🔏 Simplifying Cybersecurity Issue #3

Welcome to the latest issue of Simplifying Cybersecurity!

This newsletter is packed with tips, tools, and resources to help you keep growing and keep your career moving forward.

In this issue:

• Cybersecurity news stories you should read

• Professionals you should follow or connect with

• Tips to stand out in your next interview

• Training resources to improve your skills

• Career opportunities you can apply for today

• Recommended reading from The Bookstore

📰 Cybersecurity in the News

RockYou2024: 10 billion passwords leaked in the largest compilation of all time. A massive leak of nearly 10 billion unique passwords, dubbed RockYou2024, has surfaced, posing a significant threat to individuals and businesses alike. This compilation of real-world passwords, likely gathered from numerous data breaches, can be exploited for credential stuffing and brute-force attacks, highlighting the importance of strong, unique passwords and robust security measures like multi-factor authentication.

Hacker Stole Secrets From OpenAI. OpenAI, the creator of ChatGPT, experienced a security breach in 2023, raising concerns about the company's preparedness for safeguarding sensitive information as AI technology advances. While no customer data or source code was compromised, the incident highlights the potential vulnerabilities of AI companies and the need for robust security measures to protect against intellectual property theft and potential misuse of AI technology.

Critical OpenSSH vulnerability could affect millions of servers. A critical vulnerability (CVE-2024-6387) in OpenSSH, a widely used tool for secure communications, could allow unauthenticated attackers to gain root access to millions of servers, highlighting the importance of timely patching and thorough regression testing in software development. While exploitation is considered challenging, the potential impact of a successful attack, including system compromise and data breaches, underscores the need for immediate action to mitigate this risk.

Why Cyber Teams Should Invest in Strong Communicators. The evolving cybersecurity landscape demands strong communication skills from professionals. As automation handles repetitive tasks, the ability to articulate complex cybersecurity risks to non-technical stakeholders becomes a key differentiator for career advancement. Effective communication fosters a security-conscious culture, builds trust with stakeholders, and ensures swift risk mitigation, enhancing overall organizational security.

Three critical steps to close the cybersecurity talent gap, once and for all. The cybersecurity talent gap presents a major opportunity for aspiring professionals, with high demand and growth potential in the field. To stand out, focus on building practical skills and knowledge relevant to the evolving threat landscape, and actively seek out mentorship and networking opportunities to establish yourself within the industry.

🤝 Professional Networking

➡️ Follow (or connect with) the security leaders on LinkedIn.

• Naomi Buckwalter - Information Security Leader | Nonprofit Director | Keynote Speaker | LinkedIn Learning Instructor

• Andy Ellis - Author, Hall of Fame CSO, Director, Leadership Advisor | YL Ventures Operating Partner | Duha CEO | Orca Security Advisory CISO

• Casey Ellis - founder & chief strategy officer, bugcrowd | co-founder, disclose.io | pioneer of crowdsourced-security-as-a-service

• Marten Mickos - HackerOne CEO

• Chris Roberts - Strategist, Researcher, Hacker, Advisor, CISO/vCISO, and podcast co-host.

💼 Interview Tips

I posted this question to LinkedIn:

“How did you get your first job in cybersecurity?”

Folks who shared their stories included:

• A systems engineer

• The owner of cybersecurity recruiting company

• The former CISO of a Big Ten university

• A security director from Microsoft

• A security podcast host / community builder

I got my first cybersecurity management role largely in part because, during my interview, I shared stories of my work in independent filmmaking. When the hiring manager saw how passionate I could get when I was all fired up, he knew he could put me in a room with any other leader at the company and that I’d fight for security improvements with that same passion.

When you sit for your next interview, remember that it’s not just okay to tell your story… it’s CRUCIAL.

➡️ Check out the original post and read their stories!

💡 Training Opportunities

Preparing for an interview can feel overwhelming, but it doesn’t need to. Here are two (2) courses you can take to help simplifying the process of interview prep.

• How to Rock an Interview

• Nailing your Interview, Resume, and Negotiation FAST

👀 And here’s a course that gives you a sneak peak into how the hiring manager preps for their part of the process.

• Interviewing Techniques

If you’ve got a LinkedIn Premium profile, or if your company has a LinkedIn Learning subscription, you can check out these courses anytime you’d like.

But even if you don’t have a LinkedIn Learning subscription, you can use these links to take these courses for FREE. The links themselves shouldn’t expire, but as soon as you click on them, you have 24 hours to complete the courses.

➡️ Knock out a course over lunch or bookmark them all for a rainy day.

🚀 Career Opportunities

If you’re looking for an Entry Level or Associate role, you might want to check out these opportunities:

• Information Security Analyst, Ascendion

• Consultant, Penetration Tester, Technical Testing Services, Clearwater

• Application Security Analyst, Team Remotely Inc.

• SOC Analyst, Team Remotely Inc.

• Security Engineer, TEKsystems

If you’re looking for a Mid-Senior Level role, you might want to check out these opportunities:

• Senior Cyber Threat Hunter, BlueCross BlueShield of Tennessee

• Senior Cybersecurity Engineer, Motion Recruitment

• Sr. Cybersecurity Solution Architect (Infrastructure Security), Tranzeal Incorporated

• Cyber Vulnerability Manager, Taku Health Services, LLC

• Incident Response Manager, Stripe

📚 The Bookstore

Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World by Marcus J. Carey and Jennifer Lin was inspired by Timothy Ferriss' Tribe of Mentors. This book features interviews with 70 cybersecurity experts who answer 14 common questions about the field. The questions cover both general perspectives on cybersecurity and personal experiences, providing insights and advice for those interested in or already working in the industry. The book aims to be a valuable resource for anyone seeking to understand the cybersecurity landscape and learn from experienced professionals.

That's it for this week. If I’m doing my job right, you’re a few steps closer to making the career moves you want to make.

If you’re digging this newsletter, I’ve got two quick asks:

➡️ Share it with a friend or colleague who might like it as well. We’re all in this together, and sharing what we learn along the way helps everyone.

➡️ Connect with me on LinkedIn! I'm always up for chatting about all things cybersecurity and career growth.

Stay safe out there, and keep learning!

Jerod

https://simplifyingcybersecurity.com/store

You found it! You can use the promo code LEET1337 to save 25% on any order in the Simplifying Cybersecurity store. This promo code will self-destruct in… well, you know the rest. Nicely done!