High School Tech Internship Pilot Program - Ohio Businesses.pdf

The High School Tech Internship pilot program is an opportunity for Ohio employers to hire high school interns and receive reimbursement for their wages.

The High School Tech Internship Pilot Program will connect 100 Ohio high school students with technology careers and businesses in Ohio. Businesses can hire summer interns by contacting one of 12 pilot sites across the state. Visit Workforce.Ohio.gov/HSTechInternship to learn how to participate in the program. Interns should be placed in technology roles that focus on software, data, cloud and IT infrastructure, and cybersecurity. Students will be expected to perform job duties similar to what would be expected in an entry-level position.

Wage Reimbursement: 

To qualify for wage reimbursement, employers must submit documentation proving that the individual was employed for a minimum of 150 hours and was paid at least $12 per hour. Employers will receive a higher wage reimbursement for younger students to help more students experience technology careers at an earlier age.

Questions? Please contact the High School Tech Internship team via email: High_School_Tech_Internship@Development.Ohio.gov

Advanced Technology Consulting (ATC) has rolled out a refreshed logo, branding, and website to reflect ATC’s position more accurately in the digital transformation marketplace. In addition, ATC recently signed a lease for ~7,000 square feet of Class A office space on the fourth floor of Liberty Center, a mixed-use community in Liberty Township, just north of Cincinnati.

ATC is an independent IT consulting firm specializing in digital transformation in four core areas: voice, network, cloud and cybersecurity.

ATC will officially move into the new space this August. The need for new space has been fueled by ATC’s growth—eight consecutive record years—and demand for additional talent. ATC recently added three IT consultants and has tripled its Cincinnati workforce in a little over two years. Aggressive plans to onboard additional IT talent are part of ATC’s growth strategy.

“With our growing team, we need a space that will fully engage our employees, clients, and partners on multiple fronts,” says David Goodwin, ATC Managing Partner & Co-Founder. “Liberty Center and our new office space will do just that. We’re eager to embrace this new brand and move to Liberty Center. Our new location on the I-75 corridor will allow us to further develop our regional presence.”

ATC’s new logo and brand colors are refreshed but not altogether new. What remains as part of the new brand identity is the triangle, the blue and gray colors, and “ATC” spelled out in all caps. What is new is the aqua color and the 3D-like, technology-forward favicon. Phase one of ATC’s new website is up and running, with phase two slated for release in May.

ATC’s new brand will be reflected within the new space, and ATC is currently working through an experiential design process that will exhibit ATC’s technology-forward brand characteristics. As conceived, the office will be a hub for collaboration where talent, technology, and expertise unite. Naturally, the space will utilize and showcase the technologies ATC evangelizes every day with clients.

“It’s an exciting time for us,” says Louie Hollmeyer, ATC director of marketing and consultant. “Our work with clients has been wrapped around digital transformation for some time now, and it was essential for us to create a refreshed brand identity to better align with today and tomorrow.”

By joining the Liberty Center community, Cincinnati’s hottest suburban hub, ATC will have access to unmatched amenities and finishes. The center offers immersive experience of endless dining and retail options, multifamily housing, onsite parking and community events. ATC’s new office also has excellent drive-by visibility and convenient access to both the Cincinnati and Dayton metropolitan areas, including Northern Kentucky.

To learn more, visit ATC here and here.

Sinclair College Announcement

Who doesn’t want to qualify for free training funds? Right now is a great time to increase your current employees technical skills. The department of Workforce Development at Sinclair College has several programs eligible for state funding with Ohio TechCred.  We anticipated it opening again in March, however, they made some changes to the program and it reopened 1 April.

TechCred is Ohio's innovative workforce program that reimburses employers for industry-recognized, technology-focused, credentialed training programs and certificates. The training must be completed within 12 months now and the current online application period is open as of April 1st. Now is the time to start thinking of who needs upskilled!

Here are some things you should know, including changes from previous funding rounds: 

1.       Employers will identify the specific, technology-centric qualifications they need, as well as the employee(s) they want to upskill. 

2.       To qualify for reimbursement of training costs, the employer must partner with a training provider and apply online. Individuals must be Ohio residents with a verifiable Ohio address. 

3.       The length of the grant will be reduced from 18 months to 12 months from the award date.

4.       Training programs must start on or after the date of the award, not before, and must be completed in less than 12 months.

5.       The state will reimburse up to $2,000 of training costs per credential upon completion. There is no longer a limit of one reimbursement available per employee in each funding round. 

6.       Employers are eligible to receive up to $30,000 per funding round. 

7.       The application period begins April 1st and will end on April 30th.  

8.       Click here for more information about the TechCred program. 

Wondering what you could use it for? Many companies in the area have already used it to streamline workflow and improve productivity with Microsoft Office training. Learn to effectively manage projects, analyze data or build PivotTables with Microsoft Office training. With courses for beginners to power users, you can gain the skills you need to master the features and functions of the Microsoft Office suite.

Eligible Industry Areas 

1. Business Technology (think Adobe Creative Suite or Photoshop for your marketing) 
2. Construction Technology 
3. Healthcare Technology 
4. Information Technology (think Microsoft, Excel or Word)
5. IoT & Cybersecurity Technology 
6. Manufacturing Technology (think SkillsTrac Industrial Maintenance, CNC Machining or GD&T)
7. Military & Smart Transportation (automotive training, such as diesel maintenance)
8. Robotics/Automation (think electrical troubleshooting or robotic programming)

Please contact Karolyn Ellingson if you have any questions.

Karolyn Ellingson, M.Ed.

Workforce Development Manager
Sinclair Community College | 5380 Courseview Dr | Mason, OH 45040
O: 937.512.5584 | M:937.416.6556| F: 937.512.5591

karolyn.ellingson@sinclair.edu

workforce.sinclair.edu

Lisa Heckler, VP Information Security & Privacy, CareSource and Technology First Board of Directors

Is your life feeling a bit like Groundhog's Day? Needing something to snap you out of the Winter Blues? Look no further than Technology First for exciting volunteer, network and educational opportunities in the Dayton and Southwest Ohio region… and virtually beyond! Here's a peek into what's coming up related to my favorite topic - cybersecurity:

Girl Scouts Cyber Challenge - Calling All Cybersecurity Professionals

What??? The Moon has been hacked?! Girls in grades 6 - 12 will come to the rescue of the Moon Base as part of the 2021 Girl Scouts Cyber Challenge. This all day event will immerse attendees in the world of cybersecurity. Along the way they will solve interesting problems (no experience necessary) and meet real world cybersecurity professionals.

Will you join me in creating an exciting experience for our young women who are interested in cybersecurity? The event will take place at the end of July (day to be finalized) and we need day-of volunteers to make it happen.

Cyber SIG - Calling All Cyber Security Professionals… AGAIN!

Technology First is starting a new special interested group focused on Cybersecurity. The group will meet quarterly starting with the virtual OISC (see below for more info on the OISC). Our next meeting will be on June 3 featuring local cybersecurity expert Bryan Fite. If you've met Bryan you know that this is sure to be an interesting evening filled with information on Bryan's latest research as well as lots of conversation on the latest threats and trends in cybersecurity. Technology First will be sending out more information as we get closer to the event.

If you have questions or would like to submit a topic or speaker for consideration for a future event, please email kregan@technologyfirst.org.  

Ohio Information Security Conference (OISC) - Last Call for Cybersecurity Professionals!

(And anyone interested in learning more about Cybersecurity)

We have another interesting and informative OISC on tap for 2021 including keynote speaker Duane Harrison, Chief Scientist, National Air and Space Intelligence Center (NASIC), Wright-Patterson Air Force Base. NASIC is the Air Force analysis center for foreign air, space and specialized intelligence. As Chief Scientist, Mr. Harrison guides the 4,100-person center’s analytic production mission, ensuring timely delivery of relevant intelligence data products and services to Air Force and joint operational warfighters, acquisition and force modernization communities, and senior defense and intelligence community policymaking customers.

Additionally, there are four tracks featuring cybersecurity practitioners sharing real life experiences, practical guidance, and thought leadership, as well as technology vendors sharing the latest tips, tricks and tools to address our cybersecurity concerns. The tracks are focused Cybersecurity Trends & Directions, Applied Cybersecurity, Cyber R&D, and Roundtable Discussions.

Please join me at the all virtual OISC on Wednesday, March 10! Registration & Details Here!

Shawn Waldman, CEO, Secure Cyber Defense

When it comes to cyber threats, every second counts. Quickly identifying a security breach or cyber threat minimizes the damage and cost to an organization. Unfortunately, the volume of threat alerts an organization receives every day, from multiple security systems, creates an overload of tickets needing to be analyzed, prioritized, and investigated.

Hackers are now using artificial intelligence to make their own criminal activities more efficient. If cybercriminals are using automation technologies, it makes sense that cybersecurity professionals do the same to stay one step ahead.

Heightened productivity, consistency, and keeping up with increasingly complex security needs are all solid advantages for adopting automation. With automation and Artificial Intelligence (AI), repetitive tasks like manually sifting through threat alerts can be handled quickly and efficiently. Automation technologies also use vast amounts of threat intelligence to quickly identify and address emerging threats—specifically sophisticated threats designed to avoid detection. Through the use of playbooks, systems can quickly and efficiently eliminate risk. This quick response reduces Mean Time To Detection (MTTD) and Mean Time To Response (MTTR) saving companies time, expense, and downtime.

There are five ways artificial intelligence and automation fill a need for data security teams:

1. Machine learning-powered security can quickly spot and automatically address sophisticated new threats
2. Automated tools can uncover and fix vulnerabilities before attackers can exploit them
3. Tasks can be automated to extend the capabilities of security teams and reduce alert fatigue
4. Automation handles threat analysis and response in a matter of seconds, 24/7
5. As part of a larger security solution, automated platforms work together in a coordinated response

WHY ISN’T EVERYONE RELYING ON THESE TOOLS?

If AI-powered automation tools are providing more accurate and timely results than humans, why isn’t everyone using them? For one, automation tools are behavior-based, meaning they need data to inform their learning and actions. Cost can also be a factor since these platforms require expertise to configure and manage, often requiring outside Managed Security Service Provider (MSSP) support. Finally, automation needs to be part of an overall cybersecurity plan, rather than simply patching a hole.

First and foremost, organizations need to be sure they have the basic security measures in place, like adhering to the CIS Top 20 Controls to stop the most pervasive and dangerous cyber threats. Having the basics in place before jumping into AI- and machine-learning platforms is the best place to start. Some of the basic elements include:

• Understanding your network and the devices on your network
• Addressing perimeters such as firewalls, intrusion prevention systems, and encryption
• Secure network coverage such as SIEM, SD-Wan, and VPNs
• End-point protection such as antivirus and anti-malware
• Good email security and hygiene
• Controlling the use of admin privileges
• Proper password management
• Ensuring firewalls, email gateways, and other security devices are properly configured
• Resources behind the scenes to satisfy training needs, create awareness, and develop a positive cybersecurity culture

Automation isn’t replacing security teams, rather automation enhances the skills and capabilities available. Minimizing human errors in repetitive cybersecurity tasks is a benefit of automation. Automation provides consistency reducing error rates and increasing protections. A higher level of detection and speed of response means there is a quicker link between suspicious behavior and action. Over time, as AI-powered platforms continue to learn your network environment and ingest threat intelligence data, their benefits to your organization will continue to improve.

Automation can be rapid, agile, and consistent. What automation can’t be is creative and curious. When security processes are automated, security teams are freed up to exercise their creativity to solve problems and build more comprehensive security approaches. Cybersecurity professionals still need to decide what servers or networks to isolate, when incident response teams need to be brought in, plus determine what changes should be made to policies and procedures to institute corrective actions.  Like everything else in the IT stack, it comes down to needs, workload, and budget to determine how much automation will deliver a return on your investment.

So, What’s the Answer?

The reality is that the complexity of technology and the amount of data that must be watched and analyzed is not slowing down. In order to manage the growing threat surface and threat alerts, security automation and integration tools will continue to evolve with the same urgency to support security teams. Is your company prepared to take advantage of automation? If not, how will you develop strategies to keep up with the speed and sophistication of cyber threats?

Shawn Waldman

Is the CEO and Founder of Miamisburg-based Secure Cyber Defense. With over 20 years of experience in cybersecurity and information systems, his team designs, manages, and monitors cybersecurity solutions, responding to threats and protecting organizations from cybercriminals.

John Huelsman, IT Director, Hobart Service

What was your first job?

• IT related – Computer Services at BGSU.  I worked part-time while a student at BG.  Go Falcons!
• Non-IT related – paperboy (5^th grade to 9^th grade).

Did you always want to work in IT?

Nope, My initial career thoughts were towards teaching and/or coaching.  However, three of my older siblings graduated college in the IT field and got decent jobs so that led me to eventually explore it as a possibility.  I was proficient in math and science, so my high school guidance counselor pointed me in that direction as well.

What advice would you give to aspiring IT leaders?

• Be patient.
• Observe and listen to leaders you respect.  Similarly, find a mentor and talk to him/her regularly. 
• Get involved in professional networking organizations (like Technology First) and build your network of contacts.
• See the big picture regarding your overall business and markets.
• Put yourself out there and take risks. Volunteer for stretch assignments that get you out of your comfort zone.  “Progress always involves risk.  You can’t steal 2^nd base and keep your foot on 1^st.” – Fredrick B. Willcox
• Take ownership of your career – it is ultimately your responsibility.

Matt Coatney, CTO, HBR Consulting

What was your first job?

Software engineer for an AI software startup in the pharmaceutical/drug discovery space (by far the most geek-cool job I’ve had!)

Does the conventional CIO role include responsibilities it should not hold? Should the role have additional responsibilities it does not currently include?

The challenge of the modern CIO is that you still must “keep the trains running on time” – ensuring that core systems like email, network, and infrastructure are rock solid and secure – but that is no longer enough by itself. That’s table stakes. The role is also increasingly looked to for advice and initiatives that transform the business through technology in areas like analytics, cloud, mobile, IoT, and the like. In mid-sized organizations especially, the CIO is looked to as the security, data, and innovation officer too, which requires intense focus and energy to balance all these plates.  

What advice would you give to aspiring IT leaders?

Be non-traditional. Avoid the typical, predictable career ladder. Pick up special assignments and roles that stretch your comfort zone and give you experience in all sorts of different disciplines: cutting-edge technology, operations, security, finance, economics, law, etc. The future leader will need a wide range of skills – including the skill and passion of continuous learning – to keep up with the rapid acceleration of technology and the world of work.

Mardi Humphreys, Change Agent, Integration Edge - a division of RDSI

There’s an old adage: if you’re the smartest person in the room, you’re in the wrong room. When it comes to work, let’s just say, I’m in the correct Zoom room A LOT. I like to think it’s just a diversity of gifts. My coworkers bring the technical knowledge necessary for building solutions and I bring them challenges to solve. But every little mistake I make feeds a low-grade lack of confidence and makes me wonder, “What if I fail?”

When the thought occurs, I have to stop and remind myself that everyone fails. In fact, failure is a necessary step to success. If I approach projects with curiosity, seek to understand, and demonstrate I’m both listening and learning; then failure becomes part of the problem-solving process. It can even help bond the team. Failure presents an opportunity to highlight everyone’s unique roles and particular skill sets. This allows me to frame failures as experiments I need the team’s talents to finish. We can analyze where things went wrong, gather data, and move on. We want to fail fast, forward, and with feedback. Not every piece of code is written correctly the first time. It’s why development, staging, and production environments exist. Development and staging are places designed for experimenting, testing, and failing before putting the final solution into production. This method doesn’t have to be used exclusively for software development. It can apply to any project team.

Development: This is the brainstorming phase. Wacky ideas are welcome in this no-judgement-allowed preliminary formation of plans. Blue sky thinking happens here. At this point, we know where the client is and where he wants to go. Now, we figure out how to get them there. Everyone is encouraged to contribute then go test their ideas on their own. Think proof of concept.

Staging: This is the evaluation phase. Still a no-judgement zone, everyone brings their idea that passed testing and combines it with everyone else’s bit; much like connecting to a network. The results of wacky-ideas testing are discussed. Would this idea actually work? Do we have the necessary resources to make it happen? The team looks for obstacles to the solution’s success and adjustments are made. Will the client be able to afford this? Does an off-the-shelf solution already exist? Think prototype.

Production: The individual experiments have been combined, vetted, tested, run, and are ready to present to the client as a solution or at least a roadmap. Think demonstration, or, if more fully evolved, think deliverable.

This approach produces more ideas and more solutions more quickly. Business moves at the speed of trust. If we create a safe environment in which to fail, it not only saves time, but also creates a more compassionate, patient, and bonded team. Embracing failure can turn smart people into leaders, mentors, and coaches who will help the team build sustainable trust. Shifting to this mindset frees us from the fear of failure. It inspires us to use failure as a tool and puts us in the same category as Thomas Edison, the Wright brothers, and Sara Blakely. Talk about great company to be in!

Chi Corporation and StorageCraft

Just about every story you read about responding to ransomware includes the directive to “never pay the ransom.” That’s easy enough to say if you’re not the one whose data is being held hostage. And the odds are pretty good it will happen to your company. CyberEdge’s 2020 Cyberthreat Defense Report calls out that nearly seven-in-10 companies will be affected by ransomware attacks.

So, it’s pretty clear you need to put the protections in place that keep ransomware out. You may think that means bolstering endpoint security since that’s where most ransomware attacks originate, but the reality is that 77 percent of organizations that have been infected with ransomware were running up-to-date endpoint protections.

Since it’s almost impossible to prevent every ransomware attack, what you need is a backup and disaster recovery solution that lets you bounce back from an attack, as unscathed as possible. We suggest you consider the following features when shopping for such a solution:

1. Get Continuous Data Protection

You never know when ransomware will strike, so you need to be prepared. Look for a solution that protects your data at all times by automatically taking continuous, space-optimized, image-based backups.

2. Look for Efficient Multi-Site Replication

You’ll want automatic replication of your backups offsite, or at least off-network, as well as to the cloud. This should be able to be accomplished simply by selecting the machines you want to back up and pointing their backups to the desired backup targets using a checkbox or a drag-and-drop interface.

3. Simplify Data Protection with an SLA-Driven Workflow

An optimized workflow for SLA-driven data protection should include a “set and forget” policy feature for data protection and management, with a browser-based dashboard that gives you a single workflow to protect and manage both physical and virtual infrastructures. It should give you a global view of all of your recovery points, and let you schedule and manage local backups, set up onsite, offsite, and cloud replication, and retention schedules. A solution with proactive error detection and alerting will further help simplify management and speed problem resolution.

4. Make Sure Your Data Integrity Is Absolutely Reliable

Choose a data protection solution that ensures your backups will be there when you need them. Inflight verification and automated re-verification of backup images mean you’ll have backups you can count on. Other features like smart retries, self-healing repairs, and PKI-based encrypted channel communication increase backup reliability even more.

5. Include Instant, Flexible Recovery

Because every minute of downtime caused by ransomware is very expensive, you’ll want a solution that lets you get back in business immediately. That should mean you can get back up and running in milliseconds.

You’ll also want to be able to directly recover to your primary store, eliminating the need for vMotion and eliminating any performance impacts during recovery. Being able to recover to dissimilar hardware or virtual environments is another valuable feature for ensuring flexible recovery by letting you use available resources instead of waiting for specific resources.

6. Count on Integrated, Cloud-Based DRaaS

The best way to ensure total business continuity is to go with cloud-based DRaaS that delivers orchestrated, one-click virtual failover. So you don’t have to wait for anyone, recovery should be via a self-service portal and not require third-party intervention. Look for DRaaS solutions that include replication as a service and give you the option to recover using seed drives, BMR drives, and web downloads.

A Nice-to-Have: A Converged Data Platform to Control Costs

A solution that unifies data protection and scale-out storage onsite and offsite can help you fight back if ransomware strikes. It can also help you control storage costs and simplify both storage and backup and disaster recovery management.

Look for a solution that uses an object-based, distributed file system so you can scale non-disruptively, without any need for configuration. Inline deduplication and compression will also save on storage costs. And scale-out storage lets you add capacity as you need it to keep up with your data storage requirements, eliminating forklift upgrades without sacrificing security.

Get the Facts

Cadre Information Security

Operating on the edge with vigorous due diligence

Moving business processes, applications, and data to the cloud is inevitable as we expand operations and distribute workforces around the globe – yet this fundamental shift provides cybercriminals a central target and more accessible attack vectors to compromise sensitive assets. Consequently, organizations are increasingly challenged to expand the security perimeter, which often forces implementation of controls that are at odds with the evolving cloud environment. Cybersecurity experts argue that secure access service edge (SASE) – pronounced “sassy” – is a timely solution to the current cloud dilemma and it is the future of network security. Continue reading for a glimpse into this cloud-centric operation.

A netscape riddled with vulnerabilities

Network security has experienced many evolutions since the early days of the internet and its subsequent explosion into the cloud.

While the stateless access controls of firewalls nearly a quarter century ago were incapable of protecting emerging stateful technology, the consequent move to proxy technology also proved to be a vain resolve because proxies couldn’t keep up with new applications and network traffic.

Stateful inspection of applications proved to be more secure and dominated the market for many years, until the explosion of internet applications demanded yet another novel tactic to secure networks.

Next-generation firewall architecture and an array of network security infrastructures, such as internet protocol virtual private networks and remote access gateways, now enable organizations to more effectively secure traffic destined for headquarters, branch offices, and data centers. But even these solutions create new problems as they solve old ones.

Now, the inherent risks of migrating applications and data to the cloud, along with protecting the growing pandemic-era remote workforce from cyber threats, perpetuate the multitude of network traffic vulnerabilities that overwhelm CISOs and their security teams.

Perhaps it is time to get “sassy” with network security

“The future of network security is in the cloud,” says Gartner, who describes an emerging cybersecurity concept known as Secure Access Service Edge (SASE):

"In cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere. What security and risk professionals in a digital enterprise need is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where needed to connect entities to the networked capabilities they need to access."

While Gartner predicts that more than 40% of businesses will have a strategy to adopt SASE by 2024, many enterprises have already embraced the cloud-based network security service model to converge their multitude of network traffic and managed security products.

SASE capabilities are delivered in real-time as a service based on the identity of the entity, which includes people, devices, applications, services, IoT systems, and edge computing locations.

Its cloud-based infrastructure provides flexibility to implement and deliver security services more efficiently, including threat prevention, sandboxing, DNS security, next-generation firewall policies, and web-filtering, among others.

Integrating full content inspection and enterprise data protection policies into the framework enhances visibility into network activity and improves threat prevention, ultimately minimizing the compromise and theft of sensitive information.

The model continuously assesses risk throughout network sessions. Plus, exercising Zero Trust in the cloud reduces faulty assumptions and protects sessions even when entities are not connected to the network.

Not only can operating on a single platform increase performance by allowing us to connect to entities wherever we are located in the world, this approach also eliminates the necessity for multiple point products, which could significantly reduce costs and IT resources.

“SASE is moving us away from a model of building defensive perimeters and internal checkpoints which replicate a world of physical security to a new viewpoint where users, systems and data carry the requisite security protocols with them as a personal force field connected to a central point of security management,” says Greg Franseth, a seasoned information technology expert and Director of Professional Services at Cadre Information Security.

Operating on the edge demands vigorous due diligence

Getting sassy with a single cloud-based platform enables CISOs and risk managers to simplify IT infrastructure and reduce the complexity of network security.

But as the industry embraces this incredible shift in network security, moving to the cloud creates a new centralized attack surface for cybercriminals to target and exploit.

We must be mindful that the fundamental objective to prevent attack-ways to our people and sensitive assets hasn’t changed. We must continue to be vigilant and innovate in staying secure.

Effectively leveraging the cloud will empower us to protect the organization from hostile cyberattacks in novel ways.

Topics: Secure Access Service Edge, SASE