Cyber Connections News Roundup: April 5

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 5

University of Maryland Global Campus to Pilot Virtual and Augmented Reality Learning Environments

University of Maryland Global Campus (UMGC) has partnered with VictoryXR, a global leader in creating learning environments through immersive technology, in a pilot program that will use virtual and augmented reality in classes in the fall 2022 term. UMGC is one of 10 schools in the initial phase of the program that will implement a “digital twin campus” for students, whether they are enrolled in a face-to-face class or studying online. “This is an opportunity to be a leader and early pioneer in leveraging the metaverse, which will represent a radical paradigm shift in online education and the end-to-end learner experience,” said Doug Harrison, vice president and dean of the School of Cybersecurity and Information Technology. Read more.

FBI Issues Ransomware Warning to Local Governments

According to a recent article on www.securityweek.com, the Federal Bureau of Investigation (FBI) warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses. In a private industry notification, the FBI noted that local government entities within the government facilities sector (GFS) represented the second most targeted group following academia, based on victim incident reporting throughout 2021. Read more.

Senators Aim to Strengthen Cybersecurity in Healthcare

To protect the healthcare system and patient data from cyberattack, on March 23, U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV) introduced the Healthcare Cybersecurity Act. According to a report on www.hcinnovationgroup.com, the act aims to direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to work together on how to improve cybersecurity processes in hospitals and health systems. Among other items, the bill would require CISA and HHS to collaborate to improve cybersecurity in the healthcare and public health sector. Read more.

Millions Work in Cybersecurity But Jobs Remain Unfilled

About one million people work in cybersecurity in the U.S., but nearly 600,000 positions remain unfilled, according to a recent article on www.bloomberg.com, citing data from CyberSeek. Of those, 560,000 are in the private sector. Citing a Gartner TalentNeuron study, the article says that during the last 12 months job openings have increased 29%, more than double the rate of growth between 2018 and 2019. With so many employees using their home networks and computers, phishing attempts soared, as did ransomware attacks on businesses, schools, hospitals and other organizations, which has further increased the demand for cybersecurity positions such as software developers, vulnerability testers, network engineers and cybersecurity analysts. Read more.

Recent Axie Infinity Heist Exposes Vulnerabilities in the Crypto Sector

According to a recent report on www.cyberscoop.com, the cryptocurrency used to play the Pokémon-inspired blockchain game Axie Infinity was the target of a March 23 crypto heist of more than $600 million, one of the largest in history. The hack can be traced back to November 2021 when Sky Mavis, the company behind Axie Infinity, asked Axie DAO for support distributing free transactions due to an immense user load. The arrangement continued until December 2021. The frequency of hacks on the cyrpto sector raise questions about both loss of confidence in the sector and the need for regulators to step in to protect the public. Read more.

Cyber Connections News Roundup: February 22

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

February 22

Super Bowl Crypto Ad Stirs Cybersecurity Debate

According to a recent article on https://readme.security, a Super Bowl ad from cryptocurrency platform Coinbase featuring a bouncing QR code stirred a debate within the cybersecurity community. The controversial part of the ad had nothing to do with cryptocurrency. Instead, it was the company’s decision to display a simple QR code that might convince Super Bowl viewers to scan questionable QR codes could take them to malicious web pages. “There’s always potential for mischief with something like this,” said UMGC’s Jesse Varsalone, associate professor for computer networks and cybersecurity. Varsalone pointed out that some services allow people to access their accounts with little more than a QR code. Read more.

DOJ Warns Companies to Boost Cybersecurity Amid Russia Tensions

A recent report on https://abcnews.go.com warns companies in the U.S. and abroad to shore up their cybersecurity defenses amid a potential Russian invasion of Ukraine. Deputy Attorney General Lisa Monaco issued the warning on Feb. 17. “Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak,” she said. Her warning comes on the heels of other U.S. agencies warning earlier last week of a cyberattack happening at the same time as a potential Russian invasion of Ukraine. Read more.

New Players Emerge on Cybersecurity Threat Landscape

According to an article on www.zdnet.com, new countries are investing in cyber-intrusion campaigns and existing state-backed attack groups are taking advantage of the rise in cloud application adoption. Citing Crowdstrike’s 2022 Global Threat Report, the article goes on to say that the cyber threat landscape has evolved to include the rise of new countries engaging in offensive cyber operations, including Turkey and Colombia. As an example, the report discusses a Turkish-based hacking group, dubbed Cosmic Wolf by researchers, which targeted data of an unspecified victim stored within an Amazon Web Services (AWS) cloud environment in April 2021. Read more.

Metaverse Is Ripe for Cybersecurity Threats

An article on www.venturebeat.com examines how the “metaverse,” the much-talked-about and somewhat hazy concept of networked 3D virtual worlds focused on social connection, is ushering in a host of cybersecurity concerns, from common cybersecurity issues like phishing to a rise in scams related to non-fungible tokens (NFTs), cryptocurrency wallets, vulnerable virtual reality devices, and a rise in blockchain scams. The largest concern, according to the article, may center on data privacy and security, as the demand for user data is most likely to grow with the Metaverse. Read more.

Experts Look Rise in Romance Scams

According to a recent article on www.cyberscoop.com, the Federal Trade Commission reports that online romance scams continued to grow in 2021, and cryptocurrency payments now represent a big chunk of the money lost. Complaints about romance scams totaled $547 million overall last year, up about 80 percent from the $307 million reported to the FTC in 2020. Of that total, $139 million in reported losses came from cryptocurrency transactions. Victims are led to believe their new online companion is a successful investor who, before long, offers investment opportunities that involve foreign exchange (forex) trading or cryptocurrency. Read more.

Five Ways You Can Win in Today’s Cybersecurity Job Market

We hear a lot about a skills gap, but quite often qualified candidates are not getting noticed in today’s cybersecurity job market. Mansur Hasib, DSC, program chair, Cybersecurity Technology, University of Maryland Global Campus, shares some practical tips for cutting through the noise. In this video, you’ll learn more about what you can do and the things you should focus on to land a job in cybersecurity.

Tips for Success in a Male-Dominated Field: Hear from UMUC Cybersecurity Alum Keirsten Brager

In a recent interview with Pamela Scott, host of the podcast People Secure Cyber, University of Maryland University College (UMUC) Cybersecurity alumnae and author Keirsten Brager (right), MS, CISSP, discusses her latest book, “Secure the Infosec Bag: Six Figure Career Guide For Women In Security” and shares her advice on some of challenges she faced during her career in a male-dominated profession.

In an in-depth interview, Brager shares her passion for introducing women to cybersecurity and discusses the challenges she faced as a minority woman in cybersecurity. As she notes during the conversation, a lack of role models and mentors to help her navigate the complexities with the discipline resulted in a lack of confidence early on.

What is her strongest piece of advice? “Make sure you get some strong mentors on your side who can relate to your unique challenge,” said Brager. “And you can have more than one mentor. I have what I my ‘circle of excellence,’ people I’ve grown to trust over time,” she added.

Listen to the Full Interview

About Keirsten Brager

Keirsten Brager ia a security technology lead at a Fortune 500 power utility company and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author of “Secure The InfoSec Bag: Six Figure Career Guide for Women in Security,” a guide to empowering women with the strategies needed maximize their earning potential. Brager holds a MS in Cybersecurity from UMUC and several industry certifications, including the CISSP and CASP.

 

 

Reflections on Cybersecurity: A Deliberate Career Choice

By Valorie King, Ph.D

Can one live an unplugged life? Not really. If you shop or receive medical care or do any one of a hundred small things each day, information about you is captured, stored, transmitted to places that are not secure and may not even be securable. Your phone, your watch or step tracker and your tablet or computer—all your devices—know where you are and where you’ve been. The apps on your devices capture information about your location and time of day and send that off to people you don’t even know and might not approve of if you did.

Every single modern computer is vulnerable to a new type of attack. Organizations are scrambling to deploy new defenses. Vendors are working furiously to find, fix and patch. The public is trying to understand what this new cyber threat means and decide how worried they should be. And the hackers? Well, they’re looking for the next new vulnerability to exploit and increase their fame and fortune.

I deliberately chose to move into the cybersecurity career field. I deliberately chose a career that has become one of the most stressful career fields to be in. Every day, there are new attacks, new vulnerabilities and new tactics that negatively impact—and steal away—our safety and privacy. The cybersecurity industry just can’t keep up. The hackers, cyber criminals and cyber terrorists are winning.

What was I thinking? I don’t know. Cybersecurity just seemed like the best career choice at the time, especially for someone re-entering the IT workforce after almost a decade as a stay-at-home mom. Many of my students are facing similar choices, and I applaud them for wanting to better their lives and the lives of their families. But, sometimes, I wonder if cybersecurity really is the best choice. Is the stress of dealing with cyber risks and cyberattacks, day in and day out, worth the impact on me personally or on my family?

Here’s my bottom line. As I read the news and watch videos about the changing landscape of cyber risks, I am reminded of the words of Irish statesman and philosopher Edmund Burke: “All it takes for evil to triumph is for good men to do nothing.” So, for the moment, I’ll keep on keeping on. I will try to balance my job of informing people and society about cyber risks with an obligation to refrain from creating fear unnecessarily. And, I will try to manage the stress of living daily with the responsibility to inform, to defend and to protect.

About the Author

Valorie King, Ph.D, is program chair, Cybersecurity Management and Policy at UMUC. King’s professional focus is on developing tomorrow’s cybersecurity workforce. To accomplish this, she leads a world-class faculty of scholar-practitioners who engage in the design, management, and assessment of cybersecurity programs, products, and services in businesses and governments within local, regional, national and international contexts.

 

Interested in a Career in Cybersecurity? Set Your Sights on Leadership Skills

The skills you need for a successful career in cybersecurity may not be the ones you think. A common misperception about cybersecurity is that you cannot enter the field without being a STEM major with the technical acumen to code, hack, and write scripts.

When Professor Mansur Hasib talks to aspiring cybersecurity professionals who lament their liberal arts degrees, he reminds them that his bachelor’s degree is in economics and politics and his master’s degree is in political science.

Hasib, who is program chair of the Cybersecurity Technology program in The Graduate School at University of Maryland University College (UMUC), explains that “cybersecurity is a vast field in which anyone can find their passion in some aspect.”

Contrary to what you may read in the news, the majority of cybersecurity failures relate to shortcomings in leadership and governance, not technology. Cybersecurity needs professionals with the leadership skills and experience to manage an organization. Organizational leaders in cybersecurity with experience in management can understand cybersecurity at a business level. They have the ability to understand the holistic and interdisciplinary nature of cybersecurity.

“Without a balanced strategy of technology, policy, and people, your organization will not succeed,” said Hasib. “If you don’t know who to hire, how to engage people, how to develop a strategy based on the brainpower of everyone in the organization, and how to build high-performing teams, your organization will fail.”

A Message to Recruiters: Look for Candidates with Soft Skills

While cyber career aspirants should invest in gaining leadership and management skills, cybersecurity recruiters would be wise to consider a broader background when hiring—notably soft skills such as leadership, communication, and teachability, not just technical aptitude.

Organizations that focus on hiring coders and “tech jockeys” miss the boat. “We have a huge leadership void in the field,” said Hasib. “When you look at all the breaches, it may appear as if it was a technology issue, but it was almost always never the technology. It was leadership and strategy that was lacking.” Recruiters should be looking at what a candidate can learn and whether they have the capacity for perpetual, perennial learning and innovation.

Learn more about the skills you need to launch a career in cybersecurity and gain additional insight from UMUC’s Mansur Hasib:

• How to Get the Skills You Need for a Successful Cybersecurity Career
• Cybersecurity is a STEMB Field… and the B Isn’t Silent!
• A Political Science Major in a Cybersecurity Classroom… Being Taught by a Political Science Major?

Cybersecurity Roadtrippers Stop in at UMUC During Their Cross Country Journey

Fellow Roadtripper and current UMUC graduate student Antwan King meets his “cyber” superhero as the group made its way to the Washington, DC area before heading west.

On Friday, December 2, the three participants in Roadtrip Nation’s “Cybersecurity” trip, which kicked off on November 27 in New York City, made their way down to the Washington, D.C. region. During their stop in the D.C. area, a visit that included interviews with cyber leaders and a tour of the National Cryptologic Museum, roadtrippers Mansi Thakar, Emily Cox and UMUC’s own Antwan King rolled into the UMUC Academic Center at Largo to share with family members, supporters, and UMUC faculty and staff their first impressions of the trip, their career aspirations, some life lessons, and what it’s like traveling together in an RV with the cameras rolling. (Roadtrip Nation will produce a documentary about the cross-country journey that will air on public television in spring 2017.)

UMUC’s Antwan King kicks off his “cyber” journey.

For UMUC’s King, the visit to DC was especially meaningful because he was able to meet his “cyber superhero,” Michael Echols, CEO of the International Association of Certified ISAOs and former director of the Cyber Joint Programs Management Office at the Department of Homeland Security.

When asked about what this opportunity meant to him, King said, “You wake up every day, you try so hard, and sometimes people tell you “no,” but now I get to talk to the people who can help me define a path and discover what works.”

For the three participants, the trip thus far has been chock full of many unique experiences. However, they all agree that driving the RV stands out as one of the most thrilling. Said Cox, “I’ve never been to any of the cities on the trip, and I’ve never even been in an RV. Now I get to drive it across the country!”

Learn more about Roadtrip Nation at roadtripnation.com and roadtripnation.org. To stay up to date on the journey, follow @RoadtripNation, @UMUC, and #CybersecurityRoadtrip on Twitter.

The Challenges of Cyber Recruiting

Recruiting is a challenging occupation. We recruiters operate in a competitive environment chasing talent that has many options. Especially challenging is recruiting in the cyber community. Cyber is the buzz word today in technology and recruiting. It is this capability set that gets a lot of attention in recruiting, however, it is the most challenging.

Recruiting in the cyber industry in the Greater Washington, DC Metro Area is a tall order. It is exciting and the work that cyber professionals perform is “cool”; however, as with many technical skill sets there is a shortage of talent in our area. Demand certainly outweighs supply. Cyber is a very broad field. Many firms that specialize in cybersecurity define cyber differently and roll many different skill sets and expertise up under the cyber umbrella. Recruiters are constantly shifting focus as it relates to cyber. One minute we are seeking software developers and the next minute we are looking for a Certified Ethical Hacker (CEH). So what kind of challenges do we as recruiters face while attempting to recruit this specialized talent?

The Greater Baltimore/Washington, DC Metro Area is one of the best yet one of the most competitive geographic areas in the country. We are fortunate to have such a vibrant economy and a rich talent pool. Some of the most highly educated and technical folks in the United States reside in our backyard. With the high volume of job vacancies and the limited talent pool, it becomes a shootout on who can attract and retain the best cyber talent. Mind you, we also typically need candidates who possess the full menu of cyber expertise coupled with a security clearance. Because our region is built around the Nation’s Capital, much of the work supports government clients. In many cases, the workforce must possess a certain type of security clearance. This narrows down the candidate pool even more. It is this small pool of talented individuals that most companies fight over!

In addition to the limited talent pool and security clearances, most opportunities do require some type of cyber certification. It is no longer just enough to have a degree or an advanced degree, most employers also would like you to have cyber certifications to include a CISSP, CEH, Security +, and the list goes on and on. In many cases these certifications are required. Recruiters many times will not look at a candidate or consider them without a particular certification because of this requirement. In other words, if it’s required and we don’t see if on your resume, we simply move on. This is just yet another obstacle in identifying and recruiting cyber talent!

In the government contracting world of the Greater Baltimore/Washington, DC Metro Area we have something called Low Cost Technically Acceptable (LCTA). With government budgets tight sometimes government contractors have to be extremely competitive in the way they bid work. Many acquisitions go to the lowest bidder. With cost constraints and budget constraints, sometimes firms must lower their rates in order to win work. This does have an impact on salaries and pay rates for folks who would work on those programs. With cyber talent in demand, talent does have choices and options. Many times a professional does not always have to entertain a position in the government contracting market. They can always prefer to work in the commercial sector which is not government or government contracting. Cybersecurity skill sets are also in high demand in the non-government contracting world as well. These firms typically have more flexibility in their compensation packages which in many cases is more attractive to the talent pool.

Another challenge recruiting faces with recruiting cyber talent is work environment. In many government contracting environments where a particular security clearance is required, most are closed work areas which means no phones, tablets, etc. With the workforce today so wired and tuned into technology, this environment sometimes turns away bright cyber talent. It is a restriction that we see in our industry. Once again, this does narrow down our talent pool even more. Many commercial companies can offer this type of flexible environment.

The outlook is very good for cybersecurity professionals. Most have many options in this particular geographic area. Whether it be government, government contracting, or commercial there are many opportunities out there for the cyber professional. Recruiting will continue to have challenges as cyber grows, changes, and evolves. One thing is for sure, the competition for cyber talent will always be there. Professionals in the cybersecurity field will continue to see an increase in opportunities as well as career paths.

Mike Bruni possesses over 17 years of experience in Human Resources, Recruiting & Staffing. Mike is heavily experienced within the National Security Industry. Mike joined SAIC (Now Leidos) in January of 2005 after spending 7 years in the staffing industry. Since joining SAIC/Leidos he has taken on many roles leading many initiatives to include Talent Acquisition Management, Sourcing, Capture Staffing, Direct Recruiting, and Veteran Outreach. In July of 2015, Mike joined Booz Allen Hamilton in a Sr. Talent Acquisition Strategy role and is based out of McLean, VA.