🔏 Simplifying Cybersecurity Issue #2

Welcome to the latest issue of Simplifying Cybersecurity!

This newsletter is packed with info to help you up your cybersecurity game. Whether you're just getting started or a seasoned cybersecurity professional, I've got you covered with tips, tools, and resources to help you keep growing and keep your career moving forward.

In this issue:

• Recent cybersecurity news about hacking AI, increased hiring rates, and supply chain attacks via Polyfill.io

• Networking with folks who regularly share open cybersecurity roles

• Questions you’re likely to encounter in your next interview

• Training opportunities focused on the intersection AI and cybersecurity

• Career opportunities you might want to check out

• Recommended reading from The Bookstore

📰 Cybersecurity in the News

Cyber Workforce Grows 15% at Large Organizations as Security is Prioritized. Good news for cybersecurity professionals! Large organizations are investing more in cyber defense, with a 15% increase in dedicated cybersecurity staff and an average maturity level reaching 53%. However, challenges remain in securing third-party systems and industrial control systems.

Supply Chain Attacks Conducted Through Polyfill.io Service. Polyfill.io, a popular JavaScript library service, was compromised by threat actors to inject malicious code into over 100,000 websites. The attack leveraged supply chain vulnerabilities and targeted mobile devices. Security researchers recommend removing Polyfill.io and Cloudflare deployed a mitigation strategy to rewrite Polyfill.io references to a safe mirror.

Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content. A new "Skeleton Key" attack tricks generative AI models into bypassing safety guards by framing malicious requests as educational research. Microsoft patched their models and recommends input/output filtering and a guard against disabling safety measures for other AI providers.

Will AI Replace Cybersecurity Jobs? AI is a valuable asset for cybersecurity professionals, automating threat detection, vulnerability management, and incident response. However, AI lacks human-like contextual understanding and is susceptible to bias and manipulation, necessitating human oversight and critical thinking for robust cybersecurity.

IT Leaders Split on Using GenAI For Cybersecurity. European IT leaders are split on Generative AI (GenAI) for cybersecurity. While 46% see potential, similar concerns about data security and silos make adoption challenging, with 37% even calling it unsafe. Yet, half believe GenAI could revolutionize SecOps by providing analysis and context for alerts.

🤝 Professional Networking

Here are five (5) folks who frequently post open cybersecurity roles LinkedIn, as well as advice on how to get hired. You should follow them or connect with them to stay in the know!

• Chad White, Cyber Servant | Talent Partner | Hiring Advisor | Career Shepherd | GTM Recruiter | DEI Advocate; Founder | Talent Partner | Career Advisor, Rogue Talent

• Chris Forbes - 3x Chief Information Security Officer (CISO), 2x Privacy Officer, CIO, CTO; Forbes Asset Management, Inc.

• Brooke Cook, CEO & Co-Founder at Security Sisters Network™️ (SSN™️

• Josh Fullmer, Tech Recruiter @ Dragos

• Kris Rides, Founder | Cyber Security Staffing SME | Conference Speaker | Diversity Ally | Board Member | Penetration Testing | Virtual CISO; Co-Founder & Chief Executive Officer, Tiro Security

💼 Interview Tips

For entry/mid-level cybersecurity roles, a handful of questions are likely to come your way in the interview. Do a little research before the interview, and be ready to answer the following technical questions:

• Explain the CIA triad and its importance in cybersecurity. (Confidentiality, Integrity, Availability)

• Differentiate between symmetric and asymmetric encryption.

• Describe the difference between a vulnerability, threat, and risk.

• How does a firewall function, and what are its benefits?

• Explain the concept of a three-way handshake in TCP/IP.

• What are some common web application vulnerabilities, and how can they be prevented? (e.g., XSS, SQL injection)

• Discuss the concept of incident response and its key stages.

• What is the difference between a vulnerability assessment (VA) and penetration testing (PT)?

• How does multi-factor authentication (MFA) work, and why is it important?

• Explain the concept of a zero-day vulnerability.

And here are a few of the more common general questions you can expect to be asked:

• Tell me about a time you faced a technical challenge. How did you approach it?

• How do you stay up-to-date on the latest cybersecurity threats?

• Describe your experience with security tools and technologies.

• How would you explain a complex security concept to someone with no technical background?

• Why are you interested in a career in cybersecurity? (Don’t be afraid to be candid about your motivation and passion!)

💡 Training Opportunities

The adoption of AI-enabled tools, particularly generative AI tools like ChatGPT, is happening at a rate that security professionals are struggling to keep up with.

We’re working to secure AI product development AND to provide security awareness training for users around the dos and don’ts of using AI at work, but those conversations are often happening AFTER folks are already using those solutions.

That’s why a fundamental understanding of AI and cybersecurity is becoming a core skill that most cybersecurity pros are expected to have.

Fortunately, LinkedIn Learning has been publishing courses around AI at a breakneck pace. If you want to accelerate your learning on the topic, there’s guaranteed to be at least once course in the library to help you do that. (They’ve even developed over 50 AI-centric learning paths, complete with professional certificates!)

Here are two learning paths I recommend you explore to develop a fundamental understanding of AI from two perspectives: a non-technical business user and a technical leader.

• Understanding AI for Business Professionals

• Applying AI as a Tech Leader

If you’ve got a Premium profile, or if your company has a LinkedIn Learning subscription, you can check out these courses anytime you’d like.

But even if you don’t have a LinkedIn Learning subscription, you can use these links to take these courses for FREE. The links themselves shouldn’t expire, but as soon as you click on them, you have 24 hours to complete the courses. You can bookmark them for a rainy day.

While I can share free links to individual courses, I don’t have that option for entire learning paths. What I can do, though, is share a unique link for each course in a specific learning path like I’ve done below

• Develop Your AI Skills as a Cybersecurity Professional

  • Artificial Intelligence for Cybersecurity

  • AI in Cybersecurity: The Future of Red Teaming and Blue Teaming

  • Security Risks in AI and Machine Learning: Categorizing Attacks and Failure Modes

  • Leveraging AI for Security Testing

  • Introduction to MLSecOps

  • Leveraging AI for Governance, Risk, and Compliance

  • Securing the Use of Generative AI in Your Organization

🚀 Career Opportunities

If you’re looking for an Entry Level or Associate role, you might want to check out these opportunities:

• Information Security Specialist (Remote), Talentify.io ($92.6k-$139k year)

• Mid-Cyber Security Analyst, Team Remotely Inc ($90k-$100k year)

• IT Risk Analyst (Remote Available), Vanderbilt University Medical Center (salary range not provided)

• Application Security Analyst, HireMeFast LLC ($62k-$72k year)

• Associate Security Engineer - Infrastructure, Wasabi Technologies (salary range not provided)

• GRC Analyst, Robert Half (salary range not provided)

If you’re looking for a Mid-Senior Level role, you might want to check out these opportunities:

• Head of Security Operations, Setpoint (salary range not provided)

• Cyber Security Advisor, Federal Express Corporation ($107k-$144k year)

• Blockchain Security Engineer - (Solidity / Rust / Golang - Senior Level), CertiK ($102k-$180k year)

• BISO Information Security Officer, Dice (salary range not provided)

• Senior Security Engineer - Product Security Operations, NVIDIA ($192k-$368k year)

📚 The Bookstore

Little Brother by Cory Doctorow follows a teenage hacker who stumbles upon government overreach after a terrorist attack. He uses his hacking skills to fight back, exposing a vast surveillance program that threatens civil liberties. This young adult novel explores themes of privacy, digital activism, and the power of technology in the hands of a determined individual.

And if you’re interested in a collection of tech books at a ridiculously low price, Humble Bundle is offering their Linux for Seasoned Admins book bundle (from O’Reilly) through July 8th.

The bundle includes 15 books on a variety of topics (Python, DevSecOps, Web Application Security, Docker, and so on) valued at $789., but you can choose what you want to pay.

Did I mention that each bundle purchase also sends money to the Code for America charity?

Alright, folks. That's it for this week. If I’m doing my job right, you’re a few steps closer to making the career moves you want to make.

If you’re digging this newsletter, share it with a friend or colleague who could use it. We’re all in this together.

And connect with me on LinkedIn! I'm always up for chatting about all things cybersecurity and career growth.

Stay safe out there, and keep learning!

Jerod