Thursday, July 02, 2015

Resume Coaching Testimonial From a Happy Client





"Jeff, heartfelt thanks to you for reviewing what I thought was a good resume and then giving me the brutal truth. Here is my Michelangelo for you to disseminate if the need arises. That said, you will be getting a lot of cops calling using my name."


Monday, June 29, 2015

Mid-Year 2015 Information Security Career Demand...What's Hot?



Anybody can go to a major job board and look at posted jobs to see what’s hot and what’s not.  How about a different perspective on what’s hot and what’s not from a recruiter who has specialized in security, risk, compliance and privacy going all the way back to his first information security search in 1995.

Not all companies are willing to pay search fees to acquire talent and they have many reasons for taking their position.  Some companies are filling security jobs all the way up to the CISO level in order to check boxes and to get through audits.

Other companies are taking security much more seriously.  While many companies are still checking boxes in order to pass regulatory audits, some of my clients are hiring security talent up to the CISO level in order to build sound security programs. These are the jobs you want to check out.

When a company is willing to pay a search fee, they expect the security recruiter to deliver the industry’s best talent and they seldom compromise.  The best talent in this case will have done a great job of managing their career progression so they have the right mix of skills but not too many jobs.  This effort on the job seeker's part is much more of an art than a science.

When a company is paying a search fee to a highly specialized recruiter, you can assume as a job candidate that they might be a bit more serious about the quality and fit of their candidates than a company that is posting jobs and hoping for the best.

What Information Security Careers  / Cybersecurity Careers Are Hot in Mid-2015?

Security Engineer: This title and similar titles are hot everywhere!  Skills required include Firewalls, IDS / IPS, SIEM, Identity Management, Application Security and more. 

Security Architect: This job title is landing on my desk from any industry you can think of and the demand is coming from coast-to-coast. 

Application Security Architect / Secure Software Development:  This demand comes to me from coast-to-coast.  The best paying jobs are those that require a candidate to have several years of coding / software development background prior to picking up application security / secure software development skills.

IT Risk Management / Compliance: This type of role is coming to me from many different industries and locations.  In this type of role, employers are expecting candidates to have experience with several different industry compliance regulations and security frameworks.  This particular role is one in which business skills and communication skills start to become very important as this person will usually work very closely with people in business units and with partners across Information Technology.

Information Security Manager:  This role comes with many different titles but it is essentially the first step in most companies to becoming a CISO one day.  This is where technical skills will get you in the door but it is your business understanding, communication skills and relationship building skills that will propel you to the next level.

CISO or VP of Information Security:  When these roles come to my desk, they arrive either as a fresh search where a company wants to interview a few of the right candidates and make a hiring decision or I get these searches after they’ve been open for as long as 6-18 months.  Every CISO level search I’ve had on my desk in the past few years has required me to find candidates who have skills in many different technical areas but more important are their business skills and their emotional intelligence skills.

Things Are Heating Up

While I have current searches on my desk, I’m also waiting for several companies to complete contracts with me.  Nearly all of the positions listed above are in my pipeline connected to the companies I’m negotiating contracts with right now.  Stay tuned!


Sunday, June 28, 2015

Cyber Security Vulnerability and Patch Report for the week of June 21, 2015

 




CYBER SECURITY VULNERABILITY AND PATCH REPORT FOR THE WEEK OF JUNE 28, 2015

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP



Important Security Updates

Adobe Flash Player: Adobe has released version 18.0.0.194 to fix a critical vulnerability. Updates are available from Adobe’s website.
AVG Free Edition: AVG has released version 2015.0.6037 of its 64 and 32 bit Free Edition. Updates are available on AVG’s website.
AVG Internet Security: AVG has released version 2015.0.6037 of its Internet Security 2015. Updates are available on AVG’s website.
Avira Free Antivirus: Avira has released version 15.0.11.579 of its free Antivirus. Updates are available from Avira’s website.
Google Chrome: Google has released Google Chrome version 43.0.2357.130. Updates are available from within the browser or from Google Chrome’s website.
Opera: Opera has released version 30.0.1835.88. Updates are available from within the browser or from Opera’s website.
TechSmith Corporation SnagIt: TechSmith has released version 12.4.0.2992 for SnagIt. Updates are available from TechSmith’s website.

Current Software Versions

Adobe Flash 18.0.0.194 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash 18.0.0.194 [Windows 8: IE]
Adobe Flash 18.0.0.194 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.007.20033
Dropbox 3.6.7 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 38.0.6
Google Chrome 43.0.2357.130
Internet Explorer 11.0.9600.17842
Java SE 8 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.76.80.95
Safari 7.1.6 [Mac OS X]
Skype 7.6.0.103

Newly Announced Unpatched Vulnerabilities

None

For Your IT Department

Cisco Multiple Products: Secunia and US-CERT report vulnerabilities in Cisco’s Aggregation Services Routers (ASR) 5000 Series, NX-OS, IOS XR, uBR10000 Series Universal Broadband Routers, ASR 9000 Series Aggregation Services Routers, Jabber for Windows, Wireless LAN Controller (WLC), Unified MeetingPlace, Unified Communications Manager IM and Presence Service, AnyConnect Secure Mobility Client, Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv). Apply updates. Secunia also reports unpatched security vulnerabilities in Cisco Web Security Appliance 8.x and Unified Communications Manager IM and Presence Service 9.x. No official solutions are currently available.
NetGear: Secunia reports vulnerabilities in NetGear ProSafe FVS336G VPN Firewall. Apply update.
Symantec: Secunia reports vulnerabilities in Symantec Data Loss Prevention. Apply update.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.




Cyber Security News and Education for the Week of June 28, 2015


CYBER SECURITY NEWS

OF THE WEEK

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Cyber Crime

Hershey Park Investigates Card Fraud Pattern: Hershey Park, a popular resort and amusement park in Hershey, Pa. has hired a security firm to investigate reports from multiple financial institutions about a possible credit card breach, KrebsOnSecurity has learned. KrebsOnSecurity, June 24, 2015

Cyber Attack

Hackers Ground Polish LOT Airline Flights: The Polish national airline, LOT, announced on Sunday that they cancelled 10 flights as a result of the airline’s ground computer systems at Warsaw’s Okecie airport being subject to attack by hackers. The airline’s ground computer systems are used to manage the flight plans for the airline. LOT stated that no ongoing flights or other airport computer systems were affected and that flights already in the air or scheduled to land at Warsaw were not at risk. CSO, June 21, 2015

Cyber Privacy

NSA Has Reverse-Engineered Popular Consumer Anti-Virus Software In Order To Track Users: The NSA and its British counterpart the GCHQ have put extensive effort into hacking popular security software products to “track users and infiltrate networks,” according to the latest round of Snowden docs unearthed today by The Intercept. TechCrunch, June 22, 2015

Financial Cyber Security

Firms track Dyre’s rise to top financial malware threat: Dyre malware, which quickly emerged as one of the most prominent financial trojans following the Gameover Zeus botnet takedown last June, is still steadily making its mark in the underground market – and in victims’ accounts – prompting researchers to deem the threat a malicious tool successfully, though likely temporarily, filling the void of Zeus. SCMagazine, June 24, 2015
The next fraud wave: When banks cash the same check twice, you might have to pay: Can someone cash your check more than once? Yes, thanks to the intersection of very old and very new banking technology. Impossible until recently – payees formerly were required to hand paper checks over to banks during a deposit – some experts predict “double presentment” will be the source of a new fraud wave coming soon. And if you don’t know about it, even if you don’t use mobile banking, you might have to foot the bill. GeekWire, June 22, 2015

Identity Theft

The US agency plundered by Chinese hackers made one of the dumbest security moves possible: Contractors in Argentina and China were given “direct access to every row of data in every database” when they were hired by the Office of Personnel Management (OPM) to manage the personnel records of more than 14 million federal employees, a federal consultant told ArsTechnica. BusinessInsider, June 18, 2015
First on CNN: U.S. data hack may be 4 times larger than the government originally said: Washington (CNN)The personal data of an estimated 18 million current, former and prospective federal employees were affected by a cyber breach at the Office of Personnel Management – more than four times the 4.2 million the agency has publicly acknowledged. The number is expected to grow, according to U.S. officials briefed on the investigation. CNN, June 23, 2015
NO PATCH FOR INCOMPETENCE: OUR CYBERSECURITY PROBLEM HAS NOTHING TO DO WITH CYBERSECURITY: On Wednesday, June 17, Reuters reported tersely that the White House “continues to have confidence” in the beleaguered Office of Personnel Management (OPM) chief Katherine Archuleta. This came on the heels of new information that, among other things, the devastating OPM hack may have had something to do with OPM running high-end systems coded in a semi-obsolete programming language without built-in support for modern security practices. Or that OPM gave root system access (for those that don’t speak UNIX, root is privileged system access authority) to foreign contractors in China. No matter, the White House has “confidence” in the woman that ignored a direct warning from the Office of the Inspector General (OIG) cataloging key vulnerabilities in OPM systems, and who also happens to have worked as the national political director for President Obama’s re-election campaign. WarOnTheRocks, June 23, 2015
A New Early Warning of Identity Theft Is Proposed: The firms that control consumers’ credit reports need to do more to notify people if they may be the victims of identity theft, says Sen. Charles Schumer (D., N.Y.). Wall Street Journal, June 23, 2015

Cyber Warning

Samsung disables Windows Update, leaving laptops open to hackers: Samsung is disabling Windows Update on some of its computers, leaving users exposed to security holes and bugs according to an independent Microsoft support engineer. TheGuardian, June 24, 2015
“Free” Proxies Aren’t Necessarily Free: Netflix, Hulu and a host of other content streaming services block non-U.S. users from viewing their content. As a result, many people residing in or traveling outside of the United States seek to circumvent such restrictions by using services that advertise “free” and “open” Web proxies capable of routing browser traffic through U.S.-based computers and networks. Perhaps unsurprisingly, new research suggests that most of these “free” offerings are anything but, and actively seek to weaken browser security and privacy. KrebsOnSecurity, June 22, 2015

Cyber Security Management

Gap in cybersecurity knowledge creates challenges for organizations: A new survey from the Ponemon Institute and Fidelis Cybersecurity highlights some concerning data about the state of cybersecurity. Defining the Gap: The Cybersecurity Governance Survey shares the results of the study and finds a disturbing rift in cybersecurity knowledge between those who make decisions and manage the budgets and those who have to implement and manage the security measures. CSO, June 23, 2015

Cyber Security Management – Cyber Defense

A Month Without Adobe Flash Player: I’ve spent the better part of the last month running a little experiment to see how much I would miss Adobe‘s buggy and insecure Flash Player software if I removed it from my systems altogether. Turns out, not so much. KrebsOnSecurity, June 23, 2015

Cyber Security Management – Cyber Update

Emergency Patch for Adobe Flash Zero-Day: Adobe Systems Inc. today released an emergency update to fix a dangerous security hole in its widely-installed Flash Player browser plugin. The company warned that the vulnerability is already being exploited in targeted attacks, and urged users to update the program as quickly as possible. KrebsOnSecurity, June 23, 2015

Cyber Security Management – HIPAA

Healthcare cybersecurity primer outlines defensive strategies: A new primer on cybersecurity outlines the challenges that healthcare organizations face and steps they can take to defend themselves against cyberattacks. FierceHealthIT, June 22, 2015

National Cyber Security

Michael Hayden Says U.S. Is Easy Prey for Hackers: Few are as qualified to speak, or as outspoken, as retired Gen. Michael Hayden on the topic of cyberespionage. Gen. Hayden, after a career in the U.S. Air Force, became the only person to have served as director of both the National Security Agency and the Central Intelligence Agency. Today he is a principal at the Chertoff Group, a global advisory firm focused on security and risk management. The Wall Street Journal, June 21, 2015
Attack Gave Chinese Hackers Privileged Access to U.S. Systems: WASHINGTON — For more than five years, American intelligence agencies followed several groups of Chinese hackers who were systematically draining information from defense contractors, energy firms and electronics makers, their targets shifting to fit Beijing’s latest economic priorities. The New York Times, June 20, 2015

Cyber Underworld

Cybercrime: Much more organized: Cybercrime offers the potential for immense profits. So it is no surprise that the digital “mob” has moved into the space. According to some experts, there is no such thing as “disorganized cybercrime” any more. CSO, June 23, 2015
Why Is Fighting Cybercrime So Hard?: It’s tough to target the few hundred super hackers that experts believe are behind the majority of cyber attacks. eSecurityPlanet, June 22, 2015

Cyber Research

How encryption keys could be stolen by your lunch: Israel-based researchers said they’ve developed a cheaper and faster method to pull the encryption keys stored on a computer using an unlikely accomplice: pita bread. PCWorld, June 22, 2015

Cyber Survey

All industries fail cybersecurity, govt the worst: Most sectors failed industry-standard security tests of their Web and mobile applications, but the government failed the worst, a report by application security company Veracode found. CNBC, June 23, 2015

Cyber Sunshine

Europol takes down Ukrainian cyber-crime gang in joint operation: A major cyber-crime ring in the Ukraine has been taken down in a joint operation involving six different European countries plus Europol and Eurojust. SCMagazine, June 25, 2015
Feds Extradite ‘Most Wanted’ ATM Hacker: A Turkish man who has been accused of masterminding a string of ATM cash-out attacks dating back to 2008 – and stealing almost $55 million – has been extradited from Germany to face trial in the United States. CUInfoSecurity, June 24, 2015


Friday, June 26, 2015

Career Coaching that Produces Clarity and Confidence


Where's Your Career Headed?


Stop settling for what you "Can" do when you could do what you "Should" do.  People who figure out what they Should do and than align their natural Strengths with their work are more engaged in their work, they're more productive, they create higher output and they generally are compensated better than their peers who deliver an average performance.

People who align their efforts with what they Should do are also very likely to go through life with lower stress.

In a short period of time, I can guide you to a point of clarity and confidence to know where to point your career.  If you're stuck, I can help you to get out of the rut you find yourself in. 

If you're at a crossroad, I can help you determine which way to turn so you don't waste time making the wrong decision.

If you have aspirations of bigger and better things for your career down the road, I can show you precisely how you are naturally wired and how that translates into performance and output.  

Monday, June 22, 2015

Security Jobs: Regional Security Manager Covering the Americas, Houston, TX


Regional Security Manager Covering the Americas

Location: TX-Houston
Compensation: $100s, up to 50% bonus
Travel: Global Travel
Language Requirement: English and Spanish Speaking


SecurityRecruiter.com has been engaged by a fast growing global company that operates in some of the world’s most high-risk countries.  A brand new position of Regional Security Manager has been created to provide security and risk management services to the Americas.  This role reports to a Group Head of Security in Europe.  This person’s background includes 2+ decades in the SAS.  This is not a suit and tie job working from a corporate office.

The mission of this role is to reduce risk to employees, assets and company reputation.  As a new role, the person who steps into this role will be stepping into a situation where there is much to be done from scratch.  In other words, if the candidate who steps into this role needs structure, this will not be the right role.  If the candidate who steps into this role wants to participate in building structure where there is none, this could be the role of a lifetime.

Responsibilities:

  • Become a strategic partner to Americas regional businesses.
  • Collaboratively work with the Group Head of Security and other Regional Security Managers to create a global security program.
  • Conduct risk assessments of operations and facilities in the Americas region.
  • Actively participate in creating and implementing and communicating security policies and standards.
  • Bring the company into compliance with specific country regional security legal requirements.
  • Investigate security incidents and non-compliance with security requirements. 
  • Work with local management and staff to develop, implement and sustain security system and programs.
  • Ensure that appropriate security measures are put in place with regards to statements of work.
  • Ensure that local security personnel are equipped with appropriate security training.
  • Provide security analysis at a regional level to inform the Group Head of Security and regional businesses to make appropriate decisions based on security threats and current trends.
  • Advise staff on regional security and political risks.
  • Disseminate reports to the Group Head of Security and relevant local management when necessary.
  • Produce monthly regional security reports and ad-hoc bulletins when required to keep personnel informed of the security picture in a given region.
  • Monitor high-risk ratings within a region and inform personnel of issues such as country evacuation needs.


Where Might Appropriate Candidates Be Today?

  • Military, Government Intelligence
  • Corporate Security or Law Enforcement where one’s coverage included both North and South America.


Requirements:
  • Demonstrate deep knowledge and experience in Physical Security, Personnel Security, Crisis Management, Security Risk Management, Security Investigations, and more.
  • Experience working in High Risk areas such as Venezuela, Peru, Panama, Mexico, Ecuador, Columbia, Brazil and others is required.
  • Formal qualifications in security risk management combined with prior experience in a similar role.
  • Must be fluent in English and Spanish (written and verbal in English…verbal in Spanish).
  • Demonstrate sound critical thinking skills and the ability to mentally, emotionally and physically respond to emergency situations.
  • Demonstrate the ability to collaborate and to build a team environment with others.
  • Must appreciate detailed work and time-conscious deadlines.
  • Must be comfortable presenting in a variety of ways to large groups of people.





Are You Prepared for When Opportunity Knocks on Your Door



My Phone Keeps Ringing

It is currently 11:03 AM in Colorado in the Mountain Time Zone and my week is already fully loaded.  Every time I have completed a call this morning, my phone rings again.  Demand for the skill sets I work with is sky high and continuing to increase.

Are You Prepared for When Opportunity Knocks?

  • Friday of last week wrapped up with contract negotiations where multiple information security / Cybersecurity positions were the topic.
  • Over the weekend, a call came to discuss a potential VP of Corporate Security role.
  • Based on last week’s progress, I’m about to write up a Regional Security Manager role for the Americas for a client from the UK.
  • My Offensive Penetration Testing consulting client needs to hire 2 new employees every month for the rest of the year.
  • In Phoenix, I have a new Information Security Engineer job to write up to sit beside a Network Security Architect role that is already on my desk.
  • My phone just rang with a hiring decision maker on the other end telling me that his HR department has been unable to attract information security talent that aligns with his needs.  After a 30 minute get to know you conversation, we’re now moving towards exchanging contracts and job descriptions to determine if we can work together.
  • Magazine writers are calling me to talk about supply and demand in the information security jobs sector.  By the time they get around to publishing whatever it was that we talked about when they interviewed me, the information is likely somewhat stale. Cybersecurity / Information Security employment is moving at the speed of light.  Are you prepared?

WHAT IS MY POINT?

If you haven’t yet figured out what you “Should” be doing with your career versus settling for what you “Can” do, now is a great time to do so and I'm equipped to help you through Jeff Snyder Coaching.

If your Resume doesn’t do a stellar job of describing who you are, how you’re educated and credentialed and what you are great at in a matter of seconds, now is a great time to invest in yourself to be sure that your branding and marketing message is clear.

If you have a presence on LinkedIn, you’re making a first impression.  If that first impression needs improvement, don’t wait another day before you make your LinkedIn profile speak clearly on your behalf.  Employers and recruiters are looking at you if you have the kinds of skills I recruit.


Cyber Security News and Education for the Week of June 21, 2015



CYBER SECURITY NEWS

OF THE WEEK

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP

Cyber Attack

Attackers Stole Certificate From Foxconn to Hack Kaspersky With Duqu 2.0: THE NATION-STATE MALWARE used to hack the Russian security firm Kaspersky Lab, as well as hotels associated with Iranian nuclear negotiations, used a digital certificate stolen from one of the world’s top electronics makers: Foxconn. Wired, June 15, 2015

Identity Theft

OPM’s Database for Sale? Nope, It Came from Another US .Gov: A database supposedly from a sample of information stolen in the much publicized hack at the Office of Personnel Management (OPM) has been making the rounds in the cybercrime underground, with some ne’er-do-wells even offering to sell it as part of a larger package. But a review of the information made available as a teaser indicates that the database is instead a list of users stolen from a different government agency — Unicor.gov, also known as Federal Prison Industries. KrebsOnSecurity, June 18, 2015
Officials: Chinese had access to U.S. security clearance data for one year: The recently disclosed breach of the Office of Personnel Management’s security-clearance computer system took place a year ago, giving Chinese government intruders access to sensitive data for a year, according to new information. WashingtonPost, June 18, 2015
Catching Up on the OPM Breach: I heard from many readers last week who were curious why I had not weighed in on the massive (and apparently still unfolding) data breach at the U.S. Office of Personnel Management (OPM). Turns out, the easiest way for a reporter to make sure everything hits the fan from a cybersecurity perspective is to take a two week vacation to the other end of the world. What follows is a timeline that helped me get my head on straight about the events that preceded this breach, followed by some analysis and links to other perspectives on the matter. KrebsOnSecurity, June 15, 2015
Stan Stahl discusses OPM breach & talks prevention on Sunday Morning Newsmakers: Featuring Dr Stahl — Stan Stahl, President and CEO of Citadel Information Systems – Stahl says the recent announcement of the hacking of personnel records at the Federal Office Personnel Management raises troubling questions. Larry Marino, Sunday Morning Newsmakers, AM870, June 14, 2015

Cyber Privacy

WikiLeaks Unloads Second Batch Of Sony Files Into Its Database: It seems like Sony just can’t catch a break. On Thursday, WikiLeaks added 276,394 more private documents, emails and financial files, leaked from the embattled tech and media giant, into its database. TechCrunch, June 19, 2015
Major Carriers AT&T, Verizon Continue to Lag in EFF Privacy Report: While many companies have made strides when it comes to how they handle transparency and government requests post-Snowden, major telecoms such as AT&T and Verizon continue to lag behind. ThreatPost, June 18, 2015

Financial Cyber Security

Phone Scams Rise 30% as Bank Fraud Goes Low-Tech: Asking people in different corners of banking about the most important trends in fraud is like discussing an elephant with the eight blind men in the famous parable. They concentrate on the most immediate threats, but none has the full picture. AmericanBanker, June 17, 2015

Cyber Warning

Serious OS X and iOS flaws let hackers steal keychain, 1Password contents: Late Friday afternoon, Apple officials released the following statement: “Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store. We have additional fixes in progress and are working with the researchers to investigate the claims in their paper.” ars technica, June 19, 2015
600 million Samsung Galaxy phones exposed to hackers: Every Samsung Galaxy device — from the S3 to the latest S6 — has a significant flaw that lets in hackers, researchers have discovered. CNN, June 17, 2015
Password Manager LastPass Warns of Breach: LastPass, a company that offers users a way to centrally manage all of their passwords online with a single master password, disclosed Monday that intruders had broken into its databases and made off with user email addresses and password reminders, among other data. KrebsOnSecurity, June 16, 2015
LastPass Password Manager Acknowledges Breach: LastPass, the online password manager, announced Monday in a blog post that its network was breached and that hackers made off with user email addresses, password reminders and encrypted master passwords. The New York Times, June 15, 2015

Cyber Security Management

Cybersecurity Industry Blame Game at RSA Conference: Contrary to tradeshow presentations, the industry has not failed cybersecurity professionals as many speakers insinuated. NetworkWorld, June 16, 2015

Cyber Security Management – Cyber Update

Critical Drupal vulnerability patched — update your website now: The Drupal Security Team has released a critical software update for the Drupal Content Management System (CMS). NakedSecurity, June 19, 2015

National Cyber Security

Officials say security lapses left system open to hackers: WASHINGTON — Years of fundamental cybersecurity lapses left the government’s personnel agency wide open to a pair of hacks that have exposed the private information about nearly every federal employee, along with detailed personal histories of millions with security clearances, officials acknowledged to Congress. PBS, June 17, 2015
Feds on ’30-day sprint’ to better cybersecurity: As news of the full scope of the breach of Office of Management and Budget systems emerges, Federal CIO Tony Scott launched a government-wide Cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems. FederalTimes, June 15, 2015
Britain pulls out spies as Russia, China crack Snowden files – report: Britain has pulled out agents from live operations in “hostile countries” after Russia and China cracked top-secret information contained in files leaked by former U.S. National Security Agency contractor Edward Snowden, the Sunday Times reported. Reuters, June 14, 2015

Cyber Espionage

Houston Astros’ Breach A ‘Wake-Up Call’ On Industrial Cyber Espionage: The St. Louis Cardinals’ alleged breach of the Astros’ proprietary database raises concern over the possibility of US companies hacking their rivals for intel. DarkReading, June 18, 2015
Cardinals Investigated for Hacking Into Astros’ Database: WASHINGTON — Front-office personnel for the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, are under investigation by the F.B.I. and Justice Department prosecutors, accused of hacking into an internal network of the Houston Astros to steal closely guarded information about players. The New York Times, June 16, 2015

Cyber Underworld

Brazil’s Cybercrime Free-For-All: Many Scams And Little Punishment: Brazil can boast many superlatives: the biggest country in South America, which is home to the the world’s biggest rain forest, which is home to the world’s biggest snake. NPR, June 17, 2015

Cyber Career

Cybrary and WIT partner to help women advance in cybersecurity: A new partnership between IT MOOC platform Cybrary and Women in Technology aims to address two major challenges faced by IT organizations today: a shortage of cybersecurity professionals and a lack of women in technology. CIO, June 17, 2015

Cyber Misc

How you can profit from cybercrime – legally: There’s a good chance that at least one company or government agency you do business with has been hacked in the past two years. Information security stocks to consider. CNN, June 16, 2015







SecurityRecruiter.com's Security Recruiter Blog