Category: Uncategorized

The cybersecurity industry has taken a hit recently, with economic headwinds prompting layoffs and a broad investor pullback. But some firms have escaped unscathed, like cybersecurity training platform Cybrary, which today announced that it raised $25 million in a Series C funding round. CEO Kevin Hanes conveyed to TechCrunch that the round, which brings Cybrary’s total raised to $48 million, was led by BuildGroup and Gula Tech Adventure and will be put toward developing “content and capabilities” on the company’s platform.
Cybrary was launched in 2015 by co-founders Ralph Sita and Ryan Corey (Hanes joined as CEO a year ago). As Hanes tells it, their mission was to break down barriers to the cybersecurity industry by creating a way for aspiring professionals to enter the field — no matter their background or experience.
“There are an estimated 3.5 million unfilled cybersecurity roles today. Studies suggest the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets. Introducing more products and technology will not help organizations solve this fundamental issue,” Hanes told TechCrunch via email. “Investing in people is key to narrowing the cybersecurity skills gap and helping to combat increasing burnout and human error. Cybersecurity professionals at every stage of their careers need an affordable and accessible training platform to arm them with the skills and confidence to respond to threats.”
Cybrary’s e-learning portal offers access to training content, including online courses and tools, built around adversary techniques and vulnerabilities. Contained within the catalog are activities led by cybersecurity experts, covering topics like ethical hacking, digital forensics, web app security and networking and operating systems.
Hanes makes the case that Cybrary is a more affordable alternative to in-person bootcamps and other cybersecurity e-learning platforms on the market. A Pro plan, which includes certification prep, labs, and practice assessments, starts at $59. While some might argue that Cybrary isn’t as comprehensive as an intensive, weeks-long bootcamp, it’s indeed a fraction of the cost — most cybersecurity bootcamps average in the thousands of dollars.
“Decision makers should assess the most risk they can reduce with the next dollars they spend and consider the case for training their team,” Hanes said. “Worldwide, 80% of organizations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and awareness. So leaders need to invest in their people, not only to reduce organizational risk, but also to build a cybersecurity talent pipeline across their organizations.”
Eighty-employee Cybrary has reasonably strong traction in the market, with more than 3.7 million users and 742 companies enrolled in its Cybrary for Teams product. The startup also has a budding defense business, involving what Hanes vaguely described as “many” different government groups and military branches.
“Ramping up our in-house cybersecurity expertise has enabled us to create a new style of training that is focused on hands-on skills and understanding real-world threats and vulnerabilities, and how to ensure your organization is protected,” Hanes said. “While Cybrary has historically been focused on helping people enter the workforce and earn their fundamental certifications, [recent] additions to our platform allow us to support these individuals in their journey long after they land their first role.”

source

The push to fast-track veterans into the trucking industry as part of a White House plan announced in April to improve the post-COVID supply-chain logjam has proven so successful, Task Force Movement is adding another sector in need of skilled personnel: cybersecurity.
“Cybersecurity is critically important,” Task Force Movement Chairman Patrick Murphy told veterans and industry representatives gathered Wednesday for The American Legion’s National Higher Education & Credentialing Summit in Milwaukee during the organization’s 103rd National Convention. “Right now, in the federal government, we are 40,000 cyber-professionals short. That’s just in the federal government, not even the private sector … We have to get after it.”
Task Force Movement works to connect veterans and the military community with industry – specifically the trucking sector since April – to speed the process and “bridge the gap between policy and pavement” for transitioning military personnel and veterans. More than 500 veterans have been awarded free scholarships, and more than 130 employers participate in the program’s apprenticeship program.
“This is a public-private partnership,” said Murphy, an Army veteran and the first who served in Iraq to be elected to Congress. “When we launched this on the south lawn of the White House in April, we never thought we would have this much success in four months. It’s making a positive difference.”
The nation’s staff shortages in key industries like trucking and cybersecurity will take collaboration with veterans service organizations like The American Legion, industry leaders in specialized fields, credentialing agencies and government.  And while the nation’s current trouble with filling positions and keeping products moving will require emphasis from many fronts, the military-affiliated community stands to be a catalyst, Murphy suggested. “Will it be solved by veterans fully? Absolutely not. But it will be led by veterans and military families.”
Now, for the trucking industry and cybersecurity alike, the Task Force Movement program has online guidance specifically indexed according to the following categories: Industry Partners, Government Agencies, Foundations, Veterans Service Organizations and Education Partners.
To learn more, visit www.taskforcemovement.org which has recently added a platform for cybersecurity.
 

The American Legion was chartered and incorporated by Congress in 1919 as a patriotic veterans organization devoted to mutual helpfulness.

source

Job cuts hit cybersecurity industry despite surging growth from ransomware attacks  CNBC
source

Most Popular
Three law firms in Australia have teamed up to run a “landmark” case against Medibank involving last October’s data breach. Comprising Maurice Blackburn Lawyers, Bannister Law Class Actions, and Centennial Lawyers, the trio will jointly seek compensation for affected customers. 
Specifically, they will push through a complaint filed with the Office of the Australian Information Commissioner (OAIC) to secure the compensation. Maurice Blackburn last November initiated the formal representative complaint with OAIC, which has the authority to issue the directive for compensation. 
The three law firms said in a joint statement Monday that “tens of thousands” of affected customers already had registered for the class action suit. 
Medibank last October revealed a security incident that compromised the data of 9.7 million current and former customers, including 1.8 million international customers. After the health insurer refused to pay the ransom demands, hackers dumped large batches of the data on the dark web, claiming the files contained all of the data they took in the heist.
The data security incident, alongside others such as the Optus’ breach, prompted the Australian government to push for stiffer penalties. The country’s legislation eventually was revised, increasing maximum fines for serious or repeated breaches to AU$50 million or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. 
Bannister Law Class Actions’ principal Charles Bannister expressed hope the joint cooperation would lead to swift compensation payments for Medibank customers impacted in the breach. “We believe the data breach is a betrayal of Medibank’s customers and a breach of the Privacy Act,” Bannister said. “Medibank has a duty to keep this kind of information confidential.” 
Centennial Lawyers’ adjunct professor George Newhouse added that the data breach revealed the lack of safeguards that should have been in place, to prevent private and personal data from being accessed by hackers. 
Describing the law firms’ cooperation as a significant development, Maurice Blackburn’s head of class actions Andrew Watson said the agreement would ensure all three firms worked together with the common goal of obtaining compensation as quickly as possible. 
Maurice Blackburn also filed a representative complaint to the OAIC against Optus with regards to the telco’s data breach. 

source

Continuous integration and delivery platform CircleCI has confirmed that a data breach that occurred on January 04, 2023, was caused by an infostealer being deployed on an employee’s laptop.
“We have learned that an unauthorized third party leveraged malware deployed to a CircleCI engineer’s laptop in order to steal a valid, [two-factor authentication] 2FA-backed SSO [single sign-on] session. This machine was compromised on December 16, 2022,” CircleCI wrote on Friday.
According to the blog post by CircleCI chief technology officer (CTO) Rob Zuber, the malware was not detected by the CircleCI antivirus program.
“Our investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems,” Zuber explained.
The executive added that because the targeted employee had privileges to generate production access tokens, the attacker was able to potentially access and steal data from a subset of databases and stores.
“Though all the data exfiltrated was encrypted at rest, the third party extracted encryption keys from a running process, enabling them to potentially access the encrypted data,” Zuber warned.
Despite the data breach and ongoing investigation, the CTO said that customers can now return to safely build using the CircleCI platform.
“We have taken many steps since becoming aware of this attack, both to close the attack vector and add additional layers of security.”
These include adding detection and blocking through the company’s MDM and A/V solutions for the techniques used by the malware.
CircleCI said it restricted production environment access to “a very limited number” of employees. The firm also reported it had implemented additional security measures.
“For the employees who retain production access, we have added additional step-up authentication steps and controls.”
Zuber concluded that there is no way for the company to know if specific secrets were used for unauthorized access to third-party systems.
“If you stored secrets on our platform during this time period, assume they have been accessed and take the recommended mitigation steps.”
The blog post comes roughly two months after a data breach impacted Dropbox with threat actors impersonating CircleCI employees.

source

Select Page
CompTIA graphic
by Eileen Ristau Tauchman, CompTIA — October 10, 2022 .
Editor’s note: It’s Cybersecurity Awareness Month and thousands of jobs are going unfilled across the United States as cyberthreats and crimes increase. Tech group CompTIA is seeking to help match people seeking cybersecurity careers with resources to develop one.
+++
Interested in a career in cybersecurity? With more than 700,000 job postings for open cybersecurity positions in the United States, you chose a great time to join a booming industry – but where to start? To help close the cybersecurity skills gap, CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market, which helps job seekers identify what they need to transition between cybersecurity roles and advance in their careers.
By the way, more than 24,000 of those open jobs are in North Carolina.
In this blog post, we will share the top nine cybersecurity job titles requested by employers within the U.S. cybersecurity job market and the education requirements, certifications and skills needed to find a job in one of these high-demand roles.
To begin, here are the top cybersecurity job titles and their average salaries, according to CyberSeek:
* Salaries marked with (*) came from the U.S. Bureau of Labor Statistics.
^ Salaries marked with (^) came from the CompTIA IT Salary Calculator.
It’s important to note that a cybersecurity salary can vary depending on a variety of factors including the size and scope of the employer, geographic location and a candidate’s experience.


Learn more about cybersecurity from CompTIA.

In addition to these top nine jobs in cybersecurity, CyberSeek data shows that there is a plethora of entry-level job postings for these job titles:
While several of the top nine jobs in cybersecurity are mid-level and advanced-level job roles, these two cyber roles also boast a healthy number of job openings:
From network security to an incident responder or an ethical hacker, an IT security manager may be tasked with anything from installing, administering and troubleshooting security solutions to writing up security policies and training documents for colleagues. While other job roles are responsible for a specific part of the overall system, cybersecurity talent must be able to take a step back and see the big picture to keep it secure from cyberattacks and data breaches.
If you already have some technical skills under your belt, the first step is discovering how your knowledge transfers to the cybersecurity field. For example, if you understand code, you’ll be able to identify and protect against malicious code.
Of course, in technology there’s always something new to learn – and when fighting cybercrime, it’s even more true. Start by taking inventory of your transferable technical skills and make note of the skills you’d like to learn to land a job in cybersecurity. This applies to professional skills as well.
For those without a technical background, the entry to cybersecurity is a little different, but there’s still plenty of opportunity. For example, cyber policy analyst and technical writer are positions that you could obtain without the technical know-how. Think of these entry-level jobs as steppingstones to more advanced cybersecurity jobs as you gain more experience and training.
A cybersecurity career is extremely fulfilling! You get to do things like:
If you want to be a the cyber law enforcement at your organization in a field that continues to grow and offer financial stability, a cybersecurity career is calling your name.
Many cybersecurity jobs require formal training and education. CyberSeek breaks down education requirements and shows the percentage of online job listings requiring either less than a bachelor’s degree, a bachelor’s degree or a graduate degree.
For example, cybersecurity specialist is a term used to categorize entry-level cybersecurity jobs or jobs that perform cybersecurity tasks in addition to other IT tasks, such as tech support or networking. Job titles may include IT specialist information security or IT security specialist. The job postings for this role don’t require as much education as others – 19% of cybersecurity specialist postings require less than a bachelor’s degree, which is higher than more advanced job titles.
In contrast, a cybersecurity engineer is on the advanced-level career track, so if you’re interested in a career as such, you should know that 89% of job openings require higher education. In fact, 66% of cybersecurity engineer postings require a bachelor’s degree and 23% require a graduate degree.
Even more training and experience is required to become a chief information security officer (CISO). Typically, a candidate for this type of position is expected to have a bachelor’s degree in computer science or a related field and 7-12 years of work experience – including at least half of those years in a management role. A CISO is also expected to have deep technical knowledge.
You can dig deep into CyberSeek’s data for any of the top nine job titles and discover what education level is most common for your dream job.

If you’ve done any research on the topic, you know that the choices in information technology (IT) certifications are endless! We’ve combed through the recommendations for these top nine cybersecurity job titles and identified the certifications most requested.
It’s easy to assume that a top skill set recommended for any of these job titles would contain the word “security.” But what about the less obvious skills? As with IT certifications, we’ve filtered through the most popular skills on the job postings.
CyberSeek identified five feeder roles that often serve as steppingstones into an IT security  career because of the similarities in skill requirements and significant skill overlap with multiple core cybersecurity roles. Click below to learn more about what those career paths look like:
The CyberSeek interactive heat map provides a granular snapshot of the demand for cybersecurity pros with the number of job openings in a state or metro area, and the number of active cybersecurity professionals in that area, too.
1. Texas: 83,126 job openings
Top metro area: Dallas-Forth Worth
2. California: 77,141 job openings
Top metro area: San Francisco
3. Virginia: 56,416 job openings
Top Metro area: Washington, DC
The COVID-19 pandemic forced IT pros to work remotely, and it even reinforced that many thrive in this type of work environment. You can check out our full list of top 11 remote IT jobs, and one particular cyber role made this list: cybersecurity analyst. If you’re hoping to score a full-time remote security job, check postings for this role first!
Now that you know more about what education, certifications and skills are recommended for these particular security job titles, you can plan your career journey accordingly. CyberSeek data is constantly updated, so come back often to find new skills or certifications you can add to your repertoire to make yourself a more attractive job candidate. If you are currently in an entry-level role and looking to get ahead, hone in on the items needed for that dream job, and you’ll be on your way to cybersecurity expert status.
Check out the CompTIA Cybersecurity Career Pathway to see how CompTIA certifications can help you get into cybersecurity and advance your cybersecurity career.
(C) CompTIA
Latest headlines delivered to you twice daily
© 2023 WRAL TechWire.   |   Site designed and managed by WRAL Digital Solutions.   |   Privacy Policy.   |   Terms and Conditions

source

Is a Network Security Job a Good Career Move?  EC-Council
source

As the threat of cyber attacks becomes a more pressing issue, C-suite executives are forced to take a look at their bottom line and take these challenges more seriously. In fact, a focus on cybersecurity needs to start in the boardroom, Steve Morgan, founder of Cybersecurity Ventures, argues.
“Do it now to protect your organization, not after a breach or hack to protect your reputation,” he previously told Fortune.
But cybersecurity talent extends beyond the boardroom. Companies need more entry-and mid-level cybersecurity workers, who can land six-figure salaries. While more experienced professionals are likely to earn higher salaries, many cybersecurity roles pay more than other tech jobs.
An information security analyst (typically an entry-level cybersecurity role) earned a median salary of $102,600 in 2021, U.S. Department of Labor Statistics figures show. Some cybersecurity salaries jumped by more than 16% between 2020 and 2021, to well over the six-figure mark, according to a 2021 report from Dice, a tech recruiting platform.
For professionals who earned their master’s degree in cybersecurity, took some online courses, or recently underwent upskilling at their company, Fortune compiled a list of a few of the highest-paying cybersecurity-related roles. While CISOs can bring home close to million-dollar paychecks, this list will give you a good idea of the type of baseline you can have for your earnings in the cybersecurity industry.
Average salary: $133,565 according to PayScale
Salary range: $89,000 to $188,000, according to PayScale
Highest-paying cities for cybersecurity managers: Reston, Virginia ($119,215), Washington, D.C. ($117,949), and Houston, Texas ($105,366), according to Indeed
Job description: Cybersecurity managers oversee channels that flow “into and out of an organization’s information network,” according to Tulane University’s School of Professional Advancement. They also oversee security systems and teams and watch for potential network vulnerabilities that would help prevent attacks.
Education: Many cybersecurity managers have earned a bachelor’s degree in cybersecurity, computer science, computer engineering, information assurance, or another tech-related field, according to Indeed. Some of these professionals also earn additional certifications.
Average salary: $99,985 according to Glassdoor
Salary range: $64,000 to $158,000
Highest-paying cities for cybersecurity engineers: New York ($67,954), Chicago ($63,601), and Denver ($62,616), according to Indeed
Job description: A cybersecurity engineer is in charge of preventing database and network attacks, according to ZipRecruiter, which means these professionals are tasked with using hardware, firewalls, and encryption to protect data. They both build security systems and protect a company’s IT infrastructure.
Education: Earning a bachelor’s degree in cybersecurity or a related field is often needed for this job. Some cybersecurity engineers also choose to earn a master’s degree or a Ph.D. in the field if they’re interested in mid-to-upper management roles. 
Average salary: $118,734, according to ZipRecruiter
Salary range: $63,000 to $178,500
Highest-paying cities for penetration testers: San Francisco ($139,987), New York ($132,625), and Washington, D.C. ($130,772), according to Indeed
Job description: More commonly known as a “pen tester” or “ethical hacker,” penetration testers essentially simulate cyber attacks against company computer systems to look for vulnerabilities. They often try to breach large computer systems and also research and experiment with different types of attacks.
Education: Penetration testers typically at least work on developing tech skills and then go on to earn a degree in cybersecurity, information assurance, or a related field. They also often earn certifications in cybersecurity, including PenTest+. 
Average salary: $113,270, according to the U.S. Bureau of Labor Statistics
Salary range: $56,000 to $141,000, according to Glassdoor
Highest-paying cities for cybersecurity analysts: Fort Meade, Maryland ($86,780), Reston, Virginia ($82,045), and Washington, D.C. ($81,173), according to Indeed
Job description: Cybersecurity analysts work to protect company hardware, software, and networks from cyberattacks. These professionals have to understand the organization’s tech infrastructure in order to be successful at their job. They also have to anticipate when cyber attacks could occur.
Education: Cybersecurity analysts often have a bachelor’s degree and/or master’s degree in cybersecurity or a related field. They also will earn certifications, including CISSP, which is one of the most coveted credentials in cybersecurity. 
Average salary: $140,109, according to Salary.com
Salary range: $113,975 to $168,578
Highest-paying cities for information security managers: New York ($92,685), Washington, D.C. ($91,391), and San Diego ($85,742), according to Indeed
Job description: Information security managers specialize in monitoring a company’s cybersecurity infrastructure and are responsible for protecting the organization’s digital assets and data. They work to protect assets like networks, computers, and other data.
Education: Information security managers usually have earned a bachelor’s degree in cybersecurity or another IT-related degree. A master’s degree in the field can also help land this job, plus certifications including the CISSP, Systems Security Certified Practitioner (SSCP), or the Certified Cloud Security Professional (CCSP).
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs MBA programs (part-time, executive, full-time, and online).

source

Landing a job in cybersecurity can be fruitful—and rewarding. Many cybersecurity professionals bring home six-figure salaries, and leaders in the field can earn million-dollar paychecks. But there are currently hundreds of thousands of cybersecurity positions open in the U.S. 
The massive cybersecurity talent gap is largely a result of a lack of adequately or appropriately trained professionals. But companies must also better define their cybersecurity needs to secure talent, argues Jonathan Reiber, vice president of cybersecurity strategy and policy at AttackIQ. 
“There are a whole range of capabilities required in cybersecurity, from basic analyst skills to higher-level operational skills. I’m actually very confident in the country’s ability to meet those requirements over time,” he tells Fortune. “The challenge is much less to my mind about getting the right people hired—it’s more about what are the right jobs that we actually need.”
Reiber has seen the need for cybersecurity grow and evolve. During the Obama administration, he served as a speech writer and chief strategy officer for cyber policy in the Office of the Secretary of Defense. In those roles, he advised Pentagon senior leadership, other high-ranking defense officials, and President Barack Obama on all matters of national security policy. 
During that time, Reiber wrote the first and second National Cyber Defense Strategies for the United States in 2010 and 2015, working closely with the Defense Department and Intelligence Community. He also had a writing grant at the University of California—Berkeley, where he was a senior fellow at the Center for Long-Term Cybersecurity. 
Fortune sat down with Reiber to learn more about the needs cybersecurity companies have, the talent gap, and the type of education required for cybersecurity professionals today.
The following interview has been edited for brevity and clarity. 
Fortune: Tell me about the differences in cybersecurity concerns then vs now.
Reiber: The threats haven’t changed, the threat actors haven’t changed. What’s changed is the really transformative understanding of our national vulnerability in cyberspace brought about principally first by Russia’s interference in the U.S. election in 2016. That was a watershed moment for the public and the technology sector. And for the government to say, adversaries are looking for the weak underbellies—not just in our internet infrastructure—which we’d known prior to that, but that they were looking for underbellies in our society and ways to manipulate society and sow doubt and fear. And the interesting thing about what happened in 2016 was the social media companies provided this very weak underbelly because people would share unverified information. So disinformation became the hammer, but the scalpel was, in fact, still hacking. 
Since leaving government, I’ve focused on building technological capabilities and processes for organizations all over the world to improve their cybersecurity posture. At AttackIQ we do what’s called breach and attack simulation for automated security control validation. In cybersecurity we don’t focus on the adversary enough. We focus too much on things like compliance or regulatory standards that we’re trying to meet. That’s a rearranging of the deck chairs in a large way. Doesn’t actually prove to you that you’re ready. So there’s a process called penetration testing, which is kind of a strange phrase, but you’ll hire an outside firm to try and break into your defenses once or twice a year, at most.
And that’s not sufficient because if it only does it once or twice a year—people change, technologies change, things break down—you actually need to test once a week and some controls need to be tested every hour in some cases once a month. 
What is the importance of public-private partnerships in cybersecurity?
Often the government and the private sector have shared information about vulnerabilities that have been discovered. This is sort of a slower level process that existed before the real ramp in attacks, before the ramp in ransomware, before the Russian interference in the election, before there was more of a dawning awareness that cyberspace was a domain of military operations.
As the threat has gotten more serious, the government and the private sector have had to work together by combining the capabilities of the large platforms to remove actors from them, with the government’s abilities to do things like not just cyberspace op but also sanctions. 
A good case in point is when Russia invaded Ukraine, the first public-private actions that were taken were technology companies removed their services from Russia. The evolving nature of cyber of public-private partnership in cybersecurity can basically be said to deepen cooperation between companies and the government to share information, develop standards and best practices, design strategies, and then ultimately work together on combined voluntary operations to prevent hostile actors from conducting attacks in cyberspace.
What is your take on the cybersecurity talent gap? What are the most in-demand cybersecurity skills from your vantage?
The talent gap is something that I think a lot of folks when they first start working on cybersecurity like to think about and write about. There are roles that need to be filled, but we are going to be able to meet them. One of the things I’ve noticed is if you have cybersecurity capabilities, you will find a job. 
There are a whole range of capabilities required in cybersecurity, from basic analyst skills to higher-level operational skills. I’m actually very confident in the country’s ability to meet those requirements over time. The challenge is much less to my mind about getting the right people hired—it’s more about what are the right jobs that we actually need. 
If you think about risk, the most important thing to think about in cybersecurity is: What is my most valuable data? Have I protected that most valuable data? And am I prepared in the event that something goes wrong? Companies haven’t taken that approach to cybersecurity, and I think once they do, the question around the talent gap will begin to go away because we’ll be realigning the resources that we do have to focus on the most important problems. And that will lead to a reduction in risk.
How can companies evaluate the cybersecurity needs they have?
You should start by questioning what your most important mission is. If I’m a law firm, my most important mission is to be able to protect my client’s data. If I’m a retailer, my most important mission is to be able to protect my client’s credit card information. It’s often around protecting the data of the people that matter most. If you’re a logistics organization, it will be protecting the proprietary nature of the data around the logistics that I have. So you can then say, where is that information being stored? How is it being transmitted and what are the security controls that I have around it?
You have to make sure that that data has the appropriate levels of security around it. Ultimately, you need to make sure that that security works. 
What type of education should people entering the industry have?
I actually think the most important thing for people entering the cybersecurity workforce is to have a business education. If you want to rise up in cybersecurity, you’re not going to do it in the way that you want if you just have a technical education. It’s far more important to understand the needs of the business. 
Getting an MBA is actually a very good strategy for becoming a leader in cybersecurity. If you want to become a chief information security officer, you need to understand what the interests of divisions within your company are. If I work for a meat packaging company, I want to know about logistics. I want to know about plastic. I want to know about delivery. And those things are the components that drive the information technology needs of the business.
If you understand that, then you can begin to empathize with the people in the business so that when you’re providing services—which is what you’re doing as a security professional—you’re doing so within the construct of success of the overall organization and the shareholders and everybody involved.
Too often, I think people in cybersecurity will fetishize the technology and not focus enough on the human skills required for success within an organization. The actual hard work of being in an organization is much more of the soft skills, I think. I would urge people who are learning in cybersecurity not to leave out that aspect of the work if they try and gain a full perspective on how to lead and be effective.
What about cybersecurity continuing education?
Our academy is free and you can enroll right now in specific areas of breach and attack simulation, threat-informed defense, other capabilities like that. There’s a lot of good free education out there. I really think getting out of just the cyber universe is incredibly important and having good writing skills. Ultimately I do think getting a master’s degree in something that’s not just about technology will be helpful.
What are important soft skills to have for cybersecurity?
The ability to empathize with people and to understand how to build teams. Oftentimes if you’re trying to affect change with a new technology or a new process or build a new team in a company—and that’s a lot of what cybersecurity involves—you need to be able to build alliances and you need to be able to lead. If you’re just focused on being an operator, which is fine, you want to be an operator like an analyst, SOC [security operations center] operator, then you want to learn how to lead other SOC operators and other analysts. That requires leadership skills.
If you want to be a leader of the business, however, you need to expand your mentality far beyond security operations and include strategy and resources and budget and management and public affairs and all those different things. And that’s being a business leader. It depends on what somebody wants to do with themselves and their ambitions. I think no matter what, an ability to build alliances, an ability to build teams to empathize with people is all really important.
What advice do you have for anyone entering the industry?
You need to think about the field that you’re entering into less like an IT job and more like a national security job. And that can be very appealing, actually. It’s a blending of civilian life and technology and international politics because the government has a role to play in cybersecurity companies have a role to play, as do regulators at the state level.
In order to succeed, teams have to achieve what I say is combat readiness. They have to be ready to defend themselves right now against the adversary and to achieve that kind of readiness requires thinking about the adversary, focusing on the adversary and preparing for the threats that are going to come.
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs MBA programs (part-time, executive, full-time, and online).

source

An official website of the United States government

On September 16, 2022, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country.
Funding from the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP) helps eligible entities address cybersecurity risks and threats to information systems owned or operated by—or on behalf of—state, local and territorial (SLLT) governments.  Through two distinct Notice of Funding Opportunities (NOFO), SLCGP and TCGP combined will distribute $1 billion over four years to support projects throughout the performance period of up to four years. This year, the TCGP will be released after SLCGP.
Through the Infrastructure Investment and Jobs Act (IIJA) of 2021, Congress established the State and Local Cybersecurity Improvement Act, which established the State and Local Cybersecurity Grant Program, appropriating $1 billion to be awarded over four years.
These entities face unique challenges in defending against cyber threats such as ransomware, as they lack the resources to defend against constantly changing threats. The Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA), is taking steps to help stakeholders across the country understand the severity of their unique local cyber threats and cultivate partnerships to reduce related risks across the SLT enterprise.
Read below or print the SLCGP Fact Sheet and Frequently Asked Questions.
DHS will implement the SLCGP Grant Program through CISA and the Federal Emergency Management Agency (FEMA). While CISA will serve as the subject-matter expert in cybersecurity related issues, FEMA will provide grant administration and oversight for appropriated funds, including award and allocation of funds to eligible entities, financial management and oversight of funds execution.
The program is designed to put the funding where it is needed most: into the hands of local entities. States and territories will use their State Administrative Agencies (SAAs) to receive the funds from the Federal Government and then distribute the funding to local governments in accordance with state law/procedure.  This is the same way in which funding is distributed to local governments in the Homeland Security Grant Program.
Eligible entities can form their cybersecurity planning and can create Cybersecurity Plans (in accordance with the minimum requirements as stated in the State and Local Cybersecurity Improvement Act), which are a requirement for receiving grant funds. The state-level Cybersecurity Planning Committee leverages previously established advisory bodies that the states may have formed. The membership of the Cybersecurity Planning Committee will be up to each individual state, given they meet the requirements of the legislation and NOFO. States are encouraged to expand their cybersecurity planning committees to include additional expertise based on individual state needs. DHS provides a list of these suggested additional personnel in the NOFO. However, states are not limited to the added personnel on this list.
The Cybersecurity Planning Committee will identify and prioritize state-wide efforts, to include identifying opportunities to consolidate projects to increase efficiencies. Each eligible entity is required to submit confirmation that the committee is comprised of the required representatives. The eligible entity must also confirm that at least one-half of the representatives of the committee have professional experience relating to cybersecurity or information technology. For more information on the composition of the Cybersecurity Planning Committee, including how to leverage existing planning committees, please refer to Appendix B of the Notice of Funding Opportunity.
Cybersecurity Planning Committee membership shall include at least one representative from relevant stakeholders, including:
Not less than half of the representatives of the Cybersecurity Planning Committee must have professional experience relating to cybersecurity or information technology. Qualifications are determined by the states.
Eligible entities are given the flexibility to identify the specific public health and public education agencies and communities the Planning Committee members represent.
The Cybersecurity Plan is a statewide planning document that must be approved by the Cybersecurity Planning Committee and the CIO/CISO equivalent. The Plan will be subsequently updated in FY24 and 25. It must contain the following components:
SLCGP Email: SLCGPinfo@cisa.dhs.gov
TCGP Email: TCGPinfo@cisa.dhs.gov
Social Media Handle(s):  Visit CISA on Twitter, Facebook, LinkedIn, Instagram
(Please note other links will be added as they become available)
The following list of CISA resources are recommended products, services, and tools at no cost to the state, local, tribal, and territorial governments, as well as public and private sector critical infrastructure organizations.
State and Local Cybersecurity Grant Program Fact Sheet
State and Local Cybersecurity Grant Program Frequently Asked Questions
Cyber Resource Hub
Ransomware Guide (Sept. 2020)
Cyber Resilience Review
Free Cybersecurity Services and Tools
Cybersecurity Plan Template (click “Related Documents” tab to download)
To report an incident, visit www.cisa.gov/report
Key Links:
FEMA has assigned state-specific Preparedness Officers for the SLCGP. If you do not know your Preparedness Officer, please contact the Centralized Scheduling and Information Desk (CSID) by phone at (800) 368-6498 or by email at askcsid@fema.dhs.gov, Monday through Friday, 9 a.m. – 5 p.m. ET.
CSID is a non-emergency comprehensive management and information resource developed by FEMA for grant stakeholders. CSID provides general information on all FEMA grant programs and maintains a comprehensive database containing key personnel contact information at the federal, state and local levels. When necessary, recipients will be directed to a federal point of contact who can answer specific programmatic questions or concerns. CSID can be reached by phone at (800) 368-6498 or by e-mail at askcsid@fema.dhs.gov, Monday through Friday, 9 a.m. – 5 p.m. ET.
 
Was this webpage helpful?  Yes  |  Somewhat  |  No
Need CISA’s help but don’t know where to start? Contact the CISA Service desk.

source