Author: rescue@crimefire.in

By Tonya Riley
January 19, 2023
The telecom giant T-Mobile, which has suffered several massive data breaches in recent years, disclosed in a financial filing Thursday that the company is investigating another breach that impacted as many as 37 million users.
A malicious actor was able to gain access to an internal system allowing them to steal account information including names, billing addresses, emails, phone numbers, dates of birth and account numbers. The bad actor was not able to access Social Security numbers, driver’s licenses, passwords/PINs, or other financial information, according to the filing.
T-Mobile reported that its investigation into the breach is ongoing but “malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”
The bad actor appeared to first breach an application programming interface around Nov. 25, 2022, and T-Mobile discovered the intrusion on Jan. 5. The company states that it has notified federal agencies about the incident and is working with federal law enforcement.
The Federal Communications Commission told CyberScoop the agency is investigating the breach.
“Carriers have a unique responsibility to protect customer information. When they fail to do so, we will hold them accountable,” an FCC spokesperson wrote in an email. “This incident is the latest in a string of data breaches at the company, and the FCC is investigating.”
This is T-Mobile’s sixth major breach since 2018. T-Mobile suffered a breach of 50 million accounts in 2021, sparking an investigation by the FCC. The results of that investigation have not been made public, but it could lead to significant fines for the company.
The FCC announced earlier this month it is exploring a rulemaking process that would require telecom companies to report breaches to consumers immediately unless otherwise advised by authorities. Current rules require carriers to wait seven days to notify customers of a breach.
Update Jan. 19, 2023: To include comment from the FCC.

source

Check out some of the best cybersecurity jobs that you can pursue based on your skills and experience.
Are you a recent IT or cybersecurity graduate, and have yet to decide what field to go into? Whether you're a college student with zero experience or have worked in the field for a while, you'll know that IT and cybersecurity have many jobs on offer.
The key is to understand what career best suits your skills, and the cybersecurity space will only keep growing.
Viruses are everywhere, just as much as how often individuals or groups like to steal data. If you like the idea of being able to protect an individual or company's information, an IT Security Engineer would be a great role to pursue. You'll be the first line of defense for a range of businesses, protecting their personal information from attackers and securing the online landscape from danger.
You'll prevent threats by setting up firewalls and systems, conducting regular security assessments, investigating any breaches, keeping up to date with security policies, and staying on top of industry standards. When a company's database is at risk of being leaked, you'll be the professional they look up to for support.
Do you have strong attention to detail and enjoy analyzing information and tallying up the numbers? The role of a cyber analyst is crucial to security housekeeping, implementing a range of security protocols, and locating flaws in a company's system. In this job, you're the first line of defense.
As a security analyst, your day-to-day tasks may include:
Playing the role of a hacker, you attack the company's network in the hope of finding any weak spots. That said, here are the best intrusion detection and prevention systems to boost your cyber security. It's bound to make you industry-ready.
Are you interested in making a difference and great at implementing strategies? If so, you would be perfect for the role of a security consultant. As part of your role, you'll assess systems, ensure there are no breaches, and consult with other companies. On a daily basis, you could be coordinating a team, meeting with clients, presenting reports, and training staff members.
You could also be designing and putting into place security plans for a range of clients, suggesting improvements, running risk assessments, and so much more. You'll be helping many people to keep their company safe, so this job is perfect if you enjoy supporting others, and companies and enhancing their security.
This job is very different from a penetration tester, or ethical hacker. As an information security auditor, your role involves reviewing information systems, similar to how a customer service representative would examine a phone to ensure it's functional.
Your responsibilities would include:
You'll be a person who reviews this system regularly, doing housekeeping on security systems.
Do you enjoy building and developing new technology? As a system security programmer or engineer, you'll be in charge of writing software that is powerful enough to protect important computer data.
This program needs to be safe from outside threats, effective enough to keep company information safe, functional, and work as needed. You'll need to have a high level of written and verbal communication skills to connect with the engineering teams, creativity, and know how to work under pressure.
When a company needs to be shielded from threats, you want to always have the tools to fight back. Want to get started protecting your own computer systems? Here are some helpful security tips to consider when using a Microsoft account.
A cryptographer may be an exciting career option, whether you've always had an interest in different languages or have always enjoyed decoding symbols or messages. This can protect a number of businesses or companies from having their information leaked, such as sensitive data.
You may be working for the government or the technology and finance industries, protecting data by turning them into algorithms and encryption that are very difficult to decipher. Likewise, you may have the ability to break down hidden codes and access these messages as a cryptanalyst.
Cryptographers can also work for the military and national security, including health records or bank account details. If you want to build on these skills, you will be an asset to any team.
Have you always considered yourself a team leader, and think you'll work managing security systems? As a computer security manager, you're ticking the boxes for the security of a company or organization as a whole. Project management is your second language.
Besides overseeing security processes, you are also managing employees, creating security procedures, training new employees, investigating breaches, overseeing company budgets, and developing policies.
This is a very important role, so if you're aiming for a position where people look up to you, this is the role for you. Want to get ahead of the game? These best free project management tools available on Windows will get you started.
With the constant rise of cyber-attacks and unethical hacking of computer systems, cybersecurity roles are going to need to be filled. If you do decide to pursue a cybersecurity role, it's a great space for job security, competitive pay rates, and many opportunities for growth, and it will always offer you the chance to make a difference.
Cybersecurity jobs are expanding, and they are unlikely to decline anytime soon. Regardless of how tight a network may be, there is a range of cybersecurity mistakes to be made, and it can be your job to stop them from adding further risk to the workplace.
Saffron has been freelancing for over five years, specializing in the copywriting and creative writing industry. She has studied a Bachelor of Creative Writing at Deakin University and has majored in Journalism at RMIT University. She is based in Melbourne, Australia.

source

As the number of cybersecurity attacks continues to rise, so does the demand for the talent to protect against them. In fact, there are more than 700,000 open cybersecurity positions in the U.S. alone—and the occupation is growing more than twice as fast as the overall rate across the country’s economy, data from CyberSeek shows.
These positions are tough to fill for a variety of reasons, including a lack of understanding among corporate leadership about the type of talent that’s needed to protect their assets—plus a lack of education and awareness about the threats that exist today. What’s preventing cybersecurity professionals from landing these jobs, on the other hand, is inadequate training, certifications, or skill sets. 
While cybersecurity professionals have multiple ways to enter the industry—like taking upskilling courses, doing self-study, or even taking the time to learn new skills on the job—earning a master’s degree is a charted path to take to land high starting salaries in the field. Graduates from top-ranked cybersecurity programs can expect to make six-figure starting salaries between $100,000 and $200,000.
“Security has always been well-paying and it really comes down to scarcity—both in the number of professionals and in the required skills,” Mike Hendrickson, Skillsoft’s vice president of tech and development, previously told Fortune. “With today’s limited pool of security professionals, organizations need to make their offers quite attractive, both in compensation and opportunities for professional development.”
Students from the top cybersecurity master’s program in the nation, as ranked by Fortune, often see their salaries double after graduation. The University of California—Berkeley saw students entering the program during the 2020–21 school year self-report salaries of $104,100 while their peers who were graduating during that same period reported salaries of $200,000—almost twice as much.
“Our UC Berkeley online master’s in cybersecurity allows students to not only develop technical expertise in cybersecurity, but also essential skills in communications, product development, customer success, and business,” Rebecca Andersen, UC Berkeley senior director of student and alumni career development, previously told Fortune. “This allows our students to step into leadership roles within the cybersecurity field and attain significant salary increases as they make these career shifts.”
UC Berkeley grads also go into cybersecurity leadership roles. Graduates with a master’s degree in cybersecurity earn an average salary of $214,000, not including bonuses; the median salary is $200,000, according to a UC Berkeley salary survey of alumni. Some graduates who are now executives, such as chief information security officers (CISOs), chief information officers (CIOs), and chief technology officers (CTOs), make more than $300,000.
“The CISO roles are going to be more over the $250,000, $300,000 [salary mark], closer to $400,000, depending on the company and the size of the organization,” McHale says.
At Yeshiva University (Katz), which Fortune ranks as having the No. 2 online cybersecurity master’s program, graduates make $112,000 median base salaries right after graduation, and $126,000 one year post-graduation. Yeshiva’s cybersecurity curriculum aligns with high-paying industry certifications, like Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP), which can help professionals land $150,000-plus salary packages, according to Skillsoft’s 2022 list of the top-paying IT certifications.
“There are lots of great programs around the country,” Paul Russo, dean of the Katz School of Science and Health, tells Fortune. “I just happen to think we have the right combination of tech and teaching talent to help students rise to the top in the job market.” The program also focuses on real-world threat modeling, and practice with ransomware, endpoint detection and response, Amazon Web Services, and Splunk.
Western Governors University, which Fortune ranks as having the No. 3 cybersecurity master’s program in the U.S., also reports six-figure salaries for its graduates. The master’s degree allow graduates to take on cybersecurity leadership roles with potential earning power of $135,000, Mike Morris, WGU’s College of IT associate dean and director of academic programs in cybersecurity, tells Fortune. Plus, more than 16% of tech grads from WGU report starting salaries of $150,000 and up.
“Graduates are ready to assume cybersecurity leadership positions with major companies, government agencies, consultancies, and start-ups,” he adds. “In terms of salary impact, a master’s degree has been proven to help the earning potential of cybersecurity professionals.”
Some top graduate programs don’t report six-figure salaries, but still show a jump in base salaries after earning a master’s degree. Indiana University–Bloomington, for example, reports mean base salaries for its cybersecurity grads at $77,400, which is a 44% increase over what they earned prior to enrollment. Fortune ranks Indiana as having the No. 4 cybersecurity master’s program in the U.S.
Indiana’s cybersecurity risk management program takes a more broad approach to the field, and students in this program take core courses in computing, law, and business. They also get help studying for the CISSP certification, which has the potential for higher income earnings. 
“This broad exposure and career assistance helps students chart their own unique paths in the field of cybersecurity,” Apu Kapadia, director and chair of the Cybersecurity Risk Management Program at Indiana, tells Fortune. 
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.

source

The White House
1600 Pennsylvania Ave NW
Washington, DC 20500
Cybersecurity becomes more essential to our economy and our critical infrastructure – like financial institutions, personal data, and even our elections – everyday. As the demand for cybersecurity workers grows to meet these threats, the President is committed to seeing a more inclusive, robust, and skilled workforce to protect our personal and national interests.
On July 19^th at the National Cyber Workforce and Education Summit, the Administration gathered Cabinet Secretaries and major companies to discuss ways to improve pathways into this critical sector, and announced the start of its  Cybersecurity Apprenticeship Sprint. Today marks the finish line of the Sprint, an initiative run by the U.S. Department of Labor in coordination with the White House Office of the National Cyber Director, Departments of Commerce, Homeland Security, Defense, and other federal agencies. An event held today at the White House as part of National Apprenticeship Week and the celebration of the 85th Anniversary of the National Apprenticeship Act, public and private sector leaders will showcase the accomplishments of DOL’s 120-Day Cybersecurity Apprenticeship Sprint, and discuss lessons learned, best practices, and paths forward. The event will include 1) remarks from senior White House and agency officials on the importance of Registered Apprenticeship in building a skilled and diverse cybersecurity workforce and the accomplishments of the Sprint; 2) a moderated panel discussion highlighting progress and advantages of building cybersecurity talent using Registered Apprenticeship programs; 3) apprentice spotlight; and 4) signing ceremony of representatives from new programs involving several employers and education organizations.
This effort has once again demonstrated overwhelming potential and success in promoting Registered Apprenticeships.  The Sprint was rooted in the Biden-Harris Administration’s commitment to expand Registered Apprenticeships, a proven earn-while-you-learn model that aims to build a pipeline of skilled workers with a focus on underserved communities. According to CyberSeek.org, the cybersecurity market grew at 2.4 times the rates of the rest of the job market in the last year. This leaves nearly 770,000 open cybersecurity positions at all career levels. The nation’s economic and national security is dependent on solving this workforce challenge and employers are turning to Registered Apprenticeships to meet this critical workforce needs.
Major Achievements of Biden Effort to Expand and Improve Cybersecurity Jobs:
The largest cybersecurity Registered Apprenticeship program is sponsored by the U.S. Department of Defense (DoD)’s United Services Military Apprenticeship Program (USMAP). Under the umbrella of DoD’s USMAP, DoD and DOL partnered to establish the first Federal Cybersecurity Apprenticeship Program in January 2022.  Since inception, DOD identified and developed standards for 15 critical cybersecurity occupations to not only address military needs, but potentially serve as a model for other Federal agencies as well.  All 15 have been finalized and approved, 10 of which were approved during the Sprint. DOL and DOD are working to finalize the remaining occupational standards over the next several weeks.
Furthermore, the DOD issued a memo – jointly signed by the Chief Information Officer and the Under Secretary of Defense for Acquisition & Sustainment – aimed at expanding the cybersecurity workforce by encouraging the use of Registered Apprenticeship programs. These efforts will help DOD and the Defense Industrial Base continue to identify, recruit, develop, and retain the cybersecurity workforce in order to support the Nation’s efforts to defend against current and future cyber threats and attacks.
New Program Highlights

As a direct result of the Sprint, the following employers, Federal Agencies, and other organizations have accomplished the following to meet their critical cybersecurity workforce needs, many in partnership with DOL industry intermediaries AIR, Apprenti, and Safal Partners:
###
We’ll be in touch with the latest information on how President Biden and his administration are working for the American people, as well as ways you can get involved and help our country build back better.
Opt in to send and receive text messages from President Biden.
The White House
1600 Pennsylvania Ave NW
Washington, DC 20500

source

Cybersecurity jobs: Five ways to help you build your career  ZDNet
source

Image via Freepik
A solid security awareness training program will drive cybersecurity awareness and instill the importance of protecting an organization and proper cyber hygiene. If implemented correctly, these programs can be crucial in preventing human error and insider threats, as well as help employees understand the role they play in combatting cyberattacks. 

In fact, Mimecast research indicates that more than 90% of security breaches involve some degree of human error. A number of studies have found that employees who receive consistent cybersecurity awareness training are five times more likely to spot and avoid clicking on malicious links. 

Below, cybersecurity leaders discuss the benefits of implementing a security awareness program that drives change and builds a security-minded culture. 

“Cybersecurity training that fits today’s mode of consumption is more engaging. At the present time, that mode is short video clips that draw you into a story that teaches you valuable security principles along the way. In addition, security training needs to be appropriate to the skill level of the individual to whom the training is being delivered. Most security awareness training assumes that everyone is operating at the same skill level. This wouldn’t be acceptable for most other disciplines; however, this seems to be the norm for security training.”

“Cybersecurity training is an important component of good cyber resiliency. While sophisticated phishing, coming from a trusted service, is very hard for humans to identify, training that serves to enhance users’ analytical skills is critical for phishing that makes it through security defenses. A good training program, combined with AI-powered behavioral learning technology, is the right combination needed to stop phishing from impacting your organization.”

 
“For businesses, investing in online cybersecurity training can help to ensure that their employees are up-to-date on the latest threats and trends. This can help to reduce the risk of a data breach or other cyberattacks. For individual IT professionals, online security training can help them to stay ahead of the curve and keep their skills sharp without the need to travel. Many online training centers also offer certification programs that can help IT professionals to stand out from the crowd.
 
 One emerging trend I’ve seen is the use of gamification in security training. Games can be a fun and engaging way to learn about complex topics like cybersecurity. By incorporating game mechanics into security training, learners can develop the skills they need to succeed in the industry.”

“Security awareness training is a great starting point; however, organizations should build upon it, especially for situations that are unique to them. For example, organizations with IoT devices will need to pay special attention to keeping them on separate networks and keeping their firmware up-to-date with the latest security fixes. In addition to training, organizations of all sizes should have a process to test or audit employees to make sure the security training can be carried through in the actions employees take.”

“Taking a risk-based approach to cybersecurity is the best way to sustainably improve your posture against attacks. More than 82% of data breaches contain the human element, mostly email, and yet security awareness and phishing training programs are outdated, compliance-based, and typically constitute only three percent of awareness budgets. Because most attacks start with people, security and risk management strategy must as well.  Install the training, processes, and technologies necessary for catching the sophisticated attacks that technical perimeters will always miss, no matter how much money is poured into them. 
Automation, adaptive learning, and artificial intelligence/machine learning can help deliver personalized training at scale. Why is that important? Because people need to participate frequently with relevant training that stays at the edge of their skill level in order to improve and stay engaged. A long, dry video followed by a punishment-based phishing simulation has been proven not to work. Fixating on failure leads to failure. Rewarding people as they acquire skills in a dynamic learning environment confers measurable improvement. This approach broadly describes gamification, whose demonstrated success is grounded in established principles of behavioral science and business and will be key to protecting organizations of all sizes in the year ahead.”   

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

It’s not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information.
The hard news: they’re often successful, have a long-lasting negative impact on your organization and employees, including:
The harder news: These often could have been easily avoided.
Phishing, educating your employees, and creating a cyber awareness culture? These are topics we’re sensitive to and well-versed in. So, how can you effectively protect your organization against phishing attempts? These best practices will help transform your employees’ behavior and build organizational resilience to phishing attacks.
According to the 2022 Tessian Security Cultures Report, “security leaders underestimate just how much they should be a part of the employee experience” across onboarding, role changes, offboarding, relocations, and day-to-day activities.
But we’ve repeatedly seen that ad hoc, scattershot employee training attempts don’t work. If you want sufficient internal defenses against sophisticated phishing threats, you should train 100% of your employees monthly.
Granted, it isn’t easy if your team is growing rapidly or spread across different locations and time zones. Yet doing anything less than 100% employee training leaves you with too many security holes and opportunities for hackers to break in. Unfortunately, it also means you have no way of knowing your employees’ level of threat awareness or whether they know how to react to threats. You might be missing your weakest link or getting into a scenario that could have been easily avoided.
Ever been told there’ll be a fire evacuation drill? Likely, you weren’t caught off guard when the practice started and could have paid more attention. That’s the thing about drills; they’re in place to prepare us for present and future threats.
Cybersecurity training is no different. While it can quickly become ticking a compliance box to satisfy minimum requirements. To prevent it, you need to catch your staff off guard. Knowing that a threat could present itself at any time keeps employees vigilant and accountable between more extensive training campaigns.
It would be best if you kept giving your employees these unexpected opportunities to learn on an ongoing basis. They will likely make easily avoidable mistakes if they only receive occasional simulations. You might miss new employees without sufficient cybersecurity training, or it might take time for them to revisit and build on this training.
The solution: Conducting consistent cybersecurity training is the best way to keep it top of mind for everyone—train for yesterday, today, and tomorrow.
You might use cybersecurity understanding or departments as categories. Start by segmenting your workforce into groups. Then, develop adaptive training based on each group’s needs – and even based on individual behavior. That’s critical to adequately address the challenges of given scenarios of future attack campaigns.
These can include data or password requests, messages from legitimate sources, or realistic content tailored to an organization’s specific role or department.
You strengthen employees’ defenses by adapting your content to individual responses and specific attack vectors. Doing so turns the human element from a security gap to a security advantage.
English might be your corporate language, but it might not be every employee’s mother tongue, and cultural contexts might be perceived differently in some branches.
Using employees’ mother tongue within a location’s cultural context will dramatically enhance their learning retention. By citing local references (such as national holidays, significant news sources, popular social media platforms, and more), you make your simulations more believable and relatable. Your employees will likely pay better attention during training and will be less susceptible to attacks.
Lastly, there could be different implications regarding email compliance standards in different places. Ensure your team is aware of that and incorporate the necessary precautions in these locations’ training.
In our experience, one in every five employees is a “serial clicker.” Serial clickers click, open, and download attachments that often place them and your organization in danger. They might be a new or existing employee. We’ve seen it all, from entry-level positions to company stakeholders.
They’re not trained or equipt to reliably identify phishing attacks, nor understand how dangerous and their destructive impact. So they keep clicking links in emails that they shouldn’t have opened.
The good news: We believe serial clickers can be cured because we’ve seen it repeatedly happen with employee training and education.
We know that serial clickers are just some of the ones to worry about. Employees respond differently to a variety of attack vectors. It’s recommended to use data science to understand how employee groups within your organization – from new hires, executive leadership, and veteran employees – respond to potential threats.
Once you analyze the data to understand these groups’ behavior, you can develop programs that shift them toward a more discerning approach to email management based on their specific needs and their current place in their cybersecurity awareness journey.
These programs must include expert knowledge, adjusted frequency, timely reminders, custom simulations, and training content designed for highly susceptible groups while respecting employees’ privacy.
Regardless of the size of your organization, the complexity required to run a training program like the one described above can be challenging. Whether you’re looking at it from the perspective of time, resources, or economics, it’s almost impossible without a truly automated solution that has expert knowledge baked into the software.
CybeReady provides a fully-automated platform powered by machine learning technology. It mitigates the risks of human error through an educational approach that continuously provides frequent, adaptive, engaging training. Get in touch today to foster a culture that cares, retains information to keep your organization safe, and feels accountable. Make your organization cyber-ready. Learn how you can upgrade your security awareness program with a short, perosanilized demo.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

William Sparks always wanted to be a hacker.
Born in the ’90s, Sparks grew up enthralled with the hacker culture celebrated in films like, well, Hackers, as well as John Connor in T2: Judgement Day. “It was just the coolest thing to me when I was seven,” Sparks says.
From an early age, he was all in.
“It became a hobby. I was nine, or 10 years old asking, ‘What’s a firewall? How do I make my firewall do this or that so I can play my video games because they’re not working.'” he says.
These days, Sparks, 29, is a cybersecurity engineer for a health care insurance company just outside of Boston where he makes north of $130,000 a year as part of a team working to protect and prevent the company (and by extension, its customers) from hackers and employee misuse. It’s a dream job for Sparks in many ways, and he knows he’s lucky.
Whereas so many Americans are stuck in jobs they don’t like, he’s been able to actually accomplish the age-old guidance counselor advice: Do something you love. Of course the rest of that adage is: “and you’ll never work a day in your life,” and well, Sparks isn’t sure he agrees with that. Work will always be work, after all. But yeah, enjoying that work certainly helps, he says.
While Sparks found his passion for hacking at a young age, he didn’t take a straight career path to get his current role. There was no one offering him advice on how to turn his childhood hacking hobby into a career, he didn’t have anyone encouraging him. While he was inspired by the teens in Hackers, they were considered criminals, and sure, John Connor was trying to help save the world, but that’s science fiction.
Sparks grew up in a small town in southwestern Georgia where he says he was the only person in his graduating class who was even into computers. Usually high school guidance counselors will offer some direction to students trying to figure out what to become when they grow up. In that arena, Sparks was unlucky.
“They didn’t know what the hell I was talking about… I didn’t really have anyone to talk to,” he says. “I probably could have gotten to where I am three or four years sooner had I had the guidance. I think a lot of people struggle with that. They see something that interests them, but they don’t know how to get there.”
After high school, he attended a nearby community college where he was one of six students in the computer science course. After graduating with an associate’s degree, he landed a job at a small consulting business doing “generic IT work.” He got to work with computers, but it wasn’t his dream; it certainly wasn’t Hackers. He became a developer for a spell, thinking “well hacking is just code”—that also wasn’t it.
He bounced around various computer-related jobs for about three years until he discovered the cybersecurity industry; a sort of “you clean up nicely” version of his lifelong hacking passion. A job at Flower’s Foods, the manufacturers of Nature’s Own and Wonder bread, introduced him to people who were in the cybersecurity world. He learned what certifications to get, what skills to develop, and which jobs to apply for.
“When I first started in IT, I thought, I shouldn’t hate this [job] because I enjoy doing this stuff, and if it wasn’t work I would still probably be doing it. But I really didn’t enjoy it,” Sparks says. “Once I landed that first cybersecurity role, which was very entry level and still kind of monotonous, it was like, ‘Oh man, I’m here. I see it.'”
The work his coworkers were doing was more interesting to Sparks than his own, but he saw the potential, he says. And then he thought: “What’s stopping me from doing what they’re doing?”
“I would pull one of them aside and be like, ‘Hey man, how did you get there?'” Sparks says. “I saw people doing the stuff that I wanted to do—not because it pays well, and not because of the title, but because it just sounds like fun. This guy is trying to break into a server that someone just built. That sounds cool as hell. I just want to watch him do that all day. I want to do that all day.”
The global cybersecurity industry had a market size of roughly $86.4 billion when Sparks entered the world, now he’s in one of the fastest growing markets, expected to to surpass $400 billion market size by 2027.
As a cybersecurity professional, he’s on the defensive side in the world he fell in love with as a 10-year-old obsessed with John Connor and Dade Murphy. But every now and then he gets to do some pentesting as part of the job, essentially professional hacking.
“It’s done to find holes and fix them. Imagine paying a guy to break into your house and he’s like, ‘OK, I got in through this window by doing this this and this, and we should fix it by doing this and this,” Sparks says.
His goal, if he had to think about moving on someday, would be to do pentesting full time. He has no desire to really move up because management is hands off. He’s exactly where he wants to be. And even still, a lot of the time it’s just work.
“I genuinely enjoy going to my job. I don’t stare at the clock waiting for the minutes to pass, and I’ve worked at jobs where you’re just miserable and you think ‘Today’s the day when I quit.’ I don’t feel that,” Sparks says. “But at the same time, I would say I enjoy maybe 30% to 40% of what I do. The other 60% is going to meetings and I’ve got to do reports… When you do something you love that doesn’t make it not work. It’s still work. But it makes it a lot easier day-to-day.”
Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.
© 2023 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information | Ad Choices 
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions.

source

Kids in grades K-12 will soon have a no-cost virtual environment in which to beef up their cybersecurity skills, thanks to the expansion of the Cybersecurity and Infrastructure Security Agency’s Cyber.org Range.
The program, developed in conjunction with the Cyber Innovation Center (CIC), is a classroom-based effort that’s meant to act as a workforce development engine, providing high school students especially the opportunity to experience and defend against realistic cyberattacks in a virtual, safe environment. They can learn about the other side too, performing pen testing and red teaming activities.
The teacher-led “Cybersecurity Course” curriculum includes access to a range of free resources and online labs that are designed to prepare students for the CompTIA Security+ Exam. Security+ incorporates best practices in hands-on troubleshooting and practical security problem-solving skills, offering a springboard into medium-level cybersecurity jobs.
Such initiatives will be critical as organizations strive to fill hundreds of thousands of open cybersecurity positions, according to CISA director Jen Easterly.
“We all need to come together to invest and make sure that we are building that diverse and capable cybersecurity pipeline to defend our nation. There’s a lot more work to do to reach those 52 million students, those 3 million educators all across our country, but I think we’re starting today,” she said during a launch event on Monday.
The Cyber.org Range is going to be available nationwide starting next year after its pilot phase through the end of 2022. Initially funded by the State of Louisiana, the nationwide expansion is due to a CISA grant.
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

How To Get A Job In Cybersecurity: Cybersecurity Job Requirements  Forbes
source