The colloquium will be held in room 331 in Stright Hall from 2:30–3:30 p.m. and will provide a great opportunity for students and faculty to gain insight into the working life of a corporate software developer.

For more information, please visit the Computer Science Colloquium Series website.

Department of Computer Science

The colloquium will be held in room 327 Stright Hall from 3:30–4:30 p.m. and will provide a great opportunity for students and faculty to learn more about API design using the Java programming language.

For more information, please visit the Computer Science Colloquium Series website.

Department of Computer Science

Registration opened on January 15. Go to the IC Virtual Fair website.

Space is limited! To guarantee your entrance into this event, preregistration is highly encouraged. Download the flyer.

From the comfort of your computer or mobile device, you can:

• Visit IC agencies’ virtual booths.
• Chat with recruiters and subject matter experts in real time.
• Attend live presentations .
• Explore currently available jobs.
• Learn about internships and other opportunities for students.
• Link to IC agency websites and online application systems.
• Network with other job seekers.

Career opportunities are available in a variety of fields, including:

• Accounting, budgeting, auditing, contracting, and financial management
• Administration: human resources, logistics, public affairs, clinical psychology, etc.
• Clandestine services
• Computer science, computer engineering
• Cybersecurity, information assurance
• Data scientists
• Engineering: electrical and electronics
• Mathematics and physical science
• Foreign Language: language analysts and officers, instructors, contract linguists
• Information technology
• Intelligence Analysis: economic, cultural, imagery, military, open source, regional and technical
• Program/project management
• Security, police
• Special agents
• Student intern, co-op positions

Priority languages include:

All African languages, Arabic (all dialects), Cambodian, Dari, Farsi, Hebrew, Hindi and other languages of India, Indonesian, Japanese, Korean, all Chinese Languages, Pashto, Russian, Tajik, Turkish, Urdu and other languages of Pakistan, and Vietnamese. Note: Not all IC agencies participating in the IC Virtual Career Fair have openings in all languages; however, FBI Language Services and the National Virtual Translation Center have contract linguist opportunities available in almost any language, including French and Spanish.

The following IC agencies and components will be participating in the fair:

• Central Intelligence Agency (CIA)
• Defense Intelligence Agency (DIA)
• Federal Bureau of Investigation (FBI)
• Federal Bureau of Investigation Language Services Section (FBI LSS)
• National Geospatial-Intelligence Agency (NGA)
• National Security Agency (NSA)
• National Virtual Translation Center (NVTC)

U.S. citizenship is required. The United States Intelligence Community is an equal opportunity employer.

Department of Computer Science

The colloquium will be held in Room 340, Stright Hall, from 3:30 to 4:30 p.m.

Students are invited to take advantage of this great opportunity to learn more about prospective career choices.

For more information, see the Computer Science Colloquium Series.

Department of Computer Science

Schedule of Speakers

• 9:00–9:10 — Opening Remarks
  Dr. Waleed Farag, Director, Institute for Information Assurance at IUP
• 9:10–9:20 — Welcome Message
  Dr. William Oblitey, Chair, Department of Computer Science at IUP
• 9:20–10:35 — “Electronic Voting: A Retrospective”
  Dr. Patrick McDaniel, Professor of Computer Science and Engineering at Pennsylvania State University
• 10:35–10:45 — Brief break
• 10:45–12:00 — “Improved Privacy Through Exposure Control”
  Dr. Adam Lee, Assistant Professor of Computer Science at the University of Pittsburgh
• 12:00–1:00 — Lunch break
• 1:00–2:15 — “Computer Crime Investigation: A Case Study”
  Cpl. John Roche, Coordinator, Southwest Computer Crime Task Force, Pennsylvania State Police, Bureau of Criminal Investigation
• 2:15–2:30 — Brief break
• 2:30–3:45 — “Mobile Device Security Guidelines: From Idea to Implementation”
  IT Services Staff at Indiana University of Pennsylvania
• 3:45–4:00 — Conclusion

Biographical Information

Dr. Patrick McDaniel

Patrick McDaniel is a professor in the Computer Science and Engineering Department at Pennsylvania State University and codirector of the Systems and Internet Infrastructure Security Laboratory. Patrick's research efforts centrally focus on network, telecommunications, and systems security, language-based security, and technical public policy. Patrick is editor-in-chief of the ACM journal Transactions on Internet Technology, and serves as associate editor of the journals ACM Transactions on Information and System Security and IEEE Transactions on Computers, and stepped down from the associate editor of IEEE Transactions on Software Engineering position in 2012. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security, including the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.

Dr. Adam J. Lee

Dr. Adam J. Lee is currently an assistant professor of computer science at the University of Pittsburgh. He received the M.S. and Ph.D. degrees in Computer Science from the University of Illinois at Urbana-Champaign in 2005 and 2008, respectively. Prior to that, he received his B.S. in Computer Science from Cornell University. His research interests lie at the intersection of the computer security, privacy, and distributed systems fields. His recent research has been funded by the National Science Foundation and DARPA.

Corporal John Roche

Pennsylvania State Police

• Bureau of Criminal Investigation
• Special Investigation Service
• Computer Crime Unit
• Southwest Computer Crime Task Force Coordinator
• Cpl. John Roche’s Resume

Todd Cunningham

Indiana University of Pennsylvania

• Executive Director, IT Services

Abstracts

Dr. Patrick McDaniel – Pennsylvania State University

• Topic: Electronic Voting: A Retrospective
  • Abstract:
    In the winter of 2007, the Ohio Secretary of State, Jennifer Brunner, initiated the "Evaluation & Validation of Election-Related Equipment, Standards and Testing (EVEREST)" study. Largely in response to growing public concerns, the study participants where charged to analyze technical and procedural issues associated with electronic voting systems used in Ohio. In this talk, Penn State Professor Patrick McDaniel discusses his experiences as the lead of the EVEREST study, and highlights the key findings of the report. A description of the physical and technical processes of running an election will be given, and the study participants and scientific methods detailed. Summary findings will be overviewed and demonstrated via examples of security vulnerabilities present in the voting systems currently used in Ohio. Particular attention will be given to the ways that these vulnerabilities can be exploited to affect the integrity and voter privacy of national and local elections. The speaker will conclude by presenting the research team's views on critical challenges facing election officials in Ohio, and frankly comment on the ability of voting system to provide for the integrity of the upcoming presidential election and beyond.

Dr. Adam Lee – University of Pittsburgh

• Topic: Improved Privacy Through Exposure Control
  • Abstract:
    With the advent of pocket-computing devices such as smartphones, an increasing number of people are sharing or broadcasting personal contextual information using social-networking services such as Facebook and Twitter. For example, people are now sharing not only their location, but also geo-tagged photographs, activity information (e.g., "walking", "running", or "dancing") as deduced from onboard sensors such as accelerometers, and fitness information. In the near future, it is expected that additional sensors will even enable remote health monitoring to aid, for example, medical personnel or family members caring for the elderly.
    
    A large body of research has focused on disclosure policies for personal information (i.e., Who should see my information?), but has neglected to characterize what we call a user's exposure (i.e., Who is accessing my information and to what extent?). Existing work on disclosure policies allows, e.g., Alice to specify that her co-workers are permitted to access her physical location during the work week. While such policies may provide Alice with some baseline notion of exposure control, they do not provide Alice with feedback about her queriers. Would Alice still feel in control if she learned that Bob was accessing her location every 5 minutes? Or if every member of her project team checked her location while she was visiting a medical specialist? In addition to specifying who has access to personal information, users need a way to quantify, interpret, and control the extent to which this data is accessed, cross-correlated, and disseminated.
    
    In this talk, we will discuss the results of an ongoing research collaboration between the University of Pittsburgh and Indiana University at Bloomington that is addressing many facets of the exposure problem. Our primary focus will be on the necessity of an exposure control loop in which sharing preferences are specified, exposure is quantified and visualized, and users react by revising their information sharing habits and preferences. This research is sponsored by the National Science Foundation under awards CNS-1017229 (Pitt) and CNS-1016603 (IU).

Corporal John Roche – Pennsylvania State Police

• Topic: Computer Crime Investigation: A Case Study
  • Abstract:
    The presentation will include a case study on a recent investigation that included many different aspects of computer crime investigation and computer forensic examination methods and techniques. Also a live demonstration of a forensic examination will be conducted. A question and answer session will complete the presentation.

Todd Cunningham, Executive Director, IT Services at IUP

• Topic: Mobile Device Security Guidelines: From Idea to Implementation
  • Abstract:
    The astounding explosion of mobile device usage is creating unprecedented challenges for information technology organizations. Connectivity, authentication, updates, sensitive data storage, the incredibly rapid speed at which one platform is abandoned in favor of another and the numerous implications of the ‘bring your own device’ (BYOD) reality are just a few of these issues.
    Indiana University of Pennsylvania (IUP) is developing a variety of strategies, tactics and operational techniques aimed at meeting this evolving trend. This presentation will focus on IUP’s Mobile Device Security Guidelines – which have been recognized as a model within the Pennsylvania State System of Higher Education (PASSHE).
    The methods used by IT Services leadership to first determine that guidelines were necessary will be discussed, along with the steps used to configure the guidelines and an exploration of the guidelines themselves. The critical issue of merging industry-standard best practices into the local business culture – such as how preexisting related policies and practices influenced the guidelines – will also be reviewed. 

For more information about Information Assurance Day, please contact Waleed Farag, director, Institute for Information Assurance, at farag@iup.edu, 724-357-7995.

Directions to IA day venue

See photos from the event here.

The colloquium was held in room 331 Stright Hall from 2:30–3:30 p.m. and provided a great opportunity for students to learn more about the Deloitte company.

For more information, please visit the Computer Science Colloquium Series website.

Department of Computer Science

You are invited to attend a talk titled “Mobile Development: University Implementations” presented by Taylor and Gibson.

This event will be held on Thursday, April 26, 2012, from 3:30–5:00 p.m. in 327/329 Stright Hall.

The talk will be about a series of applications developed on the Android Mobile Operating System to allow functionality with both university services and interaction with the mobile device itself to provide a smooth and streamlined approach to mobile applications.

Featured demonstrations will include:

• Schedule application
• Directory application
• Campus map application
• News feed application
• Applications in the classroom

These, while not officially endorsed by the university, are made by students with students in mind. They will be presented in an “Application Suite” type package, and comments and criticism are encouraged.

Taylor and Gibson have wide knowledge on this subject through extensive research into other universities applications and the Android Mobile operating system.

For more information, visit the Colloquium Series website.

DoD IA Scholarship Program Application Deadline: Tuesday, January 31, 2012

The IUP Center for Academic Excellence in Information Assurance Education is pleased to offer current and prospective students the opportunity to apply for scholarships through the U.S. Department of Defense (DoD) Information Assurance Scholarship Program.

The Department of Defense is offering full scholarships for students, civilians, and non-active-duty military personnel who pursue fields of study related to information assurance. Students selected for the program will receive scholarships that include tuition, books, fees, and a stipend. This requires the student to agree to serve one year of service to DoD upon graduation for each year of scholarship received. During breaks in academic study, information assurance scholars will receive hands-on experience in information security internships. In return, scholars must agree to some restrictions and obligations regarding curriculum, GPA, and post-program employment. If all conditions are met, information assurance scholars will receive full-time conditional/permanent positions with the DoD upon program completion. The amount is $14,000 for undergraduate students.

Download Student Application Package (2011–2012) 

• Scholarship Announcement
• Student Application

Eligibility Requirements

• Eighteen years of age or older and a U.S. citizen at time of application
• Currently enrolled at, or accepted for enrollment at, a national Center of Academic Excellence (CAE); or enrolled at an institution selected by a CAE as a collaborative partner for these purposed
• Pursuing a course of study and/or having a declared major with an IA concentration in one of the scientific, technical, or managerial disciplines related to computer and network security
• For undergraduate applicants, must have at least the first two years of an undergraduate degree program by August of the calendar year in which scholarship funding will commence, and be eligible to begin either the third or fourth year of the degree. GPA must be at least a 3.2 on a 4.0 scale (or an analogous rank based on a comparable scale).
• For graduate applicants, must be eligible to begin the first or second year of a master’s degree program, pursue doctoral studies, or complete a graduate IA certificate program. GPA must be at least 3.5 on a 4.0 scale (or an analogous rank based on a comparable scale).
• Recommended by the CAE for the scholarship program
• Able to obtain a security clearance

If you are interested in applying for this opportunity, please contact Dr. Shumba at (724) 357-3166 (shumba@iup.edu). Applications should not be submitted directly to the Department of Defense. Please submit your application to Dr. Shumba by January 31, 2012.

You are invited to attend a talk titled “Performance Testing and the Application Lifecycle,” presented by KD Weeks, principal consultant, Genilogix, and Nate Stuyvesant, CTO and senior partner, Genilogix.

The event will be on Wednesday, November 2, 2011, from 2:30 to 3:30 p.m. in 327/329 Stright Hall.

Snacks will be available.

For more information, visit the Colloquium Series website.

You are invited to attend a talk titled “Adobe Flex: A Framework for Building Rich Internet and Mobile Applications,” presented by Sean Hastings, a AMS Center associate at Deloitte LLP.

The event will be on Wednesday, October 19, 2011, from 2:30 to 3:30 p.m. in 333 Stright Hall.

For more information, visit the Colloquium Series website.

Schedule of Speakers

• 8:40–9:00 — Opening Remarks
  Dr. Deanne Snavely, Dean, College of Natural Sciences and Mathematics
• 9:00–9:45 — “Four Essential Requirements for Securing Your Enterprise”
  Mr. David C. Brown, Business CyberSecurity, Inc
• 9:45–10:45 — “Threat Monitoring: Practical Considerations”
  “Using Open Community Software to Identify Network-Based Security Risks to Sensitive Information”
  Mr. Greg Porter, Allegheny Digital, and Mr. Matthew Stewart, Robert Morris University
• 10:45–11:00 — Break
• 11:00–12:00 — “Red Teaming Approaches, Rationales, Engagement Risks, and Methodologies”
  Mr Mark Yanalitis, Highmark, Pittsburgh
• 12:00–1:00 —Lunch break
• 1:00–2:00 — “What Keeps Me Up at Night?”
  Special Agent Jason Pearson and Special Agent Keith Mularski, Pittsburgh Division of the Federal Bureau of Investigation(FBI)
• 2:00–3:00 — Mr. Harley Parkes - NSA
  Mr. Harley Parkes, a member of the Defense Intelligence Senior Executive Service, chief of the Mission and Technical Vulnerability office in the Information Assurance Directorate of the National Security Agency
• 3:00–4:00 — “Information Assurance, an IT Audit Perspective”
  Mr Douglas Brown, First Commonwealth Bank, Indiana

Biographical Information

David C. Brown

David C. Brown, CISSP, P.M.P., C.E.H., is the president and founder of Business CyberSecurity, Inc. He is also the inventor of its innovative business information framework model and analysis methodologies. He has more than thirty years of experience in information technology and analysis of business process combined with more than twenty years of addressing information security issues. He has held a wide variety of engineering, consulting, and management positions in small and large companies.

He holds a Six Sigma Green Belt and ITIL Foundations certification as earned a Bachelor of Science in management information systems, a certificate in Computer Forensic Technology, and an Associate’s Degree in Electronics and Computer Technology

Greg Porter

Greg Porter is the founder of Allegheny Digital, a Western Pennsylvania based information security company specializing in network infrastructure security, incident response, enterprise risk management, and managed security services. For the past several years, Mr. Porter has both led and delivered comprehensive assessment activities that monitor, test, and audit the effectiveness of information system security, risk managed governance and controls, and regulatory conformance. He holds a Bachelor of Science degree in Chemistry from the University of Pittsburgh, a Master of Science degree in Information Technology (Information Security Concentration) from Carnegie Mellon University, and a Master of Science degree in Health Care Policy and Management (Highest Distinction), also from CMU. In addition, Mr. Porter maintains several information security related certifications and is a certified information systems security professional and a certified information security manager.

Matthew Stewart

Matthew Stewart is the director of Information Security at Robert Morris University. In addition, he is an adjunct professor teaching Computer Security, Intrusion Detection, and Computer Forensics.

Matthew earned his Master's Degree in Information Security and Assurance and also holds undergraduate degrees in Information Systems Security and Computer Forensics. He holds several leading industry certifications, including the Certified Information Systems Security Professional (CISSP), SANS GIAC Certified Intrusion Analyst(GCIA), and the SANS GIAC Certified Incident Handler (GCIH). He is a member of the SANS Advisory Board and is a local SANS Mentor in Pittsburgh.

Mark Yanalitis

Mr. Yanalitis has help positions in the private and public sector as a network security engineer, a Big-4 accounting firm security consultant, and directory of Security for a large regional ISP/MSP. He currently functions as an enterprise technical consultant fulfilling the role of IT infrastructure architect for a national health insurance concern.His efforts have concentrated upon enterprise security architectures, threat management, intelligence life cycle management, and incident response.

Mr. Yanalitis has presented material at INFOWARCON, ISSA, CMU/SEI SOA workshop, DOJ/FBI Quantico, and ISACA. Past committee membership include National Cyber-Forensics Training Alliance—a joint public-private forensic computing cooperative based in Pittsburgh; the NIST/URAC Healthcare Security Workgroup, and former "At-Large" member of the board of directors of Pittsburgh Infragard. Presently, he is a committee member on the FS-ISAC Portal Product Selection workgroup and public relations point of contact for the newly formed Pittsburgh Chapter of Open Web Application Security Project. He is the founder of the LinkedIn Open Source Intelligence Professionals Group, an international professional group dedicated to open source intelligence methods and tradecraft.

Mr Yanalitis is a member in good standing with the Association for Computing Machinery, Armed Forces Communications Electronics Association, and Federation of American Scientists. He holds CISSP designation and IAM recognition by the Information Security Assurance Training and Rating Program. He has held various vendor technical certifications. Mr. Yanalitis is a graduate of the 8th Pittsburgh FBI Civilian Academy Program and the Duquesne University Wecht Forensics Science and Law program. He holds graduate degrees from the University of Pittsburgh and American Military University.

Special Agent Jason Pearson

Jason Pearson is a special agent assigned to the Pittsburgh Division of the Federal Bureau of Investigation (FBI). Prior to joining the FBI, Mr. Pearson formed an information technology firm out of Chicago, Illinois. As proprietor of the company, Mr. Pearson led a variety of IT security investigations and worked as a network/systems engineer. In 2009, Mr. Pearson joined the FBI and was assigned to the bureau’s Cyber Squad and High Tech Crimes Task Force, where he currently investigates both National Security and Criminal Cyber Crime offenses.

Mr. Pearson is currently on the front line of investigations involving some of the largest and most complex financial fraud schemes to date and has assisted on a number of investigations involving Counter Intelligence and Domestic Terrorism matters. Mr. Pearson's expertise involves sophisticated Botnets and Malware, Computer Intrusion matters, and Automated Clearing House fraud.

Special Agent Keith Mularski

Keith Mularski is a supervisory special agent assigned to the Pittsburgh Division of the Federal Bureau of Investigation (FBI). Mr. Mularski received his appointment to the position of special agent with the FBI in 1998. After attending the FBI Academy in Quantico, Virginia, Mr. Mularski was assigned to the FBI's Washington Field Office, where he investigated national security matters for seven years. During this time, Mr. Mularski worked on a number of high-profile investigations such as the Robert Hanssen espionage investigation and the 9/11 Terrorist attack on the Pentagon.

In 2005, Mr. Mularski transferred to the FBI's Cyber Division and was detailed to the National Cyber-Forensics and Training Alliance (NCFTA) in Pittsburgh, Pennsylvania. While detailed to the NCFTA, Mr. Mularski successfully worked with private industry subject matter experts on a number of joint cyber-crime initiatives with an emphasis in the development of proactive targeting of organized international cyber-crime groups. From 2006 through 2008, Mr. Mularski worked undercover penetrating cyber underground groups, which resulted in the dismantlement of the Darkmarket criminal carding forum in October 2008. In 2010 Mr. Mularski received the FBI Director’s Award for Excellence in Outstanding Cyber Investigation.

In 2011, Mr. Mularski transferred to the FBI's Pittsburgh Field Office. Mr. Mularski is currently the supervisor of the Cyber Squad, which responsible for all Cyber investigations in Western Pennsylvania and West Virginia.

Harley E. Parker

Chief, Mission and Technical Vulnerability Office

National Security Agency/Central Security Service

Current Position: Mr. Parkes, a member of the Defense Intelligence Senior Executive Service, is the chief of the Mission and Technical Vulnerability (MTV) office in the Information Assurance Directorate (IAD) of the National Security Agency. The MTV organization conducts Communications Security (COMSEC) monitoring and Technical Security Evaluations to evaluate the overall security of U.S. Government communications and operations. As MTV chief, he also serves as the director of the Joint COMSEC Monitoring Activity (JCMA), which operates an enterprise of monitoring centers located throughout the world.

Education: Mr. Parkes holds a Bachelor of Science degree in Computer Science from the University of Maryland.

Prior Positions:

Mr. Parkes has worked in the cryptologic career field for thirty years. He started his career in the U.S. Air Force as a collection officer. In January 1983, he was hired by NSA and served in a number of technical and supervisory positions within the Directorate of Operations between 1983 and 1995. In June 1995, he was assigned to NSA/CSS Pacific and spent four years providing cryptologic support to USCINCPAC and PACOM’s service components. In 1997, he established, and became the first ever lead of, the Computer Network Vulnerability Team at NCPAC. This team provides computer network security consultations in support of USCINCPAC and its components. In 1999, he returned to NSA Headquarters to continue this work within the Vulnerability Analysis and Operations group of IAD. He became d/chief of the Operational Network Vulnerabilities (ONV) office in October 2008. The ONV works to strengthen DoD and the national security communities’ operational networks through vulnerability assessments, in-depth technical analysis, and long-term integrated best-practice community security solutions. In 2010, Mr. Parkes became chief of the MTV.

Professional Background: He serves as the NSA representative to the Enterprise Solutions Steering Group and is a member of the Technical Advisory Board for the Tower Federal Credit Union.

Personal: Mr. Parkes was born in Washington, Pa. He resides in Harford County, Maryland, with his wife, Michelle, and their two children, Tyler and Kaylee. He enjoys softball, football, and coaching his son’s little league baseball team.

Douglas Brown

Doug graduated from IUP in 1981 with a major in MIS and minors in Economics and Accounting. Since that time, he has worked for several financial institutions in several states, all in the field of information technology auditing. He started his career as an audit programmer analyst, where he worked closely with operational and external auditors learning the audit profession. He created unique audit tests to verify data integrity. He ascertained from his tests that company information had a personality quality to it that permitted a unique view of a company, especially in regards to how effective and efficient a company operated. He also was able to expose frauds, errors, misuse of system features, and reveal improperly designed application systems. Doug has also conducted numerous audits of technology systems, applications, production processes, regulatory and compliance directives, product and system life cycles, and service providers. Doug has assisted IT, executive management, and the board of directors in developing risk management and governance practices. Doug currently is the senior vice president and IT audit senior manager for First Commonwealth Financial Corporation located here in Indiana, Pennsylvania.

Abstracts

David C. Brown

• Topic: Four Essential Requirements for Securing Your Enterprise
  • Abstract:
    What makes cybersecurity so difficult for the defenders? If the government, with all of its resources repeatedly gets hacked, what can you do to defend your enterprise? We will show you a new approach to cybersecurity that will change your perspective and help your organization to build better defenses.

Matthew Stewart (Matt) and Greg Porter (Greg)

• Topic: Threat Monitoring: Practical Considerations
  • Abstract (Greg)
    In this talk we will discuss how to make sense of all of the security data generated by multiple devices. We can gain a clear picture of meaningful attacks and how to mitigate them through the aggregation and correlation of data collected from key points on the network including firewalls, intrusion detection systems, hosts and vulnerability assessment solutions.
• Topic: Using open community software to identify network based security risks to sensitive Information
  • Abstract:
    The theft of sensitive information continues to challenge both the public and private sector alike. Adequate network situational awareness can provide the difference between detecting a hacking/IT incident or potentially ending up as a statistic on the Dataloss db website. This presentation will provide key considerations for using open community software to identify network based security risks to sensitive information.

Mark Yanalitis

• Topic: Red Teaming approaches, rationales, engagement risks, and methodologies
  • Abstract:
    The presentation discusses Red Teaming approaches, rationales, engagement risks, and methodologies. “Low-and-slow” traditional open-sources intelligence collection and tradecraft techniques are force-multipliers in successful exams. In the rush to get on the target, engagement preparation and thorough reconnaissance often become abbreviated. Missed intelligence often leads to prolonged engagement timelines, susceptibility to cognitive biases, missed opportunities, attack deceleration, and an over-reliance on automated tooling logic.

Special Agent Jason Pearson and Special Agent Keith Mularski

• Topic: "What keeps me up at night..."
  • Abstract:
    A discussion of Botnets, Malware, Cyber Crime, and the Criminal Underground

Douglas Brown

• Topic: Information Assurance, an IT Audit Perspective.
  • Abstract:
    Auditing as it relates to information assurance.

For more information about Information Assurance Day, please contact Dr. Rose Shumba, director, Institute of IA Education, at shumba@iup.edu724-357-3166.

For a PDF version of information, download the IA Day Schedule.

Directions to IA day venue: Map

The Department of Computer Science is proud to announce the ABET accreditation of the Languages and Systems track.

The IUP Computer Science Languages and Systems track is accredited by the Computing Accreditation Commission of the Accreditation Board for Engineering and Technology (ABET).

You are invited to attend a talk titled “Recent Data Breaches: DigiNotar,” presented by Joshua Waibel, senior technology operations analyst at PNC Bank.

The event will be on Wednesday, September, 28, 2011 from 2:30 to 3:30 p.m. in 333 Stright Hall.

It will be followed by a meeting with students in 301 Stright Hall from 3:30 to 4:30 p.m.

For more information, visit the Colloquium Series website.

Tutoring will be Tuesday from 8:00 to 9:00 p.m. and Thursday nights from 7:00 to 9:00 p.m. in Stright 112B, Tompkin's Lab. Additional days and times may be arranged if the interest is present.

If you are interested in helping tutor or have any feedback/questions, e-mail Courtney Wirtz at xwdq@iup.edu.

Featured among the speakers will be an NSA representative and Douglas Brown, SVP Audit, IT Audit senior manager of the First Commonwealth Bank in Indiana, Pa.

Watch for the full schedule and venue!

The presentations will be held in room 327, 329, and 331 of Stright Hall, and are scheduled to start at 3:30 p.m. on Thursday, February 3, 2011.

See the full schedule.

For more information on this event, please contact Rose Shumba (shumba@iup.edu) or Charles Shubra (cjshubra@iup.edu).

The full schedule and venue are coming soon!

For more information on this event, please contact Rose Shumba (shumba@iup.edu) or Charles Shubra (cjshubra@iup.edu).

Please take five minutes to complete the survey: Begin Survey

Be sure to contact other alumni and encourage them to take the survey also!

Full schedule of topics and speakers 

Some highlights of speakers for this day include:

Eric Smith—Vice president, senior tech manager, information security engineer, Bank of America—will present on “Effective Enterprise Information Management.” This talk will be focusing on some of the challenges organizations face when trying to protect their information, and how to overcome those challenges.

Connetta Salanitro, senior risk analyst for PNC Bank, will also be part of the day’s program. She will talk about “eDiscovery—ESI... the new DNA.” This will cover the amendments to the Federal Rules on Civil Procedure regarding eDiscovery and the impact they have on both the corporate, security, and technology policies and procedures around electronically stored information.

For more information about this event, please contact Rose Shumba (shumba@iup.edu) or Charles Shubra (cjshubra@iup.edu)

If interested, you can view last year’s IA Day 2008 schedule.

More details will be posted soon!

The National Guard Bureau plays a critical role in protecting our nation. Civil Support Teams (CSTs) of the National Guard are resources available in each state and territory of the United States whose mission is to assist civil authorities in understanding and dealing with chemical, biological, radiological, nuclear, or high-yield explosive (CBRNE) incident sites. CSTs play a significant role in identifying CBRNE agents and substances, assessing current and projected consequences, advising on response measures, and assisting with requests for additional support.

Following this colloquium, participants will be able to discuss how IUP and the IUP Research Institute developed an information management system with the ability to:

• Share critical incident intelligence and data
• Work collaboratively within a standards based environment
• Monitor the completion of key operational objectives
• Accurately record the sequence of events as they happen
• Report to other key personnel and agencies quickly and efficiently

The Civil Support Team Information Management System (CIMS) is the product of forty months of research, development, and field testing. The software program provides a technology solution for mission coordination and management of incident operations.

Presenter Bios

Rebecca Zukowski

Ms. Zukowski is the director of the Technology Development Division at the IUP Research Institute. She received her bachelor’s degree from Carlow University, a master’s degree from Marquette University, and is currently completing a Ph.D at Indiana University of Pennsylvania. She has over twenty-five years experience in program management, health and human services, technology development, and the military. She has worked extensively in program operations and business development for public and private organizations. She is a former officer in the U.S. Navy and has worked extensively in a program management capacity with the Civil Support Team Information Management System.

Joel Monyok

Mr. Monyok, a senior telecommunications engineer at the Indiana University of Pennsylvania Research Institute, received a B.S. degree in Information Science from the University of Pittsburgh. Mr. Monyok is also a Microsoft certified professional and a CompTIA A+ certified professional. Mr. Monyok has expertise in designing and implementing network architecture for enterprise and sponsored programs. He provides expertise on data security, hardware, and software components of IUPRI’s technology development division. He plays a significant role in infrastructure development, systems administration, and maintenance/monitoring activities.

Robert Kimmel

Mr. Kimmel, a senior systems analyst at the Indiana University of Pennsylvania Research Institute, received a B.S. degree from Indiana University of Pennsylvania and is currently completely an MBA at the same institution. Mr. Kimmel has experience designing, programming, and testing information systems and tactical data systems. Additional responsibilities include product testing, quality assurance, and training. Mr. Kimmel has active duty military experience and has worked extensively with the Civil Support Team Information Management System.

Marshall Leitum

Mr. Leitem, an application developer at the Indiana University of Pennsylvania Research Institute, received a B.S. degree from Indiana University of Pennsylvania. Mr. Leitem has experience developing and researching information technology. His responsibilities for the Research Institute include designing, developing, and maintaining complex information systems. He has worked extensively with the Civil Support Team Information Management System.

There is a five-minute break between presentations, so, if you would like, you may change rooms.

Johnson Hall Room 247

Biographical Information

Dominick (Dom) Glavach

Dominick (Dom) Glavach, CISSP is an IUP Alumni and Principal Information Systems Security Engineer at Concurrent Technologies Corporation (CTC) with extensive experience in cyber-attack methods, trends, and counter measures; intrusion detection; computer incident response; and malware analysis. His work at CTC includes numerous Information Assurance projects for CTC and CTC customers. He has designed and implemented Internet exchange point Intrusion Detection Systems; served as a network attack subject matter expert for the National Defense University; developed and coordinated Cyber-exercises for CTC customers; and presented “*nix Computer Forensics” for the International High Technology Crime Investigation Association.
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based solutions to government and industry. Established in 1987, CTC operates from more than 50 locations with a staff of over 1,400 employees. As a nonprofit 501(c)(3) organization, CTC’s primary purpose and programs are to undertake applied scientific research and development activities that serve the public interest. We conduct impartial, in-depth assessments and technical evaluations that emphasize increased quality, enhanced effectiveness, and rapid technology transition and deployment. CTC offers a broad range of services and capabilities, coupled with real-world experience. For more information about CTC, visit www.ctc.com.

Daniel Larkin

Daniel Larkin earned a Bachelor of Arts degree in Criminology from IUP in 1982 and he was recognized as a 2008 distinguished alumnus for his vision to protect and empower the citizenry and enterprise of the United States against cyber crime and for his technological acumen in cyber security. Since 2006, he has served as the FBI’s Unit chief of the Cyber Initiative and Resource Fusion Unit. Mr. Larkin established the first cyber fusion unit for the federal government enabling a more efficient impact of resources against new and evolving cyber crime schemes world-wide.

Mr. Larkin has co-authored the FBI’s national cyber crime strategy. He initiated and managed undercover operations that resulted in dismantling internet-based illegitimate disaster relief fundraisers and other schemes. He also developed the Internet Risk and Resource Assessment Project to assist law enforcement and secondary educators about Internet child exploitation.

Thomas W. Richardson

Dr. Tom Richardson is currently a Chief Systems Engineer at Science Applications International Corporation (SAIC), an Asst Vice President (AVP), and also the Program Manager for SAIC’s Center for Intelligence Innovation (Cii).

Tom earned a Ph.D. in Computer Engineering (with a Network Security focus) from Iowa State University (ISU) in 2001, and he also holds a BS degree in Electrical Engineering Technology from Old Dominion University (ODU; Norfolk, Va) and a Masters degree in Systems Engineering from ISU.

One of Tom’s many ‘hats’ is running SAIC’s Center for Intelligence Innovation (Cii). The Cii is composed of physical facilities and resources whose purpose is to help generate new business for SAIC by producing white papers, proof-of concept prototypes, demos and technical solutions in support of Marketing, Business Development and the individual IISBU Operations and Divisions.

Brian Corl

Brian is a rising senior at IUP and is currently participating in IUP’s internship program. Brian is pursuing a major in the Computer Science field with a focus on Information Assurance and a minor in Criminology. He is currently working as an intern at SAIC’s Cii lab in Columbia, MD.

Wednesday October 8, 2008

2:30 to 3:30 p.m. in 201 Weyandt Hall

Followed by a meeting with students at 301 Stright Hall from 3:30 to 5:00 p.m.

About the Speakers

Linda Lutes has seventeen years of experience at PNC, where she is currently a vice president and system director of Customer Information Technology. Linda has twenty-five years of work experience in Finance. She has a master’s degree in Information Science and an MBA from Duquense University and an undergraduate degree in Information Sciences from Robert Morris. Linda is also PMI Certified.

Eric Meredith started his career as a retail manager before returning to the University of Pittsburgh to study information technology in the early 1980s. Since that time, he has held an IT career spanning twenty-eight years in the consulting, communications, manufacturing, utility, transportation, and banking industries. Meredith joined PNC Financial Services Group in 1994 as a developer, later managed the Advanced Technology Group, and is now chief architect. In his spare time, he enjoys learning to play the piano, performing sleight of hand, and studying Tang Soo Do karate, in which he has attained the rank of fourth degree black belt.

Kimberley Jones started working in technology in 1985 as a civilian contractor for the U.S. Army while living in Germany. Her experience has spanned many different technical areas in the full gamut of technology, including Help Desk/Support, Network Engineering, and Application Development focusing on Securities and Brokerage applications to the current role of technology project management. She joined PNC as a software engineer in the Capital Markets team in 2002 and now works in the Risk Management and Shared Services Technology area. Kimberley graduated with a B.S. from Slippery Rock University. She enjoys spending her free time reading.

Chris Comfort has been with the PNC TPS organization for seven years and currently is the serving as a business analyst, project manager, and most recently as the application manager for the Vested Interest 401k and BPM (Business Process Management) technologies. Chris is responsible for managing various college recruiting initiatives, including intern, undergraduate, and management associate programs. He has ten years of experience in Information Technology in various disciplines.

Mark Boyd is senior consulting IT specialist with the Rational brand at the IBM Corporation. He specializes in helping mainframe customers modernize their assets, architectures, processes, and skills. Mark has worked at IBM for over thirty-one years, having been a product engineer, facilities engineer, client representative, sales specialist, and technical specialist. Mark has a mechanical engineering degree from The Ohio State University. He is married and has three grown children.

Rebecca Gurley Bace

Information security has come a long way in the past half century, fueled by the proliferation of information technology and all-too-familiar forces of human nature. Rebecca Bace has been on the front lines of information security for a quarter century with a career that has taken her from the intelligence community through the national laboratories to her current post as an information security practitioner and venture capitalist in Silicon Valley.

This presentation will offer an independent view of the history and current state of information risk management, with topics including the following:

• A brief history of information security
• How information security and risk management has changed over the last half century
• How a casual (but interested) observer can differentiate between hype and substance when dealing with security topics
• Thoughts on how non-technical everyday experiences can be used to understand information risk issues and management approaches
• Advice on dealing with a future in which information risk issues may well impact and profoundly affect your everyday life

About the Speaker

Becky Bace is widely recognized as one of the most influential people in information security today. Her career includes roles in research, development, operational management, and strategy, in settings ranging from the U.S. Intelligence Community (NSA) to a national laboratory (Los Alamos National Laboratory) to her current role as a strategic consultant in Silicon Valley.

Ms. Bace is currently President and CEO of Infidel, Inc., a strategic consulting firm focusing on information security and risk management, and a venture consultant for Trident Capital, where she oversees Trident’s security-related investment portfolio. Although Ms. Bace is acknowledged most often for her work in intrusion detection (she is credited with successfully funding and transferring the first generation of intrusion detection technology to the commercial market,) she is also considered an key influencer in other security technology areas.

Her publication credits include the books Intrusion Detection (Macmillan, 2000) and (with Fred Chris Smith) A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony as An Expert Technical Witness, (Addison-Wesley, October, 2002) She is also author of NIST Special Publication SP 800-31 Intrusion Detection and the chapters on intrusion detection, penetration testing, and vulnerability assessment for the Computer Security Handbook, 4 Ed., (Wiley, 2003) and 5 Ed. (Wiley, 2006), considered the definitive practice handbooks for information security professionals. Ms. Bace was named one of the top ten security professionals in the industry (Information Security Magazine, 2008), one of the five most influential women in security (Information Security Magazine, 2005) , and received a Distinguished Leadership Award from the National Security Agency (1995) in recognition of her work leading the intrusion detection research program.