🔏 Simplifying Cybersecurity Issue #4

Welcome to the latest issue of Simplifying Cybersecurity!

This newsletter is packed with info to help you up your cybersecurity game. Whether you're just getting started or a seasoned cybersecurity professional, I've got you covered with tips, tools, and resources to help you keep growing and keep your career moving forward.

In this issue:

• Cybersecurity news stories you should read

• Professionals you should follow or connect with

• Tips to stand out in your next interview

• Training resources to improve your skills

• Career opportunities you can apply for today

• Recommended reading from The Bookstore

📰 Cybersecurity in the News

I noticed an interesting trend this week in publicly disclosed data breaches, the domino effect of third-party breaches, and advice on how to build third party risk management programs.

Massive Snowflake-linked attack exposes data on nearly 110M AT&T customers. AT&T suffered a cyberattack in April 2024 that compromised data on nearly 110 million wireless customers, exposing call and text message records but not personal information. The attack, which did not expose the content of calls or messages, was part of a broader wave targeting Snowflake customer environments and exploited stolen credentials rather than vulnerabilities in Snowflake's systems.

Snowflake Data Breach Impacts Ticketmaster, Other Organizations. Snowflake suffered a data breach, resulting in the theft of sensitive information from Ticketmaster and hundreds of other organizations. Although Snowflake claims no vulnerability or breach in their systems, an employee's compromised credentials led to unauthorized access, enabling threat actors to steal data using infostealing malware and credential stuffing techniques.

Snowflake Breach at Advance Auto Parts Hits 2.3 Million People. Advance Auto Parts, a leading US car parts provider with nearly 5000 stores, experienced a data breach impacting over two million job applicants, current and former employees. The breach, which occurred between April and May 2024, compromised personal information like names, Social Security numbers, and driver's licenses, exposing affected individuals to potential phishing attacks and identity fraud.

Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack. CDK Global, a software provider for car dealerships, suffered a ransomware attack that disrupted operations for thousands of dealerships across the US, and reportedly paid a $25 million ransom to the attackers. Despite the payment, the total financial damage to dealerships caused by the two-week outage is estimated to be over $600 million, and some systems may still be affected.

How to design a third-party risk management framework. A third-party risk management framework is a structured approach to identify, assess, and mitigate risks associated with third-party vendors, involving stakeholders, categorizing vendors, defining risk tolerance, establishing a process, identifying and mitigating risks, conducting due diligence, having incident response plans, ensuring compliance, continuous monitoring, and training. This framework helps organizations protect assets, ensure compliance, and safeguard their reputation by enhancing risk awareness, improving decision-making, and reducing potential vulnerabilities from third-party relationships.

🤝 Professional Networking

➡️ Follow (or connect with) the third party risk management experts on LinkedIn.

• Demi Ben-Ari - Co-Founder & CTO, Head of Security at Panorays, Google Developers Expert

• Kabir Barday - Chairman and CEO at OneTrust

• Michael Rasmussen - GRC Analyst & Pundit at GRC 20/20 Research, LLC

• Robert Kinzer - VP | Security Outreach Manager | Board Member | Change Practitioner | DEI Advocate

• Dr Magda Chelly - Cybersecurity & Risk Management Passionate. AI-Powered Risk Management with RiskImmune™. Responsible Cyber. SG 100 Women in Tech. Published Author & TEDx Speaker. Forbes 🇵🇱

💼 Interview Tips

I reposted some insights from John Haren on the importance of demonstrating soft skills in an interview.

According to John, the largest skill gap in cybersecurity is soft skills, which includes communication, flexibility, and leadership.

Research shows that the majority of cybersecurity professionals lack these skills, and few actively work to develop them. However, soft skills are increasingly recognized as crucial for success in the field.

One CISO even stated that her company now prioritizes soft skills over technical skills in hiring and performance reviews. To address this gap, professionals should include soft skill development in their personal development plans.

➡️ Check out the original post on LinkedIn

💡 Training Opportunities

Given the responses to John’s post, I thought it best to share a few soft skills courses this week.

If you’ve got a Premium profile, or if your company has a LinkedIn Learning subscription, you can check out these courses anytime you’d like.

But even if you don’t have a LinkedIn Learning subscription, you can use these links to take these courses for FREE. The links themselves shouldn’t expire, but as soon as you click on them, you have 24 hours to complete the courses. You can bookmark them for a rainy day.

• Soft Skills for Cybersecurity Professionals

• Nano Tips for Building Soft Skills with Elayne Fluker

• Confident Communication for Introverts

• Increase Your Flexible Thinking Skills

• Leadership Foundations

➡️ Knock out a course over lunch or bookmark them all for a rainy day

🚀 Career Opportunities

If you’re looking for an Entry Level or Associate role, you might want to check out these opportunities:

• Network Security Administrator, Greif

• Client Success Associate, The DigiTrust Group

• Vulnerability Researcher (iOS and Android), Magnet Forensics

• AppSec Analyst, OneStream Software

• Security Technologist 1, Kforce Inc

If you’re looking for a Mid-Senior Level role, you might want to check out these opportunities:

• Head of Security Engineering, RentSpree

• Head of Security Operations, Setpoint

• Director of Cyber Operations, Architecture and Engineering, Montrose Environmental Group

• Senior Director of Cyber Security. Locke and McCloud

• Director of Information Security Operations, Element Solutions Inc

📚 The Bookstore

Hackable: How to Do Application Security Right by Ted Harrington teaches readers how to think like hackers to better protect their applications. The book provides actionable advice on identifying and fixing security vulnerabilities, establishing threat models, and integrating security into the development process. By implementing the strategies outlined in "Hackable," companies can create more secure products, gain a competitive advantage, and build trust with their customers.

That's it for this week. If I’m doing my job right, you’re a few steps closer to making the career moves you want to make.

If you’re digging this newsletter, I’ve got two quick asks:

➡️ Share it with a friend or colleague who might like it as well. We’re all in this together, and sharing what we learn along the way helps everyone.

➡️ Connect with me on LinkedIn! I'm always up for chatting about all things cybersecurity and career growth.

Stay safe out there, and keep learning!

Jerod

https://simplifyingcybersecurity.com/store

You found it! You can use the promo code LEET1337 to save 25% on any order in the Simplifying Cybersecurity store. This promo code will self-destruct in… well, you know the rest. Nicely done!