US State Dept Call for Applications: Foreign Affairs IT Fellowship

US State Dept Call for Applications: Foreign Affairs IT Fellowship

For college students who aspire to a technology career that makes a difference in the world, this two-year Fellowship, funded by the U.S. Department of State, is an opportunity of a lifetime.

Seeking to attract top tech talent to the Foreign Service that reflects the diversity of the United States, the State Department encourages women, members of minority groups underrepresented in the Foreign Service, and students with financial need, to apply to this fulfilling and rewarding program.

The Foreign Affairs Information Technology Fellowship program provides a path to an exciting career in the U.S. Foreign Service through academic funding (up to $75,000), internships, professional development, and ultimately, an appointment (full-time position) as a Foreign Service Information Management Specialist (IMS).

Now Accepting Applications for the 2021 Cohort

Applications for the 2021 cohort are now being accepting through Feb 1, 2021. Here are the basic eligibility requirements to apply. You must: 

  • Be a U.S. citizen
  • Be enrolled in an IT-related degree program and starting your junior year in fall 2021, or seeking admission for fall 2021 in a two-year IT-related master’s degree program, at a U.S.-based accredited institution (in-person or online programs)
  • Be able to obtain and maintain medical and security clearances and suitability requirements
  • Hold a minimum 3.2 GPA on a 4.0 scale at the time of your application, and maintain this GPA throughout the program.

What You’ll Receive as a FAIT Fellow

As a FAIT Fellow, you can expect to forge new friendships, create a professional network, and build memories for a lifetime. Plus, here are the benefits of the Fellowship: 

  • Academic funding: up to $37,500 annually for tuition, room and board, books, mandatory fees and some travel expenses, for the junior and senior years of undergraduate study, OR a two-year master’s degree program in an IT-related field.
  • Stipends, housing and travel allowances for the two summer internships: A domestic internship in Washington, D.C. at the U.S. Department of State; and an international internship at a U.S. Embassy or Consulate abroad.
  • Personalized mentoring and professional development opportunities throughout the program.
  • An appointment in the Foreign Service as an Information Management Specialistupon successful completion of the program and the State Department’s requirements.  

Foreign Service IMS and FAIT Fellows Share Their Experiences

Before you embark on your FAIT Fellowship journey and the path to becoming a Foreign Service IMS, you can hear directly from five FAIT Fellows in video interviews, as they share their experiences with the application process and their summer internships. Also, Foreign Service IMS Elizabeth Slater talks about what it’s like working in the Foreign Service. View these videos at https://www.faitfellowship.org/all_videos/

Prepare Now to Apply

The application deadline is February 1, 2021, but you should start preparing your application documents early to submit the most competitive application possible for this prestigious fellowship program. Learn what application documents are needed and get helpful tips in articles in the Diplomatic Roots blog on the FAIT Fellowship website. 

Virtual Information Session

Wednesday, November 18 2020 at 5:00 pm (EST)
Register: https://app.livestorm.co/the-washington-center/foreign-affairs-it-fellowship-bit-foundation-virtual-info-session

Contact Us with Questions

We’d love to talk with you and answer your questions. Send us an email at faitfellowship@twc.edu and let us know your contact info and the best time to reach you.

Learn more at FAITFellowship.org

Follow us:
Facebook
Instagram
Twitter

 

Do it for the Culture… A Secure Culture

DO IT FOR THE CULTURE… A SECURE CULTURE

Developing an internal fortress using basic security protocols.

SPAM. SPOOFING. PHISHING. HACKING. We all have heard the terms but what do they really mean and why do we know and see them all too often? Let’s begin with some summarized explanations. SPAM basically means receipt of mail that wasn’t needed or expected, usually advertisements or cold sales messaging or junk mail. SPOOFING basically means an account has been cloned or accessed from a source other than the assigned user and that person’s email or other tools have been compromised in order to “act as” that original user. It is commonly seen in cases where email CONTACTS are accessed by a spoofed account and tons of email are sent out to those contacts asking for INVOICE verification or some variation of requesting input. PHISHING can be described as ATTEMPTS to gain information from a user by requesting action to a link or attachment. They are often paired with SPOOFED email accounts but can also be embedded in SPAM messaging. HACKING is the culmination of all forms of social engineering but directly associated with control of a source, account, device or network.

Now that we’ve cleared that up. Why do we see or hear these terms so often, especially in business environments that are supposed to be secure? The answer is CULTURE. Yes, a simple idea, culture. Not some complex technical ideology, simply culture. See, all the understanding of technology in the world cannot substitute for a solid security culture in the workplace. This means everyone from the night cleaning staff to the CEO understands the importance of keeping the business secured. Yes, everyone. Everyone in the business is a stakeholder in the success of the business. We all have the responsibility to ensure our personal and corporate security protocols are adhered to. If there is a gap in one area, the entire system is vulnerable.

SCENARIOS

#1 John is the new security guard at the corporate office. While standing his post at the front desk, a person walks in and says “I work on the 18th floor but left my badge at home. Not wanting to cause an issue with the well-dressed man with the briefcase, he badges him into the elevator up to the 18th floor. The man wasn’t an employee.

#2 The night cleaning staff may have hired a new staff member. That new temporary staff member walks by a desk and sees a password and account number on a “sticky note”. Out of curiosity, he/she records that info. The temp only worked one job and quit. Weeks later, someone has logged into OneDrive from an unknown device and has uncovered financial data including accounts and bank access codes.

#3 Susan is late for her son’s game and needs to wrap up the corporate financial report for 1st quarter before 5 pm. She leans over to Janet, a friend in the Sales department, and asks her to do her a favor. Susan gives Janet her login and Janet tried to complete the work. While working on the file, she accidentally erases an entry in an important spreadsheet but instead of undoing the erasure, she calls IT support got help.

#4 Jennifer takes her pc home during the COVID-19 outbreak. Her son, Jason is also working from home. Since Jason doesn’t have his own computer, she lets him use it to do his homework. However, Jason also uses it for some casual gaming and video downloads, some of which are downloaded from a peer-to-peer site.

All of these are really common scenarios. In scenario #1, the security guard is an important part of the first level of corporate security, PHYSICAL ACCESS. It’s his job to verify each and every person that should be in the building. That can be assisted through use of an access list or a badging system. A successful badging system will utilize an access list to detail where each person is authorized to enter and in cases where a person cannot access a specified level or area, they should request a SPONSOR to guide said access or ask a department manager or SPONSOR for change to their badge access. All of which would need business justification. In scenario #2, you’d be surprised who the real blame falls on. It’s actually the person that wrote important business data on a “sticky note”. We can’t always judge the character of an individual, although the cleaning company should do its part to vet each person they hire. However, the cleaning company may not be an internal part of the company infrastructure. Shockingly, the real blame lies on the person who sat at that desk. The best approach to how you keep your office or desk is the “rotating shift” methodology. In the “rotating shift” routine, a space is not just yours. Therefore, personalization and comfort of just leaving things around should be prohibited. Likewise, you should never write down codes or accounts and leave in an unsecured location. In scenario #3, Susan violated several rules of security. First, she asked someone outside of her department to handle a task that contained data that may have been only available to that department. Secondly, she shared her login information. Both are serious risks. Finally, in scenario #4, we get to an issue that we may encounter far too often during our current pandemic…sharing or inappropriate use of a corporate asset. It’s important to remember that a business issued device is intended primarily for business related use and you expose local and shared network data to the risk of hacking or data loss.

HOW TO FIX A CULTURE ISSUE

There are a few key factors needed in creating a truly secure culture in your corporate or personal home network environment. One, put the right tools in place. Every corporate or home network should have some form of FIREWALL security. This will guard what enters your network. Device security is the next layer. Make sure your computer has some form of antivirus/antimalware protection and/or local firewall software. The next layer is software security. Operating systems require normal updates to stay safeguarded against the outside world. Make a habit of checking in (although typically the task of your company IT administrator) for regular patching and updates. Consider these “inoculations” or “booster shots” to keep the bad bugs away. If you’re managing your own home network, simply run the Windows updates at least twice a month. Keep in mind, you can always set your PC or Mac to perform automatic updates. Here’s a good resource for Windows updates: https://support.microsoft.com/en-us/help/12373/windows-update-faq

Don’t worry Mac users, I didn’t forget about you. Yes, Macs require updates also. See the following link about Mac updates: https://support.apple.com/guide/mac-help/get-macos-updates-mchlpx1065/mac

Data classification is vital to how corporations keep information private and secure. This is the process of defining what the data is, where it belongs and who should have access. Likewise, user security is just as crucial as you can assign access rights to said data, resource locations and systems.

However, the most important factor in creating a secure culture in the workplace is…. drumroll, please… EDUCATION.

That’s right, education. Knowing is not good enough. Saying is not good enough. We must educate, educate and educate more on these practices repetitively. Socializing proper security culture is one of the key roles of any successful enterprise security team. Once all the tools, policies and restrictions are in place, each user needs to be reminded just how important it is that each person play their role in being an active part of keeping the business, and themselves safe.

Dwayne Thomas Coleman
CEO, Coleman Management & Consulting