Sunday, November 23, 2014

I Want To Serve You More Effectively....Would You Please Answer 1 Question Anonymously?

Saturday, November 22, 2014

NSA Chief Warns Chinese Cyber Attacks Could Compromise U.S. Plans

NSA Chief Warns Chinese Cyber Attacks Could Compromise U.S. Plans

China and “probably one or two” other countries have the ability to invade and possibly shut down computer systems of U.S. power utilities, aviation networks and financial companies, Admiral Mike Rogers, the director of the (NSA) U.S. National Security Agency, said on Thursday.
Testifying to the House of Representatives Intelligence Committee on cyber threats, Rogers said digital attackers have been able to penetrate such systems and perform “reconnaissance” missions to determine how the networks are put together.
National Security Agency (NSA) Director Michael Rogers testifies before a House (Select) Intelligence Committee hearing on ''Cybersecurity Threats: The Way Forward'' on Capitol Hill in Washington November 20, 2014.
National Security Agency (NSA) Director Michael Rogers testifies before a House (Select) Intelligence Committee hearing on ”Cybersecurity Threats: The Way Forward” on Capitol Hill in Washington November 20, 2014.
“What concerns us is that access, that capability can be used by nation-states, groups or individuals to take down that capability,” he said.


Monday, November 17, 2014

IT Risk Management Jobs: Information Security Risk Management Analyst, Southern Wisconsin, Great Relocation Package

Information Security Risk Management Analyst
$100,000s, Profit Sharing
Relocation: Yes
Education: BA/BS, Masters Preferred
Certification: CISSP, CRISC, CISM, CISA, CISRCP has been engaged to add information security risk management talent to a growing information security / risk management team.  Our client’s story is one of global success.  This role will carry an internal Manager title but will not have management responsibility.  It is an individual contributor role.

The hiring authority and several of his peers have former CISO experience.  The CISO is an individual we have known for many years.

This position is responsible for managing enterprise information security risk on a global basis.  The team is responsible for Governance, Intelligence and Information Security Risk.  The Risk Analyst / Manager will roll out a formal approach to managing information security risk across technology platforms and business environments.

This role and the entire information security program has executive support from the top of this global company.  The risk management program is based on goals, principles and strategy of the company’s global enterprise security strategy. 

Our client is an equal opportunity employer that values diversity.


Interact with all levels of business to align and to define and manage controls that reflect business and operational needs balanced with legal, regulatory requirements and risks.

      Develop and prepare general reporting and analysis of information security risk activities, including developing dashboards, trend analysis and alerts.
      Travel significantly as needed – up to 15%
      Participate in enterprise risk assessments and the development of risk management plans across the enterprise.
      Analyze information security and business data to gain deep business knowledge and insight on security risk posture.
      Manage the Information Security Risk program that defines how information security risk is measured, articulated and reported.
      Assess security control effectiveness and efficiency while facilitating governance within the Enterprise Information Security Management Framework.
      Implement tools and controls to measure and articulate current risk levels and ensure that results are understood by stakeholders.  Design communication programs to communicate business risks from cyber threat sources.
      Work across the enterprise with Directors of Information Technology, the Director Information Security Operations, Physical Security and others in the management of the Global Information Security Program.
      Ensure the ongoing integration of information security with business strategies and requirements.
      Drive remediation plans for audit / compliance related findings.
      Build strong relationships and partner closely with business partners.
      Perform data collection and statistical data analysis and understanding, ensure data quality, and develop tracking and reporting systems to determine the information security risk posture of the organization.
      Document action plans and report on issue status for Information Security Risk as needed.
      Identify and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
      Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions.



      BA/BS in information technology, business administration, or IT-related field.
      5+ years Information Security and IT Risk Management experience.
      3+ years of experience performing risk assessments, experience with internal controls, business process security audits and internal IT control testing or operational auditing.
      3+ years of experience interfacing with business leaders.
      3+ years of experience managing relationship across many lines of business.
      Relationship building, influence and communication skills are critical.
      Global experience is greatly appreciated.
      Must be able to pass a background screening process.


      Desirable certifications include: CISSP, CISM, CISA, CRISC, CISRCP
      Familiarity with security industry standards (ISO 17799, COBIT, NIST 800 series, etc.)
      Demonstrated ability to write business and technical reports and to participate in delivering presentations.
      Experience in capturing business requirements and converting business requirements into functional and technical specifications.
      Requires excellent time management skills, ability to juggle multiple, competing priorities, with strength in identifying and implementing solutions to address the critical needs.  Ability to work in a fast-paced environment. 
      Ability to prioritize workload and meet deadlines
      Strong understanding and appreciation for the value and use of Information Security Intelligence programs and capabilities.
      Superior written, presentation, and verbal communication skills.
      Exceptional organizational, interpersonal and team skills.
      Ability to take a broad view of his/her position and take initiative to communicate, interact and cooperate with others to ensure that all aspects of a task are addressed.

      Project management experience, including business/process analysis, documenting gaps, and process improvement.

Apply for this position on or call Jeff at 719.686.8810

Jeff Snyder's,, Security Recruiter Blog, 719.686.8810 

Cyber Security News, Education and Vulnerability Patch Report for the Week of November 17, 2014




Cyber Crime

Sheriff’s department files held for ransom by malware: The “Cryptowall” malware demanded more than $500 from the Dickson County Sheriff’s Office to unlock its case files. UPI, November 13, 2014
Home Depot Breach Costs CUs $60M: The Home Depot data breach cost credit unions almost $60 million, nearly twice as much as the Target breach, according to survey results released by CUNA Thursday. CreditUnionTimes, October 30, 2014

Cyber Attack

How Cyber Crime Gang Targets Travelling Executives Through Hotel Wi-Fi: A stealth gang of cyber criminals have carefully targeted travelling executives through hotel Wi-Fi connections in Asia over the past four years and are still active today, according to a report from a leading security firm. ABC News, November 10, 2014

Cyber Privacy

Evidence implicates government-backed hackers in Tor malware attacks: A hacker who was surreptitiously injecting malicious code in downloads in to part of the Tor network has been linked to a series of government-sponsored cyber attacks. The Guardian, November 14, 2014
ISPs Removing Their Customers’ Email Encryption: Recently, Verizon was caught tampering with its customer’s web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client. Electronic Frontier Foundation, November 11, 2014

Financial Cyber Security

Default ATM passcodes still exploited by crooks: Once again, ATMs have been “hacked” by individuals taking advantage of default, factory-set passcodes. HelpNetSecurity, November 14, 2014

Cyber Warning

Homeland Security Warns iPod, iPhone Users To Watch Out For iOS 8 Masque Attack: Reiterating a software security firm’s warning to iOS users, the Department of Homeland Security’s U.S. Computer Emergency Readiness Team is asking PC and mobile device users to avoid downloading app outside of Apple’s App Store. TechTimes, November 13, 2014
Hackers exploit NFC phone payment technology: Several bugs in Near Field Communication (NFC) payment systems have been found by security experts. BBC, November 13, 2014
POS Malware Continues To Evolve: With a little over two weeks until the holiday shopping season kicks off in earnest, a picture of the evolution of point of sale (POS) malware has come into focus with a number of recent pieces of research of late. A common theme recurring throughout is that POS malware is increasingly maturing with different packages and families refined for specific attack scenarios. DarkReading, November 11, 2014
GONE IN 30 MINUTES: THE RISE OF MANUALLY HACKED EMAIL ACCOUNTS: Email hackers have long since learned how to automate their attacks in order to compromise as many accounts as possible in the shortest time frame. But sometimes the old-fashioned ways of doing things are the best and that is exactly what a new report from Google has discovered. Security-FAQs, November 10, 2014

Cyber Security Management

What We Mean by Maturity Models for Security: The aim is to assess the current state of security against a backdrop of maturity and capability to translate actions into goals that even non-security people can grasp. DarkReading, November 12, 2014

Cyber Security Management – Cyber Defense

Google’s VirusTotal puts Linux malware under the spotlight: As Linux malware matures, Google’s malware checker will give samples the same treatment as those uploaded for Windows. ZDNet, November, 12 2014

Cyber Security Management – Cyber Update

Adobe, Microsoft Issue Critical Security Fixes: Adobe and Microsoft today each issued security updates to fix critical vulnerabilities in their software. Microsoft pushed 14 patches to address problems in Windows, Office, Internet Explorer and .NET, among other products. Separately, Adobe issued an update for its Flash Player software that corrects at least 18 security issues. KrebsOnSecurity, November 11, 2014

Cyber Underworld

Network Hijackers Exploit Technical Loophole: Spammers have been working methodically to hijack large chunks of Internet real estate by exploiting a technical and bureaucratic loophole in the way that various regions of the globe keep track of the world’s Internet address ranges. KrebsOnSecurity, November 13, 2014

National Cyber Security

Steptoe Cyberlaw Podcast, Episode #42: An Interview with Orin Kerr: We share the program this week with Orin Kerr, a regular guest who knows at least as much as we do about most of these topics and who jumps in on many of them. Orin, of course, is a professor of law at George Washington University and well-known scholar in computer crime law and Internet surveillance. Lawfare, November 13, 2014
NOAA Blames China In Hack, Breaks Disclosure Rules: The National Oceanic and Atmospheric Administration finally confirms that four websites were attacked and taken down in September, but details are sketchy and officials want answers. DarkReading, November 13, 2014

Cyber Sunshine

Identity theft conviction nets 9 years in prison for organized cybercrime member: Tony Soprano had nothing on the made men of, an organized cybercrime ring that federal prosecutors say stole more than $50 million in an identity theft and credit card scam. Consumer Affairs, November 13, 2014

Weekend Vulnerability and Patch Report, November 17, 2014

Important Security Updates

Adobe Flash Player: Adobe has released version to fix at least 18 highly critical vulnerabilities reported in previous versions. Updates are available from Adobe’s website. Updates are also available for AIR.
Dropbox: Dropbox has released version 2.10.50 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel's warning below]
Google Chrome: Google has released Google Chrome version 38.0.2125.122. Updates are available from within the browser or from Google Chrome’s website.
Microsoft Patch Tuesday: Microsoft’s Patch Tuesday released 9 updates to address at least 24 vulnerabilities, some of which are highly critical within Windows, Internet Explorer, Office, Word, .NET, Windows Flash Player, Sharepoint, and other Microsoft products.
Mozilla Firefox: Mozilla has released version 33.1.1 for Firefox. Updates are available within the browser or from Mozilla’s website.
Mozy Free Edition: Mozy has released version 2.28.0. Updates are available on Mozy’s website.
Siber Systems RoboForm: Siber Systems has released version 7.9.11 of Roboform. Updates are available from within the program, look for the “Check New Version” button on the Options menu or download from the Roboform website.
Skype: Skype has released Skype Updates are available from the program or Skype’s website.

Current Software Versions

Adobe Flash [Windows 7: IE]
Adobe Flash [Windows 7: Firefox, Mozilla]
Adobe Flash [Windows 8: IE]
Adobe Flash [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.09
Dropbox 2.10.50 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 33.1.1
Google Chrome 38.0.2125.122
Internet Explorer 11.0.9600.17420
Java SE 8 Update 25 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.6
Safari 5.1.7 
Safari 7.1 [Mac OS X]

Newly Announced Unpatched Vulnerabilities

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released an update to fix 6 moderately critical vulnerabilities in Unified Intelligent Contact Management Enterprise. Please contact the vendor for details about an update as the bug report CSCup24074 indicates a fixed status, however, no dedicated fixed versions are mentioned. Secunia reports a security issue and 2 unpatched moderately critical vulnerabilities in Cisco’s Unified IP Phones 7900 Series. No official solution is currently available.
Novell GroupWise: Secunia reports an unpatched security issue in Novell’s GroupWise reported in versions 8.x, 2012 and 2014. No official solution is available.
Novell Open Enterprise Server: Secunia reports an update to Novell’s Open Enterprise Server to fix 3 highly critical vulnerabilities. Apply patch oes11sp1-MozillaFirefox-9814.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2014 Citadel Information Group. All rights reserved.

Friday, November 14, 2014

He Transformed His Leadership by Embracing His Strengths

Several years ago, when I went through a life changing event of my own, I came to the conclusion that most people I’d interacted with over the years in business were settling for what they “Can” do versus ever slowing down to figure out what they “Should” do.  

I still see this and I'm out to change this with anyone who will partner with me as their coach to help them get to the "Should" stage.  In fact, I've been on a personal journey the past few years to push my life into the "Should" zone as much as possible.

Engaged / Disengaged

The Gallup organization conducts US workforce surveys year after year.  These surveys consistently show that approximately 70% of the US workforce is either disengaged or severely disengaged.  Alternatively, their research shows that only 30% of US workers are engaged in their work.

“Can” vs. “Should”

When I first learned of these statistics, my suspicion that most people settled for what they “Can” do versus determining what they really “Should” do was confirmed with numbers.  It wasn't just my point of view anymore.

Good to Great

This knowledge that I picked up a few years ago bothered me.  It bothered me to the core and still does.  One of my core strengths is called “Maximizer”.  The essence of this strength means that it is in my DNA to push “Good” to “Great”.  I’ve always had a drive to innovate and to make things better and now I know why!

Now that I understand my strength, I know why I created a resume writing service in 2008 when I saw the economy beginning to take a dive.  I assumed that there would be more people on the market than there would be jobs at that time.  Those who were looking for a job would need a superior calling card in order to get an interview.

Stimulating Phone Call

Today, I was fortunate to have connected with one of my leadership coaching clients on an unscheduled call.  These kinds of impromptu calls are frequently the richest calls I get to have in a day.  This call was no exception.

Career Clarity

My “C” level coaching client started talking about how valuable it was for him to have gone through my strengths coaching program one year ago.  He told me how having a very clear picture of his personal strengths and on the flip side, knowing precisely what he “sucks” at, has caused him to become a very different leader than he was in the past.

Impact on Others

My client told me that his team loves him today because he is great at making his teammates feel valuable.  His team knows what he is great at (because he told them) and they know what he will do.  The team also knows that when my client delegates something to the team that he is doing so because he trusts his teammates to get things done.  This in turns empowers his teammates and gives them confidence.

It's easy for my client to delegate to his team because he has invested time and energy to determine precisely how each of his teammates are wired.  He feeds each member of his team specific responsibilities knowing that what he is feeding them aligns with their strengths.  People love to not just be empowered but to be empowered to do things they can excel at delivering. 

Stronger Leadership

My client went on to tell me that as a leader, he is confident that his team has “undying loyalty” towards him.  He said “they love me” and they've told me that they want to go wherever I go.  One of his teammates said “I’m learning so much from you.  If you were to leave anytime soon, I’d want to go with you.  I’m not done learning from you yet”.  What an amazing complement for a leader to hear from one of his followers.

Blown Away!

My client concluded by telling me that he was “blown away” by the positive change that has occurred in his ability to lead and more importantly, his employee’s desire to follow.  He attributes this change to understanding his strengths and to the emotional intelligence coaching we've been working on for most of this year.

Wednesday, November 12, 2014

Security Jobs: Cybersecurity Program Manager Montgomery College Germantown, MD

Cybersecurity Program Manager
Montgomery College
Germantown, MD

Montgomery College

This is an opportunity to empower students to change their lives and enrich our community.
Montgomery College has endless possibilities!

Job Title: Cybersecurity Program Manager
Position #: S03474
Grade: L
Non Bargaining
Salary: $68,432.00 to $92,539.20

Online applications must be received by, November 24, 2014.

Job Vacancy: • Montgomery College, Germantown Campus, has need for a full-time Cybersecurity Program Manager, #S03474. The position will work primarily on the Germantown campus, but will travel to the other campus locations occasionally. The work schedule is Monday - Friday 8:30 a.m. - 5:00 p.m. Additional work hours may be required during peak times.

Job Summary: Montgomery College is seeking a highly-knowledgeable, dynamic, and collaborative individual to develop and manage a robust, agile, and growing Cybersecurity and Networking program and cybersecurity lab environment. As part of a team, the primary responsibilities will be to develop and operate an innovative cybersecurity lab as well as outreach to academic and cyber-industry partners. Other duties will include but are not limited to the following:

  • Collaboration with faculty and staff
  • Responsible for developing and managing the new cybersecurity lab
  • networking curricula
  • Oversee and ensure the robustness of cybersecurity lab equipment and software to support outreach activities including cyber-competitions and training opportunities developed with industry partners.
  • Coordinate cybersecurity lab operations between campus locations.
  • Conduct outreach to industry, government, and educational institutions to assess needs and opportunities for partnerships for the purpose of building collaborations.
  • Interface with Montgomery County Public Schools. Outreach and develop cybersecurity activities for MCPS students.
  • Develop and maintain state-of-the-art cybersecurity laboratory facilities.
  • Create a professional development opportunities for the faculty.
  • In cooperation with area dean, department chairs and faculty, assist in the development, implementation, and marketing of programs and activities.
  • Interface with four-year higher education institutions.
  • Research opportunities and support efforts to seek grant funding that supports the Cybersecurity, Networking, and Computer Science programs.

Required Qualifications

  • Bachelor’s degree in computer science, cybersecurity, or a related field from an accredited college or demonstrated expertise and experience in cybersecurity lab operations, network security, threat and vulnerability assessment and management.
  • Minimum of 3 years of education or training program management/development experience.
  • Experience with team management to include collaboration, innovation, and day to day supervision.
  • Knowledge of cybersecurity and cybersecurity education, including awareness of emerging trends.
  • Ability to prioritize tasks
  • Excellent communication skills
  • Excellent presentation skills, including presenting technical information to a non-technical audience
  • Eligible applicants must currently be authorized to work in the United States and not require employer visa sponsorship.

 Preferred Qualifications:
  • Experience participating in and/or running cyber-competitions
  • Master’s degree in an appropriate field
  • Hands-on experience with network security, cyber lab operations, threat and vulnerability management, data protection, hardware security experience, hacker techniques, or other relevant experience
  • Consulting experience
  • Grant management

Application Process:
  • Online applications must be received by November 24, 2014.
  • The application process includes 10 steps.
  • Step 10 is a Summary of your information. You can update and edit information up to the closing date for the receipt of applications for a specific job announcement.
  • Include dates of employment in your application or attachment
  • Complete a set of pre-screening questions (Step 4);
  • E-sign your application (Step 9)
  • As a condition of employment, the following are required at the time of hire: 
    • Completion of a background check.
    • Participation in a retirement plan
    • Submission of an official transcript of an earned degree

Note: This recruitment effort can take 6-12 weeks (from the deadline date) to fill.
Montgomery College is a tobacco-free workplace.

For disability related accommodations please call 240-567-5353 or send an email to: at least two weeks in advance

Montgomery College is an academic institution committed to promoting equal opportunity and fostering diversity among its student body, faculty, and staff.

1 Hour Resume Coaching Results!

1 Hour Resume Coaching Results!
Any time one of my job coach, career coach or leadership coach clients shares a personal win with me, I'm going to share that win with you.  This is what I work hard every day to achieve and I'm learning to celebrate even the small victories.  
This Information Security Engineer called on me last week and asked for my 1 Hour Resume Coaching service.  In this service, I teach my clients everything they need to know about my proven resume writing methodology that opens interview doors around the world.  
My Review
When this particular client send his new resume back for my review, (I do this for all of my 1 hour resume coaching clients) this was my response to him.  
You nailed it.  In fact, I think what you sent back to me is one of the best resumes I’ve seen following my 1 hour coaching call. 
My Client's Wife's Review

Putting my opinion aside, I suggested to this client as I do with many of my clients that before they send their new resume to me for review, they might want to start with a review from their spouse or roommate.

"I am very excited about the new resume.  My wife was very impressed with the improvement, saying that it was much easier to see what skills I bring to the table, and that it flowed much better, whereas before she had to look harder for that information.  She said that all of the key points she needed to see really stood out in the 6 seconds I'd get during a quick look."
The Marketplace's Response
"I floated a few resumes last Thursday night.  Friday afternoon, I stepped outside to take a call from a company's recruiter, and during that call my phone was ringing with another recruiter trying to reach me.  So, I think this has been a success from my end so far!"

A clean, clear, logical resume will open interview doors.  Interview doors are opening for my client just days after our coaching call.  He came to me with a "good" resume but his desire was to have a "Great" resume.  I want to coach someone with this mindset all day every day. 

How can I be helpful to you?

Jeff Snyder's, Job Coaching, Career Coaching, Security Recruiter Blog, 719.686.8810's Security Recruiter Blog