Category: Uncategorized

Startup Europe. Grown up reporting
Deeptech/Analysis/
By Sadia Nowshin 21 February 2023
Deeptech
By Mimi Billing 6 March 2023
Deeptech/Analysis/
By Sadia Nowshin 21 February 2023
It was recently estimated by the World Economic Forum that by 2025 there’ll be 463 exabytes of data created each day globally — that’s the equivalent of 212m DVDs, for those who remember them. That exponential growth of data sets up a skirmish between hackers trying to access that information and the cybersecurity startups trying to stop them — something investors are jumping on.
Cybersecurity startups raised around $1.8bn in 2022, matching the total funding that the sector drummed up in the year before. Digital asset investment platform Copper raised the biggest round of the year — a $180m Series C from Tiger Global Management and Barclays PLC — followed by Nord Security’s $100m raise. 
But which up-and-coming startups are VCs watching in the space? Here are the companies they’ve clocked, with one caveat: they weren’t allowed to pick any of their portfolio companies. 
TempoCap is a European growth-stage technology fund with offices in London, Paris and Berlin focusing on enterprise software, cybersecurity and fintech. 

Cado Security is a cybersecurity forensics and incident response platform. As global enterprises are migrating more data to the cloud, cyber attacks on cloud infrastructures are increasing. Cado Security offers a fully automated forensic-level data capture and processing solution that allows security teams to improve their response time to incidents and move faster than the attackers.
HarfangLab is a next-generation Endpoint Detection and Response (EDR) solution that uses real-time behavioural analysis and advanced AI to detect invisible attacks and home in on real and critical cyber threats. HarfangLab’s platform is easy to deploy and manage while still being able to handle complex threats, which is a particularly valuable characteristic given the significant shortage of skilled cybersecurity talent.
CounterCraft generates a real-time actionable intel feed using its deception platform. The tech lures in attackers using decoy targets to learn about potential hacker behaviour and inform defence tactics before a real attack has happened. 
Human error is actually one of the most significant vulnerabilities in cybersecurity, and the source of more than 82% of data breaches, according to a 2022 report by Verizon. OutThink is a cybersecurity training and awareness SaaS platform focused on identifying, managing and mitigating human risk. It provides chief information security officers with the tools to establish a strong cyber risk-aware culture in their organisation, building a human firewall with the workforce as the first line of defence. 

General System has developed an indexing product that can capture massive data flows and analyse them for organisations in real time. Today, any real-time analysis is usually done only on summary data, and most data is only examined in forensic situations in relation to security risks. General System’s underlying tech is aimed at the Internet of Things (IoT), both in cybersecurity and industrial applications, like capturing aircraft or vehicle data to inform companies on the behaviour and movement of their customers. 
Encrypted messages can act as a vector for injecting malware into an organisation. Venari provides a solution that examines both the metadata and encrypted payload of a message, using a combination of artificial intelligence, machine learning, behavioural analytics and a rules engine to provide valuable insights that can be used to improve the organisation’s ability to block potential attacks — all without decrypting the data. 
RevEng uses machine learning to analyse binary code and detect potential malware. The company structures and executes binary code to identify suspicious behaviour, by searching for patterns within the code. Crucially, this approach allows companies to ensure that no malicious code is running on their systems, even if the original malicious binary code has been altered.
Eye Security is an all-in-one SME cyber solution that bundles cyber security measures together with cyber insurance. Hacking has sadly become more accessible thanks to much more scalable techniques, tech and ransom methods, which means malicious actors can now make money extorting smaller companies. Small to medium-sized companies lack the time and expertise to deal with these complex issues, so Eye Security combined the platform with insurance, and handles both the technical and financial risks.
Hadrian likens itself to Google Maps for security infrastructure, helping chief information security officers to map, contextualise and prioritise potential vulnerabilities throughout their digital estate. As enterprises increasingly digitise, their threat surfaces have grown exponentially. This makes automated monitoring necessary, as well as intelligent solutions focused on the full context of a company’s tech stack and where and how it interacts with everything else. 
Risk Ledger offers a new approach to supply chain and third party cyber risk management. Often the most significant cyber vulnerability comes not from a company’s own IT but its partners and supply chain: one major hospitality chain was hacked via a fish aquarium controller in its lobby, for example, and on a larger scale we’ve seen situations like the SolarWinds hack, where malware was downloaded through software updates. 
Traditionally, companies handle supply chain risk via questionnaires. Risk Ledger has not only digitised this, but has created a centralised platform for both suppliers and companies — suppliers only need to update their information once and companies are continuously informed of any changes. Risk Ledger’s standardised assessments map to all key cyber frameworks and also take into account non-security risks, alongside integrating with cyber security software, so a company can develop a more comprehensive view of the risks.
Sadia Nowshin is editorial assistant at Sifted. She tweets from @sadianowshin_
Sifted is
Please follow us
Please follow us
© 2023 Sifted EU Ltd. All Rights Reserved.
Sign up for free
Get unlimited access to all of Sifted’s free coverage and analysis. You’ll also be able to choose your preferred newsletter and report subscriptions.
Sound good? Let’s get started.

source

Cybersecurity Trends & Statistics For 2023: More Treachery And …  Forbes
source

background image / KrulUA / iStock / Getty Images Plus
Security magazine is proud to present the honorees of our 3^rd annual Top Cybersecurity Leaders program, which highlights enterprise information security executives and professionals and their industry accomplishments. This year’s nominees serve important roles across their organizations and the cybersecurity field as a whole, leading by example and bettering security through innovative approaches to risk and technology.
The goal of the Top Cybersecurity Leaders program is to spotlight cybersecurity professionals who are making a difference in their organization and/or in the industry as a whole, and this year’s nominees didn’t disappoint. Our editorial staff was blown away by the caliber of this year’s nominations. We received an overwhelming number of nominees with years of experience, industry impact and cybersecurity leadership.
It’s been our honor to profile just a few of the cybersecurity leaders who mitigate risk within their own organizations and further the profession of cybersecurity with their industry involvement and contributions on a daily basis.
We’d like to thank our industry partner, ISACA, for their help in making these awards a success. Nominations for the 2024 Top Cybersecurity Leaders program will open in August of this year. Nominees do not need to be a member of ISACA to apply.
Read on to learn about the 2023 Top Cybersecurity Leaders!

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

ANTHONY ALBANESE, PRIME MINISTER: Welcome everyone. I begin by acknowledging the traditional owners of the land on which we meet and pay my respects to elders past, present, and emerging.
And thank you so much for being a part of this Cyber Security Roundtable, and for bringing your insights and your expertise to this process, further developing a new National Cyber Security Strategy.
Cyber security is national security, it is business security, but it is also personal security for 25 million Australians. And that’s why Minister O’Neil, the first Cabinet Minister to hold the Cyber Security portfolio, and I have brought together representatives from our intelligence agencies, our public service, but also independent experts, coming together with business, industry and civil society. I thank all of you for giving up your time and bringing your expertise to this forum.
Strengthening Australia’s cyber security is a fundamental priority for our Government. We recognise it’s an essential part of life, of the way that every Australian and every business and every community organisation deals with each other on a day-to-day basis. It’s absolutely critical as well for maintaining trust in our public institutions, and our public service. It’s critical to maintain confidence in your commercial dealings, and also in your intellectual property, which is often the foundation of your wealth creation.
It’s also vital to individuals. Individuals quite rightly feel violated when their details are online. It is no different from someone breaking into your house and stealing something from you, because it is your property, and in some cases it’s your identity as well. And we saw with breaches last year, I think, an increased awareness of just how important this is.
So all of us understand how critical this is, which is why we’ve brought together such a high level group today. We, of course are conscious as a Government as well about state-sponsored attacks, which are increasingly prevalent, from stealing classified information, to cyber criminal acts aimed at seeking to secure some profit, or in some cases, ransomware attacks, which are increasingly prevalent as well.
So, clearly as it stands, government policies and regulations, business sector systems and measures and our general awareness and capacity as a nation are simply not at the level that we need them to be. I think part of today is about raising awareness, but also, of course, about finding ways in which we can all go forward together.
This is really fast moving. It’s a rapidly evolving threat, and for too many years Australia has been off the pace. Our Government is determined to change that. We want to use your expertise and your experience to build a National Cyber Security Strategy that is practical, that’s useful and that’s adaptable. For every level of Government, for every branch of the public service, for every agency and institution, for business, large and small, and for people.
Educating our children as well, one of the things that is said around every soccer or netball or cricket field, from parents, is worrying about cyber issues, and worrying about the impact that it can have on our youngest Australians as well.
Also, small business worry about how such an intervention can have an impact on them. Sole traders who reinvented their business model in the course of the pandemic, to keep their heads above water, can be targeted on this as well. And we can’t expect time poor businesses to do it by themselves.
And that’s the idea of bringing this group together, to facilitate action and leadership across our economy, across our society, to make sure we address what is a very real challenge indeed.
For businesses these days, cyber security is as important as having a lock on the door. You wouldn’t leave your business at the end of the day and just leave the door open, and that essentially is what will occur unless there’s more diligence, and unless we upgrade the level of security which is there.
So we want all Australian businesses to be able to protect themselves, but also to protect their customers. And I don’t underestimate the challenge that we’re facing. This is an ever evolving threat and it will need adaptation from us and from business and government, to make sure that we keep on top of this.
That’s why today, as well, as part of this process, we are announcing a Coordinator for Cyber Security. We want that coordination to be done centrally so that it’s most effective. That’s why that will be located in the Department of Home Affairs under the responsibility of Minister O’Neil, so that there’s a clear pathway forward, and I believe that is a critical contribution that we can make.
So I thank all of you for joining us. I look forward to constructive discussion from this, I know that this is a conversation that’s happening around the water coolers, as they say, but happening right around our society, and I thank all of you for giving up your time here today. Thank you.

Prime Minister of Australia
We acknowledge and pay respect to past and present Elders and Traditional Custodians of Country, and the continuation of cultural, spiritual and educational practices of Aboriginal and Torres Strait Islander peoples.
 

source

Image via Freepik
This year has been one of significant growth for the cybersecurity industry. According to the 2022 (ICS)2 Cybersecurity Workforce Study, the cyber workforce reached an all-time high of 4.7 million workers and added 464,000 new workers globally.

Despite this, there is still a widely perceived talent shortage in the cybersecurity industry, both domestically and internationally, and companies feel like they can’t fill the positions they need.

But what is causing this “shortage,” and what can be done to mitigate it? To best answer this question, it would help first to contextualize the perceived problem and what is causing it before we then address some potential solutions. 
 
The increase in demand for cybersecurity workers has a two-pronged cause. Part of it is that there has certainly been an increase in cybersecurity threats in recent years, and 2022 was no exception. The other part of it is that consumers as a whole are valuing privacy and security much more than in prior years, and so robust cybersecurity features are increasingly becoming a marketable trait. It’s certainly possible that consumers are valuing security more precisely because of the increase in cybersecurity threats, but broadly speaking, these are the two patterns that underlie the growing demand for more cybersecurity talent. 

And so, while part of the perceived shortage may be a result of this objective surge in demand for cybersecurity, part of it may also result from outdated or limited modes of thinking. The industry has grown tremendously to the point where there are now many branches of specialties within the overarching umbrella of cybersecurity, and no single individual can realistically be an expert in all of them, given how fast information moves and changes.

A helpful analogy to use is the field of medicine. By sheer necessity, there are many specialties within medicine, and you have to hire physicians and medical personnel who are trained for those specialties. Similarly, if you try to find cybersecurity professionals who can do everything, you will naturally perceive a shortage as the field has become too complex and fragmented to realistically find experts that are jacks of all trades within the field of cybersecurity. The problem is less an objective lack of talent out there and more an obsolete set of expectations and hiring practices that could benefit from some updating. 

Another potential cause may have to do with the relative scarcity of the most prized skill in cybersecurity. The best kind of cybersecurity work requires a certain ability to think outside the box and foresee problems that don’t even exist yet. Individuals with this gift are the most talented, skillful cybersecurity professionals, yet there really isn’t a reliable formula for transmitting such an ability at scale. You can teach people hard skills, and you can teach them tools and procedures, but teaching that kind of foresight and creative ability is more of an art and less of a clear-cut affair.

While this may not be a primary reason for a perceived talent gap, one of the contributing factors may be that organizations understandably want to hire professionals that can accurately project future threats and prevent all breaches from occurring. When put in those terms, it is easy to understand how truly difficult that skill set is to come by.
 
 
Generally speaking, cybersecurity problems lie on a spectrum between problems that can be addressed by the book by any competently trained professional or team using established technologies and procedures and problems that require specialized cybersecurity expertise. Sounil Yu’s Cyber Defense Matrix has been well-accepted for some time now. Organizations could greatly benefit by having built-in ways to identify where problems belong on this spectrum and identify potential solutions in advance of a security event. Once a new event is identified, a ticket can then be created for an in-house professional to solve it using established procedures, or it can be earmarked for the attention of a specialist.

Fortunately, even for problems requiring specialization, there are numerous options for how to go about it. One way for companies with the available resources, would be to hire in-house specialists. Another way would be to outsource the work since having onsite specialists may not be a feasible option for some. A third way can be tapping into the power of community by crowdsourcing. A single individual, or even several of them, may not have the ability to hack a particular solution, but if you’re able to tap into a community of, say, 30 individuals, one or more of them just might have the right skill set.

Employing some combination of these methods — hiring in-house specialists, outsourcing, and crowdsourcing — may actually be the way that an increasing number of organizations choose to go depending on their specific needs and resources.   

Aside from properly identifying the level of specialization required for a problem, as well as tapping into the power of crowdsourcing, there are some other ways to further alleviate the perceived talent shortage. 

The field of cybersecurity has gone through an interesting and somewhat ironic evolution in that in its earlier phases; there was a strong culture of DIY and a pervasive belief that it didn’t matter what your background or education level was so long as you could hack. Many in the community even actively identified themselves as outcasts or iconoclasts. However, over the years, as cybersecurity has become increasingly adopted by the enterprise, the field has necessarily become more industrial and standardized, and the pathways toward a career in cybersecurity have become more clearly defined: going to university, getting a degree, and getting the right certifications.

In many ways, standardization is a good thing, but in the process, new barriers can get erected which were not there previously, potentially limiting the kind of diversity that would only strengthen the field. One thing that universities and organizations can, therefore, do is to continually think about how they can maintain standards and procedures while being cautious of not creating new barriers. Fortunately, the field as a whole seems to be noticing and working to address this.

Another solution can lie in colleges and universities possibly rethinking their roles and upgrading their programs as deemed necessary. A good way to do this would be to continue to improve the lines of communication between universities and the very companies that are perceiving a shortage of talent. Universities can work to understand how they can better train students to meet organizations’ needs.

Conversely, how can they also educate companies to have more realistic standards about the range of cybersecurity issues that a cybersecurity generalist can reasonably be expected to solve? Cybersecurity programs could also prioritize the kind of soft skills that make truly gifted cybersecurity professionals, such as the aforementioned ability to foresee problems that don’t exist yet. All the technical knowledge and skills in the world can only do so much good if a student can’t learn to adapt to new technologies and circumstances with the ability to interpret the world through the mindset of a hacker.

Finally, apprenticeships are another way that universities and companies could work together to provide alternative career pathways that remove some of the barriers preventing more people from entering cybersecurity, as this, too, could help address the talent shortage. Crowdsourcing, once again, can also serve as an alternative pathway because whereas apprenticeships require a formal application process, with crowdsourcing, anyone can just immediately start doing it, build experience, gain exposure, and even get paid in the process via bounties. 

The cybersecurity field is growing and evolving at breakneck speed. Regulations, technology and the threat landscape all of these are expanding exponentially. Expecting one person to be able to do everything — the way one might expect a plumber to be able to address every plumbing problem — inevitably limits the perceived pool of capable professionals. On a more objective level, having too many barriers to breaking into the field does the same. Both higher education institutions and companies can implement some of the aforementioned adjustments in order to play key roles in helping make the talent gap a thing of the past.

Andrew Reifers is an associate teaching professor at the University of Washington Information School, where he teaches both undergraduate and graduate level courses in cybersecurity and information management. He has former experience as an network security engineer, principle application security consultant and chief technology officer, and was an application security consultant at a startup company he saw grow into a large company that was eventually bought out by CA technologies.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

UK sportswear retailer JD Sports is warning some 10 million of its customers that their personal data — including name, billing address, delivery address, email address, phone number, order details, and last four payment card digits — might have been exposed in a recent cyberattack.
Affected customers placed online orders with JD Sports between November 2018 and October 2020 for items branded JD Sports, Size?, Millets, Blacks, Scotts, and MilletSport, the company said in a statement.
JD Sports said while it cannot definitively say whether the data was accessed, the system holding the data was, so as a precaution, JD Sports is notifying and advising impacted customers to remain on the lookout for social engineering scams.
JD Sports does not store full payment card details, the retailer said, and there is no evidence that account passwords were compromised.
“We want to apologize to those customers who may have been affected by this incident,” Neil Greenhalgh, JD sports chief financial officer said in the cyber-incident disclosure. “We are advising them to be vigilant about potential scam emails, calls, and texts and [are] providing details on how to report these. We are continuing with a full review of our cybersecurity in partnership with external specialists following this incident. Protecting the data of our customers is an absolute priority for JD.”
While disclosure is the right thing to do for the retailer, notes Lior Yaari, CEO of Grip Security, letting the public as well as potential threat actors know about the breach without first resetting account credentials might in itself attract the wrong kind of attention.
“Retailers should approach a breach of customer data similar to an internal breach of employees — requiring every customer to reset their account credentials,” Yaari said in a statement provided to Dark Reading. “The official announcement from JD Sports and the news coverage sets the stage for the hackers to start sending out password reset phishing emails to the 10 million customers to harvest their credentials.”
Yaari predicts additional attacks will be fueled by this breach.
In fact, companies like JD Sports should avoid downplaying the significance of a compromise of customer data, according to Chris Denbigh-White, security strategist at data protection firm Next DLP.
“In JD Sports’ press release, the company took great steps to reassure customers that the extent of potentially compromised information was ‘limited,’” Denbigh-White explained in a statement provided to Dark Reading. “To a consumer, this exposure of personal information, which cannot be changed, is not a trivial matter and is likely to lead to further phishing and fraud attempts.”
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

Since the beginning of 2022, nearly 175,000 tech workers have lost their jobs in sweeping layoffs from firms both big and small, according to Layoffs.fyi, which tracks tech layoffs. No single industry or function has been immune from tech job losses, but cybersecurity roles still remain in high demand. 
Cybersecurity experts expect demand to remain high this year, and the U.S. Bureau of Labor Statistics projects that the number of cybersecurity jobs will grow by 35% between 2021 and 2031. Worldwide, there are about 3.5 million open cybersecurity jobs, according to Cybersecurity Ventures. In the U.S. alone, that number is about 770,000, data from Cyberseek, a cybersecurity industry research company, shows.
“That number might decline, but I suspect you’ll see the number of jobs decrease that are available, but likely not switch to less jobs available than available talent,” Nick Schneider, president and CEO of cybersecurity company Arctic Wolf, tells Fortune. “There’ll still be a skills gap. It will just be smaller.”
Fortune spoke with a few cybersecurity experts about what to expect for cybersecurity hiring trends in 2023. Cybersecurity pros predict that job demand will remain high, more women will land jobs in the industry, and that upskilling will be at the top of mind for both employees and employers.
An economic downturn—i.e. a potential impending recession—is no time to cut cybersecurity talent. While no industry is truly “recession proof,” the cybersecurity industry is “largely insulated from market downturns,” as Danny Allan, chief technology officer of data protection firm Veeam, previously told Fortune. 
That type of job security is largely due to the fact that data and digital services are critical to business operations, Allan adds, but it’s also because economic downturns can “ignite a fire under the bad actors,” when companies are most vulnerable. Schneider says. 
“Companies can’t afford to not have cybersecurity continue through an economic downturn,” Schneider says. Bad actors “also understand that companies are tightening budgets and tightening headcount. It’s a good opportunity to attack. Hopefully most businesses don’t take this opportunity to trim security staff, and I don’t think that they will.”
In the U.S., there are currently about 1.1 million people employed in the cybersecurity industry, data from Cyberseek shows. Globally, about 25% of women hold cybersecurity jobs, according to Cybersecurity Ventures. Experts predict that we’ll continue to see women representation in cybersecurity grow this year. In fact, cybersecurity company ReasonLabs has already reached gender parity for its analysts.
“What we are seeing today in the universities is the increase of women talent out there is close to 50-50 right now with the men,” Andrew Newman, chief technology officer at ReasonLabs, tells Fortune. “We’re definitely going to see a huge uptick in women employees. We’re heavily invested in that market today and we’re constantly looking to grow.”
Large organizations like Microsoft Security are also prioritizing hiring more women who are cybersecurity professionals. Microsoft Security launched an initiative where the company has committed to partnering with community colleges to train 250,000 people by 2025. 
“In the corporate world, we need to make sure we have diverse slates when hiring and that we are very intentional,” Vasu Jakkal, corporate vice president of Microsoft Security, told Fortune in a recent interview. “It’s going to take the entire village—from parents to school teachers to hiring managers to colleagues and peers to organizations—to elevate women and minorities into cybersecurity.”
To help combat the talent gap and barriers to entry, nonprofit cybersecurity certification organization (ISC)² launched a free online program called Certified in Cybersecurity to help entry-level cybersecurity candidates learn the basics of cybersecurity including security principles, business continuity (BC), disaster recovery (DR) and incident response concepts, access controls concepts, network security, and security operations. And in the three months since its inception, the program has registered more than 110,000 candidates.
“As we promote hiring for non-technical skills and personality attributes, it [gives] that little extra insurance that allows [employers] to have confidence that this person has demonstrated that they have the capability to understand these core concepts,” Clar Rosso, CEO of (ISC)², previously told Fortune. “Since this workforce gap is this big hairy issue, this is what we’re investing in now.”
Schneider also predicts that upskilling opportunities will act as an incentive for current cybersecurity workers to remain at their current posts as market volatility continues.
“My suspicion is that’s where most businesses will intrigue cybersecurity professionals during an economic downturn. It won’t just be all about compensation,” he says. “It will be a good combination of having the right job, the right benefits, the right training and enablement and the right opportunity for these professionals within their organization to do what they want in their career.”
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.

source

Around the world, employees have been experiencing extreme stress due to the ongoing pandemic, business disruption, and the faster pace of work. 
This is a mental state and lived reality that cybersecurity staffers experience day in and day out. When new hires start work on Day 1, they know what they are signing up for. Most organizations today face an unrelenting fusillade due to the accelerated pace of digital transformation. New threat patterns are emerging, credential compromise is raging, and cybercriminals are cooperating on strategies. 
So, for analysts in security operations centers (SOCs), there’s a thrill of the chase and rewards that come with stopping would-be attackers from damaging a company and its customers. However, there are also thousands of alerts to review each day, as well as the agony of defeat when a data breach occurs on their watch. 

Despite this reality, many teams have best-of-breed platforms at the ready. So, it’s actually getting easier for cybersecurity professionals to do their work. Behavioral analytics detect attackers rapidly and separate the noise from signals of malicious behavior, so that analysts can triage alerts faster. With automated workflows, analysts can focus on higher-level duties. A survey conducted by Chartered Institute of Information Security (CIISec) in 2020/2021 found that 53% of analysts said their organization is getting better at protecting the network and recovering from attacks, while 56% said their team was more adept at responding to cybersecurity incidents and breaches. 
First, it’s important to acknowledge that working within the cybersecurity industry is inherently stressful. Some 51% of analysts said they’re kept up at night by job stress and challenges. Factors include forced cancelation of education events due to the pandemic (66%), overwork (47% work more than 41 hours per week), insufficient budgets (53%), and increased difficulty executing key security processes such as reviews and audits due to remote work. 
Survey results don’t capture the distinction between good stress and bad stress. Good stress includes learning new skills, problem-solving on the job, collaborating with teams to track adversaries and respond to threats, and gaining new professional opportunities. Bad stress includes feeling unsupported by organizations and leaders, not having the tools needed to do the job, and experiencing a poor work-life balance. And then there’s situational stress, such as trying to execute processes remotely that are better done onsite, such as performing audits. 
Many of the cybersecurity issues raised in the CIISec survey point to a need for strong leadership that proactively identifies and resolves issues. But cybersecurity teams need servant leaders, not those who lead by establishing command and control structures. 
Servant leaders create authority by — you guessed it — serving their employees. Cybersecurity executives of this ilk are concerned about the well-being of the team, regularly checking in with team members on how they are doing, and removing roadblocks that harm operational performance. They’ll go to bat with upper management to get an increased budget for new tools and additional staff to smooth out workloads for teams. Servant leaders take turns serving on call to understand work conditions from analysts’ perspectives and hold regular team meetings to discuss key trends and issues. They’re also likely to look ahead to anticipate market and business developments and reposition their organization to get ready to meet them. As a result, these leaders’ teams feel supported. Analysts are not afraid to share problems or new ideas, as they know their leaders will listen, consider them carefully and, most importantly, respond.
Further, servant leaders develop their teams. They understand that cybersecurity analysts want to develop their knowledge and skills to progress their careers. Analysts cited job growth as the No. 1 reason they leave their existing roles and the No. 2 reason they take new jobs; right behind compensation. Respondents named taking training, cross-training across other technical and business areas, and working with experienced staff as high on their wish list for accelerating their careers. 
Given that professional development took a back-seat to fighting threats during the pandemic, cybersecurity leaders should push forward with career planning for their teams this year. Some 41% of analysts say their career development plans are only partially planned, while 11% say they aren’t planned at all. As a result, firms that excel in these areas can poach staff from less development-oriented firms, building their teams at a time when competition is keen for top talent.
The events of the past two years have put an undeniable strain on cybersecurity teams. Risks have grown, increasing teams’ workloads and weakening their sense of control. In addition, budgets haven’t kept pace with hiring, training, and tool requirements. 
What organizations need now is for servant leaders to step forward and make their cybersecurity teams’ professional effectiveness and personal happiness an important priority. Whether it is simply listening to analysts’ concerns, making strategic investments in improving operations, or fostering career growth, servant leaders gain authority by putting others first. With humility, accountability, and consistency, servant leaders create greater organizational cohesiveness, break down barriers to execution, and help their teams outperform, even in the most challenging market and business environments.
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

Wondering How To Get Into Cybersecurity? Here’s What You Should …  Forbes
source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
One of CISA’s greatest responsibilities is providing for the safety and security of our citizens, allies, and partners while providing an economic environment that promotes opportunity and prosperity. The use of Improvised Explosive Devices (IEDs) threatens these interests by killing, injuring, and intimidating citizens and political leaders around the world, inflicting damage on U.S. forces on the battlefield, and disrupting transportation and the flow of commerce. The terrorists and criminals responsible for these attacks are resilient, technologically adept, and adaptable. They employ the most recent and successful tactics, techniques, and procedures gained from experience in Iraq, Afghanistan, and around the world. The use of IEDs worldwide has increased in recent years, with the number of attacks exceeding 7,000 in 2021.
IEDs remain one of the most accessible weapons available to terrorists and criminals to damage critical infrastructure and inflict casualties. The tactics used in IED attacks continue to evolve as our adversaries seek to overcome countermeasures. We must continue to challenge ourselves and each other to be more effective against these threats as we work together to reach our shared national interests of safety, security, and prosperity. The threat from IED use will continue to evolve in response to our abilities to counter them. A whole-of-government approach that incorporates the lessons learned from the state, local, tribal, territorial, private sector, and international community in Counter-IED (C-IED) activities will best position the US to discover plots to use IEDs in the US or against US persons abroad before those threats become imminent. 
To reduce risk to the nation’s critical infrastructure, the Office for Bombing Prevention (OBP) employs several programs and develops and delivers a diverse curriculum of training and awareness products to build nationwide C-IED core capabilities and to enhance awareness of terrorist threats. CISA’s OBP seeks to enhance the nation’s ability to prevent, protect against, respond to, and mitigate the use of explosives against critical infrastructure, the private sector, and federal, state, local, tribal, and territorial entities. 
Coordinated through state homeland security officials and training offices, OBP courses educate on strategies to prevent, protect against, respond to, and mitigate bombing incidents. Federal, state, local, tribal, and territorial participants include municipal officials and emergency managers, state and local law enforcement and other emergency services, critical infrastructure owners and operators, security staff, and public and private sector partners. 
The Security and Resiliency Guide and Annexes are intended to assist stakeholders to plan and implement C-IED activities within their overall public safety and emergency management approach. 
TRIPwire is the Department of Homeland Security’s collaborative information-sharing and resource portal. 
The guidance and resources on this page outline in-depth procedures for either bomb threats or suspicious items and will help you prepare and react appropriately during these events.
Technical Assistance is the access point for bombing prevention suite of training, tools, products, services and resources.
Bombing prevention training is available through multiple platforms: direct delivery in-person in a classroom or in-residence at the Federal Emergency Management Agency’s (FEMA) Center for Domestic Preparedness (CDP), online through a Virtual Instructor-led Training (VILT) platform, and through Independent Study Training (IST).
Bombing prevention products/resources—including cards, posters, checklists, guides, videos, briefings, and applications—provide C-IED  awareness information to prevent, protect against, respond to, and mitigate bombing incidents.
To report suspicious activity, call 9-1-1 or contact local law enforcement.
Please contact your local Protective Security Advisor (PSA) or send an email to the Office for Bombing Prevention (OBP) at OBP@cisa.dhs.gov for additional information about OBP products and programs, or to schedule a training session or a planning workshop.
Informed, alert communities play a critical role in keeping our nation safe. Everyone has a responsibility to protect our nation—”If You See Something, Say SomethingTM.”

source