Aug 23 2022

How Many Cybersecurity Pros do we Really Need?

Category: Cyber career,InfoSec jobsDISC @ 9:56 am
How Many Cybersecurity Pros do we Really Need?

How Many Cybersecurity Pros do we Really Need?

We take it as gospel that we have a skills gap in cybersecurity. In fact, the narrative across most of the industry is that you need tools and you need automation because there aren’t enough people to do the work.

And we believe it. But what if that’s not actually the case?

Let me play devil’s advocate for a bit here. I know of quite a few entry-level security folks that are having trouble getting jobs. Now, these are young folks, so maybe their expectations are a bit wacky in terms of compensation or perks or culture but, all the same, if we had such a severe cybersecurity skills gap, wouldn’t the market normalize the additional salary and perks to hire anyone? Is it about the bodies or getting the right bodies? Are we in a position to be picky?

Maybe that’s it. A lot of the entry-level folks aren’t very good at security. How can they be? Security is hard. You need to know a lot of stuff about a lot of stuff, and it’s not the kind of knowledge you really get in a classroom. To be clear, a cybersecurity curriculum provides a great foundation for security professionals, but you don’t really learn until you are screwing it up for real in a live-fire environment.

What if everyone likes to bitch about how we can’t find enough people because they want to cover their asses regarding the reality that most security teams don’t perform very well? Is the industry just diverting attention away from our abysmal outcomes by blaming it on the lack of people? Is this security’s Wizard of Oz moment?

Let’s talk about the folks that should have the most acute problem: The MSSPs or MDR (managed detection and response) companies. These companies can’t grow without people, and they’ve raised capital at valuations that promise that they’ll be growing quickly for many years. How are they addressing this problem?

MDR companies are growing their staff internally. They invest in automation, threat intelligence and supporting technologies that help entry-level security practitioners to become productive faster. They send these n00bs to training and they put guardrails around them to make sure they don’t screw up (too badly).

Maybe that’s the answer. There are enough practitioners, but they don’t have the right skills. The raw materials are available, but we may not want to make the commitment to develop them into workable security staff. So your choice breaks down to either bitching about not having enough staff or getting to work developing your junior staffers.

Now, I may be wrong—t wouldn’t be the first time and it won’t be the last. We may not have enough practitioners to get the work done, but I think we’re focusing too much on what we can’t do and not enough on what we can by making an investment in our people.

Agree? Disagree? Let me know in the comments.

https://securityboulevard.com/author/mike-rothman/

Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career

Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career

Tags: Cyber career, cyber security career, InfoSec jobs

Dec 10 2021

Best Tips on Cybersecurity for Students

Category: Cyber careerDISC @ 10:32 am
Best Tips on Cybersecurity for Students

There is a way to avoid cybersecurity threats, and that’s incorporating effective practices in your daily use of the internet. Here are a few best tips for improving cybersecurity.

  1. Use Strong and Varied Password

The “one password fits all platforms” philosophy is ideal for hackers. They only need to get a password to one network to access all of the others as well. To prevent this from happening, you need to set different passwords on all your accounts.

Memorizing all those passwords can be difficult, especially when you consider various platforms you use for studying. However, with password management apps, you won’t have to memorize them. In addition, you need to create a strong password. For a quick solution, you can use a strong random password generator.

  1. Give Your Data Only to Proven Websites

Random websites can ask for detailed personal information if you want to get access to more content or download something. This can be a threat.

Take extra precautions when using unknown platforms. Before you decide to sign up, read their privacy policy and do some research on the company. For example, if you’re looking for an essay writing company, you can first read the info on the best ones on a credible Top Writers Review website. Reviews, Google results, and privacy policies can help you get to know the website better.

  1. Don’t Download Attachments from Unknown Email Senders

Email phishing is among the most frequent types of cyberattacks. A simple email attachment such as a supposed e-book can be a gateway for malware or phishing attacks.

Whenever you get an email from an unknown recipient, don’t download the attachments. Even if the email seems legit, clarify first who the sender is and where they got your email before you download anything.

  1. Stay Away from Unprotected Public WiFi

An unsecured public WiFi gives free access to the network to anyone – including the criminals.

If you are on the same network, it’s easier for cybercriminals to leach onto your device and access everything you have. Even if just want to quickly connect to research document translation companies for your study abroad papers, hackers can get to your data before you finish.

In situations when you can’t avoid using public WiFi, use a VPN and be vigilant. Virtual Private Network or VPN will encrypt all your internet activity. You can download a VPN app on your phone with a few clicks.

  1. Use Platforms and Apps that Encrypt Data

Apps, platforms, and websites with encrypted data will keep your personal information and internet activity safe. Messaging apps with encryption are also more secure.

When browsing, pay attention to whether the websites with a padlock and “https” in their URL are encrypted. These types of websites won’t leak your data to unauthorized parties.

The privacy policy is yet another way of checking whether the app, platform or website is encrypted. For example, if you read in the policy that the site is covered by COPPA (Children’s Online Privacy Protection Act), it is secure. To ensure internet safety for its students, many educational institutions use apps and platforms covered by this act.

  1. Be Vary of URLs in Messages

You might not find anything peculiar about your friend, teacher, or well-known company sending you an URL. Especially if the message comes in the form of a text message or WhatsApp message. Unfortunately, this is one of the tricks of cybercriminals.

This type of attack is quite common. Clicking on the links can completely open the door to your data. So, if you receive a message with a suspicious URL, first inquire what it is about. When a company sends you such a message, go to their official website instead of clicking on the link.

Conclusion

These simple steps of precaution will help you keep your data safe. Being more careful of what actions you take, pages you trust, and how you dispose of your data is necessary. A few tips like these can do a lot for your internet security.

InfoSec Tools and training

InfoSec Books

Cybersecurity Career Master Plan

Tags: cyber security career, Cybersecurity Career Master Plan, infosec career, Tips on Cybersecurity