Category: Uncategorized

Augusta University offers a new degree program focused on cybersecurity  WJBF-TV
source

Get the latest industry news first when you subscribe to our daily newsletter.
Sponsored Post
By Stephanie Baum
From left: Lynn Sessions, a partner with Baker Hostetler, was the panel moderator. She was joined by Jesse Fasolo, head of technology infrastructure and cyber security of St Joseph’s Healthcare System; Marti Arvin, chief compliance and privacy officer with Erlanger Health System; Bill O’Connell, head of product security and privacy operations at Roche Information Solutions at Roche Diagnostics O’Connell; and Sherri Douville, CEO of Medigram
The technological developments that have fueled innovation in health tech are accompanied by challenges that need to be addressed if their potential is to be fully realized. Few areas of healthcare reflect that reality more than cybersecurity and the need for health systems to provide robust training, so staff are prepared for phishing attacks, ransomware and other forms of cyber-attacks.
At the ViVE conference, powered by HLTH and CHIME, a panel discussion on the topic of healthcare and data security concerns concluded that the best way to educate and train employees on data security best practices is not through multi hours-long training courses and workshops but through frequent but bite-sized “apéritifs of information” — think 3-6 minute — training installments highlighting best practices.
Bill O’Connell, head of product security and privacy operations at Roche Information Solutions at Roche Diagnostics shared his perspective on the topic.
“I’ve run security and privacy training programs for probably 15 years. One of the things I’ve noticed is that sometimes there’s more information than people want or are ready for. You also have to figure out how to tailor the message because ultimately your goal is not just let me get the check mark that everybody sat through one hour of training —let me get them to behave differently.
“You might be better off going for some small wins. One year, we did three-minute videos, YouTube-length videos, and sprinkled them out throughout the year rather than the one-hour long training. Also, making it where there’s a baseline that you’d have to do that would offer more and make it relevant to the individual.”
O’Connell offered a couple of examples such as for staff planning travel — how can they stay safe using guest WiFi at hotels or other venues.
Marti Arvin, chief compliance and privacy officer with Erlanger Health System, agreed that her team had adopted a practice of providing what she described as “apéritifs of information” in the form of biweekly “Etips” — emails focused on a specific topic in cybersecurity and patient data management. Arvin said this approach has enjoyed a strong response from staff because it’s easier to retain this information. But heath systems still have to meet the expectations of regulators when it comes to training, which favor training sessions of longer duration.
Lynn Sessions, a partner with Baker Hostetler, was the panel moderator and was joined by Jesse Fasolo, head of technology infrastructure and cyber security of St. Joseph’s Healthcare System; Marti Arvin, chief compliance and privacy officer with Erlanger Health System; O’Connell; and Sherri Douville, CEO of Medigram.
Fierce competition for staff
Although ransomware attacks on hospitals have grabbed headlines, other industries face cybersecurity concerns as well, creating fierce competition for staff from industries prepared to pay 30% to 40% more, observed Fasolo. He said another option is for health systems to nurture a new generation of staff to meet these needs.
“There’s a training methodology that organizations need to adapt to go out and get the talent because the talent is not learning at the capacity that technology, security, regulations and privacy is growing,” Fasolo said. “It’s hard to get new skills or a person with those new skills in the door. You almost have to nurture and develop within — grow that resource, build and establish a bench — and that’s the only way I’m seeing it from my perspective in security.”
Who has the data?
Fasolo and Arvin shared insights on how challenging it can be for a health system with an extensive network of third-party vendors to keep track of and manage data. A health system shares data with hundreds of other third parties on any given day. Having a good grasp of where that data is and who is receiving the data is a daunting task for any healthcare system, Fasolo noted.
“I think if you can say that you know where 95% of your data is, from my perspective, you’re doing a really good job because it’s just so incredibly difficult to figure out …all the storage locations, all the people who store data in places they’re not supposed to,” Arvin said.
Promoted

IMO Health and MedCity News
Promoted

Travel nurses provide critical relief during staffing shortages and use of these professionals has increased in recent years. With this increase comes new and emerging risks. A review of closed malpractice claims data at Coverys reveals the top areas of vulnerability for travel nurses differs from other healthcare providers.

cybersecurity, data security, HLTH Events, Nashville, Tennessee, ViVE 2023
Promoted

The Covid-19 pandemic has transformed the way we think of diagnostics in our daily lives. In a recent webinar, BD Vice President for Diagnostics Nikos Pavlidis spoke with a clinician and an epidemiologist where they shared their perspectives on how testing developments have changed the way we track respiratory illnesses.
BD and MedCity News
GOT NEWS? SEND US A TIP
Get the latest industry news first when you subscribe to our newsletter.
Promoted

Travel nurses provide critical relief during staffing shortages and use of these professionals has increased in recent years. With this increase comes new and emerging risks. A review of closed malpractice claims data at Coverys reveals the top areas of vulnerability for travel nurses differs from other healthcare providers.

Our Sites
© 2023 Breaking Media, Inc. All rights reserved. Registration or use of this site constitutes acceptance of our Terms of Service and Privacy Policy.
Privacy Center | Do not sell my information

Friend’s Email Address
Your Name
Your Email Address
Comments
Send Email

source

12 Most Advanced Countries in Cybersecurity  Yahoo Finance
source

alvarez/iStock 
You’re on the bridge, with the ship’s course on the digital display. But why is the ship continuing to turn west?
Everything appears normal on the computer screens in the dim wheelhouse, but the land is perilously close outside. What is happening?
Down in the engine room, personnel reports through the radio that everything is okay, but they wonder why the bridge has altered direction. The engines are revving, and the ship is gaining speed. This hasn't been done by the engine room. What now?
Both in academia and the maritime industry as a whole, cybersecurity is a hot concern. Recently, a collaborative team taught a brand-new cyber security course at The Norwegian University of Science and Technology (NTNU) in Lesund. A new course titled "Maritime digital security" has just been added to NTNU in Lesund's maritime industry program.
Participants in the workshop have studied digital risks for the past two months. They have conducted a realistic practice run of a cyber attack on a ship in motion and evaluated the risk of current digital threats. The main emphasis is on resilience development and risk management of cyberattacks.
“Where information technology and people meet, there is room for digital vulnerability. Security breaches can come in through the ship’s systems and through the port system and through the people who operate or supervise them,” Marie Haugli-Sandvik and Erlend Erstad said.
Both are Ph.D. candidates at NTNU's Department of Ocean Operations and Civil Engineering. They are looking into how to make the maritime sector more resilient to cyberattacks.
The maritime digital security course, which looks to be the first in Norway, was created and is currently taught by the two Ph.D. candidates.
The course has been included as part of the doctoral theses they are about to complete.
“We developed this course in close collaboration with the industry,” Erstad said. “We have listened to what they want, looked objectively at their needs, and then tested the best solution we can come up with.”
“It’s always better to have a broad perspective and different approaches with new projects and methods. Established businesses can also benefit from a fresh look. NTNU is a good place to try out new ideas. As researchers, we can help meet the industry’s urgent needs while at the same time discussing solutions with them for the future,” Haugli-Sandvik said.

source

The United States has maintained its primary role in the global order since the end of World War II. As a result, today’s service members have never witnessed their nation at war with a peer adversary. However, today’s turbulent geopolitical environment has the potential to change the status quo. China, the United States’ principal adversary, currently enjoys two large advantages in modern naval warfare: a larger fleet and the superior means to employ cyber warfare. Therefore, U.S. command of the seas cannot be assured in a future conflict.
Despite the growing importance of cyber warfare, fleet size will still be an important factor in future conflicts. In 2020, China’s fleet of more than 350 ships officially became the world’s largest navy. This is a significant lead over the U.S. fleet of approximately 290 ships. In addition, the Chinese industrial base will continue to produce ships at a faster rate than the United States can match. According to the Office of the Secretary of Defense, the Chinese fleet may have up to 460 ships by 2030. The negative implications of such a gap in naval combatants could be tremendous, but that gap may not be the only determining factor for future naval conflicts.
Former Chief of Naval Operations (CNO) Admiral Vernon Clark challenged the idea that ship numbers would solely win battles during his congressional testimony in 2005. He stated that “the number of ships is no longer adequate to gauge the health or combat capability of the Navy. The capabilities posture of the Fleet is what is most important.” The “capabilities posture” the admiral referenced is a plan to better equip naval ships and decrease overall required ship numbers while maintaining readiness levels. By advocating for increased spending on relevant technology, Admiral Clark called to redirect efforts from inefficient ship construction toward sensor technology, cyberspace, and undersea warfare capabilities because these areas were, and still are, projected to have the most influence in future conflicts.
However, this vision for a Navy with an effective capabilities posture has not been fully realized. Ships are being retired earlier and faster than expected because of a lack of congruency with current missions. This is evident in the early decommissioning of littoral combat ships and the halted construction of Zumwalt-class destroyers. The Navy’s struggles with effective ship construction become that much more alarming when compared with the rise in capabilities of U.S. adversaries: The Navy spent billions constructing ineffective, resource-draining ships while its adversaries “designed sound, affordable ships . . . in large numbers.”
Yet, the next naval conflict will have a greater focus on cyber warfare dominance, rather than ship numbers. Given this, the U.S. Navy must reevaluate its stance in preparation for the next great power conflict.
Global maritime cyber warfare may have a profound effect on future conflict. Cyberattacks on ships can cut off logistical support and firepower capabilities for many nations. Furthermore, cyberattacks on commercial ships can be disastrous for military vessels and global commerce alike. According to the 2019 Secretary of the Navy Cybersecurity Readiness Review:
It is not beyond imagination that someday a naval combatant would fail to sail because the supply system vectored the wrong grade of lube oil for the LM2500 engines; upon reaching its rendezvous point, a tanker was not available to refuel a hungry bomber because the tanker was maliciously directed elsewhere; or all electricity and backup systems to a satellite control station failed during a complex Ballistic Missile Defense or Tomahawk missile strike.
Real examples of malicious maritime interference exist. U.S. adversaries such as China, Russia, and North Korea have tested their hostile ship-hacking methods on foreign vessels. From exploring sinking capabilities to navigation equipment disruption, U.S. adversaries are gaining experience on how to manipulate maritime activity for their benefit. To make matters worse, it seems that hacking a vessel’s navigation and steering systems are relatively easy, even to inexperienced hackers. It is possible that hacking ships—not even warships—can be a dangerous and unsuspecting way of causing damage to other vessels, slowing down international supply chains, and endangering the lives onboard and around the ship. Two cybersecurity scholars recently wrote:
The maritime cyber environment is abysmally insecure. The technical means to exploit these ships is well distributed across land-based hackers with no prior maritime systems experience. It doesn’t take much. . . . The opportunities are well-known, from the chokepoints and the ship dependence on external networks, clouds, and satellite navigation communications.
Commercial ship vulnerability to cyberattacks typically results from using outdated security measures and equipment. The permeability between onboard internet networks is also a major threat to vessels. There are often two main shipboard networks: the IP/ethernet network (used for business systems, crew mail, and web browsing) and the serial network (used for steering, propulsion, ballast, and navigation data). To gain access to a ship’s critical systems, one must only infiltrate the day-to-day internet and find the connection to the serial network before wreaking havoc. It is clear that vulnerable commercial vessels may inadvertently threaten the readiness of U.S. naval combatants. In preparation, the Navy’s cybersecurity environment must be properly attuned to face these threats.
The Navy’s current cybersecurity system leaves much to be desired, according to the 2019 Cybersecurity Readiness Report. Many systems within surface ships and critical naval infrastructure need to be upgraded or replaced with superior ones. Some of these reported missteps include: the USS Gerald R. Ford (CVN-78) being delivered with Windows XP; the LCS and DDG-1000 being developed with IT networks not brought under a secure, joint umbrella of cybersecurity protocols; and old warfare systems kept in service without updates or added cybersecurity. These examples highlight the Navy’s complacency in the cybersecurity realm. The 2019 report goes on to state that “the Navy has waived known material readiness standards mandated by the [Department of Defense Risk Management Framework] and knowingly continues to field high risk vulnerability systems.” The Navy should expect the compounding magnitude of fleet cybersecurity insufficiency to be a major weak spot in the future.
The inspection process for these deficient systems is also inadequate. Cyber components are often reviewed by undertrained personnel who lack the skills to complete the hands-on portions of a true audit. This inspection process differs from the red-teaming and audits that many other parts of the Department of the Navy use. This is concerning because the Navy may not have a valid estimate of the number of systems that truly need to be upgraded or replaced. It is crucial for the Navy to secure its information networks against adversarial cyberattacks to maintain deterrence and stability. It also goes without saying that a secure cyber defense foundation is critical for supporting offensive cyber capabilities. These offensive capabilities will be necessary to support the 2022 National Security Strategy, which declares securing cyberspace as one of this administration’s pertinent priorities.
Although the maintenance and manipulation of the cyber realm has been repeatedly highlighted as a crucial portion of warfare in the upcoming decades, the Navy’s cybersecurity practices are not up to the challenge. The Cybersecurity Readiness Review shows that the Navy does not meet the Department of Defense’s standards because of an abundance of waivers, old equipment, and personnel complacency. The people, structures, processes, and resources that support naval cybersecurity are making forces vulnerable to extreme risks.    
The lack of responsibility and accountability for cyber warfare readiness has been a significant detriment to the fleet. The Cybersecurity Readiness Review states that “the DON [Department of the Navy] cybersecurity culture can be characterized by distrust, a lack of knowledge or accountability, a willingness to accept unknown risks to mission, a lack of unity of effort, and an inability to fully leverage lessons learned at scale.” It appears that different echelons of leaders have varying commitments to cybersecurity as well. This results in cybersecurity priorities being left on the back burner or viewed as a problem for another person and another time. Calls for an improved cybersecurity culture have been made before, but the implementation proves difficult. In times such as these, it is important to remember that the Navy’s best asset is its people.
U.S. Navy research into cyber defense organizations shows that private sector personnel “aspire beyond mere compliance” and seek to “understand the operational importance of their behavior.” To improve the Navy’s cybersecurity culture, sailors must mirror the private sector’s approach. This change may be achieved by implementing procedures that highlight the importance of maintaining and expanding cyber defense capabilities. For example, cybersecurity or computer science–related training should be ingrained into the basic training environments for sailors and officers. For sailors, this can take place during boot camp or as a part of rating-specific education. Future officers commissioning via OCS or NROTC should have computer science coursework added to the list of mandated courses in calculus, physics, world cultures, and national security—to mirror changes already made at the U.S. Naval Academy. To educate those already in the fleet, sailors should receive incentives to obtain additional levels of cybersecurity training ahead of advancement and promotion boards.
The Navy’s leaders will also have a role to play in improving cybersecurity and cyber defense. Regarding command structure, cybersecurity should be managed by specially designated billets to prevent oversight and mismanagement among the differing echelons of command across the fleet. To mirror the private sector, naval cybersecurity leaders should strive to: “constantly communicate, advocate, and measure understanding of cybersecurity [,] . . . review daily system performance dashboards, [and] demand their systems and people are constantly tested.” This can be achieved with naval combatants by strictly enforcing cyber readiness requirements during predeployment workups and certifications. If a ship cannot prove that it will safely operate on deployment, it cannot leave port. The same standard should be adhered to for cybersecurity.
The Navy should prioritize cybersecurity to the same level as other warfare areas, if not higher, because cyber capabilities will be key to winning future conflicts. Securing and supporting cyber defense is necessary to ensure the Navy’s stability and effectiveness in this critical geopolitical era.
Midshipman Burrell is from Mandeville, Louisiana. She is pursuing a bachelor of science in social and economic development policy at the Illinois Institute of Technology in Chicago, Illinois. She hopes to commission into the surface warfare community after graduation.
View the discussion thread.
Sign up to get updates about new releases and event invitations.
You’ve read 1 out of 5 free articles of Proceedings this month.
Non-members can read five free Proceedings articles per month. Join now and never hit a limit.

source

When it comes to law enforcement crime investigations, there is a maxim of, “follow the money”. This broadly means that if you can follow the money trail, it will eventually lead you to the perpetrator of the crime.
In today’s modern society, money has now become a series of binary ones and zeros that are transferred between bank accounts without any real effort on either party, and cybercriminals are fully aware of how easy, and fragile, this process is.
In December 2022, the tenth edition of the ENISA Threat Landscape (ETL) report was released. It is an annual report about the status of the cybersecurity threat landscape, it identified the top threats and major trends observed with respect to threats, threat actors and attack techniques.
In the report they identified the top 5 threats as:
For most people in the cybersecurity industry, nothing in the above will come as much of a surprise. Almost daily, we hear of some organisation being hit by ransomware, where the targets systems are compromised and data is encrypted and held for ransom. The latest and most public attack is against the Royal Mail in the UK. The LockBit ransomware group was able to disrupt internal mail and parcel services for over two months over the Christmas period. At the time of this writing, systems and services were still not fully restored.
As recent as February, it was reported that LockBit had made further ransom demands of over £33Million, which Royal Mail has declined to pay. The threat by LockBit is that they will release data that they exfiltrated onto the dark web, which of course could further damage Royal Mail and its reputation. 
With eye-watering numbers that run into their millions, is it any wonder that cybercriminals are turning to Ransomware as a Service (RaaS), to make money? After all, there is no such thing as a 100% secure system, and in many organisations, it only takes one unpatched system or one untrained or distracted person to compromise the security capabilities of a business or organisation.
We must not fall into the trap of thinking that cybercrime is being carried out by a few rogue individuals. The money trail is getting longer, and really is paved with gold, and organised crime gangs are turning their attention from traditional street crime to online extortion and exploitation. 
It is for this reason that the Bank of England has provided guidance to financial institutions in the United Kingdom about cybersecurity, which includes the following aspects.
Leadership is fundamentally important to an organisation, and if those who lead the business don’t value the importance of information security and cybersecurity, then no one will.  There is a business adage that states, “culture is what we do, when no one is watching”. It is therefore something that an organisation must develop, over time, by the establishment of both risk and reward mechanisms.  This means rewarding the behaviour you wish to encourage, and taking swift action where the behaviour is undesirable.
To develop a strong cybersecurity culture, it is important to educate those who encounter data about why it is important, and what it means in their role. It’s important that people understand how they contribute to the bigger picture, and this means demonstrable and visible support from the C-Suite, or those in positions of authority. 
It is essential that everyone understands the importance of cybersecurity and are trained, not only about what to look out for, and how they may become victims.
Banks and other financial services organisations understand the importance of risk identification, management, and treatment, and in most cases will already have a robust risk management methodology. But, all too often, this focuses purely on IT security risks, and doesn’t consider threats and vulnerabilities associated with people and processes.  For this reason, organisations should broaden their approach to risk management to ensure that it encompasses people, process, AND technology. Where possible the risk management process should be backed up with tangible data related to real incidents that have occurred internally, or within the sector.
Organisations should ensure they have assessed and understand the risks to them from third-party suppliers, and ensure they have appropriate security measures in place. Like many large organisations, financial institutions often grant third-party suppliers access to their systems, yet security measures are not assessed or verified.  Understanding your third-party risks is therefore critical, as the people you trust most, like your IT, HR, or accounting provider could become your biggest vulnerability.
As you would expect, the Bank of England has offered a lot of advice and guidance related to information security and cybersecurity.  Additionally, the Financial Conduct Authority (FCA) that regulates the financial sector has also offered some great advice too. It is clearly very much in the banks interest to ensure they provide advice and guidance to us, the customer about how we protect ourselves, as much as it is to protect their own institutions too.
The Bank of England provides sound advice, and if an organisation is looking to implement these measures, they would do well to do so by following an internationally recognised method, or system, such as ISO27001:2022.
Indeed, my only frustration with the advice that both the Bank of England and the FCA provide, is that they don’t simply identify ISO27001 as the preferred standard that financial institutions implement to ensure there is an effective and measurable approach to information security and cybersecurity risk management.
ISO27001 is a risk-based approach to implementing technical and operational security measures. It’s as effective in a micro-business with few employees as it is in a multi-national business that employs thousands of people.
Simply suggesting to financial institutions that they should establish a strong cyber security culture, is like saying to a sick person that they should just get healthy. On the face of it, it’s very simple and common-sense advice, but it takes work.
That’s why we need structure. That’s why organisations need ISO27001.
Gary Hibberd is the ‘The Professor of Communicating Cyber’ at ConsultantsLikeUs and is a Cybersecurity and Data Protection specialist with 35 years in IT. He is a published author, regular blogger, and international speaker on everything from international security standards such as ISO27001 Dark Web to Cybercrime and CyberPsychology. He is passionate about providing pragmatic advice and guidance that helps people and businesses become more secure.
You can follow Gary on Twitter here: @AgenciGary
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

source

Indian Institute of Technology Jammu recently collaborated with TimesPro to launch the Post Graduate Diploma in Cyber Security. The programme will help learners to identify cyber threats, gain insights into cybersecurity and risk management, data breaches, cloud and network security, design cyber security frameworks, and gain valued insights from academicians and industry experts.
PG Diploma in Cyber Security – Course structure
Professionals participating in the programme will learn subjects such as mathematical foundations and introduction to cryptography, computer networking fundamentals, operating systems fundamentals, web application and network security, multimedia, and digital forensics, among others.  
PG Diploma in Cyber Security – Duration and mode of the course
As per the release, the course will be conducted via Interactive Learning (IL) platform and delivered in Direct-to-Device (D2D) mode, including six days of campus immersion session during the year. The duration of the course is 12 months
The programme follows a proven pedagogy of diverse learning tools and techniques, including lectures, discussions, projects, and assignments, and includes over 100 hours of self-learning.  
PG Diploma in Cyber Security – Career scope
There is a constant threat to organisations due to ransomware and cyber-attacks, and IIT Jammu’s Post Graduate Diploma in Cyber Security can address the growing demand for experts and ethical hackers to safeguard organisational interests.  
‘Reproductive tonic for women’: This Ayurvedic herb may help manage PCOS, menstrual bleeding, and also enhance ovulation

source

by Jim Masters • Mar 23, 2023
New educational initiatives led by SANS Institute and the Center for Cyber Safety Education are designed to enhance diversity in the cybersecurity profession, the organizations announced in prepared statements.
SANS Institute, a provider of cybersecurity training worldwide, has expanded its SANS HBCU+ Academy to serve additional Black American communities in the U.S. Meanwhile, The Center for Cyber Safety and Education, the charitable foundation of (ISC)², announced that it is accepting applications for the Raytheon Technologies Underrepresented Minorities in Cybersecurity Scholarship, which will provide $30,000 in cybersecurity scholarships this year.
The SANS HBCU+ Academy offers opportunities for students and individuals from Historically Black Colleges and Universities (HBCUs), Minority Serving Institutions (MSIs), Predominately Black Institutions (PBIs) and other Black American college students. The academy’s programs provide hands-on cybersecurity training and real-world experience, free of charge.
Accordingly, the SANS HBCU+ Academy is addressing the underrepresentation in cybersecurity by offering accelerated, full scholarships for cybersecurity training and GIAC certifications to launch careers in cybersecurity for individuals with no previous experience.
Through the SANS HBCU+ Academy, participants will receive in-depth training from top SANS instructors and access to cutting-edge cybersecurity tools and techniques, the organization said. The program is designed to be flexible, allowing students to complete the training around their academic schedules and gain practical experience in a real-world setting.
Commenting on the initiative, Monisha Bush, SANS Mission Programs and Partnerships coordinator and a member of the SANS DEIB Task Force, said:
“We are proud and excited to see the SANS HBCU+ Academy expand. This program represents a significant investment in the future of the cybersecurity industry and the students who participate in it. By providing free, in-depth training and real-world experience, we are preparing the next generation of cybersecurity professionals and ensuring a diverse and well-rounded workforce.”
The application window for the SANS HBCU+ Academy has been extended to April 14, 2023, and is open to juniors, seniors and graduate students enrolled at HBCUs, MSIs and PBIs, as well as alumni who wish to shift careers into cybersecurity and selected Cyber FastTrack participants.
For more information on the SANS HBCU+ Academy and to apply, please visit: sans.org/scholarship-academies/hbcu-cyber-academies/.
The Center for Cyber Safety and Education is now accepting applications for the Raytheon Technologies Underrepresented Minorities in Cybersecurity Scholarship. The scholarship aims to improve diversity, equity and inclusion in the cybersecurity industry.
Three $10,000 scholarships will be awarded to individuals from historically underrepresented groups in STEM fields. Qualifying groups include, but are not limited to, women, Black, Native American, Asian American & Pacific Islander, Hispanic, African American, LGBTQ+ and individuals with disabilities. The deadline to submit applications is May 1, 2023.
Commenting on his company’s support, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, said:
“In order to meet the rising tide of cybersecurity threats, we must attract a diverse workforce to develop the best solutions for the challenges we will face in the future. The lack of diversity in STEM career fields is well documented as is the business case for greater diversity. Welcoming in diverse talent, some of whom historically haven’t been connected to the cybersecurity industry, will lead to more creative brainstorming, problem solving and new ideas.”
Applications will be evaluated based on passion, merit and financial need. Candidates must be high school seniors, undergraduate or graduate students, and have at least a 3.3 GPA on a 4.0 scale. To complete an application or learn more about the Raytheon Technologies Underrepresented Minorities in Cybersecurity Scholarship, visit iamcybersafe.org/s/raytheon-cyber-security-scholarship.
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Notify me of followup comments via e-mail. You can also subscribe without commenting.


Δ

source

By Michael Hill
UK Editor, CSO |
Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly shifting landscape. Many security teams are understaffed, overburdened, and lack resources, which can compound stress levels, while the need to meet deadlines, remain informed of the latest security risks, and manage intricate security systems and incident reporting can contribute to burnout.
“In the context of cybersecurity, job demands can include mental and physical workload associated with managing a high volume of security incidents and keeping up with evolving threats,” Dr. John Blythe, a behavioral scientist and director of cyber workforce psychology at Immersive Labs, tells CSO. “Without job and personal resources, role demands can create stress and burnout.”
There are ways to help mitigate the stress and burnout that can have significant impact on security teams and businesses, Blythe says. Recognition of problem areas and access to training can alleviate the negative effects of job demands, improve employee well-being and job performance, and ultimately help address both issues.
When cybersecurity professionals experience stress and burnout, they may become less productive, leading to delays in projects and missed deadlines, Blythe says. They are also typically more prone to making errors and mistakes in their work, which can increase the risk of security breaches and other issues. “Stress and burnout can lead to high rates of employee turnover, too, which can be costly for businesses in terms of recruitment and training. What’s more, when one or more members of a team are experiencing stress and burnout, it can negatively impact the morale of the entire team, leading to lower job satisfaction and a less positive work environment.” If a security breach occurs due to employee burnout or stress, it can damage the reputation of the business and lead to a loss of customer trust, he says.
Training and recognition can help to prevent stress and burnout by reducing job demands and ensuring that cybersecurity professionals have the necessary skills, professional resources, and support needed to manage their workload effectively, Blythe says. “Staff need access to training that helps them keep pace with cyber threats, whilst recognition is important for boosting staff morale.”
There is no victory condition for security; cyber professionals often deal with one issue, then move right on to the next risk, the next event, the next incident — taking a toll on their mental health, says Aaron Kiemele, CISO at Jamf. “Recognizing and rewarding these efforts and achievements can help boost motivation and help staff understand they are valued and appreciated. Training will expose employees to peers who are having the same issues, under similar conditions. Security is a team sport, and security professionals need reminders that we are all in this together.”
Training and recognition can also boost employees’ personal resources (also known as psychological capital) including hope, optimism, resilience, and confidence, which can help them cope with stress and burnout.
Blythe shares four ways access to job and personal resources can help to limit/prevent stress and burnout in security teams:
While training and recognition can have notably positive impacts on reducing stress and burnout of security personnel, some will be more effective than others, meaning both need to be appropriate for the organization and its security workforce. “CISOs should collaborate with their HR team to design evidence-based interventions that are suitable for their organization, which may involve establishing a formal training and recognition program with clear objectives and metrics for measuring progress,” Blythe says.
In Kiemele’s experience, conferences can be the single most useful training and recognition resource, and he advises CISOs to encourage and support their staff to attend such events whenever possible. “The content can be timely and excellent but is often secondary to the core value of meeting and mingling with other security professionals. ‘Security is a team sport, and knowing that you are not in this alone, that there is an entire community of folks undergoing the same trials and tribulations, seeing the same issues, and working to innovate solutions, is priceless.” Every security professional needs to know they are a part of something larger, a community dedicated to supporting the greater mission of reducing risk for their organizations. “There is nothing quite like going to a security conference and realizing you have a tribe.”
Training courses or certifications can also help security personnel to build new skills and knowledge along with supporting long-term development, which can increase their confidence and reduce stress levels, says Leo Cunningham, CISO at Flo.
“Training that helps the team stay current with the latest threat actors, technologies, vulnerabilities, and best practices, making the work more efficient and effective, reducing the risk of unforced errors and expanding the team’s capabilities, is very important,” says Kiemele. “By investing in their employees’ training and development, security leaders demonstrate that they value and support their team’s professional growth and career development, which can further boost morale and motivation.”
Additionally, training that helps to develop organizational and communications skills can help workers manage their own stress and identify issues with colleagues and teams, says Nadine Michaelides, expert psychologist and CEO of Anima People. “Part of the problem is that the approach to problems that involve people both as a cause and consequence focuses too much on technology and does not address human factors appropriately. Security teams are left holding the baby with no idea how to manage such complex issues. One of the most important aspects we can have to manage stress is the confidence and vision to find a solution, but if all you hit are brick walls, then you quickly become deflated and overwhelmed.”
Security leaders should aim to build a culture of well-being by providing ongoing feedback and support to their employees as well, Blythe adds. “By leading by example and advocating well-being within their teams, security leaders can help to create a supportive culture, which can in turn reduce stress and burnout among their teams. Security leaders should build a well-being culture by focusing on psychological safety, promoting work-life balance, encouraging open communication, promoting healthy habits, and leading by example.”
Security leaders also need to ensure consistent acknowledgment of a job well done, and a simple thank you can do wonders in this regard, says Kiemele. “When their hard work and contributions are recognized and appreciated, teams are more likely to feel a sense of satisfaction in their work. This will reduce the mounting stresses and foster a supportive environment with a real sense of shared purpose, and team camaraderie, and reinforces a culture that encourages and values work well done.”
Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security.
Copyright © 2023 IDG Communications, Inc.
Copyright © 2023 IDG Communications, Inc.

source

            WASHINGTON – A Pennsylvania woman was sentenced in the District of Columbia today on felony and misdemeanor charges for her actions during the Jan. 6, 2021, Capitol breach. Her actions and the actions of others disrupted a joint session of the U.S. Congress convened to ascertain and count the electoral votes related to the presidential election.
            Riley June Williams, 23, of Harrisburg, Pennsylvania, was sentenced to 36 months in prison for interfering with law enforcement officers during a civil disorder, and resisting or impeding law enforcement officers, both felonies, as well as four related misdemeanor offenses. Williams was found guilty of the charges on November 21, 2022 after a trial in the U.S. District Court. In addition to the prison term, U.S. District Court Judge Amy B. Jackson ordered 36 months of supervised release and $2,000 restitution.
            According to the government’s evidence, on Jan. 6, 2021, Williams used an overturned bike rack barricade to climb an exterior wall and join the mob of rioters illegally on the Capitol grounds. Police use of chemical irritants to disperse the mob did not deter her. She entered the Capitol Building at approximately 2:15 p.m. through the Senate Wing Door, just two minutes after it was first breached, and urged other rioters not to leave. She remained inside for about 90 minutes, during which time she penetrated the Crypt, Rotunda, and Office of the Speaker of the House. While inside the building, Williams pushed other rioters to invade further, organized groups of them into a human battering ram to physically break through police lines, berated the police officers, directed a large group of rioters to lock arms to resist law enforcement efforts to clear them from the building, and encouraged another rioter to steal a laptop from the Speaker of the House’s office. Specifically, video captured Williams commanding another rioter to “Take that f—–g laptop” and told him “Dude, put on gloves!” so as to avoid being identified. Williams took video, audio, and photo recordings of her activities, which she proudly shared on social media, bragging about her leadership role in the riot and participation in thefts from the Office of the Speaker.
            Williams was arrested on Jan. 18, 2021, in Harrisburg, Pennsylvania. In the 12 days between the riot and her arrest, Williams repeatedly destroyed evidence and tried to evade law enforcement officials: she deleted her social media and communication accounts, instructed others to delete messages and take down videos from the internet, reset her iPhone, switched cellular phones, and used advanced software to wipe her computer.
            The case was prosecuted by the U.S. Attorney’s Office for the District of Columbia. Valuable assistance was provided by U.S. Attorney’s Office for the Middle District of Pennsylvania and the Middle District of Florida.
            The case was investigated by the FBI’s Washington Field Office and the Capital Area Resident Agency of the FBI’s Philadelphia Field Office. Valuable assistance was provided by the U.S. Capitol Police and the Metropolitan Police Department.
            In the 26 months since Jan. 6, 2021, more than 1,000 individuals have been arrested in nearly all 50 states for crimes related to the breach of the U.S. Capitol, including more than 320 individuals charged with assaulting or impeding law enforcement. The investigation remains ongoing. 
            Anyone with tips can call 1-800-CALL-FBI (800-225-5324) or visit tips.fbi.gov.

Making sure that victims of crimes are treated with compassion, fairness and respect.
 


The United States Attorney’s Office In Your Neighborhood
 


Our nation-wide commitment to reducing gun crime in America.
 

source