Wednesday, September 02, 2015

IT Risk Management Jobs: IT Risk Management Analyst, Sacramento, CA, Relocation Available


IT Risk Management Analyst
Status: Newly Created Position
Compensation: $80,000+
Location: Sacramento, CA
Relocation: Available
SecurityRecruiter.com has been engaged to build an Information Security and IT Risk Management team.  This role contributes to the overall Information Systems Risk Management Program. This expansion role is responsible for contributing to the development, maintenance and implementation of the Information Systems Risk Management Program. The IT Risk Management Analyst conducts risk assessments and analysis of Business associates, IT Systems and / or processes and recommends controls to mitigate loss of data and to maintain confidentiality, integrity, and availability.   This position requires specialization in one or more areas of IT infrastructure, information systems, applications, platforms, or processes.  
Responsibilities:  
The IT Risk Management Analyst will:
  • Conduct IT Risk analysis over new IT products and services, third-party vendors, and internal systems and processes.
  • Evaluate and recommend controls to mitigate identified risks to acceptable levels.
  • Review customer requests for information or proposals related to the protection of information, IT compliance and technical support services and provides required data.
  • Provide assistance to IT Audit, Internal Audit and other departments regarding IT Risk Management issues and controls.
  • Monitor risk notifications from vendors and assist with appropriate documentation and responses.



Requirements:
  • US Citizenship with the ability to obtain government clearance
  • BA/BS in Computer Science or Information Security or equivalent work experience preferred.
  • Current CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification preferred.
  • Minimum of three years experience in Information Technology and/or networks with at least one year of experience in information systems and security, risk management and access controls, applications, platforms or processes or IT audit related positions.
  • Excellent oral and written communication skills are required.
  • Basic knowledge of laws and regulations impacting data protection and confidentiality, integrity, and availability of systems and data such as HIPAA, HI-TECH, Sarbanes-Oxley, and state regulations.
  • Knowledge of all phases or risk assessment including identification, analysis, impact evaluation, response, reporting and tracking.
  • Strong analytical, planning, problem solving and time management skills.
  • Interpersonal skills to interface with internal and external parties in a professional manner.
  • Knowledge of how technologies, processes, and controls impact risk in both the information systems and corporate business environment.
  • Ability to travel in support of onsite assessments.


Apply On Line: https://www.securityrecruiter.com/submit_resume_and_profile.php



Security Jobs: Senior IT Security Analyst, Sacramento, CA, Relocation Available


Senior IT Security Analyst
Status: Newly Created Position
Location: Sacramento, CA
Relocation: Some
Compensation: $100,000+

SecurityRecruiter.com has been engaged to build an Information Security and IT Risk Management team.  This role contributes to the overall Information Systems Risk Management Program. The Senior IT Security Analyst analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities and recommends solutions and best practices. This position is responsible for analyzing and assessing damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes and recommends solutions. The Senior IT Security Analyst will also test for compliance with security policies and procedures, as well as assist in the creation, implementation, and/or management of security solutions as needed.
Responsibilities:
  • This position is part of a 24x7 on-call rotation for Incident Response.
  • Essential Duties & Responsibilities .
  • Performs log analysis and define security filters and rules for implementation within the Security Information and Event Management (SIEM).
  • Gathers and distributes technical information pertaining to new security threats and vulnerability trends.
  • Confirms that all monitoring and activity reports scheduled to run, have successfully completed.
  • Executes daily operational checklists and tasks such as: Log analysis and review
  • Vulnerability management activities, Management reporting, Alert analysis, Adding, modify and deleting filters, Verifying that escalation follow-up activities have been accomplished, Investigating suspicious security event activity, Maintaining and enforcing adherence to standards, policies and procedures, Verifies correct security feed settings and more.
  • Understand the latest security information in order to validate the security analysis and identification capabilities of the monitoring technologies.
  • Understand security device outputs and functions; primarily firewall, IDS/IPS, router, switch, etc. for device vulnerabilities or security issues.
  • Research and understand the currently published vulnerabilities of enterprise hardware, operating systems, and applications.
  • Act as a lead for Information Security assessments and recommend appropriate and cost effective controls to address identified security-related risks.
  • Serve as a lead in the development and implementation of application and infrastructure security programs.
  • Serve as a lead in the development and implementation of user account security.
  • Guide and mentor junior members of the team

 Requirements:
  • US Citizenship with the ability to obtain government clearance.
  • BA/BS in Computer Science, Information Security or other related field preferred. 
  • An industry recognized information security certification, such as a CISSP (or Associate), SSCP, CEH, or equivalent
  • At least one technical certification related to a major platform (IBM, Microsoft or Cisco)
  • Minimum five years Information Technology and/or network experience that includes a minimum of three years Information Security related experience. 
  • Minimum one year supervisory or team lead experience.
  • Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
  • Ability to work outside of regular business hours as required which can include evenings, weekends and holidays.
  • Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
  • Hands on security knowledge of one or more of the following platforms: Windows / Unix / Linux.
  • Strong analytical, technical, and problem solving skills.
  • Experience with DNS, NTP and Citrix, TACACS, IDS, IPS and various SIEMS.
  • Working knowledge of protocols and technologies such as TCP, UDP, SSL, FTP, SMTP, NetBIOS and DHCP.
  • Working knowledge of HTML, CSS, JavaScript and WML.
  • Ability to interpret information security data and processes to identify potential compliance issues.
  • Ability to quickly understand security systems in order to identify and validate security requirements.
  • Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
  • Excellent interpersonal, organizational and technical writing skills
  • Ability to be a self-starter who is accountable, requires minimal supervision and is open to new ideas.
  • Ability to work in a large, dynamic and complex organization, requiring creativity and flexibility.
  • Possess the personal characteristics of professionalism, credibility, commitment to high standards, innovation, discriminating judgment and accountability.
  • Excellent leadership skills and teamwork skills.


Apply On Line: https://www.securityrecruiter.com/submit_resume_and_profile.php



IT Risk Management Jobs: Senior IT Risk Management Analyst, Sacramento, CA, Relocation Available


Senior IT Risk Management Analyst
Status: Newly Created Position
Compensation: $100,000+
Relocation: Some Relocation Provided
Location: Sacramento, CA

SecurityRecruiter.com has been engaged to build an Information Security and IT Risk Management team.  This role reports to an Information Systems Risk Management manager and contributes to the overall Information Systems Risk Management Program.
The Risk Management Analyst interacts with technical and business units to evaluate information systems in terms of risk to the organization and to recommend establishment of controls to mitigate loss of data and maintain confidentiality, integrity and availability. This position requires specialization in one or more areas of IT infrastructure, information systems, applications platforms, or processes for risk analysis in accordance with established regulations and organizational standards

Responsibilities:
  • Conduct technology risk analysis for new IT products and services, third-party vendors and internal systems and processes.   
  • Evaluate and recommend controls to mitigate identified risks to acceptable levels based on the business’ appetite for risk.
  • Analyze customer requests for information (RFI) or proposals (RFP) related to the protection of information, IT compliance and technical support services and documents responses.
  • Recommend, maintain and implement technology risk management frameworks, assessment methodologies and tools.
  • Provide assistance to IT Audit, Internal Audit, and other departments regarding IS Risk Management issues and controls, including reviews of assessments conducted by other organizations.
  • Provide subject matter expertise in support of contract negotiations related to the protection of information, IT compliance and technical support services requirements.
  • Approve redlines to Business Associate Agreement Security Addendum within establish parameters.
  • Monitor risk notifications from vendors and assists with appropriate documentation and response.
  • Provide a leadership role in the recommendation, development, and implementation of Technology Risk Management programs as required to achieve compliance objectives.
  • Guide and mentor Information Security Analysts.
  • Monitor and guide security administrators and liaisons regarding their compliance to standards.

 Requirements:
  • Must be a US Citizen who is eligible for government clearance. BA/BS in Computer Science or Information Security strongly preferred. Significant work experience may reduce or substitute for education requirement.
  • Must have a current CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification.
  • Requires a minimum of five years of experience in Information Technology and/or networks where three of those years were invested into information security, risk management or IT audit related roles.
  • Excellent oral and written communication skills are required. Knowledge of laws and regulations impacting data protection and confidentiality, integrity and availability of systems including HIPAA, HI-TECH, Sarbanes-Oxley, and state regulations. Strong knowledge of recognized information security-related standards such as ISO-CobIT, and NIST.
  • Strong analytical, planning, creative problems solving and multi-tasking skills.
  • Strong Interpersonal skills to interface with internal and external parties in a professional manner that creates confidence in his/her subject matter expertise and helps foster resolution of risk and issues.
  • Knowledge of how technologies, processes and controls impact risk in both the information systems and corporate business environment and ability to translate security and operational controls into business risk.
  • Requires knowledge of information security, access controls, application and platform controls, data protection and cryptography, operations security, telecommunications, network and internet security, disaster recovery and physical security controls.
  • Ability to travel in support of onsite assessments.

 Apply Online:  https://www.securityrecruiter.com/submit_resume_and_profile.php


Tuesday, September 01, 2015

Security Jobs: Information Security Risk and Compliance Strategy Analyst, Sacramento, CA, Relocation Available



Information Security Risk and Compliance Strategy Analyst

 Status: Newly Created Position
Location: Sacramento, CA
Relocation: Some Relocation Provided
Compensation: Mid $100s

SecurityRecruiter.com has been engaged to build an Information Security and IT Risk Management team.  This role will report to a Manager who is responsible for Governance and Security Strategy topics and includes topics such as Information Security, Compliance, IT Risk Management and Physical Security.  This role will operate as a team led providing technical guidance to less experienced team members on various projects and initiatives.  The person who steps into this expansion role will work closely with both technical and business personnel to meet business requirements.  Relocation is available. Please call to discuss your unique relocation needs so we can determine how well your needs can be addressed.

Responsibilities
  • Security Strategy: Provides recommendations for the development, documentation and maintenance of an enterprise security strategy.  Will assess current security posture and provide oversight to help meet strategic security targets and goals.  Provide governance over the development of internal processes for streamlining risk analysis techniques.
  • Compliance and Governance: Review and research regulatory, legal, corporate and third-party security requirements and blend them into a single security and risk framework.
  • Team Lead: Serve as team lead and expert in the remediation of systems and applications for certification and compliance.  Support IT risk analysis, evaluations and education on IT assets and processes as it pertains to compliance and evaluate and propose solutions to mitigate risks under the established risk management strategies.
  • Third-Party Risk: Evaluate risks associated with the use of third-party vendors.  Review security requirements in customer and vendor contracts for compliance.  Respond to security questions in RFI/RFPs to support the procurement of new customers.
  • Relationship Management: Assess the alignment of the security program with business strategy, requirements and corporate risk appetite.  Build relationships, increase awareness and blend business needs with security deliverables.
  • Metrics and Reporting: Develop and implement tool sets to build a security metrics program that speaks in business language and demonstrates the value of information security.
  • Communications and Security Awareness: Create and maintain a two-way dialogue where key security and compliance messages for all layers are crafted to build consensus and momentum, accommodating business needs and targets.
  • Partnering / Collaboration: Partner with constituents with remediation planning and ensure identified gaps have been appropriately managed in order to achieve certification and/or compliance and support the definition and recommended implementation of key risk indicators.
  • Regulatory Compliance: Review compliance regulations and take the lead in updating organizational IT compliance initiatives.


Requirements

  • US Citizenship Required.  Must be eligible for security clearance.  
  • BA/BS in Computer Science or Information Security. Appropriate experience in place of a degree will be considered. 
  • Minimum of seven years of experience in Information Technology with a minimum of five years in Information Security related roles. 
  • Must have a current CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification.
  • This position requires U.S. Citizenship and proof of favorable adjudication following submission of Department of Defense form SF86 or higher security.
  • Excellent interpersonal skills, oral and written communication skills to interface with internal and external parties in a professional manner that creates confidence in his/her subject matter expertise.
  • Requires five or more years of experience in Governance, Risk and Compliance (GRD) roles with at least one year of team lead experience.
  • Strong knowledge of relevant compliance requirements, laws and regulations impacting data protection and confidentiality, integrity and availability of systems and data. 
  • Experience with HIPAA, HI-TECH, Sarbanes-Oxley and state regulations is preferred. 
  • Deep knowledge of recognized information security governance frameworks such as ISO, CobIT, and NIST.
  • Strong analytical, planning, creative problem solving, and multi-tasking skills.
  • Thorough understanding of governance concepts, approaches, controls and frameworks.
  • Comprehensive knowledge of how technologies, processes and controls impact information security, risk and audit in both the information systems and corporate business environment.
  • Sound familiarity with security systems (firewalls, IPS, anti-virus, encryption, authentication, etc.) as well as a solid and broad general technical foundation (networking, servers, applications, etc.).
  • Strong ability to translate security and operational controls into business risk.
  • Requires knowledge of information security, access controls, application and platform controls, data protection and cryptography, operations security, telecommunications, network and internet security, disaster recovery and physical security controls.
Apply Online: https://www.securityrecruiter.com/submit_resume_and_profile.php





Monday, August 31, 2015

Cyber Security Vulnerability and Patch Report for the Week of August 30, 2015



CYBER SECURITY VULNERABILITY
AND PATCH REPORT

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Weekend Vulnerability and Patch Report, August 30, 2015


Important Security Updates

AVG: AVG has released version 2015.0.6140 of its Free Edition and Internet Security 2015. Updates are available on AVG’s website. 
Avira Free Antivirus: Avira has released version 15.0.12.420 of its free Antivirus. Updates are available from Avira’s website.
LastPass: LastPass has released version 3.2.25 of LastPass Free Password Manager. Updates are available from the LastPass website.
Mozilla Firefox: Mozilla has released version 40.0.3 to address a critical security vulnerability. Updates are available within the browser or from Mozilla’s website.

Current Software Versions

Adobe Flash 18.0.0.232 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash 18.0.0.232 [Windows 8: IE]
Adobe Flash 18.0.0.232 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.008.20082
Dropbox 3.8.8 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 40.0.3
Google Chrome 43.0.2403.155
Internet Explorer 11.0.9600.17937
Java SE 8 Update 60 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.8
Safari 7.1.8, 8.08, 6.2.8 [Mac OS X Mavericks, Yosemite, Mountain Lion]
Skype 7.8.0.102

Newly Announced Unpatched Vulnerabilities

None

For Your IT Department

Adobe Coldfusion: Secunia and US-CERT report patched vulnerabilities in Adobe’s Coldfusion. Apply updates.
Cisco Multiple Products: Secunia reports patched vulnerabilities in Cisco’s Prime Infrastructure and Aggregation Services Routers (ASR) 1000 Series. Apply updates. Secunia also reports unpatched security vulnerabilities in Cisco’s Identity Services Engine (ISE), TelePresence Video Communication Server (VCS), and Wireless LAN Controller (WLC). No official solutions are currently available.
Oracle Linux: Secunia reports multiple patched vulnerabilities for Oracle Linux. Apply updated packages via the yum or rpm utility.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.



Cyber Security News and Education for the Week of August 30, 2015


CYBER SECURITY NEWS

OF THE WEEK

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Cyber Defense Tip of the Week

Business E-Mail Compromise: The FBI and the Internet Crime Complaint Center (IC3) offer the following tips to businesses to avoid being victimized by Business Email Compromise (a more detailed list of strategies is available at www.ic3.gov):
  • Verify changes in vendor payment location and confirm requests for transfer of funds.
  • Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.
  • Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
  • Consider financial security procedures that include a two-step verification process for wire transfer payments.
  • Create spam and intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
  • If possible, register all Internet domains that are slightly different than the actual company domain.
  • Be wary of using free, web-based e-mail accounts, which are more susceptible to being hacked.
  • Be careful when posting financial and personnel information to social media and company websites.

Cyber Crime

Ashley Madison founder and chief executive Noel Biderman quits following hack: The founder and chief executive of cheaters’ dating website steps after personal details of millions of users are posted online. The Telegraph, August 28, 2015
Who Hacked Ashley Madison?: AshleyMadison.com, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team — the name chosen by the hacker(s) who recently leaked data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack. KrebsOnSecurity, August 26, 2015
Leaked AshleyMadison Emails Suggest Execs Hacked Competitors: Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company’s CEO suggests that AshleyMadison’s top leadership hacked into a competing dating service in 2012. KrebsOnSecurity, August 24, 2015

Cyber Privacy

Ashley Madison sued for emotional distress in potential class-action lawsuit: The infidelity website Ashley Madison and its parent company are being sued in US federal court by a man who claims that the companies caused him emotional damage by failing to adequately protect personal and financial information from theft. The Guardian, August 25, 2015
Extortionists Target Ashley Madison Users: People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity. KrebsOnSecurity, August 21, 2015

Identity Theft

‘;–have i been pwned?: Check if you have an email account that has been compromised in a data breach. haveibeenpwned.com
Ashley Madison Users Face Threats of Blackmail and Identity Theft: First, members of the adultery website Ashley Madison had their personal information unveiled to the world by hackers. Now, a bigger threat looms. The New York Times, August 28, 2015

Cyber Threat

Business E-Mail Compromise: An Emerging Global Threat: The accountant for a U.S. company recently received an e-mail from her chief executive, who was on vacation out of the country, requesting a transfer of funds on a time-sensitive acquisition that required completion by the end of the day. The CEO said a lawyer would contact the accountant to provide further details. FBI.gov, August 28, 2015
FBI: $1.2B Lost to Business Email Scams: The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015. KrebsOnSecurity, August 27, 2015
Advertising malware rates have tripled in the last year, according to report: Ad networks have been hit with a string of compromises in recent months, and according to a new report, many of the infections are making it through to consumers. A study published today by Cyphort found that instances of malware served by ad networks more than tripled between June 2014 and February 2015, based on monthly samples taken during the period. Dubbed “malvertising,” the attacks typically sneaking malicious ads onto far-reaching ad networks. The networks deliver those malware-seeded ads to popular websites, which pass them along to a portion of the visitors to the site. The attacks typically infect computers by exploiting vulnerabilities in Adobe Flash, typically triggered as soon as an ad is successfully loaded. TheVerge, August 25, 2015

Cyber Warning

Fake EFF site serving espionage malware was likely active for 3+ weeks: A spear-phishing campaign some researchers say is linked to the Russian government masqueraded as the Electronic Frontier Foundation in an attempt to infect targets with malware that collects passwords and other sensitive data. ars technica, August 28, 2015
Iranian hackers are getting desperate and sloppy, report finds: Bungling Iranian hackers who seem to be low on patience have developed a new scheme for trying to trick targets into granting access to their online accounts, according to a new report from the University of Toronto’s Citizen Lab. The Washington Examiner, August 28, 2015
Hackers revive Word macro malware in AutoIT RAT attack: In a blog post by Cisco’s Talos security group, criminals have been discovered launching a targeted attack on organisations using AutoIT to install a Remote Access Trojan (RAT) and “maintain persistence on the host in a manner that’s similar to normal administration activity”. AutoIT is a well known freeware administration tool for automating system management in corporate environments. SC Magazine, August 27, 2015

Cyber Security Management – Cyber Defense

BitTorrent patches reflective DDoS attack security vulnerability: A vulnerability which could divert traffic to launch cyberattacks has been mitigated two weeks after public disclosure. ZDNet, August 28, 2015
Even ‘super hackers’ leave entries in logs, so prepare to drown in data: The 1990s called. It wants its breach classification system back. The Register, August 24, 2015
Phone and laptop encryption guide: Protect your stuff and yourself: The worst thing about having a phone or laptop stolen isn’t necessarily the loss of the physical object itself, though there’s no question that that part sucks. It’s the amount of damage control you have to do afterward. Calling your phone company to get SIMs deactivated, changing all of your account passwords, and maybe even canceling credit cards are all good ideas, and they’re just the tip of the iceberg. ars technica, August 23, 2015

Cyber Security Management – Cyber Awareness

Google Study Finds Most People Aren’t Protecting Their Data Properly: A study by Google finds that most people don’t have a good understanding of the best ways to keep their tech gadgets secure. Inc.com, August 24, 2015

Secure the Village

Facebook updates ThreatExchange info, says gov’t agencies not welcome: Facebook is expanding its ThreatExchange through new features and the opening of applications to join the platform, the company wrote in a six-month update blog post. SC Magazine, August 21, 2015

Cyber Law

Wyndham Must Face Hacker Suit as Court Upholds FTC Power: In a case testing regulators’ authority to police companies’ cybersecurity practices, a U.S. appeals court said Wyndham Worldwide Corp. must face a suit in which it’s accused of failing to secure its computers from Russian hackers. Bloomberg, August 24, 2015

Cyber Career

INFORMATION SECURITY TALENT SHORTAGE IS AT THE SENIOR LEVEL, SURVEY FINDS: The real problem with the perceived talent shortage in information security is retention and churn at the higher levels, according to a survey by IT and security executive networking firm T.E.N. and International Data Corporation. Staffing Industry Analysts, August 28, 2015

Cyber Misc

Car information security is a complete wreck — here’s why: Sean Gallagher’s long, comprehensive article on the state of automotive infosec is a must-read for people struggling to make sense of the summer’s season of showstopper exploits for car automation, culminating in a share-price-shredding 1.4M unit recall from Chrysler, whose cars could be steered and braked by attackers over the Internet. boingboing, August 23, 2015
Highway to hack: Why we’re just at the beginning of the auto-hacking era: Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re NASA or the Pentagon or something, so what could go wrong? ars technica, August 23, 2015

Cyber Sunshine

Six Nabbed for Using LizardSquad Attack Tool: Authorities in the United Kingdom this week arrested a half-dozen young males accused of using the Lizard Squad’s Lizard Stresser tool, an online service that allowed paying customers to launch attacks capable of taking Web sites offline for up to eight hours at a time. KrebsOnSecurity, August 28, 2015

Friday, August 28, 2015

New Security Jobs, IT Risk Management Jobs, Security Strategy Jobs, Penetration Testing Jobs and Security Business Development Jobs



This weekend, I'll be writing up 5 new Security Jobs to share with you over the weekend and by Monday.  

They will include a VP of Business Development for an Information Security Professional Services in Southern, CA, an Information Security Strategist, IT Risk Management Analysts and Security Analyst roles in Northern California.  

Additionally, a client that needs to hire 2-3 new people per month for the rest of the year has engaged our security recruiting services to identify and deliver Ethical Hacking Red Team Penetration Testing skills in Seattle, DC and Nationwide.  My client's work is so unusual and valuable that they have recently been acquired by a multi-billion dollar company that brings them even stronger sales and marketing experience.

You'll find all of these jobs on the Security Jobs page of SecurityRecruiter.com very shortly.

Jeff Snyder's, SecurityRecruiter.com, Security Recruiter Blog, 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog