How Cyber Security Can Be Improved

Every day we get more interconnected and that naturally widens the threat surface for cybercriminals. In order to protect vulnerabilities and keep pace with hacker methods, security – and non-security professionals must understand how to protect themselves (and their companies). And that involves looking for new ways to improve cyber security. To start, we believe cyber security can be improved by focusing on three areas: enterprise-wide cyber awareness programs, within cyber teams via persistent training, and in communication between the C-suite and the CISO. Check out our recommendations below and if you have a strategy that worked to improve cyber security in your company or organization, we’d love to hear about it.

Company-Wide Security Awareness Programs

Regardless of company size or budget, every person employed at a business should understand fundamental cyber concepts so they can protect themselves from malicious hackers. Failure to do so places the employee and the company at risk of being attacked and could result in significant monetary and reputation damages.

Simple knowledge of what a phishing email looks like, what an unsecured website looks like, and implications of sharing personal information on social media are all topics that can be addressed in a company-wide security program. Further, staff should understand how hackers work and what kinds of tactics they use to get information on a victim to exploit. Reports vary but a most recent article from ThreatPost notes that phishing attempts have doubled in 2018 with new scams on the rise every day.

But where and how should companies start building a security awareness program—not to mention a program that staff will actually take seriously and participate in?

We believe in the power of gamified learning to engage employees in cyber security best practices.

Our mobile app inCyt helps novice and non-technical professionals learn the ins and outs of cyber security from hacking methods to understanding cyber definitions. The game allows employees to play against one another in a healthy, yet competitive, manner. Players have digital “hackables” they have to protect in the game while trying to steal other player’s assets for vulnerabilities to exploit. The back and forth game play teaches learners how and why attacks occur in the first place and where vulnerabilities exist on a variety of digital networks.

By making the learning fun, it shifts the preconceived attitude of “have to do” to “want to do.” When an employee learns the fundamentals of cyber security not only are they empowering themselves to protect their own data, which translates into improved personal data cyber hygiene, but it also adds value for them as professionals. Companies are more confident when employees work with vigilance and security at the forefront.

Benefits of company-wide security awareness training

  • Lowers risk – Prevents an internal employee cyber mishap with proper education and training to inform daily activities.
  • Strengthens workforce – Existing security protocols are hardened to keep the entire staff aware of daily vulnerabilities and prevention.
  • Improved practices – Cultivate good cyber hygiene by growing cyber aptitude in a safe, virtual environment, instead of trial and error on workplace networks.

For more information about company-wide cyber learning, read about our award-winning mobile app inCyt.

Persistent (Not Periodic) Cyber Training

For cyber security professionals like network analysts, IT directors, CISOs, and incident responders, knowledge of the latest hacker methods and ways to protect and defend, govern, and mitigate threats is key. Today’s periodic training conducted at off-site training courses has and continues to be the option of choice—but the financial costs and time away from the frontlines makes it a less-than-fruitful ROI for leaders looking to harden their posture productively and efficiently.

Further, periodic cyber security training classes are often dull, static, PowerPoint-driven or prescriptive, step-by-step instructor-driven—meaning the material is often too outdates to be relevant to today’s threats—and the learning is passive. There’s minimal opportunity for hands-on learning to apply learned concepts in a virtualized, safe setting. These roadblocks make periodic learning ineffective and unfortunately companies are spending thousands of dollars every quarter or month to upskill professionals without knowing if it’s money well spent. That’s frustrating!

What if companies could track cyber team performance to identify gaps in security skills—and do so on emulated networks to enrich the learning experience?

We believe persistent training on a cyber range is the modern response for companies to better align with today’s evolving threats. Cyber ranges allow cyber teams to engage in skill building in a “safe” environment. Sophisticated ranges should be able to scale as companies grow in security posture too. Our Project Ares cyber learning platform helps professionals develop frontier learning capabilities on mirrored networks for a more authentic training experience. Running on Microsoft Azure, enterprise, government and academic IT teams can persistently training on their own networks safely using their own tools to “train as they would fight.”

Browser-based, Project Ares also allows professionals to train on their terms – wherever they are. Artificial intelligence via natural language processing and machine learning support players on the platform by acting as both automated adversaries to challenge trainees in skill, and as an in-game advisor to support trainee progression through a cyber exercise.

The gamified element of cyber training keeps professionals engaged while building skill. Digital badges, leaderboards, levels, and team-based mission scenarios build communicative skills, technical skills, and increase information retention in this active-learning model of training.

Benefits of persistent cyber training

Gamifying cyber training is the next evolution of learning for professionals who are either already in the field or curious to start a career in cyber security. The benefits are noteworthy:

  • Increased engagement, sense of control and self-efficacy
  • Adoption of new initiatives
  • Increased satisfaction with internal communication
  • Development of personal and organizational capabilities and resources
  • Increased personal satisfaction and employee retention
  • Enhanced productivity, monitoring and decision making

For more information about gamified cyber training, read about our award-winning platform Project Ares.

CISO Involvement in C-Suite Decision-Making

Communication processes between the C-suite and CISO need to be more transparent and frequent to achieve better alignment between cyber risk and business risk.

Many CISOs are currently challenged in reporting to the C-suite because of the very technical nature and reputation of cyber security. It’s often perceived as “too technical” for laymen, non-cyber professionals. However, it doesn’t have to be that way.

C-suite execs can understand their business’ cyber risks in the context of business risk to see how the two are inter-related and impact each other.

A CISO is typically concerned about the security of the business as a whole and if a breach occurs at the sake of a new product launch, service addition, or employee productivity, it’s his or her reputation on the line.

The CISO perspective is, if ever a company is deploying a new product or service, security should be involved from the get-go. Having CISOs brought into discussions about business initiatives early on is key to ensuring there are not security “add ons” brought in too late in the game. Also, actualizing the cost of a breach on the company in terms of dollar amounts can also capture the attention of the C-suite.

Furthermore, CISOs are measuring risk severity and breaking it down for the C-suite to help them understand the business value of cyber.  To achieve this alignment, CISOs are finding unique ways to do remediation or cyber security monitoring to reduce their workloads enough so they can prioritize communications with execs and keep all facets of the company safe from the employees it employs to the technologies it adopts to function.

Improving Cyber Security for the Future

Better communications between execs and security leaders, continual cyber training for teams, and company-wide cyber learning are a few suggestions we’ve talked about today to help companies reduce their cyber risk and harden their posture. We’ve said it before and we will say it again: cyber security is everyone’s responsibility. And evolving threats in the age of digital transformation mean that we are always susceptible to attacks regardless of how many firewalls we put up or encryption codes we embed.

If we have a computer, a phone, an electronic device that can exchange information in some way to other parties, we are vulnerable to cyber attacks. Every bit and byte of information exchanged on a company network is up for grabs for hackers and the more technical, business, and non-technical professionals come together to educate and empower themselves to improve cyber hygiene practices, the more prepared they and their company assets will be when a hacker comes knocking on their digital door.

Photo of computer by rawpixel.com from Pexels

NICE Names Circadence’s Brad Wolfenden as New Co-Chair

Bradley Wolfenden, Director of Cyber Academic Partnerships at Circadence  will begin his tenure as the new co-chair for the National Initiative for Cybersecurity Education (NICE) Competitions Subgroup in April, 2019.

A Dialogue with Keenan Skelly – ISTP magazine

ITSPmagazine’s John Dasher chats with Keenan Skelly, Circadence VP of Global Partnerships & Security Evangelist, for a fascinating conversation on cybersecurity learning, training and assessment through their Ares and Orion products.

Guest Blog: Reimagining Cyber Learning for Students, Featuring Divergence Academy

 

It’s one thing to talk about the importance of teaching cybersecurity in an engaging way, and another thing to actually do it. Divergence Academy is proud to partner with Circadence to reimagine how cybersecurity is taught to current and aspiring professionals.

About Divergence Academy

Divergence Academy is an education institution creating adaptive learning solutions to empower individuals to pursue the work they love on the most relevant skills of the 21st century – from web development to data science to product management. It was established in 2014 as the first Data Science school in the Dallas/Fort Worth area school that used a hybrid approach to learning. It offers immersive and weekend programs for working professionals, college grads and transitioning workers.

In early 2017, the academy grew to partner with leading cybersecurity organizations including E.C. Council and CompTIA to offer certified learning for students. However, it found that the curriculum was missing something—a “WOW” factor—a platform where learning could be managed and developed using a more hands-on approach, allowing students to level up and reinforce the skills they were learning towards certification.

A Gamified Approach to Cyber Learning

In realizing that we needed a more robust learning platform that complemented the certifications we offered, we were introduced to Circadence, a market leader in cybersecurity readiness, known for its Project AresÒ cyber range solution. It incorporated gamification into every aspect of the learning process, which encouraged students to progress through real-world exercises at their own pace and with a level of engagement unseen in previous traditional course sessions.

Finding Project Ares put us on the map as an institution that put learning to work and it showed that we are not just an AI school but a school that teaches what we preach!

The Class: Cybersecurity Professional Penetration Tester

We launched our 12-week class using Project Ares in early February 2019. The program is a 400-hour course delivered over 2 weekday evenings and Saturday to prepare students for the role of Certified Ethical Hacker. We have a mix of students from mathematicians to software engineers to IT students all with varying levels of knowledge of cybersecurity, but anxious to learn.

In Project Ares, students are able to identify “learning moments” where they begin to connect the dots on how a cyber concept is applied to a real scenario. They try to solve problems together, which is exactly what a real cybersecurity job would require.

Not only are students learning industry-wide technical competencies such as information assurance, risk management and incident detection but also workplace competencies like teamwork, planning and organizing, problem-solving, and more. In preparing for a CEH role, students engage in the battle rooms, learning foundational skill sets and then apply them to a methodology in the missions. Skills like system hacking are learned in Missions 8-10, 12, and 13, and enumeration in Mission 1, and reconnaissance in Mission 1.

The feedback from them is reassuring that Divergence Academy and Circadence are a powerful partner. We hear they enjoy collaborating with their peers in exercises within the platform and they kind of form their own “tribes” if you will and that’s the beauty of gamified learning. It really teaches these students how to work together, build soft skills, and technical skills needed for today’s workforce.

The Impact of Project Ares

Project Ares has allowed our instructors to really focus on our student’s performance. The automated, in-game advisor Athena within Project Ares helps students progress from activity to activity and solve problems quicker, which helps instructors prioritize the pace of learning from all students and in using the trainer view in Project Ares, see where the skills gaps are and how to better inform the exercise content to meet the individual needs of the students. Further, the automatic scoring and badging in the platform coupled with the media center allows instructors to easily align course curriculum with the platform’s games, whether it’s in a mission, a battle room, or through a mini-game.

A Vision Come to Life

Divergence Academy is excited to build a network with local community colleges in the Dallas/Fort Worth area in order to help upcoming graduates and faculty see us as a school that takes student learning to new levels—applied levels—practical levels that are relevant to the workforce. We hope local schools see our trade school as the next step in their learning journey to cybersecurity professionalism and understand that they will be able to get hands-on skill building (or upskilling) and practical experience.

 

To learn more about Divergence Academy and how they’re using Project Ares to support student learning, visit https://divergenceacademy.com/.

 

Inside inCyt: The Benefits of Gamified Cybersecurity Learning (An Interview with Cassie Brubaker)

Here at Circadence, we are dedicated to taking cybersecurity learning to the next level. We do this through gamification that is accessible to all ages and ranges of knowledge on the subject. Our own Cassie Brubaker, co-creative director on our security awareness mobile app inCyt™, helped us understand the differences between learning and training, and how games can bring value to skill building in the technical world.

Why does cybersecurity really matter in today’s interconnected world?

C: When we don’t understand something, we don’t feel empowered. So, when I think about the importance of cybersecurity and cyber awareness, it’s more a story of empowering people to take back control of their lives. It’s a story about not being scared to live your day-to-day life because you understand [cyber] and you’re in control of it and I think that’s a wonderful thing.

I get that everybody needs to make their companies more secure, but I think it comes at a personal level too. If you feel in control over your personal life, you’re going to be a better contributor to your entire business, you’re going to be a better contributor to your family, you’re going to be a better contributor to yourself.

When we learn more about cybersecurity, we are empowered. Given your expertise with game development, what are the differences between learning versus training?

C: Games provide an inherently clever method to promote learning. There is a place for training, but in my mind, it’s a lot more formal. Learning has a broader application for me. It can happen in all kinds of different moments. You never know when you’re going to learn something new and that’s the magic of it. Training is more like, “let’s get this piece of information across in this specific way.” With our game inCyt, I’ve had so much fun trying to find all the different ways you can learn. You can play it again and again and it’s a little different every time. I can’t guarantee what lesson you’re going to learn when you play today and I don’t know what lesson you’re going to learn when you play tomorrow, BUT you’re going to learn something because you’re engaging with a well-designed product that has been crafted in such a way to give you all kinds of realistic experiences as it pertains to cybersecurity. 

Let’s talk briefly about inCyt and how it uses gamified learning.

C: inCyt is a mobile app that builds cybersecurity awareness. It is designed to educate everyone on fundamental cyber concepts and attack methods. It does this through two learning paths:  a concept learning component and gameplay component for individuals or teams.

The solution is taking the common perception of cybersecurity and flipping it on its head. Cybersecurity, as it exists today, does not conjure up feelings of peace and comfort the way you might expect from a field focused on security and safety. inCyt brings a radically different approach to the existing landscape – one that invites anyone and everyone to step out of the darkness and take their first step towards cyber enlightenment. One of the cool things about this product is that you’re learning organically about cybersecurity as you play, but you’re just having fun battling with your friends. The more and more you play, the more the cyber concepts start to sink in because you’re seeing them applied in real-world scenarios.

Who should play inCyt?

C: inCyt has been designed to reach all ages and experience levels. It’s ultimately designed for people who know very little about cybersecurity, but because we’ve built it to be playful and with a bit of strategy, even people who are cybersecurity professionals could play it and enjoy it. One of the things we found in testing within the company is that people who do this for a living will play it and say, “I think I could actually use this with my family, they don’t understand what I do.”

What is the ultimate value in a game like this?

C: The ultimate value of inCyt as a product for any company is that it is first and foremost fun for your employees to play. They are going to jump in and not going to feel like they’re being put through some mundane training exercise. There are two different ways that were teaching employees about cyber awareness. One of them is what I call “organic lessons” and that’s what happens primarily in the gameplay itself. We give players a bunch of cyber tools and allow them to experiment through gameplay and find what strategies work. In doing this, we’re creating employees that think one level bigger, more strategically about the “whys” and the “what’s” as opposed to a memorized list of rules that need to be followed. Nobody likes that. After learning the basic cyber concepts, players can compete in the gameplay portion of the app.

When working on inCyt, how did you address different learning styles?

C: In terms of different learning styles, that’s really where we’ve gone into playtesting as our method to lean against. Everybody wants something a little bit different when they play – some people want all of the answers up front, they want to know exactly how to use it and they want to know why they’re doing it, while some people want to experiment. Through those playtests, we’re able to make variations of the gameplay that hit the largest range of learning styles. It’s really from a human engagement level, less of a theoretical learning style level. That’s why the playtests have been so helpful for us.

For more information on the benefits of gamified learning, check out the below-recommended reading.

 

Recommended Reading:

The Importance of Gamification in Cybersecurity Training

Why Gamification is the Answer You’ve Been Looking For

Benefits of Gamified Learning

 

Penetration Testing Challenges and Solutions

It’s one of the most direct and proactive cyber security activities organizations can do to protect themselves from an attack, penetration testing.

Also known as ethical hacking, it involves legally breaking into computers to test an organization’s defenses. Companies make it a part of their overall security process to know if their systems are strong or not. It’s kind of like preventative maintenance. If a hired penetration tester can get into their system, it’s relatively reassuring because penetration testing teams can take steps to resolve weaknesses in their computer systems before a malicious hacker does.

So how does penetration testing work? What roadblocks are professionals in this field facing? How are companies using penetration testing today? What innovations in penetration testing are available today? All these questions will be answered in this article. And if you have questions about any of it, please contact us for more information.

What is Penetration Testing?

Now that we understand why penetration testers exist and how critical they are to companies security posture, let’s review how they work. The ethical hacking process usually involves working with the client to establish goals and define what systems can be tested, when and how often without service interruptions. In addition, penetration testers will need to gather a lot of information about your organization including IP addresses, applications, number of users who access the systems, and patch levels. These things are considered “targets” and are typically vulnerable areas.

Next, the pen tester will perform the “attack” and exploit a vulnerability (or denial of service if that’s the case). They use tools like Kali Linux, Metasploit, Nmap, and Wireshark (plus many others) to help paid professionals work like hackers. They will move “horizontally or vertically,” depending on whether the attacker moves within the same class of system or outward to non-related systems, CSO Online notes.

Penetration Testing Career and Company Challenges

As you can imagine, being an ethical hacker naturally requires continuous learning of the latest attack methods and breaches to stay ahead of the “black hatters” and other unauthorized users. That alone can be a challenge because it requires a huge time commitment and lots of continual research. In addition, the following penetration testing challenges are keeping organizations up at night:

  • There were more than 9,800 unfilled penetration testing jobs in the U.S. alone. With all these jobs open, businesses are challenged to find these professionals for hire, leaving them without resources to harden their potential security vulnerabilities.
  • High costs prohibit hiring dedicated and skilled CPTs. Not all CPTs are created equal, while some third parties only perform vulnerability analysis as opposed to thorough pen tests.
  • Most tests are conducted via downloaded tools or as one-off engagements focused on known threats and vulnerabilities.
  • Many third-party engagements have to be scheduled well in advance and run sporadically throughout the year.

A New Penetration Testing Training Solution

Recent reports note that 31% of pen testers test anywhere from 24-66% of their client’s apps and operating systems, leaving many untouched by professionals and open to vulnerability. In the face of these penetration testing challenges, government, enterprise, and academic institutions are turning to technology and persistent training methods for current staff to help. Automated penetration testing tools can augment the security testing process from asset discovery to scanning to exploitation, much like today’s malicious hacker would.

Circadence is proud to have developed a solution (available soon) that automates and augments penetration testing security professionals with a platform called StrikeSetTM. StrikeSet is designed to increase the efficiency and thoroughness by which pen testing is performed. Specifically, the platform can help professionals perform hacks and simulated attacks on systems while machine learning capabilities provide session analysis and create unique threat playbooks for operators. It also monitors and tracks tool behavior for classification.

In addition, data is gathered from distributed operators who can remotely collaborate on how to gain access to a system and exploit development, perform SQL injections, forensics analysis, phishing campaign orchestration, and much more. That data analyzes Red Team’s TTPs with the aim of mimicking approaches to save on resources and time.

With cyber attacks becoming the norm for enterprises and governments, regular scans and pen testing of application security is key to protecting sensitive data in the real world. Coupled with holistic cyber training for offense, defense, and governing professionals and enterprise-wide cyber hygiene education, enterprises and governments will be better prepared to handle the latest and greatest threats. It’s time for organizations to leverage tools that automate and augment the cyber workforce in the wake of an ever-evolving and complex threat landscape.

 

Keeping Critical Infrastructure Strong and Secure

November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to protect our Nation’s critical infrastructure.  Circadence’s mission is to build awareness about how next-generation cybersecurity education and training can improve cyber preparedness. This month is an excellent time to talk about that in relation to critical infrastructure.

“We are seeing government agencies and companies work to make systematic, holistic, and cultural changes through improved cybersecurity standards, best practices, processes, technology, and workforce,” said Josh Davis, Director of Channels. “The massive, distributed, and legacy infrastructure we have today demands a layered security approach that focuses on building a true understanding of what’s at risk within critical infrastructure systems —and that requires a targeted focus on the people who operate these systems both digitally and physically.”

We know critical infrastructure as the power we use in our homes and businesses, the water we drink, the transportation systems that get us from place to place, the first responders and hospitals in our communities, the farms that grow and raise our food, the stores we shop in, and the communication systems we rely on for business as well as staying connected to friends and family. The security and resilience of this critical infrastructure is vital not only to public confidence, but also to the Nation’s safety, prosperity, and well-being.

During November (and year-round), Circadence focuses on engaging and educating public and private sector partners to raise awareness about the security posture of the systems and resources that support our daily lives, underpin our society, and sustain our way of life. Safeguarding both the physical and cyber aspects of critical infrastructure is a national priority that requires public-private partnerships at all levels of government and industry.

Managing risks to critical infrastructure involves preparing for all hazards and reinforces the resilience of our assets and networks.

This November, help promote Critical Infrastructure Security and Resilience Month by:

Our virtualized cyber ranges-as-a-service (CyRaaSTM) provide public/private entities the opportunity to train in realistic cyber environments that mirror their actual interconnected, internet-of-things networks. These virtualized ranges can model the digital footprints of companies, agencies, entire city networks and even Nation State operation exercises, into living physical and fifth domain environments. Teams can collaborate and train together to test and improve their cyber skills in protected environments that can scale and flex as their organizations’ inter-connected structure does, but without impacting live systems and networks.

By combining Circadence’s Project Ares®, Orion Mission Builder™, and StrikeSet™, your organization can learn and grow without impacting your operations. This next-generation combination transforms traditional lecture-based learning, taking it out of the classroom and into interactive real-world environments, at any scale, anytime, anywhere.

We all need to play a role in keeping infrastructure strong, secure, and resilient. We can do our part at home, at work, and in our community by being vigilant, incorporating basic safety practices and cybersecurity behaviors into our daily routines, and making sure that if we see something, we say something by reporting suspicious activities to local law enforcement.

To learn more, visit www.dhs.gov/cisr-month.

A Rising Tide Lifts all Boats: Celebrating National Cybersecurity Awareness Month

National Cybersecurity Awareness Month (NCAM) in October reminds us of the importance of being safer online, in both our professional and personal lives. Easier said than done, eh? Who’s to say the majority of us even know what makes us “safer” online, or for that matter what makes us vulnerable or should raise a red flag?

It all starts with awareness. I’d like to suggest that “IT Literacy” is no longer enough. Now, in 2018 and beyond, “Cyber Literacy” needs to be a year-round, all-encompassing movement. And regardless of whether or not “Cyber-” or “IT-”anything is or will be in your title, cybersecurity must matter to you.

During a recent workshop presentation I delivered to attendees at the Florida CyberCon 2018 in Tampa, I likened our cybersecurity practices to the idea of personal hygiene. Because let’s face it, one’s personal hygiene is something that,
a.) you are personally aware of and educated on how to maintain
b.) is attended to routinely
c.) is well understood in terms its impact on your overall health
d.) has a relative impact on everyone around you regardless of direct contact

Cybersecurity can be thought of much in the same way. We must all begin to realize that cybersecurity demands the same kind of personal awareness and attention – it not only impacts us as individuals but also our family, colleagues, department, agency, company.

I believe that part of the disconnect around cybersecurity best practices comes from the assumptions we make as consumers in general – that what we’re buying is designed and sold with our best interests, and security, in mind. For example, you buy a new car and it comes equipped with seatbelts, turn signals, airbags, automatic brakes and locks, etc. The food you buy and eat is certified by the Food & Drug Administration to indicate it has been safely grown/ raised and suitable for human consumption. When making technology purchases, we cannot take these same conveniences for granted.

Now, that’s not to say that all technology is inherently unsafe, but my point is, we can’t settle with pre-installed safety protocols because, as we know, technology is ever evolving and failure to frequently update it and use it safely results in vulnerabilities that hackers will exploit for financial, reputational, or economic gain. Just like with personal hygiene, healthy practices and regular routines are necessary for optimal cyber literacy and performance.

The goal behind NCAM is to encourage us take some time to understand the problems resulting from poor cybersecurity practices. Those behaviors will not start to diminish until school counselors, parents, teachers, administrative assistants, nurses, athletes, and everyone become more aware of their cyber posture. There’s a reason why the laptop or PC you’re reading this on asks you to update its internet browser and operating system. And those push notifications you get on your phone to update your apps aren’t coming through to annoy you and eat up your battery and data. These simple practices and others — like resetting passwords and activating double-verification – will improve your cyber hygiene and protect you against ongoing threats to infiltrate the devices and exploit the data of our everyday lives.

So, did you shower today?
Did you check your computer updates today?

Ready to learn more? Checkout our new short, fun education videos on the “Cybersecurity Whiteboards” video playlist, here: https://www.youtube.com/playlist?list=PLUdKZUJquY1hn2EwlBJ90MyunBYcAaXRk.

As National Cybersecurity Awareness Month comes to a close, it’s important that the efforts put forth do not end. The reality is this: as the cost of compute power continues to be driven down by advancements in manufacturing and technology, the resources used by malicious hackers become more accessible. This, combined with the fact that a successful cyber breach gets more and more newsworthy and profitable by the day, means the problem isn’t going anywhere anytime soon. When we take steps together to be stronger individually, we become stronger collectively. We can prove the saying, “A rising tide lifts all boats.” Together, we can lift the intellectual property, national security and private data “boats” if we all commit to be more cyber conscientious and cautious.