. Division of Development and Alumni Relations Internships for Summer 2017

The Penn State Division of Development and Alumni Relations is seeking applications for full-time paid internship positions for summer 2017. Current juniors, seniors, and graduate students interested in learning about a career in fundraising and nonprofit work may apply online before January 2, 2017. Past interns have played an integral role in one of the most respected and successful fundraising operations in the country. On November 2 at 7:00 p.m. in The Hintz Family Alumni Center Presidents Conference Room there is an information session for any interested students. More information about the program can also be found at giveto.psu.edu/internship<http://giveto.psu.edu/internship>.

The role is posted at: https://psu.jobs/job/66986 It is job # 66986 titled Division of Development and Alumni Affairs Intern. For questions or more information, contact Paige Schank, with the Office of Talent Management, University Development, atDDARinternship@ddar.psu.edu<mailto:DDARinternship@ddar.psu.edu>.

Volunteers needed to help with 2016 Military Appreciation Day Tailgate

We are in search of volunteers to honor those who have served in the U.S. Military on November 5th, for the 2016 Military Appreciation Day Tailgate.

Bryce Jordan Center: Volunteers are needed from 11 am to 9 pm, and will receive a free ticket to attend the PSU vs Iowa game (kickoff @ 7 pm). We also need a clean up crew not interested in attending the game. If you are interested in volunteering – please fill out the on-line form – link below:

https://docs.google.com/forms/d/1Lt2WtgS20w-20oz7lR0NVUEXQdZw_BP_fJIwLe18bEM/viewform?ts=579a559a&edit_requested=true

GE Cyber-Security Workshop Oct 13

Please join General Electric for a cyber-security workshop.

6:00 – 9:00 Capture the Flag Event  in 206 IST Building
• Cloud-hosted challenge platform
• Students access via a Virtual Machine for Linux/Ubuntu environment (student
provided)
• Focused on training and learning versus competition
o Each challenge will have a mini-lecture and a how-to on the topic
• Challenges/Learnings
o Encryption
o Steganography
o PCAP analysis
o Forensic analysis
o Hash identification
o & others TBD
• Two expert GE Security representatives will facilitate 
• Pizza will also be served at the event


RSVP in Compass > Events > Workshops

Summer 2017 LEAP mentors needed

I’m writing to ask for your help to recruit student mentors for the LEAP program for next summer.  The college will need four mentors (two for SRA 111 and two for IST 110) this year.  Last year, we had some trouble and the Office of Summer Sessions was only able to find us three.  I’m hoping that with your help, we can find some talented students to help mentor next summer’s freshmen.  For more info about LEAP and the LEAP Mentor responsibilities and benefits, please see: http://summersession.psu.edu/leap/be-a-mentor/

CISSP review

The CISSP is the most powerful of security certifications as it opens the door to security management.

Although the CISSP requires a number of years of years of full-time experience, the Associates of (ISC)2 may be taken upon graduation and will turn into a full CISSP after you get the experience.  You would not have to retake the test.

Here is a link to a great, free, guide that explains the knowledge areas covered in the exam.

http://resources.infosecinstitute.com/what-you-need-to-know-for-passing-cissp-domain-1/

Codebreaker Challenge 2016

Codebreaker Challenge 2016 is starting this Friday (9 Sep 2016)! See the
attached flyer. Please get the word out to everyone (faculty and students)
right away and get registered! Does your school have what it takes to "crack
the code"? Last year's challenge went nuclear when over 300 schools jumped in
to compete!

Read the description below:

This Fall, NSA is launching its 4th annual Codebreaker Challenge. It is a
hands-on software reverse engineering challenge where students work to complete
mission-focused objectives to push their school to the top of the competition
leaderboard.  The theme for this year's challenge is "countering Improvised
Explosive Devices (IEDs)". Students are given six tasks of increasing
difficulty that culminate in developing the capability to permanently disable
fictional IED software in a fictional scenario.  Feedback from previous
challenges indicated students learned a great deal from participating, so with
your help, we encourage as much student participation as possible!  Here are
the pertinent details:

-The challenge will be hosted at https://codebreaker.Ltsnet.net.
-The challenge will begin on 9 Sep 2016 at 9 pm ET and ends 31 Dec 2016 at
  midnight.
-Students should register on the site using their .edu email addresses
-Small tokens of recognition will be awarded to the first 50 students that
  complete the challenge nation-wide.  In the past, some universities chose to
  offer additional incentives (extra-credit in a relevant course, an award for
  the first students to solve the challenge within a department, etc.)  We
  encourage your department to do this if possible!
-Links to software reverse engineering lectures and other educational material
  can be found on the site.

We hope to have several virtual tech talks over the course of the semester
where we will provide an overview of the 2016 challenge, present reverse
engineering techniques, and walk through the solution to the challenge from
last year.  We will also answer questions students may have about the
challenge.  The dates and times of these tech talks will be made available on
the challenge site.

For support or questions, send email to codebreaker@nsa.gov

Deloitte IST Mentorship Program

Are you a freshmen, sophomore or junior student in the College of IST who wants to learn more about a career in consulting? 

Apply today to the

Deloitte Mentorship Program! 

Leverage your mentor to get advice on resume building, interview prep, etc. 

Resumes being accepted on COMPASS through Friday, Sept. 16th.

Scholarship Opportunity from RSA

Scholarship Opportunity from RSA

RSA® Conference has an opportunity for university students - the RSA Conference Security Scholarship program. This is a scholarship opportunity for student recipients to attend the 2017 RSA Conference, February 13 – 17, 2017 at the Moscone Center, San Francisco, CA U.S.A.

RSA® Conference is celebrating more than 25years of leadership in the cybersecurity industry. At the conference, you will learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you. See more at https://www.rsaconference.com/events/us17.

The purpose of the scholarship is to provide emerging cybersecurity graduates with an opportunity to attend a professional conference, participate in a poster competition and to connect with cybersecurity corporations that have future career hiring opportunities. The scholarship will cover costs associated with travel, hotel accommodations (3 nights), and conference registration.

To be eligible, a student must meet the following criteria:

·         Must be an undergraduate senior in the SRA ICS Option; OR a College of IST MPS, MS or PhD student; have a cumulative over-all Grade Point Average of 3.25 or higher;

·         and must not be graduating before May 2017.

If you meet these eligibility requirements and are available during the conference dates, please provide the following application materials, to the appropriate contact, on or by the

application DEADLINE of SEPTEMBER 15, 2016:

1)      Personal Statement (One-page, single spaced word document explaining why you are a qualified candidate for the scholarship. Please highlight relevant research, coursework, internships or extra-curricular activities that have a focus on cybersecurity.)

2)      Current Resume or Curriculum Vita

3)      Submit your personal statement and resume/curriculum vita to the following contacts (only one student from each degree group below will be selected by the committee for the conference):

Senior SRA/ICS option Undergraduate applicants –Cindy Bierly cbierly@ist.psu.edu

MPS applicants –Amy Stever, astever@ist.psu.edu

MS and PhD applicants – Dr. Peng Liu, pliu@ist.psu.edu 

Highway to Hired

Highway to Hired

The Office of Career Solutions & Corporate Engagement would like to share with you a key careers presentation that might be of value to your IST and SRA freshmen. (Sophomores might also be interested in this).

Highway to Hired – will be a presentation given on Thursday, August 25 at 6 pm in 206 IST Building.  This presentation will  provide information about the many upcoming IST events for fall as well as to  provide tips and tricks in preparing for these events and suggestions for navigating the extremely crazy fall recruiting season.  This is really a must attend workshop for new students in IST.

Here are several other to keep on your radar.  Students can be directed to Compass for more information on these and many other events.

8/31 –        Connections Day (student club involvement fair in IST)

9/6 –          How to Navigate the Career Fair (Tips on what to  expect and how to prepare for the career fair)

9/7 –          Resumania (Have your resume reviewed by a corporate recruiter -  tables will be on the second floor of IST building and times can be reserved in Compass to meet with a Corporate Associate)

9/12 –        Pro Expo (IST’s own Career Fair)

Pro Expo - Sep. 12

We wanted to give everyone an update on the companies that have registered for this year’s Pro Expo on September 12<sup>th

This is a great chance to find an internship or a job.  Network with people. Polish your interview skills.  Explore possible career paths.</sup>

1.      Abercrombie & Fitch

2.      Accenture

3.      Access Data, a Broadridge Company

4.      Aetna

5.      Air Products and Chemicals, Inc

6.      Applied Research Laboratory at Penn State

7.      Asymmetrik

8.      AT&T

9.      BD (Becton, Dickinson & Company)

10.   Blue Mountain Quality Resources, Inc.

11.   Boeing

12.   Cigna

13.   Cognizant Technology Solutions

14.   Crowe Horwath LLP

15.   Deloitte

16.   DICK'S Sporting Goods

17.   Exelon Corporation

18.   EY (Ernst and Young LLP)

19.   Fidelity Investments

20.   Fidessa

21.   FirstEnergy

22.   General Electric

23.   General Motors

24.   Humana

25.   IBM

26.   Jackson National Insurance Company

27.   Johnson & Johnson

28.   KPMG

29.   Liberty Mutual Insurance

30.   Lowe's Companies, Inc.

31.   Lutron

32.   Merck & Co., Inc.

33.   Mission Critical Partners

34.   National Security Agency

35.   Northrop Grumman Mission Systems

36.   Oceans Edge Inc.

37.   Pariveda Solutions

38.   PNC Financial Services, Inc.

39.   PPG

40.   PwC

41.   RSM

42.   Security Risk Advisors

43.   Synchrony Financial

44.   Tata Consultancy Services

45.   Textron

46.   UPMC

47.   Vanguard

48.   Veris Group, LLC

49.   Vertex Inc

50.   Williams

51.   Workday, Inc.

Paid internship with ITS to study VM

If you have any interest please contact me at gms@psu.edu.

The description follows:

There are real advantages to the virtualization of computer systems. One key advantage of virtualizing computer systems is the overall gain in effective utilization of the physical computer hardware (keeping the system resources busier over time, thus reducing periods of low or no utilization during the delivery of services.) ALSO, virtualization provides for robust systems administration capabilities that enhance systems uptime and recovery from failure. HOWEVER, there are costs to running virtualization software, i.e. the hypervisor, on the hardware. In running instances of operating systems on top of hypervisors running on the physical hardware it's been observed that the amount of performance degradation of the system varies by different hypervisors on the same hardware.

I would like to conduct a parametric study to evaluate the relative performance costs in CPU, Memory and I/O under the various hypervisors on specific hardware platforms. The parameters to be varied and their relative affects studied will include 3 or more hypervisors on 2 or more systems in hopes to understand why one hypervisor performs better relative to another one on the same hardware. Also doing so while varying the number of guest OS's on a given hardware host. Though source code will likely not be available, the hope is to deduce why there are different observed performance characteristics.

Some details:

1. The primary architecture to be studied will be INTEL in a SMP system.

2. The primary OS's studied will be Linux and MS Windows.

3. As time and resources allow, other architectures may be studied. AIX on POWER, Solaris on SPARC, and Z/OS on Z utilizing their respective system virtualization technologies are possibilities.

National Cyber Summit: Virtual Job Fair

The National Cyber Summit is pleased to announce that there will be a Virtual Job Fair as part of the 2016 National Cyber Summit (NCS). 

The NCS Virtual Job Fair is intended to provide students with the opportunity to introduce themselves to possible government and industry employers and gain additional contacts that may be used when seeking employment.  The resumes that are submitted to the NCS Virtual Job Fair will be made available to attendees, sponsors, and exhibitors of the event.

Students that attend the NCS will have an opportunity to meet face-to-face with perspective employers for on-site interviews.  Students that do not attend the NCS will be contacted by perspective employers

We request that faculty members provide information related to the NCS Virtual Job Fair to students that they would recommend for employment, whether the student is available immediately or within the next 12 months.  We request that students upload their resumes to the NCS Virtual Job Fair as soon as possible.  Please forward this information to any faculty and students that you think may have interest in the NCS virtual job fair.

The NCS virtual job fair is intended for students studying computer science, software engineering, or other cyber related fields and are seeking full-time jobs, internships, or co-ops with industry of government.

If you have questions concerning the resume submittal process or the National Cyber Summit Virtual Job Fair please contact Deborah Thomas via email at NCSjobfair@gmail.com.

IST Graduation Survey

ATTENTION MAY GRADUATES: REMINDER

In order to confirm your May graduation, please take 10 minutes to complete your IST post-graduation survey using the link below to complete the process.

https://bit.ly/May16Grad

As in the past, if you are going into a role that is confidential within the government, please simply reply as “employed” when asked about your post-graduation plans.  Indicate “government” as the employer. Additionally if you have not found a full time job, we ask that you still complete the survey and make changes at a later date.

Please contact the Office of Career Solutions (careers@ist.psu.edu) if you have trouble logging in or completing the PSU Post Graduation survey for IST students.

Talk on Crowdsourcing

Designing with Online Crowds

Dr. Brian Bailey

Monday, April 18

1:15 - 2:15pm

IST Cybertorium (room 113)

Abstract

Feedback is critical for design innovation processes but receiving effective feedback can be surprisingly hard. In this talk, I will describe the design and implementation of a new genre of crowd-based technology that enables designers to receive personalized, timely, and affordable feedback for in-progress visual designs. I will also present results from two studies that tackle fundamental questions about the quality, use cases, and interpretation of crowd-based design feedback.

Bio

Dr. Brian Bailey is an Associate Professor of Computer Science at the University of Illinois. His research passion is to enable and study new forms of interaction between people and technology. Dr. Bailey is currently studying the intersection of computing, crowds, and design innovation. His work has been supported by the NSF, Microsoft, Google, and Ricoh Innovations. He earned his M.S. and PhD in Computer Science from the University of Minnesota.

Boeing Uplift IT Case Competition

The Boeing Company is looking for enthusiastic students to compete in a technology-focused case competition. Students can apply their technical skills, think strategically and put their creativity to the test for a chance to win great prizes, including a job interview at Boeing and a trip to Seattle. Students from universities across the United States are eligible to participate and represent their schools in this company-sponsored event.

Deadline extended! Registrations are now being accepted through May 9, 2016.

For more information:

http://www.boeing.com/specialty/uplift/index.page

IST Startup Week

What does it take to move an idea into action as a company?  A number of IST graduates have succeeded in developing startups into viable companies.  IST Startup week is intended to share their stories, and to help students understand all of the work that goes into a successful startup.

Who knows, you could be the next Steve Jobs or Bill Gates.

More info at:

http://news.psu.edu/story/402158/2016/04/06/student-success/ist-startup-week-celebrates-five-years-penn-state

Seminar - Exploiting Memory Errors on the Data Plane

Seminar
 Tuesday, April 12, 10am 222 IST Building

By: Zhenkai Liang National University of Singapore

 “Exploiting Memory Errors on the Data Plane” As defense solutions against control-flow hijacking attacks gain wide deployment, controloriented exploits from memory errors become difficult. As an alternative, attacks targeting noncontrol data do not require diverting the application’s control flow during an attack. Although it is known that such data-oriented attacks can mount significant damage, no systematic methods to automatically construct them from memory errors have been developed. In this work, we study exploits of memory errors from the data angle. We have developed a new technique, called data-flow stitching, which systematically finds ways to join data flows in the program to generate data-oriented exploits. We have constructed new attacks on the data plane from known vulnerabilities. The constructed exploits can cause significant damage, such as disclosure of sensitive information (e.g., passwords and encryption keys) and escalation of privilege. We further study the expressiveness of such data-oriented exploits. By identifying data-oriented gadgets and gadget dispatchers, we demonstrate that data-oriented exploits can be used to construct Turing complete computations.

Seminar by Patrick McDaniel

Monday, April 11, 12pm

222, IST Bldg.

By: Patrick McDaniel

Penn State University

“EIGHT YEARS OF MOBILE SMARTPHONE SECURITY”

The introduction of smart phones in 2008 forever changed the way users interact with data and computation. These platforms and the network and cloud services supporting them have led to a renaissance of mobile computing. At the same time, changes in the nature of personal computing heightens concerns about security and privacy.   Such concerns prompted an ongoing area of scientific study exploring smartphone and application security. Through these efforts, the technical community has become increasingly aware that applications can and often do work against the user's best interests and house new forms of malware.

This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.

Cyber war and terrorism symposium

Careers with USAID talk--April 6th

Please join us for the upcoming SIA Alumni Career Talk with Rachel Sayre (’11) on Wednesday, April 6^th from 5:30 – 7:30 p.m. in 112 Katz. Sayre, the Senior Disaster Specialist at the US Agency for International Development (USAID), will discuss her career path since graduating from SIA. She’ll offer advice to those interested in careers in international development, and in US government agencies. She’s attentive to issues of gender in careers, and to the opportunities and challenges specific to women. Rachel’s talk is part of her visit to campus as a Penn State Alumni Achievement Award winner, recognizing her exemplary professional accomplishments before the age of 35.

OSINT workshop

Sex Trafficking Seminar

Eight Years of Mobile Smartphone Security

Seminar

Monday, April 11, 12pm

333, IST Bldg.

By: Patrick McDaniel

Penn State University

“EIGHT YEARS OF MOBILE SMARTPHONE SECURITY”

The introduction of smart phones in 2008 forever changed the way users interact with data and computation. These platforms and the network and cloud services supporting them have led to a renaissance of mobile computing. At the same time, changes in the nature of personal computing heightens concerns about security and privacy.   Such concerns prompted an ongoing area of scientific study exploring smartphone and application security. Through these efforts, the technical community has become increasingly aware that applications can and often do work against the user's best interests and house new forms of malware.

This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.

BIO

Patrick McDaniel is a Distinguished Professor in the School of Electrical Engineering and Computer Science at the The Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, and Fellow of IEEE and ACM. Dr. McDaniel is also the program manager and lead scientist for the Army Research Laboratory's Cyber-Security Collaborative Research Alliance. Patrick's research efforts focus on a wide range of topics in security technical public policy. Patrick was the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and served as associate editor of the journals ACM Transactions on Information and System Security, IEEE Transactions on Computers, and IEEE Transactions on Software Engineering. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including the IEEE Symposium on Security and Privacy and the USENIX Security Symposium. Prior being a Senior Research Staff Member at AT&T Labs/Research, Patrick was a software architect and project manager in the telecommunications industry.