The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Who's The Best Of The Worst On Cybersecurity? Academia.

See Article Here

When I read the above article, I had to smile. It took me back to my cyber crime investigation days working on a distributed denial of service (DDoS) attack case. The investigation pointed to a server located in a local university. Wow! You cannot imagine how difficult it was, in California no less, to get the university to do anything about the issue. Eventually, when I tracked the IP address and the university determined no detrimental harm would be done by taking the server offline, the DDoS stopped, and the victim was very happy with the FBI! 

Academia is a place for education, and everyone comes together in an open environment to share and make the community better. Uh huh, and historically no real thought is given to security and gasp …. restricting things. The average college or university has student and parent info, i.e. names, address, dates of birth, social security numbers, grading info, medical records, credit card numbers, etc. and hackers always go after the weakest link, so colleges and universities are huge targets.

So why is it that a college that offers cyber security education, not practicing what it is teaching? Well I recall interviewing for a CISO role at my undergraduate alma mater and lets just the salary wasn’t even close to market value. Talent would be one. But I never understand why there is so much trepidation to have students secure their own network. Given appropriate guardrails through oversight a university could get free labor. Just think, start them off freshman year, building analyst skills then by senior year they are hunters. That would solve the problem of students not being prepared to enter the workforce and universities being poor at cyber security. Given some thought and planning it really could work!