Author: rescue@crimefire.in

Around the world, employees have been experiencing extreme stress due to the ongoing pandemic, business disruption, and the faster pace of work. 
This is a mental state and lived reality that cybersecurity staffers experience day in and day out. When new hires start work on Day 1, they know what they are signing up for. Most organizations today face an unrelenting fusillade due to the accelerated pace of digital transformation. New threat patterns are emerging, credential compromise is raging, and cybercriminals are cooperating on strategies. 
So, for analysts in security operations centers (SOCs), there’s a thrill of the chase and rewards that come with stopping would-be attackers from damaging a company and its customers. However, there are also thousands of alerts to review each day, as well as the agony of defeat when a data breach occurs on their watch. 

Despite this reality, many teams have best-of-breed platforms at the ready. So, it’s actually getting easier for cybersecurity professionals to do their work. Behavioral analytics detect attackers rapidly and separate the noise from signals of malicious behavior, so that analysts can triage alerts faster. With automated workflows, analysts can focus on higher-level duties. A survey conducted by Chartered Institute of Information Security (CIISec) in 2020/2021 found that 53% of analysts said their organization is getting better at protecting the network and recovering from attacks, while 56% said their team was more adept at responding to cybersecurity incidents and breaches. 
First, it’s important to acknowledge that working within the cybersecurity industry is inherently stressful. Some 51% of analysts said they’re kept up at night by job stress and challenges. Factors include forced cancelation of education events due to the pandemic (66%), overwork (47% work more than 41 hours per week), insufficient budgets (53%), and increased difficulty executing key security processes such as reviews and audits due to remote work. 
Survey results don’t capture the distinction between good stress and bad stress. Good stress includes learning new skills, problem-solving on the job, collaborating with teams to track adversaries and respond to threats, and gaining new professional opportunities. Bad stress includes feeling unsupported by organizations and leaders, not having the tools needed to do the job, and experiencing a poor work-life balance. And then there’s situational stress, such as trying to execute processes remotely that are better done onsite, such as performing audits. 
Many of the cybersecurity issues raised in the CIISec survey point to a need for strong leadership that proactively identifies and resolves issues. But cybersecurity teams need servant leaders, not those who lead by establishing command and control structures. 
Servant leaders create authority by — you guessed it — serving their employees. Cybersecurity executives of this ilk are concerned about the well-being of the team, regularly checking in with team members on how they are doing, and removing roadblocks that harm operational performance. They’ll go to bat with upper management to get an increased budget for new tools and additional staff to smooth out workloads for teams. Servant leaders take turns serving on call to understand work conditions from analysts’ perspectives and hold regular team meetings to discuss key trends and issues. They’re also likely to look ahead to anticipate market and business developments and reposition their organization to get ready to meet them. As a result, these leaders’ teams feel supported. Analysts are not afraid to share problems or new ideas, as they know their leaders will listen, consider them carefully and, most importantly, respond.
Further, servant leaders develop their teams. They understand that cybersecurity analysts want to develop their knowledge and skills to progress their careers. Analysts cited job growth as the No. 1 reason they leave their existing roles and the No. 2 reason they take new jobs; right behind compensation. Respondents named taking training, cross-training across other technical and business areas, and working with experienced staff as high on their wish list for accelerating their careers. 
Given that professional development took a back-seat to fighting threats during the pandemic, cybersecurity leaders should push forward with career planning for their teams this year. Some 41% of analysts say their career development plans are only partially planned, while 11% say they aren’t planned at all. As a result, firms that excel in these areas can poach staff from less development-oriented firms, building their teams at a time when competition is keen for top talent.
The events of the past two years have put an undeniable strain on cybersecurity teams. Risks have grown, increasing teams’ workloads and weakening their sense of control. In addition, budgets haven’t kept pace with hiring, training, and tool requirements. 
What organizations need now is for servant leaders to step forward and make their cybersecurity teams’ professional effectiveness and personal happiness an important priority. Whether it is simply listening to analysts’ concerns, making strategic investments in improving operations, or fostering career growth, servant leaders gain authority by putting others first. With humility, accountability, and consistency, servant leaders create greater organizational cohesiveness, break down barriers to execution, and help their teams outperform, even in the most challenging market and business environments.
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

Wondering How To Get Into Cybersecurity? Here’s What You Should …  Forbes
source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
One of CISA’s greatest responsibilities is providing for the safety and security of our citizens, allies, and partners while providing an economic environment that promotes opportunity and prosperity. The use of Improvised Explosive Devices (IEDs) threatens these interests by killing, injuring, and intimidating citizens and political leaders around the world, inflicting damage on U.S. forces on the battlefield, and disrupting transportation and the flow of commerce. The terrorists and criminals responsible for these attacks are resilient, technologically adept, and adaptable. They employ the most recent and successful tactics, techniques, and procedures gained from experience in Iraq, Afghanistan, and around the world. The use of IEDs worldwide has increased in recent years, with the number of attacks exceeding 7,000 in 2021.
IEDs remain one of the most accessible weapons available to terrorists and criminals to damage critical infrastructure and inflict casualties. The tactics used in IED attacks continue to evolve as our adversaries seek to overcome countermeasures. We must continue to challenge ourselves and each other to be more effective against these threats as we work together to reach our shared national interests of safety, security, and prosperity. The threat from IED use will continue to evolve in response to our abilities to counter them. A whole-of-government approach that incorporates the lessons learned from the state, local, tribal, territorial, private sector, and international community in Counter-IED (C-IED) activities will best position the US to discover plots to use IEDs in the US or against US persons abroad before those threats become imminent. 
To reduce risk to the nation’s critical infrastructure, the Office for Bombing Prevention (OBP) employs several programs and develops and delivers a diverse curriculum of training and awareness products to build nationwide C-IED core capabilities and to enhance awareness of terrorist threats. CISA’s OBP seeks to enhance the nation’s ability to prevent, protect against, respond to, and mitigate the use of explosives against critical infrastructure, the private sector, and federal, state, local, tribal, and territorial entities. 
Coordinated through state homeland security officials and training offices, OBP courses educate on strategies to prevent, protect against, respond to, and mitigate bombing incidents. Federal, state, local, tribal, and territorial participants include municipal officials and emergency managers, state and local law enforcement and other emergency services, critical infrastructure owners and operators, security staff, and public and private sector partners. 
The Security and Resiliency Guide and Annexes are intended to assist stakeholders to plan and implement C-IED activities within their overall public safety and emergency management approach. 
TRIPwire is the Department of Homeland Security’s collaborative information-sharing and resource portal. 
The guidance and resources on this page outline in-depth procedures for either bomb threats or suspicious items and will help you prepare and react appropriately during these events.
Technical Assistance is the access point for bombing prevention suite of training, tools, products, services and resources.
Bombing prevention training is available through multiple platforms: direct delivery in-person in a classroom or in-residence at the Federal Emergency Management Agency’s (FEMA) Center for Domestic Preparedness (CDP), online through a Virtual Instructor-led Training (VILT) platform, and through Independent Study Training (IST).
Bombing prevention products/resources—including cards, posters, checklists, guides, videos, briefings, and applications—provide C-IED  awareness information to prevent, protect against, respond to, and mitigate bombing incidents.
To report suspicious activity, call 9-1-1 or contact local law enforcement.
Please contact your local Protective Security Advisor (PSA) or send an email to the Office for Bombing Prevention (OBP) at OBP@cisa.dhs.gov for additional information about OBP products and programs, or to schedule a training session or a planning workshop.
Informed, alert communities play a critical role in keeping our nation safe. Everyone has a responsibility to protect our nation—”If You See Something, Say SomethingTM.”

source

Image via Freepik
As we celebrate another Cybersecurity Awareness Month, this year’s theme, “See yourself in Cyber,” is especially poignant for an industry that desperately needs to find new and creative ways to establish a sustainable workforce. As of last year, more than 700,000 cybersecurity jobs remained unfilled in the United States, with experts estimating that number will only rise over the next decade. 

What the general population doesn’t understand about cybersecurity, and what I believe this month-long celebration should intend to explore, is that it doesn’t take a computer genius, or even a background in computer science, to embark on a successful career in the industry. Are you an art major who is looking to pivot? An accountant who loves solving puzzles? Or even a construction worker who excels in working in teams? I promise, there is room for you in cybersecurity. As more professionals look to change industries completely and follow their dreams, I want you to know that you’re not alone, and it can actually be done. I know because I did it. 

As a former humanities major and video game developer, I can confidently say that I didn’t always see myself in cyber, especially in the early 2000s, when hacking — and thwarting hackers — was more common in Hollywood than on the nightly news. At that time, I was developing video games for a small studio on September 11, 2001, and the tragedy changed everything for me. I decided I wanted to make a more direct impact on my country and studied the best path to realize that goal. Soon after, I joined the U.S. Army to gain the intelligence experience necessary to serve in the Federal Bureau of Investigation (FBI) as a special agent covering mostly cybercrime, but also a bit of everything from international terrorism to gang interdictions. I even had the opportunity to serve as a SWAT team leader.

In the FBI, I was assigned to investigate cybercrime, that was my initial motivation to develop the technical skills necessary to work in cybersecurity in both the public and private sectors, but I want everyone to understand that there are other ways to enter this industry. Some cybersecurity firms offer internships, and at other non-cybersecurity businesses, you can start on the helpdesk or in a system admin position and make your way across the industry into more security-focused work. Also, tinkering on security projects in a home lab is a great way to set yourself apart from others in an interview cycle. Focused determination and a curious mind can open this field to many who might not otherwise see it as a possibility.

The truth of the matter is that you are already in cybersecurity. If you use a computer to do your job, at home, or at any time, including smartphones, then you are in cybersecurity. We are all part of the security team that secures our businesses, organizations, and our own data. The fact that you must be on the lookout for phishing and other scams at work and home proves this point. You are already performing your cybersecurity role when you screen your calls for fraud attempts and help your grandma avoid sending money to that ubiquitous Nigerian prince. And you are probably pretty good at it too.

Historically, though, career security practitioners have been depicted as people with their heads hovering four inches away from a computer screen 18 hours a day — not very appealing to folks with real passions and pursuits outside of the workplace. But that image couldn’t be further from the truth of what real cybersecurity talent looks like.

As a Chief Information Security Officer (CISO), I look for specific personality traits when hiring for analysts and engineers rather than a perceived interest in technology or networks. Effective cybersecurity talent, regardless of background, will always be curious, gritty and eager to learn more as new threats develop and vulnerabilities are exposed. Having an investigative mind is very helpful. In addition, people who want to understand how things work, or who like to know the answer to a mystery, are good candidates. Even musicians, or folks with an analytical mind that can recognize patterns like they recognize their own family members, stick out to me on a resume or during an interview. 

Though I gained technical cybersecurity experience of my own through self-teaching, training, and working for the FBI, my humanities degree has been invaluable in encouraging me to look at problems at a holistic and systemic level. It has helped me have a greater perspective for the ancillary and downstream effects of cybersecurity attacks and policies. It has also helped me know how to communicate to various levels of leadership within my own organization and to clients, articulating the severity of a situation and the possible remedies that are available for any attack. Without the communication skills to break down cybersecurity jargon into plain English, even the most technically talented analyst will always be at a loss in explaining their value to potential customers.

The point is that it’s high time for the cybersecurity industry to take action to change its reputation as a realm of complexity and secrecy to a fast-paced industry where those with innate curiosity and leadership can thrive. My journey to cybersecurity started 20 years ago with a deep motivation to protect my country, and I have been able to take my career everywhere, from investigative work to incident response to strategic leadership. Over the next 20 years, let’s ensure that every talented individual has the power to do the same.

Adam Marrè is the Chief Information Security Officer at Arctic Wolf. Prior to joining Arctic Wolf, Adam was the Global Head of Information Security Operations and Physical Security at Qualtrics. With deep roots in the cybersecurity space, Adam spent almost 12 years with the FBI, holding positions like SWAT Senior Team Leader and Special Agent. 
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

Sponsored by Monday Properties and written by ARLnow, Startup Monday is a weekly column that highlights Arlington-based startups, founders, and local tech news. Monday Properties is proudly featuring 1515 Wilson Blvd in Rosslyn. 
Arlington-based CyberVista announced it is providing free cybersecurity training through a new partnership with a D.C. area nonprofit.
The cybersecurity workforce development company located in Rosslyn (1300 17th Street N.) is making available two courses to participants in Black Girls Hack. The Alexandria-based nonprofit provides training and resources to encourage Black girls and women to be engaged in STEM fields, with a focus on cybersecurity and executive suites.
“There is a critical shortage of black women in the cybersecurity industry. BlackGirlsHack’s mission is to bridge this gap by creating a source of shared knowledge and resources that can enable black girls and women to break the barriers,” said BlackGirlsHack Founder and Executive Director Tennisha Martin in a written statement.
For CyberVista, the partnership complements its work to support STEM education.
“Our partnership with Black Girls Hack goes hand-in-hand with CyberVista’s goal to close the skills gap in cybersecurity by measuring and upskilling underrepresented groups of talent,” CyberVista CEO Simone Petrella said. “We support organizations that invest in their communities by elevating STEM education that will enable a better and more diverse cybersecurity workforce.”
Its two courses — Cybersecurity Matters and Security Essentials for IT — are aimed at supplementing the training that BGH provides to current members.
Cybersecurity Matters, which is designed for a non-technical audience, provides foundational knowledge of common cyber attacks and defensive techniques. The company says the course “helps learners understand the ‘hows’ and ‘whys’ of cybersecurity, and their role in keeping the organization secure.”
Security Essentials for IT, designed for information technology professionals, addresses cybersecurity threats related to protecting business data and maintaining business systems.
“We are excited to partner with CyberVista, an organization recognized for making inroads to eliminate the skills gap,” Martin said. “The resources they are providing our members will help us open the doors for more black female professionals in cybersecurity for today and tomorrow.”
CyberVista, founded in 2016, is the sister company of the 85-year-old tutoring and training platform Kaplan. It recently merged with Maryland-based CyberWire, an audio-based cyber media company to form N2K Networks, or “news to knowledge” network, the Washington Business Journal reports.
The new cyber media and education brand has raised a $5.4 million round of funding.
The company that owns Kaplan and CyberVista, Graham Holdings, previously owned the Washington Post.
Flickr photo by wocinthechat
Good Tuesday evening, Arlington. Today we published articles that were read a total of 16807 times… so far. 📈 Top stories The following are the most-read articles for today —…
Arlington’s long regional nightmare has ended: the Taco Bell Cantina at 2039 Wilson Blvd will open at last next week. A company spokesperson confirmed to ARLnow today that the restaurant…
With the Amazon HQ2 development pause Ask Eli discusses the possibility of a condo price drop.
Firefighters are currently battling heavy fire at a house in the Bluemont neighborhood.
Art House 7 is thrilled to announce that the award-winning artist, Teresa Oaxaca, will be returning this Spring to host some amazing weekend workshops! We invite you to join us for two fantastic opportunities to learn from this popular master artist.
Our first workshop, “Drawing the Portrait in Charcoal,” will take place on March 11 and 12. During the class, Teresa will guide students through her approach to drawing the human portrait in charcoal while helping them create their own charcoal portraits of models.
Our second workshop, “Painting the Dutch Tulip from Life,” will be held on April 22 and 23. This two-day class will feature a live demonstration by Teresa as she selects, composes, and paints a beautiful flower. As she works, she will narrate the steps and process, allowing students to follow along and learn the art techniques to create their own stunning paintings of the provided selection of fresh tulips.
Please note that both classes require supplies, which can be found on the workshop registration listings here. If you need art materials, we’ve got you covered at the Art House 7 Store. We sell a broad range of art supplies for all mediums at competitive prices, so you can get everything you need in one convenient location.
Read More
Submit your own Announcement here.
What happens after the Tortoise beats the Hare in the race? Join Encore Stage & Studio on March 3-12 for a new spin on the classic story in its world premiere of What Makes a Winner written by Lynne Childress. When Terri the Turtle and Ray the Rabbit become co-captains on a new racing team, Ray comes to find that he’s got a lot to learn about the true meaning of friendship. This unlikely duo meet all kinds of woodland creatures in their journey to make the perfect team. Together they learn that the most rewarding medals are the friends you make along the way.
“It’s a story full of heart and kindness and the answer to what really makes someone a winner,” says playwright Lynne Childress. Lynne Childress is a playwright, founder and artistic director of Building Better People Productions, a professional theater company based in Annapolis, MD, that focuses on shows for young audiences all based in themes of kindness, respect and the things that make us all better people.
Performances are held at Thomas Jefferson Community Theatre (125 S. Old Glebe Rd. Arlington, VA 22204). Tickets are on sale now at www.encorestage.org. Tickets are $12-$15.
“Theatre by Kids, for Kids!” Founded in 1967, Encore Stage & Studio inspires young people to develop the creativity, empathy and confidence they need to create meaningful connections with peers and have a positive impact in their communities. Encore believes that an artistic community is enhanced through diversity.
Submit your own Announcement here.
Kevin Bartini, Headliner
Kevin Bartini is a nationally touring comedian, writer and occasional TV and radio personality. He has made numerous appearances on ABC’s hidden camera show What Would You Do? Kevin can currently be seen in the recurring role
Join Cody Chance and Dick Nathan of Long & Foster on Thursday, March 9 at 5:30 for a free Zoom workshop that will help you to dispose of your extra possessions and design a written plan for your next move.

source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

The fake phishing email is losing its luster.
Awareness training plays an important role in an organization’s overall cybersecurity posture. But while security tools and platforms are regularly updated or replaced to meet the challenges of a constantly changing threat landscape, security awareness training has remained stagnant. 
Training is the first, and often the only, interaction with the security team, said Marisa Fagan, head of trust culture and training at Atlassian. It’s an opportunity for the security team to create a positive experience that delights as well as educates employees, which could have big payoffs later with faster incident resolution and fewer mistakes with security impacts.
That’s in a perfect world. In the actual workplace, security awareness training isn’t meeting those objectives. 
At the Insider Risk Summit in late September, Fagan explained that traditional awareness training does not focus on outcomes, it’s not interesting or engaging, and worst of all, it doesn’t convince anyone to actually care about security. 
It isn’t surprising that traditional cybersecurity training approaches aren’t working. 
“When you look at the data over the past five to 10 years, the approaches haven’t moved the needle in materially reducing organization risks,” said Mary Dziorny, cyber strategy manager at Accenture.
Security awareness training has stagnated, in part, because it is a financially undervalued — and underfunded — piece of the cybersecurity platform. 
Security awareness training professionals end up spending most of their work time on other projects, according to a study from the SANS Institute. Or they have the wrong people in charge of awareness training, relying on those with high technical skills to lead the effort who might not have the soft skills needed to engage co-workers.
Also, there aren’t enough people on the awareness training team. Most companies have one or fewer people in charge of training programs. The organizations that have more mature training programs and a more mature security posture are those that have four or more people responsible for awareness training. 
Not having enough — or the right people — to do the job could be why security awareness training itself misses the mark. 
“Fundamentally, the industry is struggling to connect the realities of adult learning best practices with how organizations need to run their businesses, which is efficient and effective,” said Dziorny.
Security training today tends to emphasize specific focus areas, like how to ensure the organization is meeting compliance regulations or to improve employee production, but it skips things like employee engagement or improving employee job satisfaction. 
“Through more hands-on learning and upskilling, rather than outmoded table-topping exercises, security teams can see how their organization performs on relevant and timely exercises and simulations — even within hours of a new threat going live — so they can prove their ability and stay current,” said Max Vetter, VP of content at Immersive Labs.
As cyberattacks become more sophisticated, employees need to take a more active role as the first line of defense. That means more effective cybersecurity awareness training, while working through the parameters of current budgets and staffing. 
It should focus on making the training more engaging and looking at how to change human behavior.
One change to awareness training is to either get rid of or deemphasize the term awareness. 
There’s a simplistic take that just by saying “awareness training,” users will automatically become aware of all the security issues and problems solved. 
It doesn’t work that way, said Ira Winkler, field CISO and VP with CYE. 
Rather than focus on awareness, the emphasis should be on how to change behavior. With behavioral science, you want to put things in place like reward systems, modifications to the user experience, or more established guidelines. 
“The goal is to have measurable improvement in security-related behaviors, and that’s very different from the concept of awareness,” said Winkler. 
One way to achieve this is to actually catch users performing good security behaviors and reward them, rather than looking for mistakes and punishing them. This could include highlighting when employees take security training classes, report a phishing email, or regularly use multifactor authentication. 
You might reward these behaviors in different ways — the point is to have a constant system to do so.
Another behavioral training method is to use storytelling. 
“Not only is storytelling a proven educational method rooted in behavioral science, it has the added feature of being entertaining as well,” said Fagan. 
Educating and entertaining should work in tandem to cement security-related concepts in employees’ minds. Security should become a habit, but to get to that point, training should follow the pop culture format. 
“The most successful security training content creators are now providing rich, engaging HD videos that tell stories with characters over several episodes with interactive elements,” said Fagan.
Like popular TV shows or NFL games, security training videos should aim to generate “water cooler” discussions around the office to reinforce the messaging. 
“Using this method, we’ve seen a second wave of people view the training in greater numbers than in previous years simply because they wanted to understand what the first people to take the training were talking about,” said Fagan. 
Cybersecurity is a distributed business problem, and it is time to move beyond the annual “how to spot a phishing email” style of training, and do more to support users to incorporate cybersecurity into their everyday work behaviors. 
“We need to use realistic exercises that span from executives down to the most technical teams to unlock new levels of real-world performance measurement,” said Vetter.
Correction: This article has been updated to correct the spelling of Marisa Fagan’s name.
 
Get the free daily newsletter read by industry experts
Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell.
Rates continue to soar, but Marsh research shows the pace of increases is slowing. 
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell.
Rates continue to soar, but Marsh research shows the pace of increases is slowing. 
The free newsletter covering the top industry headlines

source

Cyber security in Europe is big business. Globally, the market size was valued at $184.93 billion in 2021, and it is expected to expand at a compound annual growth rate of 12% to 2030. The European slice of the pie accounted for nearly €34 billion in 2021, an 8% increase that year, with an expectation that this growth will continue. 
By 2025, spending on security equipment, software and services in Europe will exceed €45 billion. Right now, cybersecurity represents about 3% of the overall IT market – and it is growing three times faster than the rest of the sector thanks to a range of factors. 
Some of those are down to the pace of digital transformation of businesses brought on by the pandemic. And as more of us move our shopping and banking habits online, the need to protect our data becomes ever more important. Additionally, according to an EU report, 28% of European SMEs experienced at least one type of cybercrime in 2021, and 32% are very concerned about the risk of hacking online bank accounts, as well as viruses and spyware or malware (29%).
As a result, those with cybersecurity skills are in demand across Europe, and the job market here – as well as globally – has grown rapidly. According to the latest research by ISC, this year an estimated 1.8 million jobs in the sector will go unfilled. The bloc boasts many locations that offer talented tech workers a number of attractive benefits, including good career prospects within the cybersecurity arena, work-life balance, and great pay. We’re checking out three of them below.
The internet economy in the Netherlands is hugely important, contributing around 6% to the country’s GDP, and the Amsterdam region houses nearly a third of Europe’s data centres. Additionally, Amsterdam has one of the world’s largest data-transport hubs, AMS-IX, and many large tech companies have chosen to base their European operations in the country. 
All these factors mean that the problems of cybercrime, digital espionage, and disruption of online services are major concerns leading to the availability of well-paid jobs in the cybersecurity sector.
It is also a great place to live. Centrally located in Europe, Amsterdam is a beautiful city that offers a great quality of life and excellent educational opportunities thanks to its universities which offer undergraduate and postgraduate programs that can help you train for jobs in the field. 
Group-IB is recruiting for a Cyber Threat Intelligence Analyst in the city. One of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property, in this role you will track phishing kits, track infrastructure of threat actors, automate research and write technical articles, plus share knowledge via blogs, news, and events. 
The capital city of Ireland, Dublin is the EMEA base for a wide variety of Silicon Valley firms that include Google, Indeed, Airbnb, and Guidewire among many others, leading to its moniker of Silicon Docks. As a result, there are many companies looking to hire across cybersecurity roles.
The country has a strong economy, but an equally high cost of living. Tech salaries are competitive to compensate, but many workers relocating here find it difficult to find accommodation. On a positive note, Dublin is very liveable—with its small centre, it is walkable and enjoys close proximity to the sea and the great outdoors.
Interested in working in Ireland? This Azure Platform Administrator at Johnson Controls Proactive involves administration and support of the company’s Azure Data Lake Platform including admin, incident management and troubleshooting. You’ll be the point of contact for Azure PaaS services including Data Factory, ADLS, Databricks, Synapse, and DevOps. Required skills include Azure Data Factory, Azure Data Lake Store, HDInsight, Azure Synapse Analytics, Azure SQL and Security Management with Ranger policies.
While it isn’t as cheap as it once was, and rents can be pricey, Berlin is a great place to live and work, especially if you’re young. The city is now a leading startup centre within Europe and in 2021, 273 Berlin-based startups and tech companies attracted a record €14.3 billion in buyout, growth, and early-stage funding, accounting for 26.6% of the deal volume in Germany according to Unquote data.
Germany has some of the strongest data privacy laws in Europe, making it ideal for working with sensitive information – and for jobs in this area. Salary potential is high: Graduates can earn up to €100,000 per year.
If you’re interested in working in the city, Mercedes-Benz Tech Innovation has an opening for a Cyber Security Consultant. You will carry out cybersecurity assessments based on the ISO 2700x series of standards, advise customers on regulatory, procedural, organisational and technical issues in the area of ​​information security and you’ll identify fields of action, assess risks, prioritise and coordinate measures to eliminate weak points and coordinate their implementation.
If you’re interested in exploring career opportunities in cybersecurity, check out the Tech.EU Job Board today
Would you like to write the first comment?

source

HUB Cyber Security Ltd, a Developer of Confidential Computing Cybersecurity Solutions and Services, Successfully Closes Its Business Combination with Mount Rainier Acquisition Corp.  Yahoo Finance
source

When it comes to job demand, it’s hard to beat the field of cybersecurity. By 2025 there will be an estimated 3.5 million unfilled cybersecurity jobs across the globe, according to Cybersecurity Ventures, a researcher and publisher that covers the international cyber economy. And that follows a 350% growth in the number of open cybersecurity jobs between 2013 and 2021.
As practically all elements of work, life and everything in between now have a digital component, the need to secure our information from cybersecurity threats has only grown. With that growth, master’s degree programs in cybersecurity have also flourished.
“The job market’s insane for cybersecurity,” says Mary McHale, a career advisor for the master’s of information and cybersecurity program (MICS) at the University of California—Berkeley. The university landed the No. 1 spot on Fortune’s first-ever ranking of the best online master’s degree programs in cybersecurity. “When you look at the opportunity and demand, it’s tremendous.”
Whether contending with cyber criminals who wish to turn a profit from stealing information or challenging nation-states that wish to do us harm, cybersecurity professionals are in an interesting and ever-evolving field. And UC Berkeley grads are landing jobs with salaries of more than $200,000. Here’s what you need to know
In June, Lakshmi Hanspal, the global chief security officer for Amazon devices and services, was the keynote speaker for Berkeley’s MICS immersion program. In her address, Hanspal said that Amazon had more than 600 unfilled cybersecurity jobs.
That’s a high number, particularly given Amazon’s deep pockets. “They’re saying the demand is just going increasingly higher,” says McHale of UC Berkeley. “Once we help [students] get visibility in the job market, the amount of attention they’re getting is tremendous.”
Many master’s degree candidates in cybersecurity programs take part in summer internships with companies before graduating.
“Most come back with an offer of full-time employment when they finish,” says Mustaque Ahamad, a professor in the School of Cybersecurity and Privacy at Georgia Tech. “You have a job lined up, absolutely.”
While a master’s degree in cybersecurity or a related subject like computer science isn’t required to work in cybersecurity, it goes a long way to inform graduates on the latest trends and happenings in the field.
“A master’s degree is going to prepare you for the highest skill, top-level careers,” Ahamad says. “A master’s degree is essentially going to make a specialist in cybersecurity.”
If you have a master’s in cybersecurity, it’s fairly common to earn a six-figure salary immediately after graduation. “It’s a profession that will pay you well,” says Ahamad. “The vast majority of [graduates] head out to the Microsofts and the Googles and the Ciscos and the Intels.”
According to a UC Berkeley salary survey of alumni, graduates with a master’s degree in cybersecurity make an average salary of $214,000, not including bonuses; the median salary is $200,000. Some graduates who are now executives, such as chief information security officers (CISOs), chief information officers (CIOs), and chief technology officers (CTOs) make more than $300,000.
“The CISO roles are going to be more over the $250,000, $300,000 [salary mark], closer to $400,000, depending on the company and the size of the organization,” McHale says.
The median pay for computer programmers, who write, test and modify code and scripts so that applications and computers can work properly, was $93,000 in 2021, according to the U.S. Bureau of Labor Statistics. Information security analysts, who plan and carry out security measures to protect the computer networks and systems of an organization, had a median pay of $102,600. Computer network architects, who design and build data communication networks, such as Intranets, wide area networks (WANs), and local area networks (LANs), had a median income of $120,520 in 2021.
Though graduates who go to work for the government generally make less money, the knowledge gained from becoming familiar with government systems that need to be secured can pay off if they eventually work for a major defense contractor.
“The experience is golden,” Ahamad says. “They’re dealing with sophisticated nation-state threats, so [with] the systems and the applications and the high level of security that’s needed, once they have that experience, that really makes them first-class at cybersecurity.”
McHale says that while some cybersecurity master’s graduates from Berkeley head to the public sector, most take new jobs in the private sector.
“People with this professional master’s degree are now open to a path of incredible career opportunities,” McHale says. “There is an ability to apply those skills in any industry, or around the globe, because they can take that core skill and apply it to something they’re very passionate about.”
See how the schools you’re considering fared in Fortune’s rankings of the best master’s in computer science programs, psychology programs, public health programs, business analytics programs, data science programs, and part-time, executive, full-time, and online MBA programs.

source

Every security framework recommends that an organization has a cybersecurity training program for all employees, but few give much guidance about what the program should contain.  What do you train them on?  What actually works?  Other than checking a box on the compliance forms, are these programs useful?
Don’t discount “checking the box” on your compliance program as a motivator for your teammates.  For some team members, just knowing that if they take this training, your company can be in compliance, and that it will impact the future growth and success of the business, will be encouragement enough.
Primarily, you want your people to be aware of potential security problems and how your company wants them to deal with those situations. You want this knowledge to stick and your teammates to take action. Having everyone attuned to the organization’s security approach will reduce issues, and give you a baseline for improving or changing the security culture.
The company currently has a security culture, but is it the culture you want to have?  It is important to know where you are starting, and to know if the end goal is merely achieving compliance, learning to recognize a phishing scam, or a much higher ideal.
Children’s brains are made to absorb knowledge, taking in as much information they encounter. The science devoted to understanding how adults learn differently is called andragogy. One principle of the adult learning style is that adults must want to learn and will learn only what they feel they need to learn.  They learn by doing and often their learning focuses on problem solving rather than sequentially. Adult learning is influenced by: their personal experience; the setting (such as an informal situation, and the need to be an equal partner in the process; and, of course, the overall enjoyment of the learning process. If we want the knowledge to stick, the training program should take these factors into account.
How do you increase an adult’s desire to learn?  Know that your group will have a variety of motivations, and appeal to them all.  Some may enjoy the break from their normal work to think about something new.  Many will want to know how this training will help them solve a problem.  Communicating about the training at different levels may help increase engagement at all levels.
There is a benefit to doing a single annual training – also known as “one and done” – but most of that benefit is on the program coordination side rather than on the student side.  It’s certainly easier to plan and track for compliance reporting, and if this satisfies the minimum standard, this method is certainly available. However, it’s pretty easy for the learners to grumble through a long session to get their certificate and then not think about security again for the rest of the year, and new hires may miss out on this opportunity to learn the new security culture by months. 
Another option is to use much smaller training modules, either monthly, or quarterly.  This allows the training to be more approachable – it’s a 15-minute task, rather than hours – and it happens regularly and pretty painlessly.  It also makes security something the team thinks about all year long, rather than as a session they complete and then forget.  However, tracking this for compliance purposes does take some thought or additional automation tools.
In addition to training videos or modules with quizzes, the training topics will be retained longer if the team member is exposed to it a second or third time.  For example, your training video may focus on the topic of malware.  Later that month, you may email around a link to an article on a competitor who was a malware victim, and what it cost to recover in time and money.  Then, in a company meeting, a manager may bring up malware as a concern.  Reiterating the topic not only gives it time to sink in, but it also presents the data in different ways, which increases the awareness of the topic.
The training should always be relevant to the audience. There are topics that may need to be repeated annually for all staff members. Password security and phishing are in perennial need – and there are some topics that may only be applicable to certain groups – CEO fraud is of interest to all financial staff, and Software Bill Of Materials (SBOM) security can be critical to developers.  As part of your structure, you may also reserve a slot in the year for targeted training for issue pertinent to subgroups of teammates.
Consider potential topics for a general audience, as well as topics specific to your industry.  Try not to use the same exact training modules year after year, as the team will become bored.  Mix it up! Here are some ideas:
To increase engagement, you may be able to gather a cross functional team to review and select the training modules – an individual learner may not have selected the training, but it’s coming from their peers rather than some faceless corporate email.  That team can also be used to assemble newsletters or be cybersecurity cheerleaders in their departments.
There are many companies that offer computer based training, often as short videos and quizzes.  They also give the ability to keep records about who took which training class, or automatically remind them (or their managers) what’s due.  It is important to review these modules to confirm they meet your organizational demographics and goals. For instance, while your global company may transact business in a primary language, selecting training modules are multilingual allows you to give teammates the ability to review them in their most comfortable language. If you have specific password complexity requirements, don’t use a module that contradicts your company’s needs.
There are also other means of training or reinforcement:
You can find free videos on the internet, and show them in team meetings, with some questions to prompt discussion.
After the employee completes the assigned training, there are several ways to provide feedback, which can snowball into future eagerness for cybersecurity training:
There are a lot of good ways to develop a training program, and what works is going to depend on your industry, your culture, and what you can invest into it.  Each program should acknowledge its reachable goal and design, it’s structure around the goal, aiming towards incorporating adult learning principles. 
While training can be delivered without a specialized integrated tool, they certainly make distributing and tracking easier.

source