Friday, May 26, 2017

Should technology professionals develop Emotional Intelligence?

It's not just a good idea, it's a GREAT idea



Monday, May 22, 2017

Cyber Security Vulnerability and Patch Report, May 21, 2017


CYBERSECURITY VULNERABILITY

AND PATCH REPORT

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Important Security Updates

Adobe Flash Player: Adobe has released version 25.0.0.171. Updates are available from Adobe’s website. To see which version you have, go to Adobe’s web page.
Apple iTunes: Apple has released version 12.6.1 (64-bit and 32-bit) of iTunes. Updates are available from Apple’s website.
Apple Multiple Products: Apple has released updates to address vulnerabilities in tvOS, iCloud for Windows, Safari, watchOS, macOS Sierra, El Capitan, Yosemite, iOS, and others. Additional details are available on Apple’s website.
Dropbox: Dropbox has released version 26.4.23 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]
Mozilla Firefox: Mozilla has released version 53.0.3. Updates are available within the browser or from Mozilla’s website.
Opera: Opera has released version 45.0.2552.812. Updates are available from within the browser or from Opera’s website.
Piriform CCleaner: Piriform has released version 5.30.6063 for CCleaner. Updates are available from Piriform’s website.
Viber: Viber has released version 6.8.0 for Windows. Updates are available on Viber’s website.
VLC Media Player: VLC has released version 2.2.5.1 (32-bit and 64-bit) of its Media Player. Download from the VLC website.

Current Software Versions

Adobe Flash 25.0.0.171
Adobe Reader DC 2017.009.20044
Dropbox 26.4.23 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 53.0.3 [Windows]
Google Chrome 58.0.3029.110
Internet Explorer 11.0.9600.18639
Java SE 8 Update 131 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Microsoft Edge 40.15063.0.0
QuickTime 7.7.9 [Citadel recommends removing QuickTime. On April 14, 2016 US-CERT advised Microsoft Windows users to remove QuickTime. This followed a report in ars technica that Apple has no plans to update the Windows app despite at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.]
Safari 10.1.1 [Mac OS X Mavericks, Yosemite, El Capitan]
Skype 7.36.0.101

For Your IT Department

Cisco Multiple Products: Cisco has released updates to address vulnerabilities in TelePresence IX5000 Series, Prime Collaboration, Policy Suite, UCS C-Series, Unified Communications Manager, IP Phone 8851, Remote Expert Manager, Nexus 5000 Series Switches, Identity Services Engine, Industrial Ethernet 1000 Series Switches Device Manager, FirePOWER System Software, Snort++ Protocol Decoder, and others. Apply updates. Additional details are available at Cisco’s website.
VMware Workstation: VMWare has released an update to address vulnerabilities in Workstation. Additional details are available on VMware’s website.
WordPress: WordPress has released an update to address multiple vulnerabilities. Apply updates. Additional details are available on WordPress’ website.
 *******************
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2017 Citadel Information Group. All rights reserved

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810




Cyber Security News of the Week, May 21, 2017

 

CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Individuals at Risk

Identity Theft

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division: Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. KrebsOnSecurity, May 18, 2017

Cyber Update

Android Gets Security Makeover With Google Play Protect: Mobile operating system Android received a big security makeover Wednesday with the introduction of Google Play Protect. At Google I/O, Google’s annual developer conference, the company teased a major update to its security platform that consists of a mix of new features, a rebranding of existing ones and UI enhancements that will now live under one security umbrella called Google Play Protect. ThreatPost, May 18, 2017
98% of Android Users Fail to Run Latest OS Version: A study finds 98% of Android devices are not running the latest software version, according to a report released today by Zimperium. DarkReading, May 18, 2017

Cyber Warning

App maker’s code stolen in malware attack: The Mac and iOS software developer Panic has had the source code for several of its apps stolen. BBC, May 18, 2017
Breach at DocuSign Led to Targeted Email Malware Campaign: DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign. KrebsOnSecurity, May 15, 2017

Information Security Management in the Organization

Information Security Management and Governance

Need for strategy, management structure, & basic security hygiene emphasized in CISO discussion: Some security leaders argue there is little point in worrying about emerging threats when businesses can’t defend against today’s attacks. DarkReading, May 18, 2017

Cyber Defense

5 Security Lessons WannaCry Taught Us the Hard Way: There is a lot more our industry should be doing to protect its systems and data from cyber blackmail. DarkReading, May 18, 2017

Cyber Update

WordPress Fixes CSRF, XSS Bugs, Announces Bug Bounty Program: WordPress is urging webmasters to update to the latest version of its content management system to mitigate several issues, including a pair of cross-site scripting (XSS) bugs and a cross-site request forgery (CSRF) bug that’s existed for 10 months. ThreatPost, May 18, 2017

Cyber Culture

​How to get your staff to take cybersecurity seriously: Common sense only goes so far and you need to make sure that best practices around security don’t go in one ear and out the other. Here’s your attack plan. CNet, May 18, 2017
Security Is an Organizational Behavior Problem: At what point will we admit that technology is not enough? When will we discover that our well-documented processes are insufficient? Who will acknowledge that their leadership when it comes to governance isn’t working? It takes a strong person to admit these flaws in organizational behavior and tackle the hardest problems head on. SecurityIntellignece, May 17, 2017
Despite security risks, 75% of CEOs use applications that aren’t approved by IT: CEOs and business decision makers (BDMs) say they understand the massive cybersecurity risks facing organizations today. However, that does not stop 75% of CEOs and 52% of BDMs from using applications and programs that are not approved by their IT department, according to a new report from Code42. About half of these professionals said they have experienced a security breach within the last 18 months. TechRepublic, May 16, 2017
User misdeeds responsible for 2/3 of breaches. Better awareness training needed: Screen Shot 2017-05-15 at 7.11.23 AMThe 2017 Verizon DBIR (Data Breach Investigations Report) is out. For those of you who are unfamiliar with it, this is THE data driven report that helps you better understand threats and what are the leading causes of incidents / breaches. The report is important as it provides a trusted resource to help you make data driven decisions on what you should be teaching in your awareness program. The report can be used a variety of ways, from understanding overall threats to doing a deep dive on the greatest risks facing your own industry. My favorite resource in this year’s report is Figure 9, which we have posted in this blog. This figure gives you an overview the most common risks facing the 8 most common industries. If you are in one of those 8 industries, my suggestion is to go straight to the report’s detailed write-up on your industry and learn everything you can. SANS, May 16, 2017

Cyber Security in Society

Cyber Defense

NIST Cybersecurity Framework: The smart person’s guide: President Trump’s cybersecurity order made the National Institute of Standards and Technology’s framework federal policy. Here’s what you need to know about the NIST’s Cybersecurity Framework. TechRepublic, May 19, 2017
Ransomware’s Aftershocks Feared as U.S. Warns of Complexity: The components of the global cyberattack that seized hundreds of thousands of computer systems last week may be more complex than originally believed, a Trump administration official said Sunday, and experts warned that the effects of the malicious software could linger for some time. The New York Times, May 14, 2017
Looking Back at 2016 Data Breaches. Lessons to Learn: According to a report by the Identity Theft Resource Center (ITRC), the number of data breaches tracked in 2016 in the U.S. reached an all-time record of 1,093 incidents and exposed more than 36 million records. The most headline-making breaches affected the healthcare sector (e.g., Centene, 21st Century Oncology), federal and local governments (e.g., U.S. Department of Homeland Security, the National Security Agency, the U.S. Navy) and IT companies (e.g., Verizon Enterprise Services, Seagate, LinkedIn, Yahoo). Cyber attacks ranged from traditional web-app attacks to relatively new methods such as ransomware. In addition, 2016 is remarkable for several major state-sponsored attacks, which affected large companies like the Federal Deposit Insurance Corporation and Mossack Fonseca. ITSP Magazine, May 2017

National Cyber Security

FCC inundated with fake emails opposing net neutrality using stolen email names: Last week, we told you about the travails of the US Federal Communications Commission’s comments website, which crashed after John Oliver sent hundreds of thousands of pro-net-neutrality commenters their way – and someone else sent a major DDoS attack. Naked Security, May 18, 2017
Any Half-Decent Hacker Could Break Into Mar-a-Lago. We Tested It: Two weeks ago, on a sparkling spring morning, we went trawling along Florida’s coastal waterway. But not for fish. Gizmodo, May 17, 2017
Why Extending Laptop Ban Makes No Sense: The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effectively allowing wealthier and more frequent fliers to bring their computers with them. This will only exacerbate the divide between the haves and the have-nots—all without making us any safer. Schneier on Security, May 16, 2017

Cyber Medical

FDA, Industry Look for Gaps in Cybersecurity: The US Food and Drug Administration (FDA) on Thursday kicked off a fortuitously-timed public workshop on medical device cybersecurity, the agency’s third on the subject to date. RAPS, May 18, 2017
Patches Pending for Medical Devices Hit By WannaCry: It was initially thought just Windows machines were vulnerable but it probably shouldn’t come as a surprise that medical devices and industrial control systems were subjected to the perils of this weekend’s WannaCry ransomware outburst as well. ThreatPost, May 18, 2017

Internet of Things

GAO Assesses IoT Vulnerabilities: Internet of things devices are vulnerable to an array of potential cyberattacks, including zero-day exploits, distributed denial-of-service attacks and passive wiretapping, according to a new Government Accountability Office report, which cites mitigation advice from experts. BankInfoSecurity, May 17, 2017

Cyber Enforcement

How to Catch Hackers? Old-School Sleuthing, With a Digital Twist: LONDON — Bank robbers wear masks and escape in vans with stolen license plates. Kidnappers compose ransom letters from newsprint to elude handwriting experts. Burglars target houses with the upstairs window ajar. The New York Times, May 14, 2017

Secure the Village

The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack: Early Friday morning the world experienced the year’s latest cyberattack. Microsoft, May 14, 2017
The World Is Getting Hacked. Why Don’t We Do More to Stop It?: The path to a global outbreak on Friday of a ransom-demanding computer software (“ransomware”) that crippled hospitals in Britain — forcing the rerouting of ambulances, delays in surgeries and the shutdown of diagnostic equipment — started, as it often does, with a defect in software, a bug. This is perhaps the first salvo of a global crisis that has been brewing for decades. Fixing this is possible, but it will be expensive and require a complete overhaul of how technology companies, governments and institutions operate and handle software. The alternative should be unthinkable. The New York Times, May 13, 2017
Growing consensus on the need for an international treaty on nation state attacks: This week, the Group of 7 (G7) published a declaration recognizing the urgent need to establish international norms for responsible nation state behavior in cyberspace. It’s encouraging to see the commitment of this leading group of nations, but sobering to witness the growing imperative to act. Earlier this year at the RSA Conference in San Francisco I outlined the framework for a Digital Geneva Convention aimed at protecting and defending civilians against nation-sponsored attacks. Microsoft, April 13, 2017

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810




Friday, May 19, 2017

The World Economic Forum’s Top 10 Skills For 2020

CREDIT: Future of Jobs Report, World Economic Forum

YOUR Future Starts Now

All of the top 2020 skills listed above can be measured with the combination of the Clifton StrengthsFinder and the EQi-2.0® Emotional Quotient Inventory. 

I've been preparing up-and-coming leaders for the skills in demand in the future for nearly a decade now through my results generating career coaching services.

What I've built is a lot like the field of dreams. I started with my Visionary and Strategic Strengths and then I invested time, effort and money to build the field that you simply need to step onto.  

All you have to do is to take action to come join me as others already have. Experience the results my other coaching clients have already experienced at work, at home and in relationships.
YOUR UNIQUE STRENGTHS
In the hands of an experienced Strengths Coach, the results of the Clifton StrengthsFinder™ can be interpreted to show a coaching client exactly and precisely how they are internally wired. 
You can take the StrengthsFinder™ assessment on your own and you'll have a 100% chance of learning something about yourself by reading the black and white reports. This is what I originally did until someone came along and introduced me to my reports in vivid color. What difference the vivid color made!
When you hire me as your coach, you'll have a 200% chance of learning about yourself, learning how you compare and contrast with your colleagues and peers, learning where your greatest potential personal performance lies and learning how to leverage your traits and strengths to produce greater personal and group outcomes.
The 34 traits represented in the Clifton StrengthsFinder™ are broken down into Strategic Thinking Traits, Influencing Traits, Relationship Building Traits and Executing Traits. How a person's traits uniquely line up determine whether they'd be a better Engineer or a better Engineering Manager, a better Accountant or a better Chief Financial Officer and so on.
Notice in the chart above for example that People Management, Coordinating with Others (Collaboration) and Emotional Intelligence are all people-oriented topics.  People skills or Soft skills are, have been and will continue to be highly valuable skills moving into the future.

Regardless of how you were educated, chances are very high that nobody convinced you to take a class in collaboration, influencing, negotiating, coordinating the work of others, delivering presentations to people who don't understand what it is that you do and so on.  

These are the precise skills I help my clients to develop based on their unique ability to master these traits.
EMOTIONAL INTELLIGENCE
The EQi-2.0 Emotional Quotient Inventory® is an assessment used to measure a person's Emotional Intelligence. Unlike the Clifton StrengthsFinder™, you cannot purchase this assessment by yourself. 

This assessment can only be purchased and interpreted by someone who has invested in training and certification through the assessment's owner. I made this investment several years ago because I saw EQ rising in importance in the future.

Through this assessment, a Certified Emotional Intelligence Coach can show their client where their Emotional Intelligence stands relative to other people who do similar work and in comparison to what businesses value.

The good news for you is that the 15 different emotional intelligence skills measured by the EQi-2.0® can be improved upon when working with an experienced coach.

The business wants, needs and expects job candidates who offer a unique blend Strategic Thinking TraitsInfluencing Traits, Relationship Building Traits and Executing Traits. 

Skeptical about the value of EQ?

If you simply do a Google search on Emotional Intelligence topics, you'll see that there is no shortage of search results.   This 20+ year old science is picking up steam because research continues to show that the value of EQ far surpasses the value of one's IQ in career development.

It takes time to fine-tune and polish the traits found in the Clifton StrengthsFinder™ into Strengths.  It also takes time to fine-tune and polish the skills found in the EQi-2.0® assessment. If you're intrigued, check out these Strengths Coaching Testimonials and these Emotional Intelligence Coaching Testimonials.
  
Those who invest themselves to learn about their natural Strengths and those who invest in themselves to improve their current level of Emotional Intelligence are the individuals who will earn the best jobs of the future.

Sunday, May 07, 2017

Cybersecurity Vulnerability and Patch Report, May 7, 2017

 

CYBERSECURITY VULNERABILITY

AND PATCH REPORT

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Important Security Updates

Avast: Avast! Free Antivirus has released version 17.4.2294. Updates are available on Avast’s website. Avast! has also released updates for Premier Antivirus, Pro Antivirus and Internet Security.
Dropbox: Dropbox has released version 25.4.28 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]
Google Chrome: Google has released Google Chrome version 58.0.3029.96. Updates are available from within the browser or from Google Chrome’s website.
Mozilla Firefox: Mozilla has released version 53.0.2. Updates are available within the browser or from Mozilla’s website.
Skype: Skype has released Skype 7.35.0.102. Updates are available from the program or Skype’s website.
Viber: Viber has released version 6.7.2 for Windows. Updates are available on Viber’s website.
WinZip: Winzip has released version 21.5.12480. Updates are available from within the program, look for “Check for Updates” on the Help menu, or download from the WinZip website.

Current Software Versions

Adobe Flash 25.0.0.148
Adobe Reader DC 2017.009.20044
Dropbox 25.4.28 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 53.0.2 [Windows]
Google Chrome 58.0.3029.96
Internet Explorer 11.0.9600.18639
Java SE 8 Update 131 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Microsoft Edge 40.15063.0.0
QuickTime 7.7.9 [Citadel recommends removing QuickTime. On April 14, 2016 US-CERT advised Microsoft Windows users to remove QuickTime. This followed a report in ars technica that Apple has no plans to update the Windows app despite at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.]
Safari 10.1 [Mac OS X Mavericks, Yosemite, El Capitan]
Skype 7.35.0.102

For Your IT Department

Cisco Multiple Products: Cisco has released updates to address vulnerabilities in OpenSSL Affecting Cisco Products, Apache Struts2 Jakarta, CVR100W Wireless-N VPN Router, TelePresence ICMP, IOS XR, Aironet 1800, 2800, 3800 Series Access Points, Wide Area Application Services, Firepower Threat Defense and ASA, Finesse for Unified Contact Center Enterprise, Unity Connection ImageID, CallManager Express and others. Apply updates. Additional details are available at Cisco’s website.
Intel Multiple Products: Intel’s website.Intel has release updates to address vulnerabilities in Active Management Technology, Standard Manageability, and Small Business Technology, firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. Apply updates. Additional details are available at
 *******************
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2017 Citadel Information Group. All rights reserved.

 

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



SecurityRecruiter.com's Security Recruiter Blog