From Teeth to Tracking Trojans
Cybersecurity specialist helps keep the PUD safe from viruses
By Rodger Nichols
Northern Wasco County PUD’s newest employee is proud to have a local background. Jonathan Alvarez was born and raised in Hood River, and graduated from Hood River Valley High School in 2011. He and his family have lived in The Dalles the past eight years.
Jonathan was hired in April as a cybersecurity specialist in the PUD’s information technology department. His path to the position was untraditional.
“Right after high school, I went to dental assistant school and worked at it for several years,” he says.
In 2016, Jonathan decided he would be happier if he switched careers. He returned to school for an associate degree in computer science.
At first, Jonathan worked on the hardware side, troubleshooting and repairing computers. When he joined the IT staff at Mid-Columbia Medical Center, his role evolved into system administrator.
“It’s more the back end of the system,” he says. “Cybersecurity loops both the hardware and software side.”
That involves such things as keeping software up to date, installing patches in operating systems and maintaining security.
Those tasks call for a special kind of balance.
“You want to be very secure,” Jonathan says, “but you don’t want to be overly secure to where it starts affecting how people can do their jobs on a day-to-day basis. If there are too many hoops to jump through, productivity starts to go down. You work for a happy medium.”
Vigilance is particularly important in critical infrastructure, including hospitals and utilities, which are under constant attack from hackers.
“They look for any way they can to get into the system,” Jonathan says. “If they can get in, they can encrypt your data and hold it hostage for ransom. They try a number of tricks to get unsuspecting workers to give up their passwords.”
He points out that email addresses are easy to find. Many times, they are posted on websites. Once a hacker has an email address, they may stalk their victim on social media, hunting for information they can use to trick people into thinking an email they receive from a hacker is actually from a person or business they know.
“One of the current ones is to send you an email saying that they have attached an invoice that’s past due,” Jonathan says. “But if you click on the attachment to see what’s wrong, it can load malware into the system. People tend to be pretty trusting, so part of the job is keeping employees up to date on various scams.”
One clue to detect fraud, he says, is to notice if English is not the sender’s native language.
“Commas in the wrong place, certain words split up that we put together, verbs in the wrong tense or misspelled—they all can be indicators,” Jonathan says.
As part of employee training, the PUD’s IT department makes its own phishing emails.
“If somebody here clicks on the link, instead of it going somewhere malicious, it notifies us,” Jonathan says. “That person gets enrolled into some training. It’s a way to be proactive about the problem.”
Businesses also have to guard against physical interference.
“You don’t want somebody just walking into your building into restricted areas where they can maybe go on to someone’s computer that was left unlocked, or go into the server room,” Jonathan says.
Jonathan shares his enthusiasm about his job at the PUD and the team of 59 employees.
“You pretty much see every single person every day, and you really get that family feeling,” he says. “In a bigger place, you would never get that.” Jonathan says his drive is personal, but it’s also familial.
“Making my parents proud is a very big thing for me,” he says. “Especially being from a Hispanic background, wanting to make them proud has been something I have always wanted to do. I feel like this is the job where they can be proud of what I’ve done and makes all their efforts worthwhile.”