Category: Uncategorized

The White House
1600 Pennsylvania Ave NW
Washington, DC 20500
Cybersecurity becomes more essential to our economy and our critical infrastructure – like financial institutions, personal data, and even our elections – everyday. As the demand for cybersecurity workers grows to meet these threats, the President is committed to seeing a more inclusive, robust, and skilled workforce to protect our personal and national interests.
On July 19^th at the National Cyber Workforce and Education Summit, the Administration gathered Cabinet Secretaries and major companies to discuss ways to improve pathways into this critical sector, and announced the start of its  Cybersecurity Apprenticeship Sprint. Today marks the finish line of the Sprint, an initiative run by the U.S. Department of Labor in coordination with the White House Office of the National Cyber Director, Departments of Commerce, Homeland Security, Defense, and other federal agencies. An event held today at the White House as part of National Apprenticeship Week and the celebration of the 85th Anniversary of the National Apprenticeship Act, public and private sector leaders will showcase the accomplishments of DOL’s 120-Day Cybersecurity Apprenticeship Sprint, and discuss lessons learned, best practices, and paths forward. The event will include 1) remarks from senior White House and agency officials on the importance of Registered Apprenticeship in building a skilled and diverse cybersecurity workforce and the accomplishments of the Sprint; 2) a moderated panel discussion highlighting progress and advantages of building cybersecurity talent using Registered Apprenticeship programs; 3) apprentice spotlight; and 4) signing ceremony of representatives from new programs involving several employers and education organizations.
This effort has once again demonstrated overwhelming potential and success in promoting Registered Apprenticeships.  The Sprint was rooted in the Biden-Harris Administration’s commitment to expand Registered Apprenticeships, a proven earn-while-you-learn model that aims to build a pipeline of skilled workers with a focus on underserved communities. According to CyberSeek.org, the cybersecurity market grew at 2.4 times the rates of the rest of the job market in the last year. This leaves nearly 770,000 open cybersecurity positions at all career levels. The nation’s economic and national security is dependent on solving this workforce challenge and employers are turning to Registered Apprenticeships to meet this critical workforce needs.
Major Achievements of Biden Effort to Expand and Improve Cybersecurity Jobs:
The largest cybersecurity Registered Apprenticeship program is sponsored by the U.S. Department of Defense (DoD)’s United Services Military Apprenticeship Program (USMAP). Under the umbrella of DoD’s USMAP, DoD and DOL partnered to establish the first Federal Cybersecurity Apprenticeship Program in January 2022.  Since inception, DOD identified and developed standards for 15 critical cybersecurity occupations to not only address military needs, but potentially serve as a model for other Federal agencies as well.  All 15 have been finalized and approved, 10 of which were approved during the Sprint. DOL and DOD are working to finalize the remaining occupational standards over the next several weeks.
Furthermore, the DOD issued a memo – jointly signed by the Chief Information Officer and the Under Secretary of Defense for Acquisition & Sustainment – aimed at expanding the cybersecurity workforce by encouraging the use of Registered Apprenticeship programs. These efforts will help DOD and the Defense Industrial Base continue to identify, recruit, develop, and retain the cybersecurity workforce in order to support the Nation’s efforts to defend against current and future cyber threats and attacks.
New Program Highlights

As a direct result of the Sprint, the following employers, Federal Agencies, and other organizations have accomplished the following to meet their critical cybersecurity workforce needs, many in partnership with DOL industry intermediaries AIR, Apprenti, and Safal Partners:
###
We’ll be in touch with the latest information on how President Biden and his administration are working for the American people, as well as ways you can get involved and help our country build back better.
Opt in to send and receive text messages from President Biden.
The White House
1600 Pennsylvania Ave NW
Washington, DC 20500

source

Cybersecurity jobs: Five ways to help you build your career  ZDNet
source

Image via Freepik
A solid security awareness training program will drive cybersecurity awareness and instill the importance of protecting an organization and proper cyber hygiene. If implemented correctly, these programs can be crucial in preventing human error and insider threats, as well as help employees understand the role they play in combatting cyberattacks. 

In fact, Mimecast research indicates that more than 90% of security breaches involve some degree of human error. A number of studies have found that employees who receive consistent cybersecurity awareness training are five times more likely to spot and avoid clicking on malicious links. 

Below, cybersecurity leaders discuss the benefits of implementing a security awareness program that drives change and builds a security-minded culture. 

“Cybersecurity training that fits today’s mode of consumption is more engaging. At the present time, that mode is short video clips that draw you into a story that teaches you valuable security principles along the way. In addition, security training needs to be appropriate to the skill level of the individual to whom the training is being delivered. Most security awareness training assumes that everyone is operating at the same skill level. This wouldn’t be acceptable for most other disciplines; however, this seems to be the norm for security training.”

“Cybersecurity training is an important component of good cyber resiliency. While sophisticated phishing, coming from a trusted service, is very hard for humans to identify, training that serves to enhance users’ analytical skills is critical for phishing that makes it through security defenses. A good training program, combined with AI-powered behavioral learning technology, is the right combination needed to stop phishing from impacting your organization.”

 
“For businesses, investing in online cybersecurity training can help to ensure that their employees are up-to-date on the latest threats and trends. This can help to reduce the risk of a data breach or other cyberattacks. For individual IT professionals, online security training can help them to stay ahead of the curve and keep their skills sharp without the need to travel. Many online training centers also offer certification programs that can help IT professionals to stand out from the crowd.
 
 One emerging trend I’ve seen is the use of gamification in security training. Games can be a fun and engaging way to learn about complex topics like cybersecurity. By incorporating game mechanics into security training, learners can develop the skills they need to succeed in the industry.”

“Security awareness training is a great starting point; however, organizations should build upon it, especially for situations that are unique to them. For example, organizations with IoT devices will need to pay special attention to keeping them on separate networks and keeping their firmware up-to-date with the latest security fixes. In addition to training, organizations of all sizes should have a process to test or audit employees to make sure the security training can be carried through in the actions employees take.”

“Taking a risk-based approach to cybersecurity is the best way to sustainably improve your posture against attacks. More than 82% of data breaches contain the human element, mostly email, and yet security awareness and phishing training programs are outdated, compliance-based, and typically constitute only three percent of awareness budgets. Because most attacks start with people, security and risk management strategy must as well.  Install the training, processes, and technologies necessary for catching the sophisticated attacks that technical perimeters will always miss, no matter how much money is poured into them. 
Automation, adaptive learning, and artificial intelligence/machine learning can help deliver personalized training at scale. Why is that important? Because people need to participate frequently with relevant training that stays at the edge of their skill level in order to improve and stay engaged. A long, dry video followed by a punishment-based phishing simulation has been proven not to work. Fixating on failure leads to failure. Rewarding people as they acquire skills in a dynamic learning environment confers measurable improvement. This approach broadly describes gamification, whose demonstrated success is grounded in established principles of behavioral science and business and will be key to protecting organizations of all sizes in the year ahead.”   

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

It’s not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information.
The hard news: they’re often successful, have a long-lasting negative impact on your organization and employees, including:
The harder news: These often could have been easily avoided.
Phishing, educating your employees, and creating a cyber awareness culture? These are topics we’re sensitive to and well-versed in. So, how can you effectively protect your organization against phishing attempts? These best practices will help transform your employees’ behavior and build organizational resilience to phishing attacks.
According to the 2022 Tessian Security Cultures Report, “security leaders underestimate just how much they should be a part of the employee experience” across onboarding, role changes, offboarding, relocations, and day-to-day activities.
But we’ve repeatedly seen that ad hoc, scattershot employee training attempts don’t work. If you want sufficient internal defenses against sophisticated phishing threats, you should train 100% of your employees monthly.
Granted, it isn’t easy if your team is growing rapidly or spread across different locations and time zones. Yet doing anything less than 100% employee training leaves you with too many security holes and opportunities for hackers to break in. Unfortunately, it also means you have no way of knowing your employees’ level of threat awareness or whether they know how to react to threats. You might be missing your weakest link or getting into a scenario that could have been easily avoided.
Ever been told there’ll be a fire evacuation drill? Likely, you weren’t caught off guard when the practice started and could have paid more attention. That’s the thing about drills; they’re in place to prepare us for present and future threats.
Cybersecurity training is no different. While it can quickly become ticking a compliance box to satisfy minimum requirements. To prevent it, you need to catch your staff off guard. Knowing that a threat could present itself at any time keeps employees vigilant and accountable between more extensive training campaigns.
It would be best if you kept giving your employees these unexpected opportunities to learn on an ongoing basis. They will likely make easily avoidable mistakes if they only receive occasional simulations. You might miss new employees without sufficient cybersecurity training, or it might take time for them to revisit and build on this training.
The solution: Conducting consistent cybersecurity training is the best way to keep it top of mind for everyone—train for yesterday, today, and tomorrow.
You might use cybersecurity understanding or departments as categories. Start by segmenting your workforce into groups. Then, develop adaptive training based on each group’s needs – and even based on individual behavior. That’s critical to adequately address the challenges of given scenarios of future attack campaigns.
These can include data or password requests, messages from legitimate sources, or realistic content tailored to an organization’s specific role or department.
You strengthen employees’ defenses by adapting your content to individual responses and specific attack vectors. Doing so turns the human element from a security gap to a security advantage.
English might be your corporate language, but it might not be every employee’s mother tongue, and cultural contexts might be perceived differently in some branches.
Using employees’ mother tongue within a location’s cultural context will dramatically enhance their learning retention. By citing local references (such as national holidays, significant news sources, popular social media platforms, and more), you make your simulations more believable and relatable. Your employees will likely pay better attention during training and will be less susceptible to attacks.
Lastly, there could be different implications regarding email compliance standards in different places. Ensure your team is aware of that and incorporate the necessary precautions in these locations’ training.
In our experience, one in every five employees is a “serial clicker.” Serial clickers click, open, and download attachments that often place them and your organization in danger. They might be a new or existing employee. We’ve seen it all, from entry-level positions to company stakeholders.
They’re not trained or equipt to reliably identify phishing attacks, nor understand how dangerous and their destructive impact. So they keep clicking links in emails that they shouldn’t have opened.
The good news: We believe serial clickers can be cured because we’ve seen it repeatedly happen with employee training and education.
We know that serial clickers are just some of the ones to worry about. Employees respond differently to a variety of attack vectors. It’s recommended to use data science to understand how employee groups within your organization – from new hires, executive leadership, and veteran employees – respond to potential threats.
Once you analyze the data to understand these groups’ behavior, you can develop programs that shift them toward a more discerning approach to email management based on their specific needs and their current place in their cybersecurity awareness journey.
These programs must include expert knowledge, adjusted frequency, timely reminders, custom simulations, and training content designed for highly susceptible groups while respecting employees’ privacy.
Regardless of the size of your organization, the complexity required to run a training program like the one described above can be challenging. Whether you’re looking at it from the perspective of time, resources, or economics, it’s almost impossible without a truly automated solution that has expert knowledge baked into the software.
CybeReady provides a fully-automated platform powered by machine learning technology. It mitigates the risks of human error through an educational approach that continuously provides frequent, adaptive, engaging training. Get in touch today to foster a culture that cares, retains information to keep your organization safe, and feels accountable. Make your organization cyber-ready. Learn how you can upgrade your security awareness program with a short, perosanilized demo.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

William Sparks always wanted to be a hacker.
Born in the ’90s, Sparks grew up enthralled with the hacker culture celebrated in films like, well, Hackers, as well as John Connor in T2: Judgement Day. “It was just the coolest thing to me when I was seven,” Sparks says.
From an early age, he was all in.
“It became a hobby. I was nine, or 10 years old asking, ‘What’s a firewall? How do I make my firewall do this or that so I can play my video games because they’re not working.'” he says.
These days, Sparks, 29, is a cybersecurity engineer for a health care insurance company just outside of Boston where he makes north of $130,000 a year as part of a team working to protect and prevent the company (and by extension, its customers) from hackers and employee misuse. It’s a dream job for Sparks in many ways, and he knows he’s lucky.
Whereas so many Americans are stuck in jobs they don’t like, he’s been able to actually accomplish the age-old guidance counselor advice: Do something you love. Of course the rest of that adage is: “and you’ll never work a day in your life,” and well, Sparks isn’t sure he agrees with that. Work will always be work, after all. But yeah, enjoying that work certainly helps, he says.
While Sparks found his passion for hacking at a young age, he didn’t take a straight career path to get his current role. There was no one offering him advice on how to turn his childhood hacking hobby into a career, he didn’t have anyone encouraging him. While he was inspired by the teens in Hackers, they were considered criminals, and sure, John Connor was trying to help save the world, but that’s science fiction.
Sparks grew up in a small town in southwestern Georgia where he says he was the only person in his graduating class who was even into computers. Usually high school guidance counselors will offer some direction to students trying to figure out what to become when they grow up. In that arena, Sparks was unlucky.
“They didn’t know what the hell I was talking about… I didn’t really have anyone to talk to,” he says. “I probably could have gotten to where I am three or four years sooner had I had the guidance. I think a lot of people struggle with that. They see something that interests them, but they don’t know how to get there.”
After high school, he attended a nearby community college where he was one of six students in the computer science course. After graduating with an associate’s degree, he landed a job at a small consulting business doing “generic IT work.” He got to work with computers, but it wasn’t his dream; it certainly wasn’t Hackers. He became a developer for a spell, thinking “well hacking is just code”—that also wasn’t it.
He bounced around various computer-related jobs for about three years until he discovered the cybersecurity industry; a sort of “you clean up nicely” version of his lifelong hacking passion. A job at Flower’s Foods, the manufacturers of Nature’s Own and Wonder bread, introduced him to people who were in the cybersecurity world. He learned what certifications to get, what skills to develop, and which jobs to apply for.
“When I first started in IT, I thought, I shouldn’t hate this [job] because I enjoy doing this stuff, and if it wasn’t work I would still probably be doing it. But I really didn’t enjoy it,” Sparks says. “Once I landed that first cybersecurity role, which was very entry level and still kind of monotonous, it was like, ‘Oh man, I’m here. I see it.'”
The work his coworkers were doing was more interesting to Sparks than his own, but he saw the potential, he says. And then he thought: “What’s stopping me from doing what they’re doing?”
“I would pull one of them aside and be like, ‘Hey man, how did you get there?'” Sparks says. “I saw people doing the stuff that I wanted to do—not because it pays well, and not because of the title, but because it just sounds like fun. This guy is trying to break into a server that someone just built. That sounds cool as hell. I just want to watch him do that all day. I want to do that all day.”
The global cybersecurity industry had a market size of roughly $86.4 billion when Sparks entered the world, now he’s in one of the fastest growing markets, expected to to surpass $400 billion market size by 2027.
As a cybersecurity professional, he’s on the defensive side in the world he fell in love with as a 10-year-old obsessed with John Connor and Dade Murphy. But every now and then he gets to do some pentesting as part of the job, essentially professional hacking.
“It’s done to find holes and fix them. Imagine paying a guy to break into your house and he’s like, ‘OK, I got in through this window by doing this this and this, and we should fix it by doing this and this,” Sparks says.
His goal, if he had to think about moving on someday, would be to do pentesting full time. He has no desire to really move up because management is hands off. He’s exactly where he wants to be. And even still, a lot of the time it’s just work.
“I genuinely enjoy going to my job. I don’t stare at the clock waiting for the minutes to pass, and I’ve worked at jobs where you’re just miserable and you think ‘Today’s the day when I quit.’ I don’t feel that,” Sparks says. “But at the same time, I would say I enjoy maybe 30% to 40% of what I do. The other 60% is going to meetings and I’ve got to do reports… When you do something you love that doesn’t make it not work. It’s still work. But it makes it a lot easier day-to-day.”
Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.
© 2023 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information | Ad Choices 
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions.

source

Kids in grades K-12 will soon have a no-cost virtual environment in which to beef up their cybersecurity skills, thanks to the expansion of the Cybersecurity and Infrastructure Security Agency’s Cyber.org Range.
The program, developed in conjunction with the Cyber Innovation Center (CIC), is a classroom-based effort that’s meant to act as a workforce development engine, providing high school students especially the opportunity to experience and defend against realistic cyberattacks in a virtual, safe environment. They can learn about the other side too, performing pen testing and red teaming activities.
The teacher-led “Cybersecurity Course” curriculum includes access to a range of free resources and online labs that are designed to prepare students for the CompTIA Security+ Exam. Security+ incorporates best practices in hands-on troubleshooting and practical security problem-solving skills, offering a springboard into medium-level cybersecurity jobs.
Such initiatives will be critical as organizations strive to fill hundreds of thousands of open cybersecurity positions, according to CISA director Jen Easterly.
“We all need to come together to invest and make sure that we are building that diverse and capable cybersecurity pipeline to defend our nation. There’s a lot more work to do to reach those 52 million students, those 3 million educators all across our country, but I think we’re starting today,” she said during a launch event on Monday.
The Cyber.org Range is going to be available nationwide starting next year after its pilot phase through the end of 2022. Initially funded by the State of Louisiana, the nationwide expansion is due to a CISA grant.
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.

source

How To Get A Job In Cybersecurity: Cybersecurity Job Requirements  Forbes
source

source

Filed under:
Hack compromised the personal information of 69 million players
If you buy something from a Polygon link, Vox Media may earn a commission. See our ethics statement.
A former Neopets user is suing Neopets owner JumpStart Games over a data breach last year that compromised information for 69 million Neopets accounts. It’s a proposed class-action lawsuit filed earlier in January in federal court for California’s Central District.
News of the breach spread in July 2022 after the alleged hacker posted on a forum that they were looking to sell the Neopets database and source code, as well as live access to the game’s backend system. The hacked information included names, email addresses, passwords, and other personal information of Neopets account holders. Financial data, such as their credit card numbers, were not impacted. In August 2022, Neopets CEO Jim Czulewicz provided an update about what happened, confirming that the hacker had access to the system for an extended period.
Related
The hacker was looking to sell the data for 4 bitcoin, or around $100,000 at the time.
Lawyers for the plaintiff, Biankha Negrin, say she was not aware of the data breach until late August — nor was she even aware that Neopets, which was popular decades ago, still had her information. Indeed, plenty of former Neopets players were in this position, as the site has a fraction the users it had at the height of its popularity. Polygon has reached out to Neopets owner JumpStart for comment.
Neopets is the virtual, create-a-pet website that was immensely popular in the early 2000s. JumpStart Games acquired the site in 2014; JumpStart Games is now owned by NetDragon.
Former Neopets players, of which there were plenty, remember the site fondly, but current players have a complicated relationship with the site. Players have been frustrated with leadership decisions for years as the site decayed.
The biggest hit came when Adobe ended support for Flash in 2020, which Neopets heavily relied on; that knocked lots of features offline and stayed broken for a long time, and a number of features still do not work properly. The site has since transitioned to HTML-5, and is definitely better than before, but security is still a major flaw, as evidenced by the data breach.
To mitigate the damage of the hack, Neopets forced all players to change their passwords, which inadvertently locked a large swath of players out of their accounts for good. The company is also working to implement two-factor authentication, and it’s also encouraging players to change their passwords and monitor sensitive accounts.
Negrin’s lawyers argue that the company was negligent with its approach to security, despite “repeated warnings and alerts.” They say there is “no limit” to the damage that can be done when sensitive data is accessed. Though Neopets itself is a small site, it’s owned by NetDragon — “a sophisticated organized with the resources to deploy robust cybersecurity protocols.” NetDragon reported more than $147 million in profits from the games division alone, as of August 2022’s yearly financial results.
Negrin is looking for the court to deem the lawsuit a class action to include others impacted by the data breach. Damages would be determined at a later time. Negrin is also looking for the court to order JumpStart, via Neopets, to make substantial security changes to protect user information.
Neopets lawsuit via Polygon by Polygondotcom on Scribd
A weekly roundup of the best things from Polygon
Please check your email to find a confirmation email, and follow the steps to confirm your humanity.
Oops. Something went wrong. Please enter a valid email and try again.
Please check your email to find a confirmation email, and follow the steps to confirm your humanity.
Oops. Something went wrong. Please enter a valid email and try again.

source

TL;DR: As of Oct. 25, you can get the CompTIA Cyber Security and PenTest Super Bundle(Opens in a new tab) for just $49 instead of $1,770 — that’s a 97% discount.
One of the best things about the ever-evolving technology field is that you don’t have to head back to school to learn skills that can help you change careers or advance in your field. Take cybersecurity, for instance. You don’t have to spend thousands of dollars and attend classes for years to carve out a career in this in-demand field. You can actually learn the skills you need to pass the CompTIA exams(Opens in a new tab) right from the comfort of your home.
The Complete 2022 CompTIA Cyber Security and PenTest Super Bundle gives you the tools you need to help pass the tough CompTIA exams and achieve certification that can impress prospective employers. And for a limited time, you can snag these must-have prep tools for just $49, less than $9 course. 
Packed with six informative courses, the Complete 2022 CompTIA Cyber Security and PenTest Super Bundle offers instruction from iCollege, one of the most trusted marketplaces in E-learning. Silicon Valley and Fortune 500 companies have relied on their education tools and training, making them a great pick to help reach your personal and professional goals. 
There are over 168 hours of instruction packed into this bundle. Start things off with CompTIA Security+ (SY0-601), which schools you foundational IT security concepts(Opens in a new tab). You’ll be introduced to applicable laws and policies, while learning how to respond to security incidents and perceived threats as you go. 
Continue on with your cybersecurity education with the rest of the courses in the bundle, learning skills like penetration testing and how to do vulnerability scans. The information you retain will not only help you in your prospective new career path, but could also help protect you at home. 
Learn the ins and outs of cybersecurity and prepare for the CompTIA exams with the CompTIA Cyber Security and PenTest Super Bundle(Opens in a new tab), now available for just $49 for a limited time, at 97% off the usual price.
Prices subject to change.
More in Cybersecurity

source