Julie Amero, a substitute teacher in Connecticut, lost her career and had her life turned upside down due to a malicious spyware application and the incompetence of security “professionals.” The spyware was running on the classroom computer causing pornographic images to be shown. Julie innocently checked her personal e-mail using that classroom computer, left the room briefly, and upon her return saw, as did a few students, the pornography on the computer screen. The pornography pop-ups* were caused by spyware inadvertently installed when another user of that classroom computer downloaded a Halloween screen saver. Because of the school’s amateur IT administrator, overreaction from a school principal, faulty forensic examination of the physical evidence, and false testimony from a computer forensics “expert,” she was prosecuted and convicted (later overturned) of risk of injury to a minor.†
What we can take away from this case is the importance of having a qualified computer forensics‡ examiner acquiring and analyzing evidence in addition to having a qualified information security professional protecting the critical assets of the enterprise. This includes training the employees on the proper use of the company computers as well as what to do when an incident occurs. We will address all of these topics later in this book, but for now we will discuss the numerous career opportunities in the field of information and cyber security as well as describe how to become a qualified professional in this exploding field.