The Infosec Archives 04.01.22 V18
Hey friends,
Welcome back to the Infosec Archives volume 18 ☮️💙💛
Can you believe it's already April?? One quarter down, 3 more to the goal and one to reflect on. Thank you again to all the contributors that make this newsletter possible.
Let's dive in. 🌊
🛡️🛡️🛡️
Did you know what happened on this day?📜
April Fools' Day, celebrated today with joking relationships and practical jokes, may have grown out of the medieval Feast of Fools, which was held on January 1.
2004
Google launched Gmail, and five years later the number of people using the e-mail service surpassed one billion.
👉🏽https://www.britannica.com/on-this-day
🛡️🛡️🛡️
We're In This Together 💙💛
Linkedin News: How you can support Ukraine
By Ruiqi Chen, Editor at LinkedIn News
As the Ukraine invasion continues, the humanitarian toll is also mounting: More than 2.6 million refugees have fled the country since the start of the invasion, according to U.N. agencies. People around the world are seeking ways to help the Ukrainian people. A number of global nonprofits have stepped up to deliver funds and humanitarian aid in the region, including GlobalGiving, which will use more than $12 million in donations on shelter, water, and economic assistance for refugees, and Red Cross agencies, which are providing medical supplies and first aid training, among other actions.
Looking for more nonprofits helping out on the ground? Here is a list of organizations aiding Ukraine:
GlobalGiving's Ukraine Crisis Relief Fund
Hebrew Immigrant Aid Society (HIAS)
Humanitarian Aid to Ukraine through Nova Ukraine
Save the Children's Ukraine Crisis Relief Fund
United Nations Children's Fund (UNICEF)
👉🏽https://www.linkedin.com/news/story/how-you-can-support-ukraine-4691449/
We're In This Together 💙💛
Tommy Watson: Director Of Operations North ( Ex Forces )
Lithuania has imposed an inexpensive sanction on Russia by deploying the very effective, but not-so-deadly weapon of humour.
The street in Vilnius, the capital of Lithuania, where the Russian embassy is located, was renamed "Street of Ukrainian Heroes", forcing the embassy to change its postal address and thus pay tribute to Ukraine with every letter and card.
🛡️🛡️🛡️
News:📻
New Spring Java Framework Zero-day Allows Remote Code Execution
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications.
Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as stand-alone packages with all the required dependencies.
News:📻
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide | OPA
The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.
🛡️🛡️🛡️
New To Cyber Jobs 💲💲💲
Multiple Positions - USA & UK
👉🏽 https://entrylevelcyber.com/jobs/
Security Newbs Discord Channel
👉🏽 https://discord.gg/9xR6jZG7
Paid Interns 💲💲💲
Are you curious and passionate about learning how America protects against cybersecurity threats? Then we want you! Start your cyber career with CISA!
👉🏽 https://www.cisa.gov/cyber-interns
🛡️🛡️🛡️
Careers/Advice: 📝
Gary Travis: I Help Solopreneurs Grow To 30k Engaged Followers In 12 Months
I wanted the most experienced person I could find when I hired my first employee.
They left the company 2 weeks later.
For the next hire, I wanted someone that shared our vision.
They lasted for 3 months.
Realizing this wasn't working, I then tried hiring someone with a good work ethic that was willing to learn the role.
They've exceeded all expectations. We've given them 3 pay increases in 4 months and they are now leading the team.
Never underestimate someone with a strong work ethic and the willingness to learn.
👉🏽https://www.linkedin.com/posts/garyltravis_garytravis-careers-leadership-activity-
Careers/Advice: 📝
Jessica Hernandez|Executive Resume Writer ★ LinkedIn Top Voice 2020 ★
When my husband launched his job search last month one of the first updates I made to his LinkedIn profile was to add skills.
This contributed to an 8500% increase in profile views.
When I shared how to use the resume builder hack to find the right skills and keywords to include on your profile, one of my followers used the hack to increase her profile views by 1277%.
The skills you list on your profile play a big part in if/how recruiters find you and whether they contact you for an interview.
Here's a quick hack to find the right keywords and skills to add to your LinkedIn profile:
Go to your profile homepage.
Click on the more button.
Select build a resume.
Click on build from profile.
Put in your target job title.
LinkedIn will populate your profile into the form of a resume.
Our goal isn’t to use our profile as a resume though.
Our goal is for LinkedIn to tell us the most important keywords for that target role.
On the right-hand side, you’ll see green checkmarks for the skills you have that match the job title you used.
Below that, you’ll see LinkedIn’s recommendations for additional keywords.
These are keywords that LinkedIn has culled from the millions of job openings and profiles of people with the same job title. They deem these the most important.
If you have a standard profile you should see about 10 keyword recommendations.
If you have the premium version of LinkedIn you can see between 15-25 depending on the role and how many keywords you already have that are a match for the job.
Look through the list, if there are any skills that you possess that aren’t listed on your profile make sure that you add them immediately. And obviously don’t add any that you don’t possess.
If you'd like more help with your profile, I recorded five short videos that explain the first several things I did to update my husband's profile and increase his views. You can download the 5-day mini-course here:
👉🏽 https://greatresumesfast.lpages.co/leveraging-linkedin/
🛡️🛡️🛡️
Infosec Wisdom: 💡
Rob Black | I help founders tell their cybersecurity story to enable sales. | Virtual CISO
Excited to hire that new cybersecurity employee?
You may find that the process is no laughing matter.
It is difficult to find qualified cybersecurity employees to work at medium sized companies.
It is especially difficult if that person will be a team of one.
But how do you build critical mass for your #cybersecurity program?
We have a tip at the end on how many medium sized tech companies should get started with their program.
In the interim, the comedy team of Rob & Rob may have a few cybersecurity jokes to share.
Enjoy!
👉🏽https://www.linkedin.com/posts/blackrob_cybersecurity-fciso-infosecjobs-activity
Infosec Wisdom: 💡
Ron Sharon|CISO | CIO | I Build Technology and Cybersecurity Programs
If you tell a CEO that (criminal) hackers are coming to get us.
They will probably ignore you.
If you tell a CEO that.
- There were 500 attempts to access confidential files.
- There were 2500 phishing attempts reported.
- That any breach will cause at least 3 days of downtime.
- That the cost of the downtime would be $450,000.
- And that we would lose 5% of our clients.
You would grab their attention.
Numbers talk.
As Cybersecurity leaders, we need to talk "business" and not just tech to the business leader.
👉🏽https://www.linkedin.com/posts/ron-sharon_ronsharon-management-leadership-activity-
🛡️🛡️🛡️
Education: 🎓
Miles Feinberg|Innovation leader partnering with firms to increase productivity
Today's #CIO is bombarded by prospective suppliers...
...trying to sell and gain "wallet share" from #IT budgets.
How can you know who will truly deliver and avoid getting burned?
Pete Gibson and I take the gloves off. 👀
A pointed & topical conversation about the CIO/Vendor relationship
👉🏽https://www.linkedin.com/posts/milesfeinberg_seasoned-cio-vs-veteran-it-vendor
Education: 🎓
Jax S 🔥 ♥️ Cyber Diva | Author | Podcaster | Keynote Speaker | Special Ops
Check out Ashley W. story on breaking into cybersecurity.
Ashley Wicks, a cyber security professional shares her journey breaking into the cybersecurity space. She shares her wins and challenges and provides hacks for certifications prep, interviews and finding mentorship.
She quotes, “Work with what you got but keep your eye on what you want.”
Ashley provides an insightful perspective on finding your place in the cyber industry.
Available on all major podcast platforms.
Co-host include my bestie Erika McDuffie
Thank you ITSPmagazine Podcast for hosting our podcast.
Huge thanks to Sean Martin & Marco Ciappelli for founding this company.
👉🏽https://www.linkedin.com/posts/iamjax_breaking-into-cyber-tips-and-tricks-from
🛡️🛡️🛡️
Webinars/Training: 📺
Jay Jay Davey|Senior SecOps Analyst & Incident Response
Enhance your SOC Career,
I will be doing FREE calls to help people become better SOC analysts and improve their careers, and if you are set on defensive technical security, then this is for you.
The slots are available from 1200-1300 BST on Weekdays.
These are not first-come, first-serve, and these are for people serious about their professional development and a defensive technical security career.
Only on Cyber Mentor DoJo
Note: This is not free consultation; I will not be giving your company guidance on how to build their SOC function or anything else for that matter; this is for individuals.
👉🏽https://www.linkedin.com/posts/biggingerhoneypot_enhance-your-soc-career-i-will-be
Webinars/Webcasts: 📺
Jerich Beason|Chief Information Security Officer|Board Advisor|Podcast Host
“Burnout is a form of exhaustion caused by constantly feeling swamped. It’s a result of excessive and prolonged emotional, physical, and mental stress.” - WebMD
In many cases, burnout is related to our jobs but other life factors can easily contribute to burnout such as kids, caretaking and pretty much anything life can throw at us.
On today's episode of Seat at the Table brought to you by SANS Institute we have a panel of 3 leaders at different stages in their careers sharing their unique perspectives and we’re going to discuss our responsibility as leaders to manage burnout within our organizations. Properly managing the stress of burnout has impacts on job satisfaction, work quality, morale, health and wellness of your teams, retention, recruiting and ultimately affects the bottom line. More importantly than that, if you care about the people you work with, you don’t want them burned out.
Tune in at noon ET to hear how AJ Yawn, Randall Frietzsche and Remi Akintonde have handled this within their teams.
🛡️🛡️🛡️
Infosec Think Tank: 🤯
Ron Sharon|CISO | CIO | I Build Technology and Cybersecurity Programs
Consider this.
A group of teenagers hacked several billion-dollar companies.
Here is what they didn't have:
- Bachelor or a Master Degree.
- Experience working at FAANG.
- 10 years of experience working in tech.
- CISSP, CISM, CISA, CEH, or any kind of certificate.
Here is what they did have:
- Willingness to learn.
- Drive.
It's time to reevaluate how we recruit people into Cybersecurity.
👉🏽https://www.linkedin.com/posts/ron-sharon_ronsharon-cybersecurity-leadership-activity-
Infosec Think Tank: 🤯
Lex Fridman|Research Scientist, MIT
Here's my conversation with Brett Johnson about cybercrime. He was on US Most Wanted list for building the first organized cybercrime community called ShadowCrew, the precursor to today's darknet. This was a raw, honest & fascinating episode.
👉🏽https://www.linkedin.com/posts/lexfridman_brett-johnson-us-most-wanted-
🛡️🛡️🛡️
Cybersecurity Heroes Podcast: 🎙️
How Businesses and Consumers Can Prepare For A Russian Cyber Attack
According to an FBI warning to president Biden, there is evolving intelligence that Russia is exploring options for potential cyber attacks against the U.S. homeland and specifically critical infrastructure.
In this episode, I spoke to Christian Scott, CEO and Chief Information Security Officer of Go Vanguard, a boutique cybersecurity firm that performs red teaming services.
We discussed what businesses and consumers can do to better protect themselves.
Catch the full episode on #cybersecurityheroes podcast below 👇👇
👉🏽https://podcasts.apple.com/us/podcast/how-businesses-and-consumers-can-prepare
Cybersecurity Heroes Podcast: 🎙️
How Non-tech Professionals Can Solve the #Cybersecurity Talent Problem 💡
Link To Video: 👇
https://www.linkedin.com/posts/brendonrod_cybersecurity-1seat-cybersecurityheroes
Cybercrime is on the rise and we don’t have enough defenders fighting against it. In the next few years, cybercrime is estimated to become a multi-trillion dollar industry and that money is going to fund more illegal things.
The impact will be felt far beyond cybersecurity. That threat means we need to have the best people working to stop cybercriminals, but there’s currently a shortage of candidates to fill roles. Naomi Buckwalter, founder and executive director of Cybersecurity Cybersecurity Gatebreakers Foundation told us the answer is to start opening the gates to cybersecurity jobs to people with non-tech backgrounds.
In this episode 5 of our new mini-series #1SEAT on the #cybersecurityheroes podcast, she talks about how there are plenty of people who have the right skills.
Catch the full episode on #cybersecurityheroes podcast below 👇👇
👉🏽https://podcasts.apple.com/us/podcast/how-non-tech-professionals-can-solve
Cyber Security Heroes is brought to you by IRONSCALES.
An email security platform powered by AI, enhanced by thousands of customer security teams and built around detecting and removing threats in the inbox.
p.s
If you enjoy the show, we would love a rating or a review so more people like you can find it!
🛡️🛡️🛡️
Meme of The Week 😆
--------------------
That's a wrap for this week's Infosec Archives, see you again next week. ✌️
Brendon
p.s
Subscribe to my substack to get this plus weekly CyberSecurityHeroes podcast episodes delivered straight to your inbox.👇
