Author: rescue@crimefire.in

Big technology companies are laying off staff as market conditions change.
The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years.
As noted by Stanford Graduate School of Business Professor Jeffrey Pfeffer, part of this push to cut positions stems from a bursting bubble of business valuations. Pfeffer makes it clear, however, that in many cases, the cause here is imitative behavior. When one company starts laying off staff, others follow in what he calls a “social contagion”.
Regardless of the underlying reason, many skilled IT professionals now find themselves out of a job. But it’s not all digital doom and gloom. There’s one tech sector that’s still struggling to find talented staff: Cybersecurity.
Here’s why making the move to infosec may be a smart career move for former big tech staff.
According to data from Cyber Seek, more than a million IT professionals are currently part of the cybersecurity workforce. This number has been steadily growing over the past few years. Despite the uptick, however, there are still more than 750,000 open cybersecurity positions across the country. In states such as Florida, Texas and California, there are anywhere between 25,000 and 83,000 job openings available.
The reason for this growing gap is simple: Cybersecurity threats are on the rise, and there aren’t enough skilled professionals to meet increasing demand. From the ongoing risks of ransomware to emerging attack vectors created by work-from-home policies and the adoption of anywhere, anytime resource access, companies now face a myriad of old and new threats that can quickly derail business operations.
For IT professionals recently laid off from big tech jobs, the move to cybersecurity can feel like a strange shift. Consider a software engineer or application developer out of a job and looking for new opportunities. They may bypass infosec openings simply because they’re not sure security would be a good fit.
They’re not wrong. While cybersecurity is on the same spectrum as other IT opportunities, it comes with a different approach. Conflict rather than consistency is at the heart of these protective positions. Despite its significant departure from other roles, it offers a unique opportunity for growth.
Put simply? Having an adversary fuels innovation. Instead of working on projects with a consistent path between point A and point B, cybersecurity staff must be ready to respond at a moment’s notice. Even as they’re busy implementing strategies and solutions to detect attackers earlier and mitigate malware impacts, they’re also the first line of defense against attacks in progress.
As a result, these roles aren’t for everyone but offer a compelling career choice for those looking to challenge themselves.
Cybersecurity-specific certifications and training can help staff stand out to recruiters and make the transition to new roles easier. But existing qualifications also play a role in helping IT professionals make the transition.
Consider a software engineer with two decades worth of experience who was recently laid off from their job. While their skill in coding, testing and revision may not seem immediately applicable to cybersecurity, they bring a unique set of benefits to the table.
Take the common example of a ransomware attack. Cybersecurity teams prepare for these attacks using a combination of threat intelligence solutions and incident detection tools that help shorten the time between attack and discovery. Over time, however, attackers learn — and grow. The existence of Ransomware-as-a-Service (RaaS) marketplaces showcases the commitment of malicious actors to collaborate when it benefits their ability to break down business defenses.
In practice, this means that existing controls may slowly begin to fail as attackers enhance their approach. Our laid-off software engineer, however, can compile new code in-house to boost existing solutions and frustrate attacker efforts.
Of course, it’s one thing to consider a move to cybersecurity. It’s another to take the plunge and start putting out applications.
One way to help streamline the shift is with certification-based training. Consider that of the more than one million currently employed cybersecurity professionals, 213,000 hold the CompTIA Security+ certification, and 94,000 have completed the Certified Information Systems Security Professional (CISSP) course. What’s more, 140,000 of the currently unfilled security positions are asking for CISSP, while 100,000 want CompTIA Security+ completion.
Not only do courses such as Security+ offer a great introduction to cybersecurity processes and priorities, but they also pave the way for advancement within new organizations. What’s more, many of these certification options are now available as online, self-paced courses that let IT professionals decide how and when they learn best.
Another option for laid-off tech staff is applying for positions that include paid training to get them up to speed. A quick query of the job search site Simply Hired turns up more than 600 positions that don’t require previous cybersecurity experience and provide paid training.
Undoubtedly layoffs will stabilize and IT hiring will eventually begin again in earnest. However, this is cold comfort for technology professionals who find themselves facing the unpleasant reality of possible unemployment.
As one digital door closes, however, another opens. And strangely enough, it’s one that sees technology experts finding ways to keep network doors shut tight against potential attackers. Although the move to cybersecurity isn’t for everyone, the skills acquired in previous positions combined with the compelling task of adapting to an adversary’s movements make this lateral shift a great way for IT pros to capitalize on current strengths and build new skill sets that set them up for ongoing career stability.
4 min read – As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting…
9 min read – James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks…
3 min read – You’re likely familiar with the names of common malware strains such as MOUSEISLAND, Agent Tesla and TrickBot. But do you know how new malware threats get their names? As a cybersecurity writer, I quickly add new strains to my vocabulary.…
IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…
The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job. Today’s modern CISO must ensure they are always prepared for the next big trend and remain ahead of adversaries. As we begin to navigate 2023, the security landscape has transformed from a year ago, let alone a decade ago. The Russian invasion of Ukraine, emerging technologies like Web3 and AI, and…
As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen. Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper…
As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization’s defenses against cyberattacks. However, while many organizations don’t question the value of a CISO, there should be more debate over who this important role…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

source

Don’t miss out on ET Prime stories! Get your daily dose of business updates on WhatsApp. click here!
The Indian capital market regulator has asked local hedge funds to declare their futures and option (F&O) trades and the underlying stocks on which such equity derivative positions were built.
The Adani Group will seek to refinance about $1.2 billion worth of foreign-currency bonds ahead of maturity and prune discretionary capital expenditure, key finance executives at the conglomerate told investors during a conference call late Thursday. Further, the group will prepay all loans against shares over the next few weeks.
Poland is going beyond just being a transit state for transfer of Pakistani arms to Ukraine, with a Polish entity signing a memorandum of understanding (MoU) with a Pakistani company for supply of defence equipment to Kyiv.
Download The Economic Times News App to get Daily Market Updates & Live Business News.
ETPrime stories of the day
Interest rates are rising, so are rental yields. Is it the right time to invest in property?
3 insights to kick-start your day, featuring Swiggy’s “poor judgement”
Stock Radar: Technical charts suggest HDFC Bank is likely to hit fresh record highs in next 3-6 months; time to buy?
Trending Now
Popular Categories
Hot on Web
In Case you missed it
Top Calculators
Top Searched Companies
Top Definitions
Top Commodities
Top Prime Articles
Top Story Listing
Top Slideshow
Top Trending Topics
Top Videos
Private Companies
Popular Articles
Most Searched Articles
Trending Articles
Follow us on:
Find this comment offensive?
Choose your reason below and click on the Report button. This will alert our moderators to take action
Reason for reporting:
Your Reason has been Reported to the admin.
Log In/Connect with:
Will be displayed
Will not be displayed
Will be displayed
Stories you might be interested in

source

While the AI-powered chatbot has been shown to make life easier for hackers, ChatGPT ‘helps reduce the barrier to entry with getting into the defensive side as well,’ Accenture’s cyber resilience lead tells CRN.
Even as a growing number of researchers find that OpenAI’s ChatGPT could be a powerful ally to hackers, the tool may also have the potential to transform the work of security operations teams.
Researchers at Accenture Security have been trying out ChatGPT’s capabilities for automating some of the work involved in cyber defense, and the initial findings around using the AI-powered chatbot in this way are promising, according to Accenture’s global lead for cyber resilience services, Robert Boyce.
After taking in data from a security operations platform, ChatGPT has shown the ability to “actually create for us a really nice summary — almost like an analyst’s report — of what you would expect a human analyst to do as they’re reviewing it,” Boyce told CRN.
[Related: ChatGPT Malware Shows It’s Time To Get ‘More Serious’ About Security]
These potential applications of ChatGPT for cyber defense deserve attention to round out the picture amid the numerous research reports suggesting that the tool can be misused to enable cyberattacks, he said.
On Thursday, researchers from threat intelligence firm Recorded Future became the latest to share findings that suggest ChatGPT can in fact assist cybercriminals with writing better phishing emails and developing malware. “ChatGPT lowers the barrier to entry for threat actors with limited programming abilities or technical skills,” the Recorded Future researchers said in the report.
But it’s not just the malicious actors who can use ChatGPT as a research and writing assistant, as it’s clear that the tool “helps reduce the barrier to entry with getting into the defensive side as well,” said Boyce, who is also a managing director at Accenture Security in addition to heading its cyber resilience services.
Typically, after an analyst gets an alert about a potential security incident, they start pulling other data sources to be able to “tell a story” and make a decision on whether they think it’s a real attack or not, he said.
That often entails a lot of manual work, or requires using a SOAR (security orchestration, automation and response) tool to be able to pull it together automatically, Boyce said. (Many organizations find SOAR tools to be difficult, however, since they require additional specialized engineers and the introduction of new rules for the security operations center, he noted.)
On the other hand, the research at Accenture suggests that taking the data outputs from a security information and event management (SIEM) tool and putting it through ChatGPT can quickly yield a useful “story” about a security incident. Using ChatGPT to create that narrative from the data, Boyce said, “is really giving you a clear picture faster than an analyst would by having to gather the same information.”
He cautioned that the researchers haven’t done extensive testing on this application so far. And “you would have to do more work to make it really, really meaningful,” Boyce said.
But the potential is there. For years, the security operations space “has been stagnant in a lot of ways because of the immense amount of information coming at an analyst, and because of the enrichment that has to happen before they can make good decisions,” he said. “It’s always been overwhelming. It’s information overload.”
And while many cybersecurity professionals are overburdened, there also aren’t nearly enough of them, as the massive shortage of skilled security pros continues.
ChatGPT, however, holds the promise of automating some of work of overwhelmed security teams while also helping to “erase some of the noise from the signal,” Boyce said. “This helps us be able to maybe get to the signal faster, which is an exciting prospect.”
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at kalspach@thechannelcompany.com.

source

With the number of cyberattacks rising and a widening gap in the cybersecurity talent pool, companies are taking a harder look at resources needed to combat a growing workforce issue. In the U.S. alone, there are more than 700,000 unfilled cybersecurity positions. Globally, there are 3.5 million cybersecurity jobs left to be filled, according to Cybersecurity Ventures.
While some higher-level cybersecurity positions require advanced certifications, many entry-level positions can be filled by people who have less training. This could include upskilling courses, self-training, or learning on the job. While four-year degrees or master’s degrees aren’t always required to land a cybersecurity job, some companies and organizations are working to develop workforce training with community colleges and other educational institutions to prepare the future cyber workforce. 
“There’s a career in cybersecurity for everyone because it truly is the foundation of our digital world,” Vasu Jakkal, corporate vice president of Microsoft Security tells Fortune. 
Microsoft Security, the $15 billion cybersecurity arm of the Fortune 500 tech giant, in 2021 launched a national campaign with U.S. community colleges to help skill and recruit 250,000 students into the cybersecurity workforce by 2025. Girl Security, a nonprofit focused on cybersecurity workforce development for women and other minority communities, provides programming with the goal to achieve equity in the national security sector. Globally, about 25% of women hold cybersecurity jobs, according to Cybersecurity Ventures.
Fortune had a roundtable discussion with Jakkal and Girl Security Founder Lauren Buitta to learn more about efforts to combat the cybersecurity workforce gap and how to address it.
Fortune: What are the biggest challenges associated with the cybersecurity workforce gap?
Buitta: It’s important for folks to understand that cybersecurity as we now know it is a relatively nascent professional field. If you think about law or medicine, those are professional sectors that have taken over a century to develop. One primary challenge is that the workforce is trying to get up-to-speed with the skills that it knows we need to remain competitive in a global economy. 
Jakkal: Cybersecurity is this nascent field, but it’s growing exponentially just given the way the world works today. We saw that during the pandemic businesses and homes had to become digital, and that created this expanding attack surface that can easily get exploited. We’ve seen cybersecurity being top of mind for all organizations and cyber attacks happening to everyone. You have this perfect storm that’s happening—perfect storm of opportunity, as well—where there’s a talent shortage. That it opens incredible possibilities for women and minorities who may not necessarily feel it’s a field for them today.
How can the U.S. start to get ahead of the cybersecurity workforce gap?
Buitta: Basic cybersecurity awareness can start in the home and it can start as early as childhood. This includes normalizing a discussion around digital security, trust, and safety. Leveraging resources to activate public education in the home and community is very important. If we look at STEM studies and just what we’ve seen in terms of women’s representation in STEM, there’s a lot of important lessons to learn. We need to be getting to diverse populations sooner, which is why our partnership focuses on that important bridge-way between high school to college, where there really is a lack of continuous opportunity. It’s important to not just give access to education, but also hands-on learning. 
Jakkal: Today, 71% of women believe that cybersecurity is too complex of a career for them. More than 25% of all grownups believe that parents are more likely to steer their sons into cybersecurity than their daughters. These myths need to change. For cybersecurity to be a career for everyone, we need to start with myth busting and role modeling. 
We launched an initiative where we’ve committed to train 250,000 people partnering with community community colleges by 2025. In the corporate world, we need to make sure we have diverse slates when hiring and that we are very intentional. It’s going to take the entire village, from parents to school teachers to hiring managers to colleagues and peers to organizations, to elevate women and minorities into cybersecurity.
Are non-technical skills valued in the cybersecurity industry?
Buitta: Girl Security has always valued what we call enduring skill sets. We engage with girls and gender minorities in our program by asking them what ideas about work, school, responsibility, or jobs they were raised with. Oftentimes when girls come to the table, they say things like, “my parents always told me to tell the truth,” or “hard work is important,” or “working with classmates is important.” Cybersecurity requires collaboration, ethical decision making, and thinking innovation. We really focus on some of those core skill sets that we know are going to be extremely valuable in a changing environment.
Jakkal: One of the things we need to change is how we talk about cybersecurity. For a long time, cybersecurity has been very technical. It’s been very fear-based and really dark. We need to tell stories of inspiration and hope, because that’s what cybersecurity is about. It’s about innovation.
There’s a career in cybersecurity for everyone. Security is for all. Whether you are a neuroscientist, whether you’re a psychologist, you need that, whether you have studied the law, you need that, whether you’re an engineer, you need that, whether you tell great stories, you need that. There’s a career in cybersecurity for everyone because it truly is the foundation of our digital world. 
Candidates sometimes get discouraged because companies are looking to hire only the cyber elite. What do you have to say about that?
Buitta: There’s no question that those perceptions are impediments, certainly around the certifications and the associated costs with certifications. The positive is that these conversations are yielding really innovative models to equip the workforce sooner with the cyber skillset that they’ll need while thinking about ways to minimize the cost of populations. But we have a long way to go. At Girl Security, we provide stipended training that is also virtual, so it’s accessible from anywhere. 
Just like Microsoft, we’re focused a lot on community colleges: saving cost upfront, making the field as accessible as possible, and then creating a continuum into pathways. We have to have that pipeline in place that is low-cost, accessible, and yields a job for someone who needs a job. There’s plenty of jobs available, it’s just a matter of finding people, making the message accessible and providing them that direct pipeline into an opportunity at a company like Microsoft Security.
What training is really valuable for starting a career in cybersecurity?
Jakkal: When there’s an abundance of opportunities, there are many ways of getting into that opportunity. We do have an incredible talent shortage. Going back to a myth buster, 37% of the people that we surveyed said that they thought a college degree was necessary to be in security. It’s not true. You don’t need a college degree. Many security jobs don’t require a four-year college degree. You can qualify by getting a certificate, an associate degree from a community college. Hence, why we are working with community colleges. There’s also a lot of resources for free because it can be daunting.
The cost itself can be daunting, but there’s a lot of resources. Microsoft has a massive content repository that we have made available. We have made certifications. These are available to anyone who wants to take them, and there are ways you can train yourself and get into cybersecurity. We have this abundance of opportunity, which creates new ways of getting in, and we need to educate people about all these facets about how they can get in.
What other advice do you have for someone trying to break into cybersecurity?
Buitta: For anyone who is interested in the cybersecurity field, especially a young person, it’s understanding that the field needs them. Wherever they see a place for themselves, there is a potential career pathway for them. There are organizations and companies committed to see them thrive in this environment. There are a lot of resources out there. There is a lot of support out there. The workforce really needs that diverse community.
Jakkal: There are lots of jobs in cybersecurity. There is a job for everyone. You need to have the passion for it, you need to understand it. That’s on us to simplify cybersecurity and to explain it. My call to action would be for all our youth, for all our girls in diverse populations, to really believe that there’s something in cybersecurity for them. It’s our responsibility to create those opportunities for them. 
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.

source

kras99 – stock.adobe.com
Vendors will engage in buzzword bingo at upcoming cybersecurity conferences and elsewhere throughout the year. Security professionals need to define these terms based on existing defenses, requirements and resources.
According to the “2023 Technology Spending Intentions Survey” conducted by TechTarget’s Enterprise Strategy Group (ESG), 65% of organizations will increase cybersecurity spending in 2023. This is due to the following undisputed facts:
CISOs will be a bit cautious due to economic uncertainty, postponing large projects in favor of tactical adjustments and maximizing the efficacy of existing tools. Nevertheless, organizations will be in the market for technologies that help them fill gaps or address emerging threats and challenges.
Given plans for tepid but consistent investments in 2023, I anticipate a lot of creative marketing from cybersecurity vendors. Here are some of the cybersecurity terms we’ll hear a lot at RSA Conference, Black Hat and Infosec Europe and strewn through vendor and analyst publications. Most are not new, and they will all become buzzwords.
NIST defines cyber resilience as “the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources.”
This covers the whole cybersecurity enchilada — threat modeling, a cyberthreat intelligence program, defense in depth, fault tolerance, network segmentation, incident response, backup and recovery, etc.
In other words, cyber resilience is a full lifecycle process, including planning, preparation, workflows and a collective effort across multiple products. Based on this, no one product can deliver cyber resilience, but promotional wordsmiths will still embrace this term in their marketing messages. When confronted with this pitch, security professionals should push vendors on where their products fit in cyber-resilience lifecycle processes, how they complement other products and how security teams should measure their performance.
Imagine if numerous organizations within a single industry pooled their resources to establish a common fusion center — for example, threat intelligence analysis, security operations or incident response. This collaboration could be a rising tide that floats all boats, educating security teams while making them more proactive and productive. OmniSOC is a good example of collective defense. It supports multiple universities — including Clemson, Indiana University, Northwestern University and Rutgers — as well as a number of National Science Foundation facilities. Vendors such as CrowdStrike, Palo Alto Networks, Splunk and Trend Micro can act as collective defense hubs, analyzing threats at one customer to then distribute threat intelligence, detections and blocking rules to others. For other vendors, collective defense messaging may equate to little more than basic threat sharing. Security professionals should push vendors for details when this term comes up.
OK, I made this one up to encompass a whole family of terms: cloud detection and response (CDR), data detection and response (DDR), identity detection and response (IDTR), etc. These newish areas simply follow the detection and response (DR) trend.
Endpoint forensic software gained some real-time functionality to become endpoint detection and response (EDR); same with the transition from network traffic analysis to network detection and response (NDR). More recently, extended detection and response (XDR) emerged to consolidate diverse and isolated capabilities from point products.
This raises a potential security industry conundrum: Do we need more *DR technologies, or will this functionality be subsumed by XDR? I postulate that both situations are true. Large organizations with dynamic and complex applications and infrastructure will benefit from granular domain-based detection and response options, which make up about 20% of the market. The other 80% will get what they need from increased data collection, a greater effort around detection engineering, advanced analytics, process automation and existing tools and technologies. If this still seems too complex, managed services can be considered.
Allow me to sort through this alphabet soup. XDR is a product purchased from a single vendor. Managed detection and response, or MDR, is a service purchased from a service provider. With XDR, you care about what’s under the proverbial hood. With MDR, you care about outcomes, not the machinery and knobs that make it work.
This binary situation doesn’t always apply, however. Many security professionals are “gear heads” by nature — programmed by experience to want to kick the tires and evaluate the efficacy of individual security tools. Still, their organizations may not have the appropriate staff or skills to keep up with even the best XDR products available.
Managed XDR (MXDR) provides a “have your cake and eat it too” option. Organizations can choose the best XDR and then find a managed services dance partner to augment their internal team. MXDR may seem like a silly subtlety between XDR and MDR, but ESG research indicates it will be a popular option. When asked what type of MDR vendor they would choose, 34% of respondents said they would choose a vendor that is primarily focused on XDR.
Passwordless authentication is “a verification process that determines whether someone is, in fact, who they say they are without requiring the person to manually enter a string of characters.” Most organizations will be instantly attracted to passwordless authentication because it promises to reduce end-user friction while improving security efficacy through zero trust.
The problem is that passwordless authentication depends upon a bevy of other things, such as directory synchronization, multifactor authentication technologies, biometrics, device types and identity standards including FIDO and OpenID. Since everyone wants to get rid of passwords, the term passwordless authentication will be passed around the industry like a joint at a Grateful Dead concert, but it’s meaningless without a more thorough perspective.
A software bill of materials (SBOM) is defined as “an inventory of all constituent components and software dependencies involved in the development and delivery of an application. It has become an increasingly common and critical component of software development lifecycle and DevSecOps processes.” The term gained popularity as a result of section 4 of the White House’s May 2021 executive order, enhancing software supply chain security. SBOMs will become part of conversations around attack surface management, application security, open source software and cloud-native application development.
Unfortunately, that’s the problem. When SBOM is part of everything related to application development, it will get coopted and watered down. Securing the software supply chain is something every organization should do, but with an agreed upon plan that aligns with their individual technical and cyber-risk management needs and capabilities.
My ESG colleagues have suggested some others to add to this list, and I’m sure we’ve missed some popular ones. Let me know.
Cisco Viptela SD-WAN integration with Cisco+ Secure Connect brings cloud-based security to remote workers and easier …
Extreme Networks extends its SD-WAN network fabric to the edge to unify wired, wireless and WAN networking for simpler network …
Hybrid access as a service from a startup helped a global company secure optimized connectivity over home broadband connections. …
Technology products remain a mixed inflationary bag as server prices increase, storage costs decline and equipment delivery lead …
In its pursuit of big tech companies, the FTC theorizes their dominance is based on acquisition of nascent companies — a theory …
Two upcoming Supreme Court cases could significantly change how Section 230, which protects social media platforms from liability…
Internet Explorer mode lets users view legacy IE websites not supported by other browsers, which can increase productivity and …
Implementing MDM in BYOD environments isn’t easy. IT should communicate with end users to set expectations about what personal …
Dell joined Microsoft in cutting 5% of its workforce due to slowing PC sales. The company said the action will better position it…
Workloads with rigid latency, bandwidth, availability or integration requirements tend to perform better — and cost less — if …
Utilities and manufacturers are examples of industries using distributed cloud computing in private facilities to collect and …
If your cloud-based workloads and applications need to move back on premises, you’ll need a plan. Start your reverse migration …
Only days away from the eyes of the comms world turning to Barcelona, comms tech firms team with leading Spanish operator to demo…
UK’s leading telco switches on dedicated internet of things frameworks for businesses across the UK, allowing them to keep smart …
People are interested in STEM careers but many feel underqualified, while some don’t even know what counts as a STEM job, IBM …
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

The cyber threat landscape continues to evolve rapidly, but with more than 760,000 open positions in the US, the gap between supply and demand remains wide.
The cyber threat landscape continues to evolve rapidly, but with more than 760,000 open positions in the US, the gap between supply and demand remains wide.
 
It’s an understatement to say that the COVID-19 pandemic upended the world of work. On an individual level, the pandemic gave people the time to reflect and evaluate their careers and decide whether or not they were satisfied. On a macro level, businesses were required to change everything about how they managed and supported employees.
 
While the current job market is robust, with a 2:1 ratio of open positions to candidates, the pandemic, global geopolitical instability, and rapid and sustained inflation have put that ratio in danger. While economists are divided on the specifics, indicators point to a recession. This is the last thing employees and corporate leaders want to think about in the aftermath of a global pandemic, in the midst of a mass reshuffling of the labor market, and unprecedented cybercrime.
 
Rapid digital transformation and digital reliance necessitated that companies have a strong team in charge of their cybersecurity needs. The cyber threat landscape continues to evolve rapidly, but with more than 769,000 open positions in the United States, the gap between supply and demand remains wide.

 
Recessions are usually most difficult for those entering the workforce for the first time and other so-called “low-skilled” workers. However, the lack of talent in cybersecurity, coupled with the increased demand, means that it is a recession-proof industry. There are many opportunities for people without technical backgrounds to gain the skills, education, and experience necessary to succeed in IT by using cybersecurity as a starting point.
 
Workers have changed, and companies need to as well.
 
In 2021, 47 million people voluntarily left their positions in the U.S. in search of better pay, benefits, or personal and professional fulfillment. This mass exodus forced organizations to reconfigure their recruitment and retention strategies to better align with the changed needs and expectations of workers. Gen Z, in particular, is demanding better compensation and greater personalization in their job experiences. Organizational flexibility and agility are especially attractive to today’s job seekers.
 
The demographics of tech job seekers are changing as well. Traditional college enrollment is decreasing, and while there will always be degreed engineers and computer scientists, applicants with cross-functional skills or non-traditional education credentials are increasingly attractive. The need for talent in this area is so pressing that concessions are being made to give people experience and training more rapidly. Companies are responding to this urgent need for talent by reducing degree and experience requirements to attract more entry-level workers. Second, there has been a marked increase in skills-based educational programs that can teach non-technical workers the basics of coding and other IT skills more quickly than a four-year degree program.
 
To encourage growth in the tech sector, the White House, in partnership with the Departments of Labor and Commerce, launched the Cybersecurity Apprenticeship Sprint Campaign. This national campaign encourages employers, industry associations, labor unions, and training providers to explore the Registered Apprenticeship model for cybersecurity recruitment, training, and retention strategy. The campaign offers new pathways for workers to pursue opportunities in cybersecurity through partnerships with educational institutions, infrastructure leaders, and public and private entities.
 
As more professionals look for meaning in their jobs—it’s a key priority for workers—careers in cybersecurity offer a wealth of options. Not only do cybersecurity jobs impact a variety of sectors, but they also impact people directly in the contexts of international online data collection, privacy, and digital threats. Workers can derive both personal meaning and professional meaning from cybersecurity careers. On a personal level, more than ever, cybersecurity can be seen as a public service. It directly ties to a nation’s strength and stability. Cybersecurity professionals contribute to creating a safer world for all people by setting new standards, implementing new techniques, and holding companies to higher standards. With the rapid growth the industry is experiencing, professionals have the opportunity to get in on the ground level and build a new standard in security. Cybersecurity careers give workers meaning as they strive to create safer digital spaces to protect individuals and organizations.
Companies are investing heavily in cybersecurity careers, affording entry-level workers opportunities to develop new skills.

My company, Ascent Solutions, offers an apprenticeship program that trains, develops and mentors individuals passionate about cybersecurity and learning. Apprentices get valuable, paid, on-the-job experience and training with field experts. The credentials earned through the program are nationally recognized and allow us to do our part in building a truly modern cybersecurity workforce. 
 
As there is a significant skills gap contributing to the cybersecurity staffing shortage, the apprenticeship model is an excellent way for workers with or without a technical background to gain in-demand skills. Cybersecurity workers need real-world experience to tackle the constantly evolving nature of the threat landscape. It’s less about having the perfect technical background and more about having the desire to learn and gain practical experience. Even within an organization, there may be non-technical workers who are interested in pivoting into a cybersecurity role. Developing an internally focused mentorship or professional development pathway for these types of individuals can be one means of creating a homegrown security workforce.

Cybersecurity is a rapidly changing and increasingly interesting field.

Cybersecurity is constantly evolving. Attacks are more prevalent and sophisticated now, coming from well-organized groups. In order to meet this challenge, public and private entities need to develop more diverse strategies and resources to ensure both national and personal digital security. As a result, there is an opportunity to explore multiple avenues for career growth and enrichment within the field.
 
The fast pace of the industry means that individual roles are constantly evolving. An entry-level analyst may find themselves supporting multiple teams within an organization, giving them a chance to gain valuable insight and develop useful cross-functional skills. New workers can leverage these skills to gain promotions and even create new roles within an organization. The CISO/CSO role was first introduced in 1994 and, since then, has evolved into a critical seat in the C-suite. As the threat landscape and cybersecurity industry continue to grow, more roles will likely surface to address the common and often very specific vulnerabilities that exist within the widened digital landscape.
 
Securing and modernizing our most critical digital assets is needed to assure growth and stability in uncertain times. Every industry and individual is still recalibrating to the massive changes and challenges of the last two years. Cybersecurity is an ideal starting point for workers eager to explore new career paths in the tech industry. For seasoned professionals looking to switch careers or join a new industry, cybersecurity presents a unique and exciting opportunity to build from the ground up.
 
With further upheavals on the horizon, workers are seeking out recession-proof careers that will offer stability and ensure employment. Cybersecurity has become essential work—companies need cybersecurity professionals to function, and individuals need cybersecurity protection at both the private and public levels. These jobs will only become more critical to the function of society. This is what makes cybersecurity a recession-proof industry.
 
The world needs a self-sustaining ecosystem of skilled workers to combat the varied cyber threats we face today. New career seekers can explore the wealth of opportunities available within the cybersecurity world and find careers that are interesting, fulfilling and recession-proof.

JD Harris is Chairman and CEO of Ascent Solutions, the partner to solve the most challenging cybersecurity problems. He leads the overall company as both chief strategist and visionary. JD works with outside parties, banks, partners and customers on a frequent basis.
Check out our free e-newsletters to read more great articles..
©2023 Automation.com, a subsidiary of ISA

source

CEDAR RAPIDS, Iowa (KCRG) – A new bill advancing in the Iowa legislature would address cyber security in the state.
It would create a cyber security unit. This group would monitor, manage, coordinate and report incidents happening within Iowa.
A subcommittee passed the bill yesterday.
This follows several cyber attacks targeting Iowa schools in recent months. This includes Cedar Rapids and Linn-Mar schools. The latest incident targeted Iowa’s largest school district in Des Moines.
Copyright 2023 KCRG. All rights reserved.

source

What to Know About T-Mobile Data Breach  NBC4 Washington
source

UNT’s Ram Dantu and Mark Thompson [Photos: UNT]
Cybersecurity researchers at the University of North Texas have new funding worth up to $750,000 from the NSA for cybersecurity research.
There are 750,000 unfilled jobs in the cybersecurity industry, according to a university news release. The grant award supports a new online platform to find out why—and make it easy for employers to find talent through an online database.
The platform will also help cybersecurity experts better understand the intent behind emails, social media posts, and blog posts to identify threats.
“There are other governments spying on us all the time,” UNT’s Ram Dantu said in a statement. “You see lots of news about ransomware attacks and cyber attacks, and some of these are done by foreign agencies.”
“We need a large workforce to combat this, and we don’t have the workforce,” he added.
The director of UNT’s Center for Information and Cyber Security is a principal investigator in the project, along with UNT’s Mark Thompson, a clinical assistant professor of computer science and engineering.
Dantu, who is also a professor in UNT’s College of Engineering, and Thompson will receive $500,000 for the first two years and an estimated $250,000 increment for the third year from the National Security Agency’s National Centers of Academic Excellence-Cybersecurity, or NCAE-C.
UNT’S Network Security Laboratory, led by Dantu within the Department of Computer Sciences, has been awarded two consecutive federal grants from the NSA and NSF.
“Our lab considers how we want to use the technology and research for the benefit of our communities and our citizens,” Dantu said.
Now Dantu and Thompson will help build the NCAE-C’s online platform that collects and compiles cybersecurity-related data using natural language processing and artificial intelligence techniques.
The website project is part of the NCAE-C’s Careers Preparation National Center.
The data is about the current state of the industry and the intentions of employers who post jobs is being compiled to help understand why the cybersecurity industry has so many unfilled jobs.
In addition to an online database that makes the platform easy for employers to find talent, the website also will include a tool to make sure that education matches the skills needed in the industry.
It has other applications that are important, too, UNT says. That includes threat identification.
“The government is looking at the advancement of hacks and threats facing future technologies,” UNT’s Ram Dantu said in a statement. “We’re working on how to detect and mitigate these next-generation threats in our lab.”
Dantu, who works on multiple NSA-funded projects, has received a total of $2.5 million in grants in about two years. Together with UNT associate professors of computer science and engineering Kirill Morozov and Sanjukta Bhowmick, he helped create a way for cell phone data to be shared safely and anonymously to find COVID-19 super-spreader events in the pandemic. Using data from mobile devices to make anonymous contacts was a part of the work that helped find active spreaders and communities.
Thompson aims to help increase the numbers and quality of cybersecurity experts. He researches and develops competency assessment instruments for work skill readiness for cybersecurity, as well his mentorship programs for doctoral students and industry practitioners to produce highly qualified academic staff. His goal? To inspire and motivate the next generation of cybersecurity experts.

Sign up to keep your eye on what’s new and next in Dallas-Fort Worth, every day.
One quick signup, and you’re done.
View previous emails.
Minneapolis-based startup Ascent Solutions recently announced it has chosen Cypress Waters in Coppell for its new 33,000-square-foot “cybersecurity epicenter.” The center will house secure areas for cyber investigation, automation, and intelligence. But it will also feature a nationally scaled cyber apprenticeship program and serve as a think tank to drive thought leadership in the industry. CEO JD Harris tells Dallas Innovates the center will be a place for “cyber professionals to gather to share important ideas, pilot critical technologies, and test many new security processes, systems, and workflows.”
The funding from the National Institutes of Health will help UNT HSC at Fort Worth advance its ongoing research on how Alzheimer’s disease affects different racial and ethnic groups. Sid O’Bryant, executive director of UNT HSC’s Institute for Translational Research, said there’s never been a large-scale study like this before. “This award and project are nothing short of a bio behavioral ‘moonshot’ program,” adds Brian Gladue, HSC executive VP for research and innovation.
The University of North Texas BioDiscovery Institute’s $1.4 million grant from the W. M. Keck Foundation is seeding research in sustainable medicine—literally. “What we’re thinking long-term is that if plants can store medicines in seeds, you eat the seeds, and the medicine is already contained. You don’t have all these factories, you don’t need any chemicals—it’s just there and available,” said UNT lead researcher Elizabeth Skellam.
Slated to be built in Fort Worth’s Historic Southside neighborhood, the planned $70 million museum will get the city funding once the balance for the project has been raised. Designed by the New York office of Denmark-based Bjarke Ingels Group, the building will house the museum on its second level, with a business incubator, restaurant, 250-seat amphitheater, and storefronts at ground level. “Literally and figuratively, it was designed to be a beacon of light in an area that has been dark for a very long time,” says Jarred Howard, principal of the project’s developer.
University of North Texas faculty members Alexandra Ponette-González and Matthew Fry will soon launch a a five-year study—backed by a $1.5 million grant from the National Science Foundation—to explore how digital tools like i-Tree influence urban forest sustainability and equity. Cities across the U.S. use this technology to help make decisions about our urban forests—which encompass all the trees and shrubs that exist on public and private land within each city. The UNT team will work with researchers across the U.S. to see how the technologies impact equitable access, involve local constituents in decision-making, represent people’s values and preferences, and affect the removal of air pollution. “Theoretically, digital tools…
Making news for the second time this week, the Frisco-based Pro Volleyball Federation today announced Atlanta as the league’s third market, with Atlanta businesswoman Colleen Durham Craig as the PVF’s first female team owner.…
Dallas-based Mary Kay Inc. has appointed Sheryl Adkins-Green as its new Chief Experience Officer, the global beauty company announced. In the role, Adkins-Green will focus on ensuring that the millions of the company’s independent beauty consultants who work with the company are able to provide an exceptional customer experience….
The Cancer Prevention and Research Institute of Texas approved over $90 million in new cancer research and prevention grants at its quarterly meeting near the Texas Capitol on Wednesday—and $20.6 million of that money is coming to North Texas….
Making news for the second time this week, the Frisco-based Pro Volleyball Federation today announced Atlanta as the league’s third market, with Atlanta businesswoman Colleen Durham Craig as the PVF’s first female team owner.…
Dallas-based Mary Kay Inc. has appointed Sheryl Adkins-Green as its new Chief Experience Officer, the global beauty company announced. In the role, Adkins-Green will focus on ensuring that the millions of the company’s independent beauty consultants who work with the company are able to provide an exceptional customer experience….
The Cancer Prevention and Research Institute of Texas approved over $90 million in new cancer research and prevention grants at its quarterly meeting near the Texas Capitol on Wednesday—and $20.6 million of that money is coming to North Texas….
A collaboration of the Dallas Regional Chamber and Dallas Next, Dallas Innovates is an online news platform covering what’s new + next in Dallas – Fort Worth innovation.
© Copyright 2023 | All rights reserved.

source

Zoetop Business Company, the firm which owns fast fashion brands SHEIN and ROMWE, has been fined US$1.9mn by the state of New York after failing to disclose a data breach which affected 39 million customers.
The cyber security incident which took place in July 2018 saw a malicious third party gain unauthorized access to SHEIN’s payment systems. According to a statement issued by the state of New York’s Attorney General’s office SHEIN’s payment processor contacted the brand and disclosed that it had been “contacted by a large credit card network and a credit card issuing bank, each of which had information indicating that [Zoetop’s] system[s] have been infiltrated and card data stolen”.  
This discovery was made after the credit card network found SHEIN customers’ payment details for sale on a hacking forum. Separate to this issue, the issuing bank for the cards had issued a fraud alert after linking fraud for several customers to payments made to SHEIN.
Following the discovery of the cyber-attack, the payment processor informed SHEIN that they must employ a cyber security forensic investigator to look into the case. The firm employed by Zoetop found that during the cyber-attack malicious actors had gained access to SHEIN’s internal systems and had accessed personal and identifying information for 39 million customers. 
The data accessed included “names, city/province information, email addresses and hashed account passwords”. However, the method used to obscure them was vulnerable to hacking, allowing the malicious actors access to customers’ full password details.
Additionally, the login credentials of nearly 7.3 million ROMWE accounts were stolen in the breach and were later found for sale on the dark web in 2020.
An investigation by the New York Attorney General’s (AG) office found that Zoetop did not force any of the 39 million people affected to reset their account passwords. Zoetop instead identified 6.4 million customers of the 39 million affected who had previously placed an order with SHEIN and contacted them directly, suggesting they reset their password. Zoetop reset the passwords for the accounts affected by the ROMWE attack without informing them that they had been exposed in a data breach.
The New York AG also reported that a press release regarding the 2018 breach issued on a FAQ section of the SHEIN website contained misleading data. This included claims that only 6.4 million customers were affected in the breach and that there was “no evidence that [customer] credit card information was taken from [its] systems”, despite being previously informed that credit card data had been stolen in the breach.
The investigation discovered that Zoetop “did not provide the firm access to the compromised systems and a variety of information about [its] data security program”, “failed to adhere to PCI DSS requirements for protecting stored credit card data” and “did not use file integrity monitoring, monitor or analyze log files, retain an audit trail history, or perform quarterly network vulnerability scans”.  
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source