Category: Uncategorized

With the number of cyberattacks rising and a widening gap in the cybersecurity talent pool, companies are taking a harder look at resources needed to combat a growing workforce issue. In the U.S. alone, there are more than 700,000 unfilled cybersecurity positions. Globally, there are 3.5 million cybersecurity jobs left to be filled, according to Cybersecurity Ventures.
While some higher-level cybersecurity positions require advanced certifications, many entry-level positions can be filled by people who have less training. This could include upskilling courses, self-training, or learning on the job. While four-year degrees or master’s degrees aren’t always required to land a cybersecurity job, some companies and organizations are working to develop workforce training with community colleges and other educational institutions to prepare the future cyber workforce. 
“There’s a career in cybersecurity for everyone because it truly is the foundation of our digital world,” Vasu Jakkal, corporate vice president of Microsoft Security tells Fortune. 
Microsoft Security, the $15 billion cybersecurity arm of the Fortune 500 tech giant, in 2021 launched a national campaign with U.S. community colleges to help skill and recruit 250,000 students into the cybersecurity workforce by 2025. Girl Security, a nonprofit focused on cybersecurity workforce development for women and other minority communities, provides programming with the goal to achieve equity in the national security sector. Globally, about 25% of women hold cybersecurity jobs, according to Cybersecurity Ventures.
Fortune had a roundtable discussion with Jakkal and Girl Security Founder Lauren Buitta to learn more about efforts to combat the cybersecurity workforce gap and how to address it.
Fortune: What are the biggest challenges associated with the cybersecurity workforce gap?
Buitta: It’s important for folks to understand that cybersecurity as we now know it is a relatively nascent professional field. If you think about law or medicine, those are professional sectors that have taken over a century to develop. One primary challenge is that the workforce is trying to get up-to-speed with the skills that it knows we need to remain competitive in a global economy. 
Jakkal: Cybersecurity is this nascent field, but it’s growing exponentially just given the way the world works today. We saw that during the pandemic businesses and homes had to become digital, and that created this expanding attack surface that can easily get exploited. We’ve seen cybersecurity being top of mind for all organizations and cyber attacks happening to everyone. You have this perfect storm that’s happening—perfect storm of opportunity, as well—where there’s a talent shortage. That it opens incredible possibilities for women and minorities who may not necessarily feel it’s a field for them today.
How can the U.S. start to get ahead of the cybersecurity workforce gap?
Buitta: Basic cybersecurity awareness can start in the home and it can start as early as childhood. This includes normalizing a discussion around digital security, trust, and safety. Leveraging resources to activate public education in the home and community is very important. If we look at STEM studies and just what we’ve seen in terms of women’s representation in STEM, there’s a lot of important lessons to learn. We need to be getting to diverse populations sooner, which is why our partnership focuses on that important bridge-way between high school to college, where there really is a lack of continuous opportunity. It’s important to not just give access to education, but also hands-on learning. 
Jakkal: Today, 71% of women believe that cybersecurity is too complex of a career for them. More than 25% of all grownups believe that parents are more likely to steer their sons into cybersecurity than their daughters. These myths need to change. For cybersecurity to be a career for everyone, we need to start with myth busting and role modeling. 
We launched an initiative where we’ve committed to train 250,000 people partnering with community community colleges by 2025. In the corporate world, we need to make sure we have diverse slates when hiring and that we are very intentional. It’s going to take the entire village, from parents to school teachers to hiring managers to colleagues and peers to organizations, to elevate women and minorities into cybersecurity.
Are non-technical skills valued in the cybersecurity industry?
Buitta: Girl Security has always valued what we call enduring skill sets. We engage with girls and gender minorities in our program by asking them what ideas about work, school, responsibility, or jobs they were raised with. Oftentimes when girls come to the table, they say things like, “my parents always told me to tell the truth,” or “hard work is important,” or “working with classmates is important.” Cybersecurity requires collaboration, ethical decision making, and thinking innovation. We really focus on some of those core skill sets that we know are going to be extremely valuable in a changing environment.
Jakkal: One of the things we need to change is how we talk about cybersecurity. For a long time, cybersecurity has been very technical. It’s been very fear-based and really dark. We need to tell stories of inspiration and hope, because that’s what cybersecurity is about. It’s about innovation.
There’s a career in cybersecurity for everyone. Security is for all. Whether you are a neuroscientist, whether you’re a psychologist, you need that, whether you have studied the law, you need that, whether you’re an engineer, you need that, whether you tell great stories, you need that. There’s a career in cybersecurity for everyone because it truly is the foundation of our digital world. 
Candidates sometimes get discouraged because companies are looking to hire only the cyber elite. What do you have to say about that?
Buitta: There’s no question that those perceptions are impediments, certainly around the certifications and the associated costs with certifications. The positive is that these conversations are yielding really innovative models to equip the workforce sooner with the cyber skillset that they’ll need while thinking about ways to minimize the cost of populations. But we have a long way to go. At Girl Security, we provide stipended training that is also virtual, so it’s accessible from anywhere. 
Just like Microsoft, we’re focused a lot on community colleges: saving cost upfront, making the field as accessible as possible, and then creating a continuum into pathways. We have to have that pipeline in place that is low-cost, accessible, and yields a job for someone who needs a job. There’s plenty of jobs available, it’s just a matter of finding people, making the message accessible and providing them that direct pipeline into an opportunity at a company like Microsoft Security.
What training is really valuable for starting a career in cybersecurity?
Jakkal: When there’s an abundance of opportunities, there are many ways of getting into that opportunity. We do have an incredible talent shortage. Going back to a myth buster, 37% of the people that we surveyed said that they thought a college degree was necessary to be in security. It’s not true. You don’t need a college degree. Many security jobs don’t require a four-year college degree. You can qualify by getting a certificate, an associate degree from a community college. Hence, why we are working with community colleges. There’s also a lot of resources for free because it can be daunting.
The cost itself can be daunting, but there’s a lot of resources. Microsoft has a massive content repository that we have made available. We have made certifications. These are available to anyone who wants to take them, and there are ways you can train yourself and get into cybersecurity. We have this abundance of opportunity, which creates new ways of getting in, and we need to educate people about all these facets about how they can get in.
What other advice do you have for someone trying to break into cybersecurity?
Buitta: For anyone who is interested in the cybersecurity field, especially a young person, it’s understanding that the field needs them. Wherever they see a place for themselves, there is a potential career pathway for them. There are organizations and companies committed to see them thrive in this environment. There are a lot of resources out there. There is a lot of support out there. The workforce really needs that diverse community.
Jakkal: There are lots of jobs in cybersecurity. There is a job for everyone. You need to have the passion for it, you need to understand it. That’s on us to simplify cybersecurity and to explain it. My call to action would be for all our youth, for all our girls in diverse populations, to really believe that there’s something in cybersecurity for them. It’s our responsibility to create those opportunities for them. 
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.

source

kras99 – stock.adobe.com
Vendors will engage in buzzword bingo at upcoming cybersecurity conferences and elsewhere throughout the year. Security professionals need to define these terms based on existing defenses, requirements and resources.
According to the “2023 Technology Spending Intentions Survey” conducted by TechTarget’s Enterprise Strategy Group (ESG), 65% of organizations will increase cybersecurity spending in 2023. This is due to the following undisputed facts:
CISOs will be a bit cautious due to economic uncertainty, postponing large projects in favor of tactical adjustments and maximizing the efficacy of existing tools. Nevertheless, organizations will be in the market for technologies that help them fill gaps or address emerging threats and challenges.
Given plans for tepid but consistent investments in 2023, I anticipate a lot of creative marketing from cybersecurity vendors. Here are some of the cybersecurity terms we’ll hear a lot at RSA Conference, Black Hat and Infosec Europe and strewn through vendor and analyst publications. Most are not new, and they will all become buzzwords.
NIST defines cyber resilience as “the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources.”
This covers the whole cybersecurity enchilada — threat modeling, a cyberthreat intelligence program, defense in depth, fault tolerance, network segmentation, incident response, backup and recovery, etc.
In other words, cyber resilience is a full lifecycle process, including planning, preparation, workflows and a collective effort across multiple products. Based on this, no one product can deliver cyber resilience, but promotional wordsmiths will still embrace this term in their marketing messages. When confronted with this pitch, security professionals should push vendors on where their products fit in cyber-resilience lifecycle processes, how they complement other products and how security teams should measure their performance.
Imagine if numerous organizations within a single industry pooled their resources to establish a common fusion center — for example, threat intelligence analysis, security operations or incident response. This collaboration could be a rising tide that floats all boats, educating security teams while making them more proactive and productive. OmniSOC is a good example of collective defense. It supports multiple universities — including Clemson, Indiana University, Northwestern University and Rutgers — as well as a number of National Science Foundation facilities. Vendors such as CrowdStrike, Palo Alto Networks, Splunk and Trend Micro can act as collective defense hubs, analyzing threats at one customer to then distribute threat intelligence, detections and blocking rules to others. For other vendors, collective defense messaging may equate to little more than basic threat sharing. Security professionals should push vendors for details when this term comes up.
OK, I made this one up to encompass a whole family of terms: cloud detection and response (CDR), data detection and response (DDR), identity detection and response (IDTR), etc. These newish areas simply follow the detection and response (DR) trend.
Endpoint forensic software gained some real-time functionality to become endpoint detection and response (EDR); same with the transition from network traffic analysis to network detection and response (NDR). More recently, extended detection and response (XDR) emerged to consolidate diverse and isolated capabilities from point products.
This raises a potential security industry conundrum: Do we need more *DR technologies, or will this functionality be subsumed by XDR? I postulate that both situations are true. Large organizations with dynamic and complex applications and infrastructure will benefit from granular domain-based detection and response options, which make up about 20% of the market. The other 80% will get what they need from increased data collection, a greater effort around detection engineering, advanced analytics, process automation and existing tools and technologies. If this still seems too complex, managed services can be considered.
Allow me to sort through this alphabet soup. XDR is a product purchased from a single vendor. Managed detection and response, or MDR, is a service purchased from a service provider. With XDR, you care about what’s under the proverbial hood. With MDR, you care about outcomes, not the machinery and knobs that make it work.
This binary situation doesn’t always apply, however. Many security professionals are “gear heads” by nature — programmed by experience to want to kick the tires and evaluate the efficacy of individual security tools. Still, their organizations may not have the appropriate staff or skills to keep up with even the best XDR products available.
Managed XDR (MXDR) provides a “have your cake and eat it too” option. Organizations can choose the best XDR and then find a managed services dance partner to augment their internal team. MXDR may seem like a silly subtlety between XDR and MDR, but ESG research indicates it will be a popular option. When asked what type of MDR vendor they would choose, 34% of respondents said they would choose a vendor that is primarily focused on XDR.
Passwordless authentication is “a verification process that determines whether someone is, in fact, who they say they are without requiring the person to manually enter a string of characters.” Most organizations will be instantly attracted to passwordless authentication because it promises to reduce end-user friction while improving security efficacy through zero trust.
The problem is that passwordless authentication depends upon a bevy of other things, such as directory synchronization, multifactor authentication technologies, biometrics, device types and identity standards including FIDO and OpenID. Since everyone wants to get rid of passwords, the term passwordless authentication will be passed around the industry like a joint at a Grateful Dead concert, but it’s meaningless without a more thorough perspective.
A software bill of materials (SBOM) is defined as “an inventory of all constituent components and software dependencies involved in the development and delivery of an application. It has become an increasingly common and critical component of software development lifecycle and DevSecOps processes.” The term gained popularity as a result of section 4 of the White House’s May 2021 executive order, enhancing software supply chain security. SBOMs will become part of conversations around attack surface management, application security, open source software and cloud-native application development.
Unfortunately, that’s the problem. When SBOM is part of everything related to application development, it will get coopted and watered down. Securing the software supply chain is something every organization should do, but with an agreed upon plan that aligns with their individual technical and cyber-risk management needs and capabilities.
My ESG colleagues have suggested some others to add to this list, and I’m sure we’ve missed some popular ones. Let me know.
Cisco Viptela SD-WAN integration with Cisco+ Secure Connect brings cloud-based security to remote workers and easier …
Extreme Networks extends its SD-WAN network fabric to the edge to unify wired, wireless and WAN networking for simpler network …
Hybrid access as a service from a startup helped a global company secure optimized connectivity over home broadband connections. …
Technology products remain a mixed inflationary bag as server prices increase, storage costs decline and equipment delivery lead …
In its pursuit of big tech companies, the FTC theorizes their dominance is based on acquisition of nascent companies — a theory …
Two upcoming Supreme Court cases could significantly change how Section 230, which protects social media platforms from liability…
Internet Explorer mode lets users view legacy IE websites not supported by other browsers, which can increase productivity and …
Implementing MDM in BYOD environments isn’t easy. IT should communicate with end users to set expectations about what personal …
Dell joined Microsoft in cutting 5% of its workforce due to slowing PC sales. The company said the action will better position it…
Workloads with rigid latency, bandwidth, availability or integration requirements tend to perform better — and cost less — if …
Utilities and manufacturers are examples of industries using distributed cloud computing in private facilities to collect and …
If your cloud-based workloads and applications need to move back on premises, you’ll need a plan. Start your reverse migration …
Only days away from the eyes of the comms world turning to Barcelona, comms tech firms team with leading Spanish operator to demo…
UK’s leading telco switches on dedicated internet of things frameworks for businesses across the UK, allowing them to keep smart …
People are interested in STEM careers but many feel underqualified, while some don’t even know what counts as a STEM job, IBM …
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

The cyber threat landscape continues to evolve rapidly, but with more than 760,000 open positions in the US, the gap between supply and demand remains wide.
The cyber threat landscape continues to evolve rapidly, but with more than 760,000 open positions in the US, the gap between supply and demand remains wide.
 
It’s an understatement to say that the COVID-19 pandemic upended the world of work. On an individual level, the pandemic gave people the time to reflect and evaluate their careers and decide whether or not they were satisfied. On a macro level, businesses were required to change everything about how they managed and supported employees.
 
While the current job market is robust, with a 2:1 ratio of open positions to candidates, the pandemic, global geopolitical instability, and rapid and sustained inflation have put that ratio in danger. While economists are divided on the specifics, indicators point to a recession. This is the last thing employees and corporate leaders want to think about in the aftermath of a global pandemic, in the midst of a mass reshuffling of the labor market, and unprecedented cybercrime.
 
Rapid digital transformation and digital reliance necessitated that companies have a strong team in charge of their cybersecurity needs. The cyber threat landscape continues to evolve rapidly, but with more than 769,000 open positions in the United States, the gap between supply and demand remains wide.

 
Recessions are usually most difficult for those entering the workforce for the first time and other so-called “low-skilled” workers. However, the lack of talent in cybersecurity, coupled with the increased demand, means that it is a recession-proof industry. There are many opportunities for people without technical backgrounds to gain the skills, education, and experience necessary to succeed in IT by using cybersecurity as a starting point.
 
Workers have changed, and companies need to as well.
 
In 2021, 47 million people voluntarily left their positions in the U.S. in search of better pay, benefits, or personal and professional fulfillment. This mass exodus forced organizations to reconfigure their recruitment and retention strategies to better align with the changed needs and expectations of workers. Gen Z, in particular, is demanding better compensation and greater personalization in their job experiences. Organizational flexibility and agility are especially attractive to today’s job seekers.
 
The demographics of tech job seekers are changing as well. Traditional college enrollment is decreasing, and while there will always be degreed engineers and computer scientists, applicants with cross-functional skills or non-traditional education credentials are increasingly attractive. The need for talent in this area is so pressing that concessions are being made to give people experience and training more rapidly. Companies are responding to this urgent need for talent by reducing degree and experience requirements to attract more entry-level workers. Second, there has been a marked increase in skills-based educational programs that can teach non-technical workers the basics of coding and other IT skills more quickly than a four-year degree program.
 
To encourage growth in the tech sector, the White House, in partnership with the Departments of Labor and Commerce, launched the Cybersecurity Apprenticeship Sprint Campaign. This national campaign encourages employers, industry associations, labor unions, and training providers to explore the Registered Apprenticeship model for cybersecurity recruitment, training, and retention strategy. The campaign offers new pathways for workers to pursue opportunities in cybersecurity through partnerships with educational institutions, infrastructure leaders, and public and private entities.
 
As more professionals look for meaning in their jobs—it’s a key priority for workers—careers in cybersecurity offer a wealth of options. Not only do cybersecurity jobs impact a variety of sectors, but they also impact people directly in the contexts of international online data collection, privacy, and digital threats. Workers can derive both personal meaning and professional meaning from cybersecurity careers. On a personal level, more than ever, cybersecurity can be seen as a public service. It directly ties to a nation’s strength and stability. Cybersecurity professionals contribute to creating a safer world for all people by setting new standards, implementing new techniques, and holding companies to higher standards. With the rapid growth the industry is experiencing, professionals have the opportunity to get in on the ground level and build a new standard in security. Cybersecurity careers give workers meaning as they strive to create safer digital spaces to protect individuals and organizations.
Companies are investing heavily in cybersecurity careers, affording entry-level workers opportunities to develop new skills.

My company, Ascent Solutions, offers an apprenticeship program that trains, develops and mentors individuals passionate about cybersecurity and learning. Apprentices get valuable, paid, on-the-job experience and training with field experts. The credentials earned through the program are nationally recognized and allow us to do our part in building a truly modern cybersecurity workforce. 
 
As there is a significant skills gap contributing to the cybersecurity staffing shortage, the apprenticeship model is an excellent way for workers with or without a technical background to gain in-demand skills. Cybersecurity workers need real-world experience to tackle the constantly evolving nature of the threat landscape. It’s less about having the perfect technical background and more about having the desire to learn and gain practical experience. Even within an organization, there may be non-technical workers who are interested in pivoting into a cybersecurity role. Developing an internally focused mentorship or professional development pathway for these types of individuals can be one means of creating a homegrown security workforce.

Cybersecurity is a rapidly changing and increasingly interesting field.

Cybersecurity is constantly evolving. Attacks are more prevalent and sophisticated now, coming from well-organized groups. In order to meet this challenge, public and private entities need to develop more diverse strategies and resources to ensure both national and personal digital security. As a result, there is an opportunity to explore multiple avenues for career growth and enrichment within the field.
 
The fast pace of the industry means that individual roles are constantly evolving. An entry-level analyst may find themselves supporting multiple teams within an organization, giving them a chance to gain valuable insight and develop useful cross-functional skills. New workers can leverage these skills to gain promotions and even create new roles within an organization. The CISO/CSO role was first introduced in 1994 and, since then, has evolved into a critical seat in the C-suite. As the threat landscape and cybersecurity industry continue to grow, more roles will likely surface to address the common and often very specific vulnerabilities that exist within the widened digital landscape.
 
Securing and modernizing our most critical digital assets is needed to assure growth and stability in uncertain times. Every industry and individual is still recalibrating to the massive changes and challenges of the last two years. Cybersecurity is an ideal starting point for workers eager to explore new career paths in the tech industry. For seasoned professionals looking to switch careers or join a new industry, cybersecurity presents a unique and exciting opportunity to build from the ground up.
 
With further upheavals on the horizon, workers are seeking out recession-proof careers that will offer stability and ensure employment. Cybersecurity has become essential work—companies need cybersecurity professionals to function, and individuals need cybersecurity protection at both the private and public levels. These jobs will only become more critical to the function of society. This is what makes cybersecurity a recession-proof industry.
 
The world needs a self-sustaining ecosystem of skilled workers to combat the varied cyber threats we face today. New career seekers can explore the wealth of opportunities available within the cybersecurity world and find careers that are interesting, fulfilling and recession-proof.

JD Harris is Chairman and CEO of Ascent Solutions, the partner to solve the most challenging cybersecurity problems. He leads the overall company as both chief strategist and visionary. JD works with outside parties, banks, partners and customers on a frequent basis.
Check out our free e-newsletters to read more great articles..
©2023 Automation.com, a subsidiary of ISA

source

CEDAR RAPIDS, Iowa (KCRG) – A new bill advancing in the Iowa legislature would address cyber security in the state.
It would create a cyber security unit. This group would monitor, manage, coordinate and report incidents happening within Iowa.
A subcommittee passed the bill yesterday.
This follows several cyber attacks targeting Iowa schools in recent months. This includes Cedar Rapids and Linn-Mar schools. The latest incident targeted Iowa’s largest school district in Des Moines.
Copyright 2023 KCRG. All rights reserved.

source

What to Know About T-Mobile Data Breach  NBC4 Washington
source

UNT’s Ram Dantu and Mark Thompson [Photos: UNT]
Cybersecurity researchers at the University of North Texas have new funding worth up to $750,000 from the NSA for cybersecurity research.
There are 750,000 unfilled jobs in the cybersecurity industry, according to a university news release. The grant award supports a new online platform to find out why—and make it easy for employers to find talent through an online database.
The platform will also help cybersecurity experts better understand the intent behind emails, social media posts, and blog posts to identify threats.
“There are other governments spying on us all the time,” UNT’s Ram Dantu said in a statement. “You see lots of news about ransomware attacks and cyber attacks, and some of these are done by foreign agencies.”
“We need a large workforce to combat this, and we don’t have the workforce,” he added.
The director of UNT’s Center for Information and Cyber Security is a principal investigator in the project, along with UNT’s Mark Thompson, a clinical assistant professor of computer science and engineering.
Dantu, who is also a professor in UNT’s College of Engineering, and Thompson will receive $500,000 for the first two years and an estimated $250,000 increment for the third year from the National Security Agency’s National Centers of Academic Excellence-Cybersecurity, or NCAE-C.
UNT’S Network Security Laboratory, led by Dantu within the Department of Computer Sciences, has been awarded two consecutive federal grants from the NSA and NSF.
“Our lab considers how we want to use the technology and research for the benefit of our communities and our citizens,” Dantu said.
Now Dantu and Thompson will help build the NCAE-C’s online platform that collects and compiles cybersecurity-related data using natural language processing and artificial intelligence techniques.
The website project is part of the NCAE-C’s Careers Preparation National Center.
The data is about the current state of the industry and the intentions of employers who post jobs is being compiled to help understand why the cybersecurity industry has so many unfilled jobs.
In addition to an online database that makes the platform easy for employers to find talent, the website also will include a tool to make sure that education matches the skills needed in the industry.
It has other applications that are important, too, UNT says. That includes threat identification.
“The government is looking at the advancement of hacks and threats facing future technologies,” UNT’s Ram Dantu said in a statement. “We’re working on how to detect and mitigate these next-generation threats in our lab.”
Dantu, who works on multiple NSA-funded projects, has received a total of $2.5 million in grants in about two years. Together with UNT associate professors of computer science and engineering Kirill Morozov and Sanjukta Bhowmick, he helped create a way for cell phone data to be shared safely and anonymously to find COVID-19 super-spreader events in the pandemic. Using data from mobile devices to make anonymous contacts was a part of the work that helped find active spreaders and communities.
Thompson aims to help increase the numbers and quality of cybersecurity experts. He researches and develops competency assessment instruments for work skill readiness for cybersecurity, as well his mentorship programs for doctoral students and industry practitioners to produce highly qualified academic staff. His goal? To inspire and motivate the next generation of cybersecurity experts.

Sign up to keep your eye on what’s new and next in Dallas-Fort Worth, every day.
One quick signup, and you’re done.
View previous emails.
Minneapolis-based startup Ascent Solutions recently announced it has chosen Cypress Waters in Coppell for its new 33,000-square-foot “cybersecurity epicenter.” The center will house secure areas for cyber investigation, automation, and intelligence. But it will also feature a nationally scaled cyber apprenticeship program and serve as a think tank to drive thought leadership in the industry. CEO JD Harris tells Dallas Innovates the center will be a place for “cyber professionals to gather to share important ideas, pilot critical technologies, and test many new security processes, systems, and workflows.”
The funding from the National Institutes of Health will help UNT HSC at Fort Worth advance its ongoing research on how Alzheimer’s disease affects different racial and ethnic groups. Sid O’Bryant, executive director of UNT HSC’s Institute for Translational Research, said there’s never been a large-scale study like this before. “This award and project are nothing short of a bio behavioral ‘moonshot’ program,” adds Brian Gladue, HSC executive VP for research and innovation.
The University of North Texas BioDiscovery Institute’s $1.4 million grant from the W. M. Keck Foundation is seeding research in sustainable medicine—literally. “What we’re thinking long-term is that if plants can store medicines in seeds, you eat the seeds, and the medicine is already contained. You don’t have all these factories, you don’t need any chemicals—it’s just there and available,” said UNT lead researcher Elizabeth Skellam.
Slated to be built in Fort Worth’s Historic Southside neighborhood, the planned $70 million museum will get the city funding once the balance for the project has been raised. Designed by the New York office of Denmark-based Bjarke Ingels Group, the building will house the museum on its second level, with a business incubator, restaurant, 250-seat amphitheater, and storefronts at ground level. “Literally and figuratively, it was designed to be a beacon of light in an area that has been dark for a very long time,” says Jarred Howard, principal of the project’s developer.
University of North Texas faculty members Alexandra Ponette-González and Matthew Fry will soon launch a a five-year study—backed by a $1.5 million grant from the National Science Foundation—to explore how digital tools like i-Tree influence urban forest sustainability and equity. Cities across the U.S. use this technology to help make decisions about our urban forests—which encompass all the trees and shrubs that exist on public and private land within each city. The UNT team will work with researchers across the U.S. to see how the technologies impact equitable access, involve local constituents in decision-making, represent people’s values and preferences, and affect the removal of air pollution. “Theoretically, digital tools…
Making news for the second time this week, the Frisco-based Pro Volleyball Federation today announced Atlanta as the league’s third market, with Atlanta businesswoman Colleen Durham Craig as the PVF’s first female team owner.…
Dallas-based Mary Kay Inc. has appointed Sheryl Adkins-Green as its new Chief Experience Officer, the global beauty company announced. In the role, Adkins-Green will focus on ensuring that the millions of the company’s independent beauty consultants who work with the company are able to provide an exceptional customer experience….
The Cancer Prevention and Research Institute of Texas approved over $90 million in new cancer research and prevention grants at its quarterly meeting near the Texas Capitol on Wednesday—and $20.6 million of that money is coming to North Texas….
Making news for the second time this week, the Frisco-based Pro Volleyball Federation today announced Atlanta as the league’s third market, with Atlanta businesswoman Colleen Durham Craig as the PVF’s first female team owner.…
Dallas-based Mary Kay Inc. has appointed Sheryl Adkins-Green as its new Chief Experience Officer, the global beauty company announced. In the role, Adkins-Green will focus on ensuring that the millions of the company’s independent beauty consultants who work with the company are able to provide an exceptional customer experience….
The Cancer Prevention and Research Institute of Texas approved over $90 million in new cancer research and prevention grants at its quarterly meeting near the Texas Capitol on Wednesday—and $20.6 million of that money is coming to North Texas….
A collaboration of the Dallas Regional Chamber and Dallas Next, Dallas Innovates is an online news platform covering what’s new + next in Dallas – Fort Worth innovation.
© Copyright 2023 | All rights reserved.

source

Zoetop Business Company, the firm which owns fast fashion brands SHEIN and ROMWE, has been fined US$1.9mn by the state of New York after failing to disclose a data breach which affected 39 million customers.
The cyber security incident which took place in July 2018 saw a malicious third party gain unauthorized access to SHEIN’s payment systems. According to a statement issued by the state of New York’s Attorney General’s office SHEIN’s payment processor contacted the brand and disclosed that it had been “contacted by a large credit card network and a credit card issuing bank, each of which had information indicating that [Zoetop’s] system[s] have been infiltrated and card data stolen”.  
This discovery was made after the credit card network found SHEIN customers’ payment details for sale on a hacking forum. Separate to this issue, the issuing bank for the cards had issued a fraud alert after linking fraud for several customers to payments made to SHEIN.
Following the discovery of the cyber-attack, the payment processor informed SHEIN that they must employ a cyber security forensic investigator to look into the case. The firm employed by Zoetop found that during the cyber-attack malicious actors had gained access to SHEIN’s internal systems and had accessed personal and identifying information for 39 million customers. 
The data accessed included “names, city/province information, email addresses and hashed account passwords”. However, the method used to obscure them was vulnerable to hacking, allowing the malicious actors access to customers’ full password details.
Additionally, the login credentials of nearly 7.3 million ROMWE accounts were stolen in the breach and were later found for sale on the dark web in 2020.
An investigation by the New York Attorney General’s (AG) office found that Zoetop did not force any of the 39 million people affected to reset their account passwords. Zoetop instead identified 6.4 million customers of the 39 million affected who had previously placed an order with SHEIN and contacted them directly, suggesting they reset their password. Zoetop reset the passwords for the accounts affected by the ROMWE attack without informing them that they had been exposed in a data breach.
The New York AG also reported that a press release regarding the 2018 breach issued on a FAQ section of the SHEIN website contained misleading data. This included claims that only 6.4 million customers were affected in the breach and that there was “no evidence that [customer] credit card information was taken from [its] systems”, despite being previously informed that credit card data had been stolen in the breach.
The investigation discovered that Zoetop “did not provide the firm access to the compromised systems and a variety of information about [its] data security program”, “failed to adhere to PCI DSS requirements for protecting stored credit card data” and “did not use file integrity monitoring, monitor or analyze log files, retain an audit trail history, or perform quarterly network vulnerability scans”.  
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

By Tonya Riley
January 19, 2023
The telecom giant T-Mobile, which has suffered several massive data breaches in recent years, disclosed in a financial filing Thursday that the company is investigating another breach that impacted as many as 37 million users.
A malicious actor was able to gain access to an internal system allowing them to steal account information including names, billing addresses, emails, phone numbers, dates of birth and account numbers. The bad actor was not able to access Social Security numbers, driver’s licenses, passwords/PINs, or other financial information, according to the filing.
T-Mobile reported that its investigation into the breach is ongoing but “malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”
The bad actor appeared to first breach an application programming interface around Nov. 25, 2022, and T-Mobile discovered the intrusion on Jan. 5. The company states that it has notified federal agencies about the incident and is working with federal law enforcement.
The Federal Communications Commission told CyberScoop the agency is investigating the breach.
“Carriers have a unique responsibility to protect customer information. When they fail to do so, we will hold them accountable,” an FCC spokesperson wrote in an email. “This incident is the latest in a string of data breaches at the company, and the FCC is investigating.”
This is T-Mobile’s sixth major breach since 2018. T-Mobile suffered a breach of 50 million accounts in 2021, sparking an investigation by the FCC. The results of that investigation have not been made public, but it could lead to significant fines for the company.
The FCC announced earlier this month it is exploring a rulemaking process that would require telecom companies to report breaches to consumers immediately unless otherwise advised by authorities. Current rules require carriers to wait seven days to notify customers of a breach.
Update Jan. 19, 2023: To include comment from the FCC.

source

Check out some of the best cybersecurity jobs that you can pursue based on your skills and experience.
Are you a recent IT or cybersecurity graduate, and have yet to decide what field to go into? Whether you're a college student with zero experience or have worked in the field for a while, you'll know that IT and cybersecurity have many jobs on offer.
The key is to understand what career best suits your skills, and the cybersecurity space will only keep growing.
Viruses are everywhere, just as much as how often individuals or groups like to steal data. If you like the idea of being able to protect an individual or company's information, an IT Security Engineer would be a great role to pursue. You'll be the first line of defense for a range of businesses, protecting their personal information from attackers and securing the online landscape from danger.
You'll prevent threats by setting up firewalls and systems, conducting regular security assessments, investigating any breaches, keeping up to date with security policies, and staying on top of industry standards. When a company's database is at risk of being leaked, you'll be the professional they look up to for support.
Do you have strong attention to detail and enjoy analyzing information and tallying up the numbers? The role of a cyber analyst is crucial to security housekeeping, implementing a range of security protocols, and locating flaws in a company's system. In this job, you're the first line of defense.
As a security analyst, your day-to-day tasks may include:
Playing the role of a hacker, you attack the company's network in the hope of finding any weak spots. That said, here are the best intrusion detection and prevention systems to boost your cyber security. It's bound to make you industry-ready.
Are you interested in making a difference and great at implementing strategies? If so, you would be perfect for the role of a security consultant. As part of your role, you'll assess systems, ensure there are no breaches, and consult with other companies. On a daily basis, you could be coordinating a team, meeting with clients, presenting reports, and training staff members.
You could also be designing and putting into place security plans for a range of clients, suggesting improvements, running risk assessments, and so much more. You'll be helping many people to keep their company safe, so this job is perfect if you enjoy supporting others, and companies and enhancing their security.
This job is very different from a penetration tester, or ethical hacker. As an information security auditor, your role involves reviewing information systems, similar to how a customer service representative would examine a phone to ensure it's functional.
Your responsibilities would include:
You'll be a person who reviews this system regularly, doing housekeeping on security systems.
Do you enjoy building and developing new technology? As a system security programmer or engineer, you'll be in charge of writing software that is powerful enough to protect important computer data.
This program needs to be safe from outside threats, effective enough to keep company information safe, functional, and work as needed. You'll need to have a high level of written and verbal communication skills to connect with the engineering teams, creativity, and know how to work under pressure.
When a company needs to be shielded from threats, you want to always have the tools to fight back. Want to get started protecting your own computer systems? Here are some helpful security tips to consider when using a Microsoft account.
A cryptographer may be an exciting career option, whether you've always had an interest in different languages or have always enjoyed decoding symbols or messages. This can protect a number of businesses or companies from having their information leaked, such as sensitive data.
You may be working for the government or the technology and finance industries, protecting data by turning them into algorithms and encryption that are very difficult to decipher. Likewise, you may have the ability to break down hidden codes and access these messages as a cryptanalyst.
Cryptographers can also work for the military and national security, including health records or bank account details. If you want to build on these skills, you will be an asset to any team.
Have you always considered yourself a team leader, and think you'll work managing security systems? As a computer security manager, you're ticking the boxes for the security of a company or organization as a whole. Project management is your second language.
Besides overseeing security processes, you are also managing employees, creating security procedures, training new employees, investigating breaches, overseeing company budgets, and developing policies.
This is a very important role, so if you're aiming for a position where people look up to you, this is the role for you. Want to get ahead of the game? These best free project management tools available on Windows will get you started.
With the constant rise of cyber-attacks and unethical hacking of computer systems, cybersecurity roles are going to need to be filled. If you do decide to pursue a cybersecurity role, it's a great space for job security, competitive pay rates, and many opportunities for growth, and it will always offer you the chance to make a difference.
Cybersecurity jobs are expanding, and they are unlikely to decline anytime soon. Regardless of how tight a network may be, there is a range of cybersecurity mistakes to be made, and it can be your job to stop them from adding further risk to the workplace.
Saffron has been freelancing for over five years, specializing in the copywriting and creative writing industry. She has studied a Bachelor of Creative Writing at Deakin University and has majored in Journalism at RMIT University. She is based in Melbourne, Australia.

source

As the number of cybersecurity attacks continues to rise, so does the demand for the talent to protect against them. In fact, there are more than 700,000 open cybersecurity positions in the U.S. alone—and the occupation is growing more than twice as fast as the overall rate across the country’s economy, data from CyberSeek shows.
These positions are tough to fill for a variety of reasons, including a lack of understanding among corporate leadership about the type of talent that’s needed to protect their assets—plus a lack of education and awareness about the threats that exist today. What’s preventing cybersecurity professionals from landing these jobs, on the other hand, is inadequate training, certifications, or skill sets. 
While cybersecurity professionals have multiple ways to enter the industry—like taking upskilling courses, doing self-study, or even taking the time to learn new skills on the job—earning a master’s degree is a charted path to take to land high starting salaries in the field. Graduates from top-ranked cybersecurity programs can expect to make six-figure starting salaries between $100,000 and $200,000.
“Security has always been well-paying and it really comes down to scarcity—both in the number of professionals and in the required skills,” Mike Hendrickson, Skillsoft’s vice president of tech and development, previously told Fortune. “With today’s limited pool of security professionals, organizations need to make their offers quite attractive, both in compensation and opportunities for professional development.”
Students from the top cybersecurity master’s program in the nation, as ranked by Fortune, often see their salaries double after graduation. The University of California—Berkeley saw students entering the program during the 2020–21 school year self-report salaries of $104,100 while their peers who were graduating during that same period reported salaries of $200,000—almost twice as much.
“Our UC Berkeley online master’s in cybersecurity allows students to not only develop technical expertise in cybersecurity, but also essential skills in communications, product development, customer success, and business,” Rebecca Andersen, UC Berkeley senior director of student and alumni career development, previously told Fortune. “This allows our students to step into leadership roles within the cybersecurity field and attain significant salary increases as they make these career shifts.”
UC Berkeley grads also go into cybersecurity leadership roles. Graduates with a master’s degree in cybersecurity earn an average salary of $214,000, not including bonuses; the median salary is $200,000, according to a UC Berkeley salary survey of alumni. Some graduates who are now executives, such as chief information security officers (CISOs), chief information officers (CIOs), and chief technology officers (CTOs), make more than $300,000.
“The CISO roles are going to be more over the $250,000, $300,000 [salary mark], closer to $400,000, depending on the company and the size of the organization,” McHale says.
At Yeshiva University (Katz), which Fortune ranks as having the No. 2 online cybersecurity master’s program, graduates make $112,000 median base salaries right after graduation, and $126,000 one year post-graduation. Yeshiva’s cybersecurity curriculum aligns with high-paying industry certifications, like Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP), which can help professionals land $150,000-plus salary packages, according to Skillsoft’s 2022 list of the top-paying IT certifications.
“There are lots of great programs around the country,” Paul Russo, dean of the Katz School of Science and Health, tells Fortune. “I just happen to think we have the right combination of tech and teaching talent to help students rise to the top in the job market.” The program also focuses on real-world threat modeling, and practice with ransomware, endpoint detection and response, Amazon Web Services, and Splunk.
Western Governors University, which Fortune ranks as having the No. 3 cybersecurity master’s program in the U.S., also reports six-figure salaries for its graduates. The master’s degree allow graduates to take on cybersecurity leadership roles with potential earning power of $135,000, Mike Morris, WGU’s College of IT associate dean and director of academic programs in cybersecurity, tells Fortune. Plus, more than 16% of tech grads from WGU report starting salaries of $150,000 and up.
“Graduates are ready to assume cybersecurity leadership positions with major companies, government agencies, consultancies, and start-ups,” he adds. “In terms of salary impact, a master’s degree has been proven to help the earning potential of cybersecurity professionals.”
Some top graduate programs don’t report six-figure salaries, but still show a jump in base salaries after earning a master’s degree. Indiana University–Bloomington, for example, reports mean base salaries for its cybersecurity grads at $77,400, which is a 44% increase over what they earned prior to enrollment. Fortune ranks Indiana as having the No. 4 cybersecurity master’s program in the U.S.
Indiana’s cybersecurity risk management program takes a more broad approach to the field, and students in this program take core courses in computing, law, and business. They also get help studying for the CISSP certification, which has the potential for higher income earnings. 
“This broad exposure and career assistance helps students chart their own unique paths in the field of cybersecurity,” Apu Kapadia, director and chair of the Cybersecurity Risk Management Program at Indiana, tells Fortune. 
Check out all of Fortune’s rankings of degree programs, and learn more about specific career paths.

source