In March of 2012, approximately 780,000 Utah residents had their personal information accessed after a Utah Department of Health Medicaid server was hacked. It was not just Medicaid recipients who were affected, though. The server also stored the personal information of privately insured and uninsured Utah residents, as well as some Medicare recipients. In fact, any resident whose provider had attempted to bill Medicaid for services had their personal information stored on the compromised server.
While it’s bad enough that three quarters of a million Utah residents had their personal information (name, address, date of birth) compromised, what’s most concerning is that 280,000 also had their social security numbers stolen during the breach. In fact, since the breach occurred, there have been reports by affected residents of tax returns being filed and credit lines being opened fraudulently in their name.
This data breach was a costly mistake for the Utah Department of Health. Between 2012 and 2013, the Utah Department of Health spent a total of $3.4 million implementing measures to safeguard the private health information of its residents, identifying vulnerabilities within its cyber infrastructure, and creating a proactive security plan for the future. Some of those safety measures included 2 years of free credit monitoring services to those whose social security numbers were compromised (cost of $1.9 million) and $1 million of identity theft coverage. The state also established the Office of Health Information and Data Security (cost of $300,000). In addition, an outside auditing firm, Deloitte and Touche, was hired to perform forensic analysis of the incident as well as a complete security assessment of Utah’s data storage systems and servers.
The Utah Department of Health, in conjunction with the Utah Department of Technology Services, has clearly been proactive and aggressive in its response to the 2012 security breach. This heightened awareness of the need to safeguard the state’s cyber networks highlights the need for graduate-level cybersecurity specialists who can architect secure systems, identify vulnerabilities, recognize potential threats, and design response plans that protect the infrastructure of critical networks and the data they contain.
Here’s a look at four Utah-based companies that made Cybersecurity Ventures’ list of the top 500 most innovative cybersecurity companies:
- DigiCert in Lehi
- EastWint Networks in Salt Lake City
- LANDesk in South Jordan
- DATASHIELD in Park City
Earning a Master’s Degree or Post-Bachelor’s Certificate in Cybersecurity in Utah
Master’s programs in cybersecurity focus on the design, implementation, and management of critical cyber systems. By participating in practical, hands-on applications in areas like threat assessment, systems vulnerability, and operational security, graduates will be prepared to serve as the gatekeepers of critical data networks for private businesses and government agencies alike. Graduates will also demonstrate a proficiency in essential skills like systems assurance and anomaly detection.
The quickest and most convenient way to obtain a master’s degree in cybersecurity is through an online program. Online programs are designed to meet the needs of working professionals. Since many professionals pursuing graduate study in this field are already employed, online programs offer the flexibility they need to balance education and professional obligations.
Most cybersecurity master’s programs consist of around 30 credit hours, with 15 core credits and 15 electives. The program can often be completed in as little as 15 months.
Professionals can also choose to pursue a post-bachelors certificate in cybersecurity. This option would involve completing 15 credits and takes about half as much time to complete.
Some academic institutions that offer graduate programs are recognized by the National Security Agency (NSA) and Department of Homeland Security (DHS) under one or both of the following classifications:
- National Centers of Academic Excellence in Cyber Defense Education (CAE/CDE)
- National Centers of Academic Excellence in Cyber Defense Research (CAE/R)
As of 2018, Brigham Young University in Provo is the only Utah institution that holds the National Centers of Academic Excellence in Cyber Defense Education (CAE-CDE) designation.
Standard Admissions Requirements for Cybersecurity Master’s Programs
Getting accepted into a master’s-level cybersecurity program can be a competitive process. Candidates with an academic history of achievement, competitive entrance exam scores, and an aptitude for analytical thought are likely to be successful in their quest for admission.
Admission requirements vary by institution, but may include:
- Bachelor’s degree in information systems, computer science, or related area
- Cumulative GPA of 3.0 or higher
- Industry certifications are preferred (Security+, MCSE, CISSP)
- Calculus (1 year minimum) and an additional mathematics course (discrete mathematics, linear algebra)
- One data structures course
- One course in Java and/or C++ programming
- One course in computer organization
While some academic institutions require applicants to submit GRE/GMAT scores as part of the admissions process, other schools waive this requirement for applicants with a cumulative GPA of 3.0 or higher.
Core Courses and Electives
The core curriculum often includes courses like:
- Network Security
- IT Policy Compliance and Disaster Recovery
- Advanced Persistent Threats
- IT Risk Management
The elective options often include courses like:
- Hacking and Security Vulnerability Management
- Pen Testing
- Cloud Security
- Cryptography Fundamentals
- Digital Forensics
- Mobile Security
Opportunities Available to Master’s-Prepared Cybersecurity Professionals in Utah
Utah’s information security industry is flourishing with opportunity. In fact, in 2013, Salt Lake City was recognized as one of the largest security clearance employment hubs in the nation, ranked among the top five cities in the United States for cybersecurity job opportunities. In addition to that, an independent research study conducted by Burning Glass Technologies found that job postings for cybersecurity analysts in Utah had increased by 146% between 2010 and 2014.
Perhaps what really sets Utah apart, though, is the Utah Data Center, which is located at Camp Williams in Bluffdale. The $1.5 billion facility, colloquially known as the “spy center,” was built in 2013 by the National Security Agency (NSA) for the purpose of data collection and monitoring. The addition of the NSA facility has brought recognition to the skill and ingenuity of Utah’s cybersecurity force and, as such, has created a wealth of opportunity for master’s-prepared cybersecurity experts.
A sampling of potential job opportunities for cybersecurity analysts in Utah is shown below. This is for illustrative purposes only and doesn’t imply a guarantee of employment:
Network Security Analyst at USANA Health Sciences in Salt Lake City:
- Undergraduate degree in telecommunications, computer science, or information technology at minimum; master’s preferred
- CISSP or CEH certification
- Experience with Java, C++, and ASP
- Experience with penetration testing and vulnerability assessment
- Performs vulnerability scans and penetration testing
- Coordinate remediation efforts based on identified vulnerabilities and existing cyber threats
- Monitor and maintain the security of network communications
- Develop security standards for USANA’s data infrastructure and manage implementation
Cyber Security Analyst at BAE Systems in Ogden:
- Bachelor’s degree in computer science or information systems; master’s degree preferred
- At least 12 years’ experience in a related field
- Current TS security clearance, or security clearance eligible
- Familiarity with cybersecurity processes (DIACAP and/or RMF) preferred
- TS/SCI security clearance
- CISSP certification preferred
- Performs in an information assurance capacity for the Air Force’s Inter-Continental Ballistic Missile (ICBM) weapons system
- Ensure compliance of the program with government security requirements
- Identifies network vulnerabilities and implements appropriate security measures
- Designs and carries out mitigation plans
- Designs System Security Plans