Tag: jobs
-
How can I extend IAM frameworks to include NHIs effectively?
Are Non-Human Identities the Missing Piece in Your IAM Framework? Your job is likely dominated by securing human identities. But, have you taken a moment to consider the significant role that Non-Human Identities (NHIs) play in your cloud security strategy? The emergence of cloud technology and the integration of machine identities in modern business operations……
-
That breach cost HOW MUCH? How CISOs can talk effectively about a cyber incident’s toll
Tags: attack, breach, business, ciso, cyber, cybersecurity, data, email, incident, incident response, insurance, jobs, network, phone, ransomware, risk, risk-managementThe importance of practice in estimating costs: Quantifying the costs of an incident in advance is an inexact art greatly aided by tabletop exercises. “The best way in my mind to flush all of this out is by going through a regular incident response tabletop exercise,” Gary Brickhouse, CISO at GuidePoint Security, tells CSO. “People…
-
US tech jobs outlook clouded by DOGE cuts, Trump tariffs
Tags: jobsHiring remains relatively strong as analysts warn of slowdown First seen on theregister.com Jump to article: www.theregister.com/2025/03/18/us_tech_jobs_outlook/
-
CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’
Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/18/cisa-scrambles-to-contact-fired-employees-after-court-rules-layoffs-unlawful/
-
Squid Werewolf Mimics Recruiters to Target Job Seekers and Steal Personal Data
In a sophisticated phishing campaign uncovered by the BI.ZONE Threat Intelligence team, the Squid Werewolf group, also known as APT37, has been impersonating recruiters to target key employees in various organizations. This espionage cluster uses fake job opportunities to lure victims into opening malicious attachments, which ultimately lead to system compromise and data theft. Phishing…
-
White House exempts cyber pros from mass layoffs; Judge reinstates CISA firings
CISA document process raises security concerns: It’s unclear why CISA posted its request for fired employees to send a password-protected attachment containing personally identifiable information to a publicly promoted email address. It’s also unclear how the password-protected document process would work. CISA did not respond to CSO’s request for clarification.Some cybersecurity professionals cast doubt on…
-
Rethinking Insider Risk in an AI-Driven Workplace
Carnegie Mellon CERT’s Dan Costa on Addressing Root Causes of Insider Risk. As layoffs and AI-driven workflows reshape workplace security, insider risk is becoming more complex. Dan Costa, technical manager for the CERT division at Carnegie Mellon University’s Software Engineering Institute, outlines proactive strategies to manage insider risk effectively. First seen on govinfosecurity.com Jump to…
-
7 misconceptions about the CISO role
Tags: api, attack, breach, business, ceo, ciso, compliance, control, corporate, cyber, cyberattack, cybersecurity, defense, exploit, finance, firewall, governance, infrastructure, insurance, jobs, network, password, phishing, resilience, risk, risk-assessment, risk-management, saas, software, startup, strategy, technology, threat, tool, training, update, vulnerabilityKatie Jenkins, EVP and CISO, Liberty Mutual Insurance Liberty Mutual InsuranceThe field is changing so rapidly, Jenkins adds, she needs to commit time to keeping up on research and connecting with other CISOs for knowledge exchange.In addition to securing infrastructure, an effective CISO focuses on securing the business, experts say. This requires understanding how security…
-
Intel’s New CEO is the Right Leader for a Tough Job: Analysts
First seen on scworld.com Jump to article: www.scworld.com/feature/intels-new-ceo-is-the-right-leader-for-a-tough-job-analysts
-
Federal agencies ordered to avoid cyber staff layoffs
First seen on scworld.com Jump to article: www.scworld.com/brief/federal-agencies-ordered-to-avoid-cyber-staff-layoffs
-
Trump Administration Orders Federal Agencies To Avoid Cyber Staff Layoffs
First seen on scworld.com Jump to article: www.scworld.com/brief/trump-administration-orders-federal-agencies-to-avoid-cyber-staff-layoffs
-
Workplace Chaos and Uncertainty Stoke Insider Risk Warnings
Expect Malicious Insiders to Pose ‘Big Challenge’ This Year for CISOs, Expert Warns. The current tumultuous environment for employees and job-seekers across business and government – with numerous layoffs, economic concerns and political chaos – is increasing the risk posed by trusted insiders, making for a big challenge for CISOs this year, says Forrester’s Allie…
-
The most notorious and damaging ransomware of all time
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
CIOs and CISOs take on NIS2: Key challenges, security opportunities
Tags: access, cio, ciso, compliance, cybersecurity, data, GDPR, group, healthcare, ISO-27001, jobs, monitoring, nis-2, office, organized, privacy, regulation, risk, skills, software, strategy, supply-chain, technology, trainingCompliance will be easier for some: There are CIOs and CISOs who have found NIS2 compliance relatively easy: those who have worked toward ISO/IEC 27001:2022 certification, whether they remained in the preparation phase or actually got certified.Those who have the certification report having found themselves with “80% of the work done”: the company is ready…
-
Hiring privacy experts is tough, here’s why
Tags: ai, business, ciso, compliance, cybersecurity, data, framework, jobs, privacy, resilience, skills, technology, trainingWhy it is difficult to hire privacy experts: Finding a highly skilled privacy professional can feel like chasing a unicorn, Kazi describes. “Yes, privacy is important, but they want somebody who’s a lawyer, an expert in technology, knowledgeable about user interface and user experience, and ideally, they know a lot about ethics and are an…
-
Trump nominates cyber vet Sean Plankey for CISA chief amid DOGE cuts and firings
Tags: cisa, cyber, cybersecurity, defense, disinformation, election, government, infrastructure, jobs, RedTeam, toolPlankey’s potential impact on CISA’s staff and spending cuts: CISA has long been a target of Republicans, primarily due to the minimal amount of now-discontinued work the agency conducted on misinformation efforts. It has also experienced heavy staff and spending cuts spurred by Elon Musk’s DOGE initiative.Over the past seven weeks, CISA has endured at…
-
CISA cybersecurity workforce faces cuts amid shifting US strategy
Tags: ai, cisa, cyber, cybersecurity, exploit, governance, government, group, incident, infrastructure, jobs, RedTeam, risk, strategy, technology, threat, vulnerabilityA shift in US cybersecurity strategy?: Analysts suggest these layoffs and funding cuts indicate a broader strategic shift in the U.S. government’s cybersecurity approach. Neil Shah, VP at Counterpoint Research, sees both risks and opportunities in the restructuring.”In the near to mid-term, this could weaken the US cybersecurity infrastructure. However, with AI proliferating, the US…
-
New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?
The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn. Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. The CVE-2023-1389 flaw is an unauthenticated command injection…
-
Pentesters: Is AI Coming for Your Role?
We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue…
-
Security operations centers are fundamental to cybersecurity, here’s how to build one
Tags: access, ai, automation, ciso, compliance, cyber, cybersecurity, data, detection, edr, endpoint, governance, group, guide, iam, identity, incident response, intelligence, jobs, network, risk, service, siem, soar, soc, threat, toolBreakdown of SOC tools and technologies: During their Shmoocon talk, Wyler and his colleague James “Pope” Pope, senior manager of governance, risk, and compliance at Corelight, offered a list of the fundamental technologies CISOs should consider when building or outsourcing a SOC.These essential tools include: EDR (endpoint detection and response) EDR is a security solution…
-
Former NSA cyber director warns drastic job cuts threaten national security
Rob Joyce told lawmakers;mass layoffs of federal workers;will hurt the ability of the U.S. to combat malicious cyber activity from China and other adversaries. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nsa-cyber-director-job-cuts-national-security/742021/
-
Women Are Breaking Into Cybersecurity, But Losing Jobs Faster Than Men
In 2024, women accounted for 22% of global security teams on average, compared to 17% in 2023, according to ISC2. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/women-in-cyber-security-2024-isc2/
-
Women in Cyber Security on the Rise, But Facing More Layoffs and Budget Cuts Than Men
In 2024, women accounted for 22% of global security teams on average, compared to 17% in 2023, according to ISC2. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/women-in-cyber-security-2024-isc2/
-
Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros
Tags: advisory, ai, awareness, banking, best-practice, business, cloud, compliance, corporate, crime, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, extortion, finance, fraud, governance, government, group, healthcare, infrastructure, iot, jobs, mail, malicious, microsoft, mitigation, monitoring, network, nis-2, privacy, qr, ransom, ransomware, regulation, resilience, risk, risk-assessment, risk-management, scam, service, strategy, technology, threat, tool, vmware, vulnerability, vulnerability-management, zero-dayCheck out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how to improve job satisfaction among tech staff. Meanwhile, find out why Congress wants federal contractors to adopt vulnerability disclosure programs. And get the latest on cyber scams; zero-day vulnerabilities; and critical infrastructure security. Dive into six things…
-
What is risk management? Quantifying and mitigating uncertainty
Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerabilityHow do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
-
Will AI Start Taking Cybersecurity Professionals’ Jobs?
No, But It Will Shift Their Focus to More Strategic and Creative Roles Artificial intelligence is reshaping cybersecurity workflows, automating tasks and enhancing efficiency. But does that mean security professionals are at risk of being replaced? Not quite. AI is redefining roles, rather than eliminating them, to focus more on strategic thinking and problem-solving. First…
-
Indictments of Chinese Cyber Spies Reveal HackerHire Operation
The U.S. DOJ indicted a dozen Chinese nationals for their role in a years-long hacker-for-hire campaign that included the Chinese government using private companies and freelance hackers to steal data from U.S. and other governments while obscuring its role in the attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/indictments-of-chinese-cyber-spies-reveal-hacker-for-hire-operation/
-
How to Install Librewolf
When configured properly, Mozilla Firefox offers great privacy and security. However, achieving a higher level of privacy and security in Mozilla Firefox requires many tweaks across all levels. Some users may not be too comfortable with this and may prefer an out-of-the-box solution that isn’t Chromium dependent. Enter Librewolf – which aims to be user…