Pro Expo - Sep. 12

We wanted to give everyone an update on the companies that have registered for this year’s Pro Expo on September 12<sup>th

This is a great chance to find an internship or a job.  Network with people. Polish your interview skills.  Explore possible career paths.</sup>

1.      Abercrombie & Fitch

2.      Accenture

3.      Access Data, a Broadridge Company

4.      Aetna

5.      Air Products and Chemicals, Inc

6.      Applied Research Laboratory at Penn State

7.      Asymmetrik

8.      AT&T

9.      BD (Becton, Dickinson & Company)

10.   Blue Mountain Quality Resources, Inc.

11.   Boeing

12.   Cigna

13.   Cognizant Technology Solutions

14.   Crowe Horwath LLP

15.   Deloitte

16.   DICK'S Sporting Goods

17.   Exelon Corporation

18.   EY (Ernst and Young LLP)

19.   Fidelity Investments

20.   Fidessa

21.   FirstEnergy

22.   General Electric

23.   General Motors

24.   Humana

25.   IBM

26.   Jackson National Insurance Company

27.   Johnson & Johnson

28.   KPMG

29.   Liberty Mutual Insurance

30.   Lowe's Companies, Inc.

31.   Lutron

32.   Merck & Co., Inc.

33.   Mission Critical Partners

34.   National Security Agency

35.   Northrop Grumman Mission Systems

36.   Oceans Edge Inc.

37.   Pariveda Solutions

38.   PNC Financial Services, Inc.

39.   PPG

40.   PwC

41.   RSM

42.   Security Risk Advisors

43.   Synchrony Financial

44.   Tata Consultancy Services

45.   Textron

46.   UPMC

47.   Vanguard

48.   Veris Group, LLC

49.   Vertex Inc

50.   Williams

51.   Workday, Inc.

Paid internship with ITS to study VM

If you have any interest please contact me at gms@psu.edu.

The description follows:

There are real advantages to the virtualization of computer systems. One key advantage of virtualizing computer systems is the overall gain in effective utilization of the physical computer hardware (keeping the system resources busier over time, thus reducing periods of low or no utilization during the delivery of services.) ALSO, virtualization provides for robust systems administration capabilities that enhance systems uptime and recovery from failure. HOWEVER, there are costs to running virtualization software, i.e. the hypervisor, on the hardware. In running instances of operating systems on top of hypervisors running on the physical hardware it's been observed that the amount of performance degradation of the system varies by different hypervisors on the same hardware.

I would like to conduct a parametric study to evaluate the relative performance costs in CPU, Memory and I/O under the various hypervisors on specific hardware platforms. The parameters to be varied and their relative affects studied will include 3 or more hypervisors on 2 or more systems in hopes to understand why one hypervisor performs better relative to another one on the same hardware. Also doing so while varying the number of guest OS's on a given hardware host. Though source code will likely not be available, the hope is to deduce why there are different observed performance characteristics.

Some details:

1. The primary architecture to be studied will be INTEL in a SMP system.

2. The primary OS's studied will be Linux and MS Windows.

3. As time and resources allow, other architectures may be studied. AIX on POWER, Solaris on SPARC, and Z/OS on Z utilizing their respective system virtualization technologies are possibilities.

National Cyber Summit: Virtual Job Fair

The National Cyber Summit is pleased to announce that there will be a Virtual Job Fair as part of the 2016 National Cyber Summit (NCS). 

The NCS Virtual Job Fair is intended to provide students with the opportunity to introduce themselves to possible government and industry employers and gain additional contacts that may be used when seeking employment.  The resumes that are submitted to the NCS Virtual Job Fair will be made available to attendees, sponsors, and exhibitors of the event.

Students that attend the NCS will have an opportunity to meet face-to-face with perspective employers for on-site interviews.  Students that do not attend the NCS will be contacted by perspective employers

We request that faculty members provide information related to the NCS Virtual Job Fair to students that they would recommend for employment, whether the student is available immediately or within the next 12 months.  We request that students upload their resumes to the NCS Virtual Job Fair as soon as possible.  Please forward this information to any faculty and students that you think may have interest in the NCS virtual job fair.

The NCS virtual job fair is intended for students studying computer science, software engineering, or other cyber related fields and are seeking full-time jobs, internships, or co-ops with industry of government.

If you have questions concerning the resume submittal process or the National Cyber Summit Virtual Job Fair please contact Deborah Thomas via email at NCSjobfair@gmail.com.

IST Graduation Survey

ATTENTION MAY GRADUATES: REMINDER

In order to confirm your May graduation, please take 10 minutes to complete your IST post-graduation survey using the link below to complete the process.

https://bit.ly/May16Grad

As in the past, if you are going into a role that is confidential within the government, please simply reply as “employed” when asked about your post-graduation plans.  Indicate “government” as the employer. Additionally if you have not found a full time job, we ask that you still complete the survey and make changes at a later date.

Please contact the Office of Career Solutions (careers@ist.psu.edu) if you have trouble logging in or completing the PSU Post Graduation survey for IST students.

Talk on Crowdsourcing

Designing with Online Crowds

Dr. Brian Bailey

Monday, April 18

1:15 - 2:15pm

IST Cybertorium (room 113)

Abstract

Feedback is critical for design innovation processes but receiving effective feedback can be surprisingly hard. In this talk, I will describe the design and implementation of a new genre of crowd-based technology that enables designers to receive personalized, timely, and affordable feedback for in-progress visual designs. I will also present results from two studies that tackle fundamental questions about the quality, use cases, and interpretation of crowd-based design feedback.

Bio

Dr. Brian Bailey is an Associate Professor of Computer Science at the University of Illinois. His research passion is to enable and study new forms of interaction between people and technology. Dr. Bailey is currently studying the intersection of computing, crowds, and design innovation. His work has been supported by the NSF, Microsoft, Google, and Ricoh Innovations. He earned his M.S. and PhD in Computer Science from the University of Minnesota.

Boeing Uplift IT Case Competition

The Boeing Company is looking for enthusiastic students to compete in a technology-focused case competition. Students can apply their technical skills, think strategically and put their creativity to the test for a chance to win great prizes, including a job interview at Boeing and a trip to Seattle. Students from universities across the United States are eligible to participate and represent their schools in this company-sponsored event.

Deadline extended! Registrations are now being accepted through May 9, 2016.

For more information:

http://www.boeing.com/specialty/uplift/index.page

IST Startup Week

What does it take to move an idea into action as a company?  A number of IST graduates have succeeded in developing startups into viable companies.  IST Startup week is intended to share their stories, and to help students understand all of the work that goes into a successful startup.

Who knows, you could be the next Steve Jobs or Bill Gates.

More info at:

http://news.psu.edu/story/402158/2016/04/06/student-success/ist-startup-week-celebrates-five-years-penn-state

Seminar - Exploiting Memory Errors on the Data Plane

Seminar
 Tuesday, April 12, 10am 222 IST Building

By: Zhenkai Liang National University of Singapore

 “Exploiting Memory Errors on the Data Plane” As defense solutions against control-flow hijacking attacks gain wide deployment, controloriented exploits from memory errors become difficult. As an alternative, attacks targeting noncontrol data do not require diverting the application’s control flow during an attack. Although it is known that such data-oriented attacks can mount significant damage, no systematic methods to automatically construct them from memory errors have been developed. In this work, we study exploits of memory errors from the data angle. We have developed a new technique, called data-flow stitching, which systematically finds ways to join data flows in the program to generate data-oriented exploits. We have constructed new attacks on the data plane from known vulnerabilities. The constructed exploits can cause significant damage, such as disclosure of sensitive information (e.g., passwords and encryption keys) and escalation of privilege. We further study the expressiveness of such data-oriented exploits. By identifying data-oriented gadgets and gadget dispatchers, we demonstrate that data-oriented exploits can be used to construct Turing complete computations.

Seminar by Patrick McDaniel

Monday, April 11, 12pm

222, IST Bldg.

By: Patrick McDaniel

Penn State University

“EIGHT YEARS OF MOBILE SMARTPHONE SECURITY”

The introduction of smart phones in 2008 forever changed the way users interact with data and computation. These platforms and the network and cloud services supporting them have led to a renaissance of mobile computing. At the same time, changes in the nature of personal computing heightens concerns about security and privacy.   Such concerns prompted an ongoing area of scientific study exploring smartphone and application security. Through these efforts, the technical community has become increasingly aware that applications can and often do work against the user's best interests and house new forms of malware.

This talk explores the genesis and evolution of academic research efforts in evaluating smartphone application security over the first eight years of its existence. A retrospective view of how the community's understanding of application security has changed over the years is provided, with a focus on the scientific questions asked and the methods used. We highlight a range of analysis techniques that extract software structures and behaviors from smartphone applications, and describe several studies that identified important security and privacy concerns. The talk concludes by considering the realities of current mobile apps and markets and identifies challenges in preventing misuse of smartphones.

Cyber war and terrorism symposium