🔏 Simplifying Cybersecurity Issue #8

Welcome to the latest issue of Simplifying Cybersecurity!

This newsletter is packed with info to help you up your cybersecurity game. Whether you're just getting started or a seasoned cybersecurity professional, I've got you covered with tips, tools, and resources to help you keep growing and keep your career moving forward.

In this issue:

• Cybersecurity news stories you should read

• Active professionals you should engage

• Tips to stand out in your next interview

• Training resources to improve your skills

• Career opportunities you can apply for today

• Recommended reading from The Bookstore

📰 Cybersecurity in the News

5 key takeaways from Black Hat USA 2024. This year’s Black Hat USA conference highlighted ongoing concerns about cloud security, emphasized the need for cyber resilience, and revealed new vulnerabilities in Windows patching and AI technologies. Additionally, it emphasized that CISOs are increasingly facing personal legal risks in the aftermath of major cyberattacks.

Mental Health – An Infosec Challenge. The cybersecurity field presents various mental health challenges due to the high-stress nature of the work. It's crucial for individuals in this field to prioritize self-care, seek support when needed, and remember that they're not alone in facing these challenges.

It's Time to Promote Security Talent From Within. The article argues that the security industry should promote leaders from within its ranks due to the unique experience, problem-solving skills, trust, respect, and passion that come from working in the field. (Do I agree? Wholeheartedly!) Promoting from within will lead to stronger leadership and improved security for enterprises.

Over $40 Million Recovered and Arrests Made Within Days After Firm Discovers Business Email Compromise Scam. Here’s a win for the home team! In a recent case of Business Email Compromise (BEC), over $40 million was recovered and seven suspects were arrested within days after a Singaporean firm fell victim to a scam email. The quick recovery was made possible due to the swift coordination between Interpol, Singaporean, and Timor Leste authorities.

NIST Formalizes World's First Post-Quantum Cryptography Standards. Read up, folks! The future is here. The US National Institute of Standards & Technology (NIST) has formalized the world's first post-quantum cryptography standards to protect systems and data from future quantum computer threats. These standards, designed to help organizations transition before quantum computers can break existing encryption, include algorithms for establishing shared secret keys, creating digital signatures, and detecting data modifications.

🤝 Professional Networking

➡️ Follow or connect with these security leaders on LinkedIn.

• Amanda Berlin - Director of Incident Detection Engineering at Blumira (SIEM and XDR for SMBs); CEO of Mental Health Hackers

• Graham Cluley - Cybersecurity public speaker, host of "The AI Fix" and "Smashing Security" podcasts, Doctor Who fan.

• Joshua Goldfarb - Global Solutions Architect - Security

• John Strand - Owner at Black Hills Information Security, Active Countermeasures, Antisyphon Training, Wild West Hackin' Fest, REKCAH Publishing

• Connie Matthews Reynolds - Founder/CEO of ReynCon | CxO Advisor | Board Member | Fellow (ISSA) | Finalist Cyber Security Woman of the World | Keynote Speaker

💼 Interview Tips

At some point in your interview, it’s likely that you’ll be asked how you keep up with everything that’s happening in cybersecurity.

In an industry where technology, attack patterns, and defensive techniques change almost daily, you might be tempted to answer, “I can’t keep up with everything. No one can.”

And that’s true.

But you can keep up with some of the bigger stories and with some of the more important shifts with a few simple, manageable activities.

• Subscribe to curated newsletters. Subscribing to reputable cybersecurity news sources and newsletters (like this one) provides a filtered and condensed overview of the latest developments. It's a time-efficient way to stay informed without being overwhelmed.

• Subscribe to security blogs and podcasts. Following blogs and podcasts by industry experts provides in-depth analysis and insights into specific cybersecurity topics. This helps deepen your understanding and keep you ahead of emerging trends.

  ➡️ Pick one podcast from this list and subscribe today!

• Subscribe to threat intelligence feeds. Subscribing to threat intelligence feeds gives you access to real-time information about active threats and vulnerabilities. This allows you to proactively protect your systems and data from the latest attack vectors.

  ➡️ Check out this curated list of awesome-threat-intelligence sources on GitHub.

• Attend industry conferences and webinars. Attending industry conferences and webinars provides opportunities to learn from experts, network with peers, and gain exposure to new technologies and solutions.

  ➡️ Cybersecurity Conferences has a robust list of conferences you can attend, including those in your own backyard.

• Pursue continuous learning and certifications. Pursuing relevant certifications and ongoing training ensures that your skills and knowledge remain current. This helps you adapt to new threats and technologies, making you a more valuable asset in the cybersecurity field

  ➡️ Head over to YouTube, do a quick search on one cybersecurity topic you’re interested in, and watch that video over lunch.

➡️ Check out my original LinkedIn post here!

💡 Training Opportunities

Not only is Mike Chapple a professor at Notre Dame, but he’s also a prolific LinkedIn Learning course author who specializes in cybersecurity certifications.

I know there’s something of a holy war when it comes to the importance/value of certifications in this industry. Regardless of which side you’re on, it’s difficult (if not impossible) to deny the value of the KNOWLEDGE you can gain by studying for a certification.

This week, I wanted to share a couple of Mike’s LinkedIn Learning courses so you can pick up some of that knowledge for yourself.

If you’ve got a Premium profile, or if your company has a LinkedIn Learning subscription, you can check out these courses anytime you’d like.

But even if you don’t have a LinkedIn Learning subscription, you can use these links to take these courses for FREE. The links themselves shouldn’t expire, but as soon as you click on them, you have 24 hours to complete the courses. You can bookmark them for a rainy day.

• CompTIA Cybersecurity Analyst (CySA+) (CS0-003) Cert Prep

• CompTIA Security+ (SY0-701) Cert Prep

➡️ Knock out a course over lunch or bookmark them all for a rainy day.

🚀 Career Opportunities

If you’re looking for an Entry Level or Associate role, you might want to check out these opportunities:

• Sales Development Representative, Horizon3.ai

• Technology Controls Associate - Cybersecurity, Real

• Ethical Hacker, ACS Consultancy Services, Inc

• Junior Cybersecurity Consultant, 99hat | Offensive Security

• Cyber, Privacy & Data Associate, Vanguard Intellectual Partners, LLC

If you’re looking for a Mid-Senior Level role, you might want to check out these opportunities:

• Senior Manager, Security Awareness Program Manager, Affirm

• Information Technology Risk Manager, Insight Global

• Information Security Architect - AI, Cotiviti

• Senior Cybersecurity Manager – Business Information Security Officer - Dental Solutions, Solventum

• Senior Security Evangelist, Radware

📚 The Bookstore

The Code of Honor: Embracing Ethics in Cybersecurity by Ed Skoudis emphasizes the critical role of ethical conduct within the cybersecurity profession. The book explores the ethical dilemmas cybersecurity professionals face and provides a framework for making responsible and moral decisions. It advocates for adopting a code of honor to uphold the integrity and trustworthiness of the cybersecurity community, fostering a culture of responsibility and accountability.

👕 Anybody want a peanut hoodie?

The Simplifying Cybersecurity store is live? Inconceivable!

I wanted some cybersecurity swag of my own that I could start wearing to hacker cons, but I’m not the biggest fan of swag that’s covered with vendor logos. 🤷

So I decided to design some swag my own. 😉

I’ve got a handful of designs in the store now, and I’m planning to add more soon. Oh! And stickers! I haven’t uploaded any sticker designs just yet, but they’re on their way.

If you want to grab your own hoodie or tee, head on over to the store today!

That's it for this week. If I’m doing my job right, you’re a few steps closer to making the career moves you want to make.

If you’re digging this newsletter, I’ve got two quick asks:

➡️ Share it with a friend or colleague who might like it as well. We’re all in this together, and sharing what we learn along the way helps everyone.

➡️ If someone forwarded this to you, subscribe here.

➡️ Connect with me on LinkedIn! I'm always up for chatting about all things cybersecurity and career growth.

Stay safe out there, and keep learning!

Jerod