Digital Forensics & Everything infosec.
Background of Steganography Steganography is the process of hiding information in digital media, such as images, sound files and text files. The information is hidden covertly and solely the sender and recipient know how to retrieve access. This technique permits the sender and receiver to communicate secretly while a third party will not be aware. The file in which the data will be hidden is generally called the covert/stego image or host file. Similarly, the covert data refers to the data that has been hidden in the covert image. Individuals who use steganography may be harmless users, however they may also be cybercriminals or terrorists who are using it to communicate secretly. During any criminal investigation, it is vital to gather as much evidence as possible, especially digital evidence. A digital forensics investigator who works under law enforcement is generally responsible for analyzing digital media and retrieving as much evidence as possible in a case. When dealing with digital media, digital forensic investigators use a process called Steganalysis, the process of detecting and finding information hidden by steganography techniques. Concept In a digital forensic investigation, one of the most important parts is trying to attain as much forensic evidence as possible. I believe that steganography has been getting easier today with the availability of free steganography applications. These applications make it easier for a potential criminal to hide information from a third party. This type of information could be the source of evidence in a forensic investigation to prove that the suspect is indeed guilty and is using such techniques in an aid for cyberterrorism. Pictures can be suspicious in nature, whether there are multiple images of the same picture or the content itself. These images should be used for further mobile forensic analysis with the potential of retrieving forensic evidence. Overview/BLUF I will be attempting to retrieve hidden information from an Android smartphone with stego images. The stego images will be created using a free android application from the Google play store, called Steganography Master. I chose Steganography Master because it was the number one search result for Android steganography applications. The tools I will be using to retrieve the information are open source steganalysis and forensic tools: pngchecker, exiftool, stegoveritas, binwalk, stegdetect, strings, zsteg, stegano-lsb, stegoveritas The Purpose of this experiment is to take a deeper dive into a mobile forensic investigation, to analyze the images in a seized smartphone device with the attempt to retrieve hidden information on top of a normal file system extraction of the device. My hypothesis for this experiment is I will be able to tell if the image is a stego image, however I will not be able to retrieve the hidden content without having to use the same application. As the availability of mobile steganography applications are increasing, there should be an availability of more open source steganalysis tools to aid investigators in a forensic investigation. If I am successful in extracting the hidden information, it will provide the forensic community a way to retrieve hidden information from stego images created using the application, Steganography Master. If I am not successful, I will raise awareness for more forensic and steganalysis tools to be created to assist forensic investigators in being able to retrieve hidden information. Testing Steganography Master Steganography Master is an application for Android where you can encode a message in a picture and then save it or send it to a friend. The message can only be decoded using the same app, and if you want to ensure that only the intended receiver can read the message, you can also provide a password. A demonstration of how to encode and decode text in Steganography Master is shown below. The message I decided to encode is "This is a secret message." Encode Text Process: Decode Text Process: Steganalysis To begin my Steganalysis, I performed a live Android file system aquisition using ADB and DD on my device (Samsung Galaxy Note 8). Once I got access to all the files from the file system aquisition, I navigated to my gallery to locate the stego image I created with Steganography Master. Once I downloaded the image to my computer, I also downloaded all the tools to conduct stegnalaysis. Below is a screenshot of every application and program used, and its results. PNGCHECK pngcheck verifies the integrity of PNG, JNG and MNG files, by checking the internal 32-bit checksums and decompressing the image data. Pngcheck provides a detailed list of attritubutes of the .png stego image. EXIFTOOL Exiftool is a command-line application for reading, writing, and editing meta information in a wide variety of file formats (JPG, TIFF, PNG, PDF, RAW) Exiftool provides the file times, types, and details, however nothing to conclude that it is stego image. BINWALK Binwalk is a tool designed for identifying files and code embedded inside of firmware images. Binwalk was able to detect compressed data within the stego image, revealing that there is information embedded. This evidence may suggest that there is hidden information in the image. STEGDETECT Stegdetect is an automated tool for detecting steganographic content in images. Stegdetect did not detect anything because it is not compatible with a .png image file. Based on the results, it can be inferred that stegdetect is compatible with .jpeg files. STRINGS Strings scans the file you pass it for UNICODE strings of a default length of three or more UNICODE characters. Strings represents the data in a UNICODE format, however no evidence can be found supporting that it is a stego image. ZSTEG zsteg detects stegano-hidden data in PNG and BMP zsteg was able to identify that there is embedded or hidden text, however it appears that the text is encrypted. The identified text in the file is "eYae_QuS" and "VieQoUQs" STEGANO-LSB stegano is a Least-Significant-Bit tool for steganography Stegano was unable to detect a message in the stego image. STEGOVERITAS stegoveritas is an automatic image steganography analysis tool. StegVeritas did not give any forensic evidence to determine that it is a stego image. Analysis In conclusion, a stego image created with Steganography Master could not be decoded with the top open source steganalysis tools. However, it can be determined that it is indeed a stego image or image with embedded text using the tools zsteg and binwalk. These two applications provided enough evidence that the image does have embedded or hidden information. Binwalk was able to detect compressed data within the stego image, revealing that there is information embedded. Zsteg was able to identify that there is embedded or hidden text, however it appears that the text is encrypted. The identified text in the file was "eYae_QuS" and "VieQoUQs". This evidence may suggest that there is hidden information in the image. After determining a list of stego images on a suspect's device, the next step would be to further analyze the images with more professional steganalysis and forensic tools. If purely the use of open source tools can determine whether there is embedded information in an image, it is probable that with the use of more professional and commercial tools, more forensic evidence may be extracted. Most importantly, it can be concluded that Steganography Master is a very efficient mobile application used to hide information in images, and the digital forensic community should be aware of this. More open source steganalysis and forensic tools should be created to assist examiners in being able to retrieve hidden information from stego images. Future Research Although the secret message could not be extracted with the list of the open source tools, it still served a purpose of determining each tools' advantages and disadvantages. An alternative approach to decoding the images created on Steganography Master may be to shift the focus purely on the application. Steganography Master was used to encode text into images, therefore using the same application is currently the only way to decode the image and acquire the hidden information. Hypothetically in a mobile forensics case, there is a possibility that a suspect may have deleted the use of steganography applications. The first step in this situation would be to determine which steganography or suspicious applications may have been downloaded and used in the past. A demonstration of how to retrieve the current and previously downloaded applications is shown below for Android devices: Open the Google Play store application, and in the menu, tap My apps & games. Tap Installed to see a list of all the current downloaded applications and tap Library to see a list of all apps downloaded on any device with the currently logged in Google account. This simple technique may be useful when determining which applications were previously downloaded to gain insight about a suspect. In the example above, it can be determined that Steganography Master is currently installed. In a potential investigation, once determining which steganography application(s) were previously installed, the next step would be attempting to decipher images found on the device using the identified applications. Generally, a brute force attack is used for applications that require a password. Using this technique, determining the use of an application such as Steganography Master on a suspect's device, can come a long way in a forensic investigation. References Book: Hiding in Plain Sight: Steganography and the Art of Covert Communication by Eric Cole
http://www.libpng.org/pub/png/apps/pngcheck.html https://sourceforge.net/projects/exiftool/ https://tools.kali.org/forensics/binwalk https://stegdetect.apponic.com/ https://docs.microsoft.com/en-us/sysinternals/downloads/strings https://github.com/zed-0xff/zsteg
5 Comments
Welcome back to my cybersecurity Blog! This week I will be discussing current trends and hot topics in cybersecurity. It is significantly important to be aware of current trends and staying up to date in your field, and especially cybersecurity because technology is constantly changing, and therefore trends are frequently changing. You can stay up to date in your field through online journals, magazines and blogs. Outside looking for specific blog websites, you can create an account on feedly.com, which is a news aggregation website and application, where you can find the most up to date magazine and journal articles in your your field, and organize your interests in a personalized dashboard. Three current trends I found online are AI-powered Attacks, Distributed Denial of Service attacks, and emerging standards for multi-factor authentication. AI-powered attacks occur when hackers use Artificial Intelligence technology for mass production of custom social attacks. These attacks are faster, more adaptive and difficult to prevent and capture. This Topic is important because of how rapidly it can spread. In a Ransomware attack, called WannaCry, it affected 400,000 computers in 150 countries. Distributed Denial of Service attacks, more commonly known as DDoS is an attack where multiple breached computer systems attack a specific target like a server or website and cause a denial of service. The denial of service happens through a flood of information sent to the target, which causes it to slow down and eventually shut down which prevents legitimate users from accessing the system. Standards for multi-factor authentication is not only a trend I researched but something I can personally see through experience. Multifactor authentication is basically a security system that requires more than one method of authentication to grant access to a user. Currently, George Mason University enforces multifactor authentication to access Patriot Web, with is a platform that holds all your academic records and employment information if you work on campus. I work on campus, so whenever I need to access Patriot Web I have to first enter my username and password, then I need to have my phone because a call or text message will be sent to verify that I am the user for this account. This is just one example, companies in all areas have been recently enforcing multiple layers of authentication if a user wants to access their personal web interface. Multifactor authentication is critical for preventing security breaches on individual users and an organization’s assets. I discovered these current trends through a blog post on a website called CSO from IDG. Although the blog post provided a list of current trends, it did not go into detail about each trend, therefore I research each topic and gain a lot of insight from specific trade publications and academic journals. The first article I found pertaining to AI-powered attacks was on the Guardian, an online magazine website. In the Artificial Intelligence section, I found an article titled “Growth of AI could boost cybercrime and security threats, report warns.” The article goes into detail about how AI capabilities are becoming more powerful and widespread and how they are causing threats in the cyber realm. Another journal article I found was on the JSTOR database, and it was from a book called “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar”. The article was titled “The Black Market and Botnets” and it went into detail about how Botnets have grown over time and how DDoS attacks play the biggest role for botnets. The third article I used was also found on JSTOR. It is called “Multifactor Authentication – A New Chain of Custody Option for Military Logistics”. I used this journal article because it provides useful information on how multifactor authentication works and examples of how it is used in the real world. While these three topics are important cybersecurity current trends, there are several more you should be aware of. Don’t forget that AI powered attacks are on the rise and will continue to grow rapidly, and that multifactor authentication will only become more in depth and stricter in the future, especially at your workplace. Also, don’t forget to make an account on feedly.com to get the most recent cybersecurity and technology news, and use it as a platform for staying up to date with current trends and hot topics. https://www.csoonline.com/article/3250086/data-protection/7-cybersecurity-trends-to-watch-out-for-in-2018.html Welcome to my blog spot! This week I will be going over an academic journal in detail from JSTOR, a database of scholarly journals and books. JSTOR was available to access through my university’s library site at library.gmu.edu. The journal is called The Cyber Defense Review and is published by Army Cyber Institute. The purpose of the journal is to provide strategic, operational, and tactical aspects of the cybersecurity field. The journal has been updated with two volumes since 2016, making it three volumes in total. Within each volume, the journal gets updated with summer and spring editions. Each volume has about 150-200 pages consisting of several articles across the cyber domain.
Here is a journal article I pulled from The Cyber Defense Review, it's called "Rising Cyber Threat". The article is from Volume 2, and it talks about how Internet of Things (IOT) enabled Distributed Denial of Service (DDoS) attacks are on the rise. It talks specifically about an incident that occurred in San Francisco Municipal Transportation Agency, where these IOT enabled DDoS attacks impacted over 2,000 systems. Later, the article brings up several cybersecurity professional and shares their advice on how to defend the nation from increasing cyber-attacks. Overall, the article is brief and gives a recap of major cybersecurity related attacks that occurred in the year of 2016 and advises how that it’s only going to be worse in the future. The Structure of the journal straight forward and easy to comprehend. It had an introduction followed by several attacks from the past year and later advice from several professionals. The style of the articles is very similar to what you would find in a trade publication, it is a few pages, easy to read and provides very informative news regarding cybersecurity. This journal is super easy to find, all that needs to be done is looking up JSTOR from your university’s database search engine, which will be on the appropriate library site for your college. Once you are on JSTOR, you can browse all the different subjects of journals and books, or you can search anything. If you wanted to find articles from The Cyber Defense Review, all you would have to do is look up just that on JSTOR, and all the articles from the journal will get listed. I recommend this journal because it provides a wide variety of cybersecurity topics and all the journals are quick reads making finding information and learning a breeze. Welcome to my cybersecurity blog site, if you have visited before then welcome back! I know some of you may have read my last blog post about the credibility of blogs. Well if you didn’t, you missed out on some useful information regarding the credibility of blogs so definitely check it out. Similarly, this week I will be going over the credibility of trade publications and how they can be of value for researchers. I will be going over the details on two scholarly trade publications regarding cybersecurity from ProQuest Career and Technical Education Database. I specifically chose this database for my two examples since it has countless cybersecurity related trade publications that are credible with valuable content. As I mentioned on previously on my last blog, it is crucial in finding the best sources online to become knowledgeable and not waste your time on the internet. First, what is a database? A database is a wide-ranging collection of academic works, generally consisting of scholarly journals and articles. Several databases can generally be found in your university or high school library website. The Database resource I will be using is ProQuest, which is home to databases across several fields. Thousands of trade publications or journals can be found on databases. Trade journals or trade magazines are professional publications written for specific audiences that either work for a specific trade, and for people who have interest in that industry. Trade journals are not only informative, but are generally more engaging to read vs. other sources because they may come in a newspaper or magazine format. The first trade journal I will be going over is titled: AI Enters the Cyber Attack Realm. This trade journal is copyrighted and published by Armed Forces Communications and Electronics Association. The AFCEA for short, is a professional association that connects people, ideas and solutions for global security as mentioned in their website. The journal has one author, by the name of Jonathan Hobbs. The title pretty much sums up the purpose of this publication. Many of you know how Artificial Intelligence is taking over the technology world we live in today and has been helping so many industries in becoming efficient. Although AI has several benefits, the journal explains the dark side of AI and how important cybersecurity plays an important role behind AI’s potential negative effects. Today, some AI machines are more efficient than cyber criminals and have the capability of hacking into secure systems. If you want to read and learn more, I would recommend this journal for anyone interested in learning more about AI in a cybersecurity sense. The journal is of high value for researches as it on a database. It is important to note that most sources found on academic databases are the most credible because they most likely have been written by scholars or experts in that field. https://www.afcea.org/site The next trade publication or journal I will be going over is titled: Cybersecurity and the Industrial IoT, which is also from ProQuest Career and Technical Education Database. This trade journal was published by Informa and copyrighted from Penton Media Inc. This journal was written by Doug Chandler, who has over a thousand journals on ProQuest, all published by Informa. Informa is a leading business intelligence and academic publisher who operate in the knowledge and information economy. This journal in specific discusses the impact cybersecurity has on industrial control systems also known as ICS. A decade ago, I am sure most people would not have predicted that cyber crime would take place in the industrial market. Today, attacks and discoveries of vulnerabilities has become a major concern in some industries. ICS’s have developed substantially and now have embedded intelligence that retains confidential information about machine performance as mentioned in the abstract of this journal. Electrical distributors out of all face the most attacks and it has become a critical problem for the industry. If you are interested in learning about the advancement of technology in different industries and how cybersecurity plays a role, this trade journal is an excellent choice. As I mentioned earlier, Informa has over a thousand publications on technology related news and is a great resource for researchers.
Today, I went over two trade publications from ProQuest. These two sources serve as two scholarly and credible sources regarding cybersecurity news. Both sources were also published in 2018 so they are very relevant and appropriate if you are looking for current research. A quick recap and tip about scholarly sources and databases are that not all articles or journals could be considered as scholarly sources. Journals become scholarly through being published through scholars, and journal articles become scholarly through being written by a scholar. You can confirm that a journal or article is scholarly if it is found on an academic database site, because only scholarly sources are added to a database. Again, don’t forget to come back next week and check out my next cybersecurity related blog post. https://informa.com/ Have you ever thought about the credibility of blogs and websites you browse online? As you are reading through my blog posts, you may or may not have considered where I am getting my information from, how accurately I am portraying it and whether it is useful information. This week I will be going over two reputable information security websites, and by the end of my blog you will get an understanding on why they are both reputable sources. It is crucial in finding the best sources online to become knowledgeable and not waste your time on the internet. The first website I will be going over is www.itsecurityguru.org. IT Security Guru is a daily news digest consisting of all the latest Information Security news and trends. The main editor and blogger of this website is Dean Alvarez, who has his own section called editor news. The hierarchy of the website from top to bottom includes breaking news, top stories, editor’s news, latest Infosec videos, analysis, and lastly case studies. As you can tell, IT Security Guru offers a wide variety of information on its website, but how can we tell if its credible? First, this website offers the latest Infosec news and it backs it up by frequently posting up-to-date content. The most recent news article was from less than a week ago, and this shows that the news on this website is recent and up-to-date. The website is affiliated with vpnMentor, a website that has expert reviews on VPNs, which are Virtual Private Networks. vpnMentor also ranked IT Security Guru as a top 15 Security Blogger in the world. The intended audience for this website is anyone with an interest in information security and wants to be in the loop with the most recent news. The website also has a section for job listings from reputable organizations, and these listings have all sorts of positions required in the cybersecurity field. IT Security Guru is a perfect website to visit if you want a quick read on the latest information security related news and analysis. www.itsecurityguru.orgThe second website is www.infosecurity-magazine.com. Infosecurity Magazine is a website that has been offering news articles, free webinars, whitepapers and virtual conferences. Infosecurity Magazine gets its name from being a popular magazine before the online edition was launched. The magazine has been around for the past decade and is still offered through a subscription. But why get the magazine when you can get all the content plus online services from the website! Infosecurity is a platform part of the Infosecurity Group that ranges from parts across the world. There is an Infosecurity Europe, North America, Belgium, Denmark, Netherlands, Russia, Mexico and Middle East. Every year there is an event called Infosecurity Europe. Infosecurity is the largest and most wide-ranging conference program that includes over 400 exhibitors showcasing their recent information security products and solutions. The event has roughly 20,000 information security professionals who attend every year. I would say just from the worldwide significance and the fact it has been a published magazine over a decade, makes the affiliated website a compelling and credible source which is worth your time to visit. The main goal for Infosecurity magazine is to provide year-round, award-winning editorial content and in-depth analysis from industry experts. This sort of information is intended for everyone interested to be a part of the cybersecurity realm, so please make a visit to Infosecurity magazine is you want to enrich your knowledge and stay up-to-date. There is an endless amount of information out there on the world wide web. In conclusion, you must be wary in the sources you access online, and in this case, we are talking specifically about blogs. Finding credible sources for blogs will help you gain the most up to date knowledge in your field and you can trust everything you are reading about. The two websites I went over in this post are two credible and highly informative cybersecurity blogs and serve as excellent examples if you are looking for blogs in another field. Don’t forget to come back next week and check out the next blog post, especially if you are pursuing a field in cybersecurity. www.infosecurity-magazine.comCybersecurity is a very wide-ranging field, meaning that there are many different areas and career pathways you can pursue. With the wide range of areas comes a wide range of professionals who are experts in their field of work. Although the field of cybersecurity is relatively new, it is a widely growing field and there are numerous cybersecurity professionals and scholars all over the world who possess a lifetime of experience. In this blog, I will be discussing two eminent experts in cybersecurity from the D.C. Metro region. The first scholar I will discuss is, Dr. Margaret Leary, who is currently a information security and cybersecurity professor at George Mason University and Northern Virginia Community College. Dr. Leary has been working professionally for more than 25 years in the cybersecurity and Information Technology sector. Dr. Leary received her Ph.D. in Organization and Management/IT Specialization from Capella University, her M.B.A in Technology Management Specialization from the University of Phoenix, and her B.S. n Business from University of Phoenix. Dr. Leary serves a Co-Principle Investigator and Senior Advisor for National CyberWatch, which is a consortium of higher education institution focused on Information Security education and the national cybersecurity workforce. She has spent over 13 years being in different senior level cybersecurity positions in the D.C. metro area. Dr. Leary hold several cybersecurity certifications including CISSP, CIPP/G, CRISC, and CEH. Dr. Leary has also contributed to several papers on cybersecurity issues, specifically in identity authentication, and cloud security. Dr. Leary is currently a Senior Security Advisor with Camber Corporation, and her job is to provide security consultation and risk assessment services. Dr. Leary also currently teaches two information security courses at George Mason. She teaches IT-223, and IT-462 which both are Cyber security principles classes, one being the prerequisite to the other. Dr. Leary has been a professor, principle investigator, senior advisor, and a member of the NCC Leadership Team for the past 10 years, and through all these platforms and experience of leadership, she has influenced and spread her knowledge to over 500 students and other professionals in the cybersecurity field. Dr. Margaret Leary Just like Dr. Margaret Leary, Dr. Thomas Winston is also a cybersecurity scholar and professor at George Mason University. Dr. Winston is an Assistant Professor in the Information Technology Department at Mason, and the head director of the Information Security concentration for IT majors. Dr. Leary is also a member of the Learning Agents Center at George Mason University. Dr. Winston received his PhD. in Information Systems and Nova Southeastern University. He also has an M.S. in Law, Policy, and Society at Northeastern University. In addition, he has a M.S. in Telecommunications from Boston University, and M.S. in Education, and B.A in Linguistics/Russian from the State University of NY at Albany. Based on his education, anyone can assume Dr. Winston is probably one of the most well-rounded professionals having degrees across diverse fields of study. Dr. Winston spent most of his career overseas, on analysis of cyber threat for Central Eurasia, South Asia, and the Middle East. He was the an Officer at the Department of State, and a forensic cyber crime investigator and analyst. Dr. Winston has contributed to several publications on international relations, law, and critical infrastructure protection. Pertaining specifically to cybersecurity, he has published papers on foreign cyber threats and cyber intelligence. Dr. Winston also spent a lot of time in research for critical infrastructure protection, social network analysis, information policy, and telemedicine. Recently, Dr. Winston published a précis of his dissertation at the 49th HICSS conference. Just like Dr. Leary, Dr. Winston also teaches IT-223, and IT-462, two Cyber security principles classes at George Mason University for the Information Security concentration. Outside being a head director and professor for Information Security as Mason, Dr. Winston has a background in telecommunications, information systems security, and international relations, and through all fields of study and teaching experience, he has influenced a massive number of students who are pursuing an IT or cybersecurity degree. Dr. Thomas Winston Now that you’ve got some insight on how much knowledge and experience a few cybersecurity experts have, you should do some quick research on who the cybersecurity professionals are in your area. Speaking to a cybersecurity expert will not only give you advice on the subject but will also give the best career advice on how to become a cybersecurity professional yourself one day. If you live in the Northern Virginia area, you must contact both Dr. Margret Leary and Dr. Thomas Winston if you wish to learn more about the program at George Mason university, or to gain some career insight regarding the cybersecurity field. Works Cited: https://www.nationalcyberwatch.org/about/staff-bio/dr-margaret-leary/ https://ist.gmu.edu/people/detail/thomas-winston/ My name is Prince and I’m currently a Senior at George Mason University. I’m finishing up my undergrad in Information Technology with a concentration in Information security. I’m writing about two very important and beneficial professional associations and its aimed for both beginners looking to get into the Cybersecurity field and for IT professionals looking to take their careers to the next level. (ISC)2 (International Info System Security Consortium) https://www.isc2.org/ (ISC)2 is the International Info System Security Consortium. (ISC)2 is a nonprofit membership association that offers globally recognized certifications, networking opportunities, and professional development and leadership tools. If you are interested in learning more about certifications, check out the Resource Center. The (ISC)2 Resource center provides eBooks, videos, guides, and all types study aids that will help to decide which certification you want to pursue. Once you make a free account, you will be able to register for training and stay up-to-date with (ISC)2. Throughout the year the ISC also offers a wide variety of events and webinars you can attend for free. Once you make an account with (ISC)2, you can explore all the benefits of an (ISC) 2 membership. The requirements for membership are getting a (ISC)2 certification and paying a small annual fee. A membership usually costs around $35 and depends on which certification you possess. Becoming a member of the (ISC)2 comes with some major perks. Benefits include free subscription to the InfoSecurity Professional Magazine, 50% off official (ISC)2 textbooks, deep discounts on industry conferences, professional recognition through (ISC)2 Awards programs, and volunteering opportunities such as The Center for Cyber Safety and Education’s Safe and Secure Online Program. The (ISC)2 is a great place for IT professionals that are looking to build on to their cybersecurity career. Even if you are not a professional, it offers numerous amounts of resources, guides and webinars which will help give you up-to-date cybersecurity knowledge and help you decide where in the field you want to get into. If you are already a cybersecurity student at Mason and would like a free membership and resume builder, check out the next professional association I will talking about below! ISSA (Information Systems Security Association) https://www.issa.org/ ISSA is the Information Systems Security Association. ISSA is also a nonprofit international organization, and it offers peer networking, education and training, industry tools and resources, and its core purpose is to promote a secure digital world while developing the professional growth of its members.
ISSA hosts several activities and its primarily how the collaboration and transfer of information takes place. Some of the major activities are international conferences, local chapter meetings, seminars, training sessions, and networking workshops. There are also volunteering opportunities by joining committees, and this is a great opportunity to get leadership experience in the security industry. If you do have time to attend these activities you can still benefit from ISSA through web conferences and reading the E-Newsletters. If you are currently a cybersecurity or information security student at George Mason, you can get free membership at ISSA for one full year. Your teacher will provide you a promo code that you can use when registering for membership. I know this because I am part of the Northern Virginia Chapter at ISSA. I joined almost a year back, and even though I didn’t attend the activities, I always read the E-Newsletters and stayed up-to-date with the information through the ISSA website which I found to be very informative and beneficial. If you are not a cybersecurity student and would like to become a member of ISSA, it is $95 a year plus chapter dues. Its an investment for your future and the benefits are priceless. ISSA is generally a professional association for students, but the benefits will always be there after you graduate. If you are looking for a resume builder and the best networking opportunity for the field of cybersecurity, become a member of ISSA today. I hope this blog helped you and served as a helpful resource in learning about professional associations related to your field of study. I would recommend ISSA if you are new to the cybersecurity field, but both professional associations are a great resource and place to start. I will be posting weekly blogs regarding cybersecurity so don’t forgot to check back in a week for the next one! |
AuthorPrince Patrick Jackson Clement was born on April 20th, 1997 in Madurai, Tamil Nadu. Prince is currently attending George Mason University and is doing his Masters in Digital Forensics and Cyber Analysis. Prince is currently working as an IT Support Analyst at MyEyeDr. His career aspiration after graduating college is working at Amazon as a Cloud Solutions Architect. Archives |