoD 8570.01-M Information Assurance Manager Level III requirements
- Preferred experience with Security Technical Implementation Guides (STIG) and associated Checklist
- Provide Information Assurance (IA) Assessment and Authorization support to the PMW-120 LANT Cybersecurity Core Team
- Either create or work on a team creating accreditation artifacts such as C&A plans, POA&Ms, Incident Response Plan (IRP), etc.
- Must be willing to travel to CONUS and OCONUS Naval ships and shore commands and maintain a TS/SCI clearance
Info Security Engineer for Wells Fargo through Enterprise Information Security
- 3+ years of process definition and documentation experience
- 3 + years of database auditing, database monitoring experience, or a combination of both
- 7+ years of information security applications and systems experience
- Implement and manage database security products in a large database environment
- Architect, design, and develop database security tools
- Implement, monitor, and support data protection and database auditing tools