Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them; you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. The video features Jonathan Gonzalez, Principal Technology Security, AT&T, John Hogoboom, Lead Technology Security and Tony Tortorici, Principal Technology Security, AT&T.
Jonathan: There's no such thing as an entry-level job in cybersecurity.
Tony: Jonathan, you had a story about entry-level jobs and what skills you need for day one. Do you want to go into it?
This ties to the “skill gap” notion in cybersecurity.
Miessler has other articles about the skill gap. In this article particularly, it seems he's indicating there is really no entry-level position in cybersecurity, because cybersecurity is not a single field.
Jonathan: There is this cybersecurity domain mapping that I found very interesting that breaks down every possible job that you could end up in cybersecurity and it's overwhelming. Right? So someone in this entry-level world says, "I want to do cybersecurity." The first thing they need to figure out is what area of cybersecurity?
John: This is interesting. I'm not even on this list. I don't see any incident response.
Jonathan: There is, on the bottom left, security operations and incident response, investigations...
John: Oh there it is, okay. Security operations.
Jonathan: ...forensics is my team, there's awareness, there's user education. Also, internally we have governance and risk assessment. We have career development, we have security architecture. As a person in this entry-level world, what you need to understand is you're not doing cybersecurity. You're doing something within the field of cybersecurity. And, this article particularly, some scenarios can be built and some tasks that are expected? I'm gonna pick on auditing. I learned on the job was preparing for an audit.
John: Everyone's favorite task.
Jonathan: Right. But usually, a junior entry-level person might end up on that team. And they need to understand what it means to do that and as a person hiring, that might be the thing that you want them to understand. And if they don't even know what that is then you're immediately going to eliminate them without considering their skills. They've just never done an audit. And I think what we get to in here that is not about the skill to do the audit, it's about the skills underneath you might be able to bring them up to an audit level speed.
Jonathan: And this is very interesting because it's things like understanding which kind of audit it is. Right? Is it an app
Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records […]
La transformation numérique ouvre de nouvelles opportunités au secteur économique et à l\'ensemble des acteurs de la société. Cyber assurances, règlement général sur la protection des données (RGPD), sécurisation des véhicules connectés, enjeux du Cloud… Aujourd\'hui indispensables, ces évolutions engendrent également de nouveaux risques. Le colloque SecNumeco de Besançon abordera les fondamentaux de la sécurité […]
We looked into the security implications of the changing banking paradigm with PSD2 in place. Our research highlights the current and new risks that the financial industry will have to defend against, and predict how cybercriminals will abuse and attack Open Banking.
Researchers discovered many flaws in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. Security experts have discovered multiple vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices. The research is part of a project dubbed SOHOpelessly Broken 2.0 conducted Independent Security Evaluators (ISE). In […]
The actors responsible for the Emotet botnet returned after a four-month period of inactivity with a new malspam campaign. On 16 September, SpamHaus security researcher Raashid Bhat spotted a spate of new spam emails written in Polish or German that contained malicious attachments or links to malware downloads. Emotet is fully back in action and […]… Read More
SelonÂ le rapportÂ de deux experts en sécurité informatique travaillant pour la société vpnMentor, quelques 20,8 millions d\'enregistrements soit 18GB de données, ont été mis en accès libre sur un serveur non sécurisé situé à Miami (Floride) appartenant à une entreprise équatorienne.
The United States today filed a lawsuit against Edward Snowden, a former employee of the CIA and NSA government agencies who made headlines worldwide in 2013 after he fled the country and leaked top-secret information about NSA\'s global and domestic surveillance activities.
And, you would be more surprised to know the reason for this lawsuit.
No, it\'s not for leaking secrets; instead, for
Thousands of Google users are exposing the contents of their calendars to the public. The information is indexed by search engines and can include email addresses as well as private events from individuals and businesses. [...]
Prévu pour cette année, le service de cloud gaming du géant du Net ne devrait pas être disponible sur Android TV avant 2020. C\'est en tout cas ce qu\'affirme XDA Developpers en se basant sur l\'information d\'une source pr&eac...
Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software.
Pour ceux que ça intéresse, sachez que Edward Snowden va très bien. Il est toujours en Russie et va sortir le 19 septembre (cette semaine), ses mémoires : Mémoires vives (ou en anglais "Â Permanent RecordÂ ") . J’avais lu en 2014 "Â Nulle part où se cacherÂ " de Glenn Greewald que Snowden … Suite
Tens of millions of records from customers of two airline companies owned by Lion Air have been circulating on data exchange forums for at least a month. The info was stored in an Amazon bucket that was open on the web. [...]
Experts at ReversingLabs spotted a threat actor buying digital certificates by impersonating legitimate entities and then selling them on the black market. Researchers at ReversingLabsÂ have identified a new threat actor that is buying digital certificates by impersonating company executives, and then selling them on the black market. The experts discovered that digital certificates are then […]
"Warning - Making your calendar public will make all events visible to the world, including via Google search. Are you sure?"
Remember this security warning? No?
If you have ever shared your Google Calendars, or maybeÂ inadvertently, with someone that should not be publicly accessible anymore, you should immediately go back to your Google settings and check if you\'re exposing all your events
Noms, adresses, états civils, enfants, crédits, immatriculations de voitureâ¦ Les données de plus de 20 millions d\'Équatoriens étaient en accès libre. Elles provenaient du serveur d\'une société marketing.
Small to mid-sized businesses can keep safe from most cyberattacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents. [...]
Members of the Muslim Community walk past flowers and condolences at the entrance to the Christchurch Botanic Gardens, close to Al Noor mosque, on March 22, 2019 in Christchurch, New Zealand. 50 people were killed, and dozens were injured in Christchurch on Friday, March 15 when a gunman opened fire at the Al Noor and Linwood mosques. The attack is the worst mass shooting in New Zealand\'s history.
The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it?
As we connect everything from coffee maker to front-door locks and cars to the Internet, we\'re creating more potential-and possibly more dangerous-ways for hackers to wreak
By Josh Horwitz, COO Enzoic The biometric market is expected to soar to nearly $33 billion by 2022 as the technology is heralded as a bulletproof solution to thwart hackers. Consumers view biometrics favorably as it\'s an easy way to log into their accounts, which is helping accelerate its widespread adoption. However, there are inherent […]
A new Android malware has appeared in the threat landscape, tracked as MobiHok RAT, it borrows the code from the old SpyNote RAT. Experts from threat intelligence firm SenseCy spotted a new piece of Android RAT, dubbed MobiHok RAT, that used code from the old SpyNote RAT. At the beginning of July 2019, the experts […]
Almost all organisations have a digital transformation programme in place. Such programmes enable organisations to stay relevant, enhance member\'s experience and gain market share by making the most of the opportunity presented by the technology trends. At the heart of any digital transformation is the harness of data to continually improve customer outcomes and improve [...]
Edward Snowden, the National Security Agency contractor living in Russia after leaking information about the US government\'s mass surveillance program, has said he would like to return home if he can get a fair trial.