 Cybersecurity Certification is the magic word here for community matters with court chambers, PhD, who runs the Cybersecurity Certification Program at White Pacific University. Welcome to the show, Court. Thank you, Jay. I'm glad to be here. I'm glad you're doing what you do, but why should I care about cybersecurity certification? We've heard about hacking Hither and Jan. Is this course going to get us in a place where we can understand what that is and how to deal with it? Yes, I think it has become over the last decade a very important topic in the U.S. and throughout the world. We see so many of these cyber attacks take down major critical infrastructure and they also the cyber criminals attack individuals as well. So it's very important that we train our young people, our individuals going through college in these cybersecurity skills and certifications so that they can have a better protect our critical infrastructure both here in Hawaii and nationwide. So let me break that down to two parts. I mean, one is, is this certification going to help me protect my own data? Is it going to be able? Is it going to be help me understand my laptop, for example, so I have a lower risk? Absolutely, it will. We start off with the first course, which is a CompTIA plus and what this course does is it teaches you computer hardware and software. It teaches all three operating systems, Windows, Linux, and Mac operating systems. We also teach you information about your mobile devices and IT security, troubleshooting, how to correct those issues when you have, you know, your phone doesn't work as planned and how to reboot it, how to go into your laptop and look at your systems and determine what may be a problem and try to fix those problems as well. So it will help you absolutely personally and it will also help you understand the threat that is out there and how to mitigate that threat, how to protect your own personal computers, laptops, tablets from cyber attacks. So, you know, we've read a lot about ransomware and ransomware seems to be in the substantial part unstoppable. I don't know enough about it to say why that is so, but even in the recent ransomware attacks, the FBI was able to stop it and recover the payments made to a part of the payments, not all of them. And I just, I wonder, you know, how you deal with ransomware because my perception of it, and you probably know a lot more, is that it's not only from Moscow. It's not only from Vladimir Putin's gang over there. It's also from China. And it's from loan operators, loan wolves, so to speak, who get on the dark web and they find these tools and they set up a ransomware shop. And they're operating by themselves or with their best buddy, but that's all. And it works very well. And they could make a lot of money doing this and be completely immune from, you know, from being found and caught and prosecuted. So, Aquiria, how do you deal with these very sophisticated but fragmented, you know, with distributed groups of people who are anywhere and everywhere dedicated to doing ransomware on you? Yes, absolutely. You hit on several really good points. Ransomware is one of the biggest problems we face today in cybersecurity. And it is becoming a bigger problem. And you referred to the colonial pipeline attack that recently happened, shut down the gasoline and jet fuel pipeline to the southern United States. And basically, like you mentioned, the FBI was able to recover part of that digital currency that they had to pay for ransom. But what we face today is in, you know, years ago, you would take a very highly trained or a technical person, like you mentioned, maybe someone from a nation state, China or Russia or North Korea. But now you don't even have to be that technical, technically trained technical expertise. Because what is available now on the dark web is what is called malware as a service. So you can actually go into these dark web sites. You have a target in mind that you would like to attack. You can rent a ransomware attack, just like you would rent a service in the normal world. And then the software developers, criminal software developers who have developed highly technical tools will do the attack for you. And then you will just pay them part of the profit, a percentage of the profit. So we've moved from highly technical criminals to low tech criminals who have access to these very highly developed software developers that are making huge profits on this malware as a service. So conceptually, you know, how can a cyber security professional deal with that? Either, you know, I guess individually or small company or a large company. Conceptually, how do you stop it? Well, there are certain things you can do. Some of the experts state that there's no way to completely stop it. In other words, if there is a nation state or highly sophisticated criminal actor that wants to get into your system, they probably will get into your system. What you're going to try to protect yourself from or again, you can't protect yourself from the nation state actors, but you can protect yourself from some of the other cyber criminals. One of the most important things to do too is to back up all of your information. So in other words, especially from ransomware attacks, if you have a backup of all of your important data and you update that on say a weekly or monthly basis, whatever is convenient to you, but it has to be to a hard drive that is physically disconnected from your computer. What we see is individuals will do these cloud backups to maybe Microsoft or to a Google Drive and they feel safe. They say, well, I'll back up all of our information on a weekly basis is regularly backed up. But what the problem is, the ransomware is so sophisticated that not only will it encrypt the information on your hard drive, but it will move to that anything that's connected to your heart to your computer, even to the cloud, and it will encrypt those cloud, that cloud information as well. So what we tell companies and individuals to do is have a backup of their most important information, back that up on a regular basis, and have it at it disconnected from your computer on a hard drive, a portable hard drive. So basically, you connect the portable drive, back up your information, disconnect the portable drive, stick it in the door. So then if you do get a ransomware attack that encrypts all your data and locks up your computer, worst case scenario, you can just reinstall the operating system, put your backup hard drive, all your information back up your computer. That's one of the safest things to do. And we also tell people, really, if there is something that is, that would cause such damage to you to be released onto the open web or to be lost, just don't put it on a device that's connected to the internet. I mean, because if you have files, say you're a psychiatrist or medical professional, and you have all your files in the cloud, and if you lost those files, or if those files were released to the public, it would devastate your company. Just don't put those on a device that's connected. Is there progress being made? Maybe this is part of the certification training you're talking about. Is there progress being made in tools that will protect you? I'm not talking about virus protectors. I'm talking about something more sophisticated that deals with today's risks and threats from nation-states and from individual lone wolves around the world. Are there things you can put on your machine that will tip you off that somebody's fiddling with your data? Well, the new antivirus systems that you use on your computer, they are definitely much more sophisticated than they used to be. They can block a lot most of the ransomware. It's also important to always have your systems patched. You want to make sure that your systems do auto patches. We see this on our phone all the time. It will say your app on your phone is going to update tonight at midnight on your iPhone or your Android. We also see this on our computer systems. They have a Microsoft system. Microsoft says the big update is coming up tonight. They're updating the systems. The new antivirus systems work very well and they will protect you from most of the intrusions. But I'll tell you, Jay, you know what the biggest problem we find is even if we have the technology to protect the systems, the weakest link is always the human element. And when I say that is corporations can spend astronomical amount of money protecting their systems with the latest software. And then their employees may click on a phishing email, basically an email that is sent to them to trick them into clicking and downloading a link, which actually downloads malware into their computer. And then it moves laterally into the network and infects the entire system. So this is what's called social engineering. We've heard that term several times. But the criminals know that some of the antivirus software and the anti-myowa malware software is so sophisticated. It's very hard for them to get in. And then they use social engineering to go after the staff because they know if they can offer a free iPhone, if you just click this link and someone clicks that link, if they can get into that person's computer, then they can move into the system, create that backdoor and start pulling out all the data. So that's what we see is the companies also not only do they have to invest in that software, but they have to invest in training for their workforce. And we see this happen a lot. Some of the training is they'll set up fake emails. So in other words, your staff will be doing their daily work at their desk and they'll get an email that says the Human Resources Department needs you to click this link to enter some information for your upcoming paycheck. So they'll click that link and they'll pop up on their screen that says you have just violated company policy by clicking this link. And then you have to, that individual has to go to retraining. So those are some of the things they're doing to try to train the workforce that they have to be part of the solution because it doesn't work with just software. You know, in the old days, social engineering, not that many years ago, was social. Some fellow would call a secretary on the telephone. I would say, you know, my name is, my name is Court Chambers and I work down the hall from you. You know me, I'm the fellow with the glasses and the beard. And I forgot my password and I wonder if you can just help me out. And, you know, that kind of thing where he socializes somebody based on just a shred of information and gets right into the company up to high level security. That was the old days. The new days is you get an email and you don't look, you don't notice that the stated return address is different than the return address under it. And I remember not too long ago the Israelis had some company that perfected a product that would actually, all you had to do was get the email. It didn't even have to click on it. It would come on your phone and once you hide it there on the screen, click or not, it would do something, it would infect your phone. It was very impressive. But social engineering now is much more than just socializing the secretary, right? Yes, absolutely. And also just as you explained, they use both. They do those calls, those vishing calls, voice calls. And they'll tell the employee, yeah, yeah, this is a tech department and we need you to do this or that or click on this link. They'll also, they'll use techniques. They'll call like a lower level employee and say, hey, this is the vice president. I'm locked out of my account and I need you to help me to get back in because I've got this big meeting. And so it puts that pressure on the individual. You know, oh, I just I knew it this job and the vice president is calling me because he needs to get in that type of thing. So it puts pressure on them. They use those psychological tricks to trick the person into letting them in. They also actually physically enter the building. Sometimes they can enter the building and do what is called shoulder surfing where they actually go to a department and and they they just observe and they watch people enter their credentials into their computers. And they can observe the all the physical security controls at the building. And then that gives them an idea of how they can break break into that building or break into the Wi-Fi systems. So these are these are very strange and challenging times, because we need these machines. We need the software. It helps us perform and compete. And we don't think that we're a target, but we are. And so the certification program, I imagine, tell me, yes or no, the certification program you're talking about, which you're implementing at HPU, covers all of these things. It covers every, am I right, cyber security risk that you as an individual or a company or even a government agency might have? Yes, correct. Absolutely, Jay. We start off with four courses. Basically, the first one is CompTIA Plus. And this is that basic introductory course. But it's, I say basic, but it's still very, very challenging course. So the textbook, just as an example, is over 1,000 pages. So we go through 1,000 pages in eight weeks. So it is a lot of information packed into that eight week courses. But we go over hardware and software and Windows and Linux and Mac operating systems. And then we move on to CompTIA Network Plus, which this course provides the knowledge of skills to troubleshoot and configure networks. So the individuals will know how routers work, switches, how a packet travels through the internet. So they get that, that first they spend in A Plus, they learn computers, they actually learn how to build their own computer through components, if they would like to do that as well. Some of the people in our courses, they build gaming computers, very high speed, they put, you know, advanced CPUs and cooling systems on them. But then we move into Network Plus, where we discover how computers are connected on the network. And the network is one of the biggest vulnerabilities, because that's where the, you know, if the threat actor could get inside our network, within those security firewalls, and they can wreak havoc, download all our information, hold it for ransom, or even spy on us. Some of the malware often referred to as spyware, you know, it just sets up operations so that it can use your laptop camera, it can turn on your microphone when they want to, it can exfiltrate all your information. It can even key log all your strokes. So every stroke you place on your keyboard, the key logger records all of that, and sends it back to the threat actor. And that includes everything, including your bank account, your passwords, your, all of your private information, your emails, your health information. So that's what Network Plus covers that networking portion. And then we move into the third course, which is called Tia Security Plus. And what this does is then we take everything we learned about computers and everything we learned about networks, and then we learn how to secure those devices. And because you have that background of networking, you have that background of computer components, it's much easier to understand how to secure them than it would be if you were just starting off with just security. And we also teach the individual to think how the hacker would think. We use the different tools. One of them is Linux Cali. Basically, it's a set of Linux penetration testing tools. And we learn how hackers break into the systems. And we practice basically looking for vulnerabilities and finding those back doors and finding those open ports, so that the individual thinks as a hacker. And then we finally move into a Cisco course called Cybersecurity Operations. And basically, this covers network and operation attacks, the types of data needed to investigate security incidents. It addresses how to monitor alerts and breaches to a network. And it trains the individual for a very unique job in today's world, which is basically working in what is called a SOC, a security operations center. And all large networks will have a security operations center. It will be filled with technicians who operate the security management systems, which basically monitors all of the systems throughout the network. And you think about, as an example, the state of Hawaii's network has 30 to 40,000 nodes connected. So if you can imagine the network with 40,000 computers or devices connected, and you have a team in that security operations center, which has to monitor all of those devices for security intrusions. We also cover artificial intelligence that's now moving into the field, which is a benefit. It's a huge benefit for security technicians because it can automate a lot of those manual operations looking for the security breaches. But we've also found that artificial intelligence has now made its way into the malware threat actors as well. And they're using AI in there to develop their viruses and their spyware. They even have what are called polymorphic viruses that actually they're built with artificial intelligence. And they can actually change their internal structure code once they enter your system. So if your system has samples of the malware, and it's looking for those samples, you know, it's constantly looking for the samples that may enter the system. But these polymorphic viruses, they can change their code on demand to evade capture as it enters the system. So like you said earlier, it's a very evolving pill, and it's getting more and more challenging. Yeah, it sounds like Omicron, doesn't it? Every time it's a virus to begin with, and it mutates while you watch. Yeah, this takes me to an area that we really haven't discussed. And I wonder where it fits. And that is social media. That was an article recently that was really scary. I think it was the Washington Post, but I'm not sure. Might have been a more techie journal. And it was about, I think, TikTok. And how TikTok will give you movies. Actually, it might have been Twitter, too, will give you movies. And the movies will have a certain emotional charge to them. And if you watch the movie, if you click on the movie, it knows a piece of your psychology. And then it's going to give you other movies. This is like, you know, if you've been browsing Amazon for a certain product, the next thing you know is you get an ad from some other source with a similar product that they know and share. So in the case of the movies, they know what you like. They know what turns you on or turns you off. Give you more movies. And every time they give you a movie, they're collecting data as to whether you watch it, how long do you watch it. And then it forks off, you know, it's like a logic tree. It forks off to more movies. And after a while, the AI organization that's doing this knows a lot about you. And it's not limited to what you're going to buy online shopping. It's, you know, it's your politics, your interests, your disinterest, and so forth. And this is happening now. And the movies, who would have thunk the movies are an important part. Amazon is going to look at what you buy. But the movie thing looks at what you look at, what you think, and the choices you make about the next movie. I said, no, it makes you nervous about picking a movie, actually. But, you know, I wonder, you know, if this is either in the cards now, as far as protecting you from your, your data and your personality or psychology, your choice process, or whether it will be in the cards later using again, using AI. Yes, absolutely. What we see is exactly what you're referring to these tracking cookies and what they do is they track your information exactly as you said, what movies you watch, what you shop for. And the social media companies, they don't keep that internal, they sell that. And basically, so companies, the social media companies collect the data, they sell it to each other. And then it just builds those databases on you as an individual, just as you said. So they have more and more information about you. And in fact, the majority of the ads, ad revenue that these social media companies make is from targeted ads. And what it saves them a huge amount of money rather than broadcasting just an ad, say, like on the Super Bowl, right, to the entire nation, they have such a database on all of the individuals on their platforms that they can target that ad, they can only show that ad to the people they know would be interested in that information. So the targeting advertising puts them a step above other companies, say, news media, that would just buy regular ads, right, these companies such as Google and Facebook, they can use these targeted ads using exactly as you had mentioned, artificial intelligence to target that advertisement, the people they know are going to buy those products. And they use these tracking cookies and this spyware to basically build a profile of you. And also the cyber criminals can get ahold of this information as well. And then they know much more about you and what to target and what to steal. Yeah, and they know your vulnerability. I mean, psychologically. So for example, if you'd be a good candidate for a bubble of thought on the Republican side of the Democrat side, they can build that part of your bubble psychology, they can put you ostensibly in a bubble because they know you're vulnerable to that bubble, and they can affect your opinions and your sensibilities, your thought process, because these days, I want to add one more point, these days, we don't talk to people as much as we used to. We talk to the machines, the machines talk to us. And so they could have, they are having, in my opinion, they are having an effect on public opinion and on politics, not only in this country, but everywhere. And that, you know, that is very troubling because it ultimately results in results in political outcomes. So the question is whether a close look at cybersecurity is looking at these things, the social media phenomenon, or whether it will look in the future at the social media phenomenon, and this kind of mental game they play with us. What do you think? What's happening? What will happen? No, I agree. I think that things are getting much more complicated. I think that it's going to be it's something that just cybersecurity professionals on law enforcement is bigger than that. We, and actually we saw over the weekend that CNN actually did an interview that U.S. Cyber Command is now entering into the to basically go after these cyber criminal gangs and nation state actors that are attacking our systems. So basically the military has come in with their resources, which are vast, and they can strike back at these at these malware gangs, cyber malware gangs and nation states that are using this technology. And on the same line of thought you were discussing, something that else is just over the horizon is something called deep fakes and basically where they're using artificial intelligence to change video and to change photographs so that they can actually put different people in a video and have it look so real that you cannot tell the difference. Yeah, we're doing that now, Court. Yeah, yeah. We have an actor who's actually doesn't look like you at all, but we are changing the we're changing that person to look just like Court Chamber. What do you think? Amazing. Yeah, amazing. So tell me how I how I approach this with the cybersecurity training program at HPU. It begins next year. Yes. The classes I'm sure are forming up now. Yeah. How do I apply? What are the prerequisites? What does it cost? What when does it start? When does it finish? And I know this is multiple compound question. When does it finish? And what kind of jobs can I get after I after I complete the program? Okay, absolutely. Yes, it starts January 10th is our first A plus course. Now I've talked these courses before over the last five years. So but this will be the first time with HPU. HPU is a great facility. I think the students will really love it there. It's the latest state of the art equipment, the latest all, you know, great classrooms. But again, it will start January 10th with A plus. And the courses are I'll start with the prerequisites. There's no prerequisite. You should have a basic ability to use a computer and a knowledgeable, you know, to the basic level of computers. You start A plus, again, is a very, very challenging course, but it's very doable. But it takes a lot of self discipline, because we can't we definitely can't cover everything in the course in the three hours that we meet for a week. So the individual is going to have to have to have the self discipline to put in another 10 to 15 hours, I say. It means it's homework. Yeah, it's homework. To read the material, like I said before, the book is about a little over a thousand pages. We're going to go through every page in that book. We're going to learn the material. They're going to do a lot of homework, reading. And then at the end of the eight week period, you're not you're not required to take the certification exam. So in other words, if an individual wants to take the course, but they say, you know, I just don't do good on tests, I don't want to take that that certification exam, they're not required to. So basically, you'll go through the course, you'll pass the course, then you'll have the option to take that certification course. So we spread out the courses to term A and term B. So in other words, term A, they'll take eight weeks A plus. Term B, they won't they'll have off. They'll give them time to study and prepare for and take that certification exam if they want to. Then we start the next course in term A of summer that secure on network plus. And then we take eight weeks off the end of summer and then we start security plus and Cisco cyber ops by then they should be pretty familiar with the process. And we feel that they can take those two courses together back to back in the fall of next year. So at the end of next Christmas, they would have four cybersecurity or four information technology, certain industry certifications, which are extremely valuable in the workforce today. And we believe that ups their chances astronomically to getting a job. And these are, these are well paying jobs. The Biden administration recently announced that they are focusing on cyber security as one of the primary focuses of the US government. And there's approximately one half million open cybersecurity positions currently in the US. The US Bureau of Labor Statistics, if you go to their website, you'll see the employment of information security analysts is projected to go 33% for 2020 to 2030. That's about 16,300 openings for information security analysts projected each year on average over the next decade. Many of these openings are expected to result from the need to replace workers who transfer to different occupations or exit the labor force. And these are very well paying jobs. CompTIA with a security plus certification did some research and the starting pay is right around 60, 50 to $60,000 per year for a security analyst with several years of experience, four or five years of experience, you're looking at 100,000 and 100,000 plus. So these are very good paying jobs, a lot of competition for the jobs, both in the government and in private organizations. Typically they require an associate's degree or a bachelor's degree, which we offer the associates now when we will launch the bachelor's degree this fall. The Biden administration has had several releases of information over the last year. In August, the private sector leaders announced ambitious initiatives to bolster the nation's cybersecurity. That's a fact sheet that's online. The administration wrote that the whole of nation effort is needed to address cybersecurity threats. We all know about the recent high-profile cybersecurity incidents that demonstrate we are in need of more cybersecurity. In May 12, President Biden signed an executive order to approve the nation's cybersecurity. We want to modernize and implement stronger cybersecurity standards for the federal government, improved software, supply chain security. The SolarWinds attack we recently saw last year that infected several of the government's top departments, including the Department of Homeland Security, the Department of the Treasury. Am I right from what you say that, but for national interest, it is better to have a cyber security workforce. It's not only that we have a couple of smart guys doing this, but we have a lot of people who actually talk to each other and share their notes and tips and tricks and what have you. And also they share the tips and tricks of the bad actors as well. You all know what's coming down the pike. So that's what we need to have. It's not just a matter of the government saying that we will now spend X dollars on cybersecurity. It's a matter of developing Akamai workforce. So that will be smarter. One thing that the U.S. has, and I think it's still has, is a creativity. I look at dwell on that for a minute. And the creativity is what will give us the excellence to deal with this, which is a great threat. And maybe sometimes we don't deal with that well. But if we perpetuate this creativity in that workforce, where a lot of people, students go into this and share and discuss and figure out new approaches or new defenses will be better off in many ways. And it is a national issue. It's a critical vulnerability that we have to hatch up. But the thing I was going to say is if you're talking about certifications, you're talking about tests with multiple choice and proof false and all that doesn't allow for a lot of creativity. If I'm seeking creativity, you know, how can I achieve that within the context of the program you're talking about? Because I want my students, I want my workforce to be creative more than anywhere else as a group in the world. How do we achieve that? Well, I think we build creativity into the teaching process. Again, like teaching them to think like a hacker, like a hacker would think, letting them use their creative lines to figure out different ways to attack a system, different ways to protect a system. And the individuals that have, like you were saying, that creativity, they need to fulfill that personally. You know, the world needs individuals to go into the cybersecurity development realm where they get these certifications, they get on hired with Apple or Google or the federal government or any of the large, huge corporations. And then they work to build better protection devices. They go into the AI field, which is, you know, new, but it's developing at an exponential rate. And they can use those creative skills to better protect all of us. Now, let me take that last word, us. Us doesn't necessarily limit itself to the United States. No, not at all. I mean, with certification training and certificate, you're not limited to the United States because this is a global language. It's a global technology. You could go to France and get a job there too. Have to learn a little French or anywhere in Europe and so forth. You have to be anywhere. And so it strikes me that if you're looking at the job possibilities here, you have to look far and wide because you could have a life anywhere, assuming we're done with COVID, right? It assumes you can move around freely. I mean, is that what some of these students might do? Might they work for companies that are multinational and be assigned elsewhere? Might they work for governments elsewhere? Absolutely. And you know what, Jay? The great thing about the world we live in is that a lot of these jobs have gone to virtual jobs. So you could get these certifications, get that degree. You could get a job with Apple making a very good salary and live in Hawaii. A lot of Apple employees are moving to Hawaii. You could get that job with, like you said, with this cybersecurity corporation in Singapore. And you could live in Hawaii. And so the thing is about cybersecurity because all of our physical components, one of the other courses that we're working on developing for HVU that we hope to launch again in the fall, is going to be a Cloud Plus, CompTIA Cloud Plus. And what that is is cloud computing. So in other words, everything, all of our physical components are moving to the cloud. So it doesn't matter where you are in the world. You can still do your cybersecurity position because everything is moving to the cloud. And there's not the type of thing that you're going to be touching physical servers or touching physical switches. Everything you do is going to be on the computer dashboard. And that dashboard can be anywhere on the planet. So it just basically increases your ability to find a position that works best for you, just like you had mentioned earlier. If you're that creative mind, you work in a cybersecurity corporation that develops protective software. If that's not your niche, if creativity is not your niche and you like to work in a very structured environment, you work in a security operations center where everything is hyper structured, right, to protect those systems. So I believe that cybersecurity is going to offer those people with a self-discipline to get through the courses, the ability to choose a job in multiple fields and choose where they want to live as well. Yeah. But we would appreciate if they would not work for the Russian hacker group in Moscow. Yeah. Now, let me tell you, this is very interesting when you mentioned that. Have you heard of the word bug bounties? Okay. So now a current trend also in the cybersecurity field is what had happened is you would have very skilled people who would teach themselves hacking skills. And they would just like you said, you know, they say, oh, I've got this great skill and I don't have ethics or whatever. And they would start hacking, right? And they would make a certain amount of money. Well, what the large corporations and even the government to include the Pentagon now offers is what they call bug bounties. And what this is is a bounty hunting rewards. So in other words, under a structured program, they're able to try to hack into the Pentagon, try to hack into Microsoft, try to hack into Apple. And if they can find a vulnerability and create a report for that vulnerability, they can win bug bounties. And these bug bounties are anywhere from a few hundred dollars up to a hundred thousand dollars for one bug bounty, if they find a vulnerability on new operating systems. So this is also out there. So very impressive. Court, we're out of time. Give your website so people can learn more and then we'll have to close. All right. So the best website to go to is the Hawaii Pacific University College of Professional Studies. And you can just do a Google search, HPU, Hawaii Pacific University College of Professional Studies. And you'll see that certificate in cybersecurity and associate degree in cybersecurity. And I can give you a phone number too, if you'd like. No, we're out of time and they can look it up on the web. Our court chamber is Ph.D. The guy who's running the program, the guy who teaches a lot of the courses, we really appreciate you coming down to court. Thanks. Thank you so much, Jay. Look forward to seeing you again soon.