Hello Summer

Welcome aboard the July 2023 edition of The Cyber 411! As we navigate the dynamic currents of the cyber universe, we're thrilled to be your beacon, your compass, your guide through the labyrinth of bits and bytes.

In an era where information zips across the globe at breakneck speed, where invisible threats can lurk behind every click, we're here to shine a light on the path ahead. Our mission? To help you decipher the latest cybersecurity news, trends, and innovations, making the complex simple and the elusive accessible.

Whether you're a seasoned cybernaut, an emerging talent, or simply a curious mind intrigued by the cryptic shadows and brilliant flares of the cyber world, we've got something just for you. From the echo chambers of recent cyberattacks to the bright sparks of AI advancements, we've got our radar set on everything that matters.

This month, we delve deeper into the intriguing stories that define our times, we unveil the unsung heroes from non-traditional backgrounds enriching our industry, and we explore the fascinating intersection of cybersecurity and diversity.

So, fasten your virtual seat-belts and make sure your firewall is up and running. It's time to decode the mysteries of the digital age, one newsletter at a time.

Get ready to embark on this enlightening journey through the digital cosmos. The cyberspace is vast, but fear not - you've got the best crew in the galaxy right here with you.

Happy reading, and remember - in the digital world, knowledge is your best armour!

The MoveIT Keeps on Movin': Stay One Step Ahead

A significant development in cybersecurity this month was the discovery of a new vulnerability in the MoveIT software. This issue, if not addressed, can potentially expose sensitive data and compromise network security.

The Department of Energy confirmed that two of its entities were among those breached, resulting in the potential exposure of personally identifiable information of tens of thousands of individuals, including Energy employees and contractors. Several other U.S. agencies with active MoveIT contracts, including the Department of the Army, the Department of the Air Force, and the Food and Drug Administration, are also at risk.

In response to these intrusions, the Cybersecurity and Infrastructure Security Agency (CISA) is working urgently with impacted agencies to understand the impacts and ensure timely remediation. It's worth noting that while data may have been erased, the intrusions are not being leveraged to steal specific high-value information or to gain persistence into targeted systems. As such, this attack is largely seen as opportunistic.

As new victims continue to emerge, Progress Software has rushed to patch the new vulnerability, tracked as CVE-2023-35708, which could lead to unauthorized access to customer environments.

The crucial takeaway from this event? Always stay updated and act promptly when such vulnerabilities surface. Cybersecurity is a constantly evolving field, and staying one step ahead of potential threats is critical to maintaining a strong security posture.

Juneteenth: A Day of Freedom and Reflection

June brought us the celebration of Juneteenth, a powerful reminder of the struggles for freedom and equality. In the cybersecurity world, we can draw parallels by striving for an open and secure digital landscape for all.?

?? I am deeply thankful to?Dr. Michael A. Cadore Sr., a true pillar of our society, whose unwavering commitment to social justice has been a beacon of hope for many. His exemplary mentorship has empowered countless individuals to be proactive contributors to our community.

?? Similarly, we owe a debt of gratitude to Ms.?Betty Sawyer, an eminent community advocate. Her passion for social change is inspirational and she tirelessly works to ensure that every voice in our community is heard.

?? Council Member?Kenny Johnson, MPA?Johnson's dedication to civic duty and community involvement is commendable. His influential leadership and steadfast commitment to service have significantly improved our community.

These esteemed leaders were the honored guests and panelist at?L3Harris Technologies?2nd annual?#LEAD?#juneteenth2023?Celebration ??. Their presence at this event underscores their ongoing support for diversity, equality, and inclusion, values that we at L3Harris Technologies deeply resonate with.

Juneteenth is not just a celebration of emancipation, but a call to continue the work of ensuring freedom and justice for all. As we remember this historic day, let's also reflect on our role in fostering a society where everyone is treated with dignity and respect.

Please join me in extending heartfelt thanks to Dr. Cadore, Ms. Sawyer, and Council Member Johnson and the members of the LEAD Juneteenth planning committee who made this event possible. Their contributions remind us of the power of community engagement, mentorship, and involvement. Their dedication inspires us to continuously strive for a more inclusive and equitable world.

Supreme Court on Affirmative Action: What This Means...

The Supreme Court recently made a pivotal decision on Affirmative Action, stirring discussions about diversity in leadership roles. In the context of cybersecurity, this could potentially impact how we fill leadership roles in the sector. We'll keep an eye on this space to understand its future implications.

The recent decision to eliminate affirmative action on college campuses has sent shock-waves through the academic community and beyond. As a Black cybersecurity professional?and?educator, I find myself reflecting deeply on the long-term implications of this shift. While many may view this as a setback, I see it as a call to action to reassess the value we place on traditional institutional pathways and to explore innovative methods of attaining the knowledge and skills necessary for success in the STEM field. Read more of my perspective on Medium

Early Career Corner: Breaking into Cybersecurity

Are you a budding professional eager to step into the cybersecurity arena? This month, we shared 10 insightful tips on how to kick-start your cybersecurity career. Remember, never stop learning and stay curious!

1. Start with the basics: Understand the fundamental concepts of networking, programming, and systems administration. These are the building blocks of any cybersecurity career.
2. Get Certified: Certifications like CompTIA Security+, CISSP, or CISM can help demonstrate your knowledge and commitment to the field. They're often highly regarded by employers.
3. Hands-on Experience: Practical experience is critical. Participate in Capture The Flag (CTF) competitions, use platforms like Hack The Box, or contribute to open source security projects to gain real-world experience.
4. Stay Updated: Cybersecurity is a rapidly changing field. Follow cybersecurity news, join relevant forums, and attend industry conferences to keep up with the latest threats and defense tactics.
5. Networking: Connect with other professionals in the field. Join cybersecurity groups on LinkedIn, attend local meetups, or participate in online communities.
6. Understand Privacy Laws and Ethical Guidelines: Cybersecurity isn't just about technology; it's also about understanding the legal and ethical landscape. Familiarize yourself with relevant laws and guidelines.
7. Learn about Generative AI: AI is playing an increasingly important role in cybersecurity. Generative AI, for instance, can help in automating threat detection, improving incident response, and even simulating cyber-attacks for better preparedness.
8. Leverage Generative AI Tools: Tools like OpenAI's GPT-3 are being used to generate phishing emails for training purposes or to automate the creation of security awareness content. Familiarity with such tools can give you an edge.
9. Understand the Limitations and Ethics of AI: While AI can be a powerful tool, it's important to understand its limitations and ethical implications. This understanding will make you a more responsible and effective cybersecurity professional.
10. Continual Learning: Cybersecurity is an ever-evolving field, and AI is advancing rapidly. Commit to lifelong learning to keep up with the pace of change.

Remember, breaking into cybersecurity is a journey, not a sprint. Take your time to build a solid foundation, continually learn and adapt, and you'll be well on your way to a successful career in this exciting field.

International Women in Engineering Day: Celebrating Diversity

This month, we celebrated International Women in Engineering Day, acknowledging the vital contributions of women in the sector. It's a reminder that diverse perspectives strengthen the cybersecurity field, and we should continue encouraging more women to join this dynamic industry. Here are some interesting stratagies to help create pathways for women interested in engineering careers.

1. Introduce and promote cybersecurity education early: This means integrating cybersecurity engineering topics into school curriculum at an early stage, like primary and high school. This helps to spark interest in girls at a young age and provides them with the foundation they need to pursue a career in the field. It's also recommended to provide female students with female mentors in the field, which can help to break down gender stereotypes.
2. Promote women in security engineering roles: Highlighting successful women in cybersecurity helps to break down the perception that it's a male-dominated field. This can be done through media campaigns, conferences, seminars, and even in educational materials.
3. Provide networking and mentorship opportunities: Creating networks where women can meet other professionals in the field can be an effective way to provide support and encouragement. Mentorship programs, in particular, can be very helpful in providing guidance and advice to women who are new to the field.
4. Establish supportive company cultures: Companies should work to create cultures that are supportive and inclusive of women. This includes establishing policies that promote diversity and inclusion, providing flexible work options, and ensuring that there are opportunities for women to grow and advance in their careers.
5. Provide scholarships and incentives: Offering scholarships or other financial incentives to women who are studying cybersecurity can help to encourage more women to enter the field.

Pride Month and Intersectionality: Diversity in Cybersecurity

June also marked Pride Month, a time to celebrate diversity and inclusivity. As we celebrate, we also ponder intersectionality and its role in cybersecurity. The intersection of cybersecurity and LGBTQ+ rights is an important area of focus in the tech industry. The Supreme Court's ruling that the Civil Rights Act of 1964 also protects gay and transgender workers was a landmark decision, but the absence of discrimination does not equate to diversity or inclusivity. Technology can both protect and harm the LGBTQ+ community, and diversity in the workplace can help tech companies focus on the protective aspects and prevent harm.

However, achieving diversity is not a straightforward journey and comes with its unique challenges. These challenges often become evident in the form of representation data, which can be unreliable for the LGBTQ+ community. Self-reporting is often relied upon, but employees might hesitate to self-report if they fear backlash or bullying, which can create a harmful cycle.

These challenges extend beyond recruitment and into retention and advancement. To improve retention, it is crucial to incorporate inclusivity into the organizational structure and policies, including measures to prevent workplace microaggressions. Advancement also plays a significant role, with bias often being a significant factor that can inhibit promotion prospects for LGBTQ+ employees. For a truly diverse workplace, leadership commitment to diversity, equity, and inclusion is essential.

The tech industry is comparatively LGBTQ+-friendly, with companies like Google, IBM, Microsoft, Salesforce, Slack, and Apple recognized as some of the top companies for LGBTQ+ people to work in. It also has more dedicated resources for the LGBTQ+ community than most other industries, including company-sponsored employee resource groups and networking and support groups. Nonetheless, there's still much work to be done to foster true inclusivity and equity.

Beyond the Norm: Nontraditional Careers in Cybersecurity

Cybersecurity isn't a field reserved for IT professionals alone. This month, we explored how professionals from nontraditional backgrounds can contribute their unique skills to this sector, enriching it further. Here are several examples of individuals who transitioned from unrelated careers to cybersecurity:

1. Valentina Galea: She was a graphic designer for 7 years and became an ethical hacker at Bit Sentinel. She discovered cybersecurity while working for a gaming company 1 .
2. Jelena Milosevic: A pediatrician and a nurse, she became an active member of the infosec community with a focus on healthcare security 1 .
3. Laticia Carrow: From hairdressing to cybersecurity, she was encouraged by a friend who noticed she was good with computers. She did a lot of research and learned about key tech terminology 1 .
4. Dan Konzen: He transitioned from a career in healthcare to cybersecurity. He's now the Phoenix campus chair for the College of Information Systems & Technology at the University of Phoenix 1 .
5. Javvad Malik: His background is in business information systems. He landed an infosec job at Natwest and took the opportunity to gain certifications and learn as much as possible 1 .
6. Amanda Rousseau: She started out studying graphic design in college. After attending a computing science course, she became a malware researcher and worked at the DoD Cyber Crime Center 1 .
7. KPMG employees: Some of them transitioned from entrepreneurship, trading, or forensics to cybersecurity, applying what they learned from their previous roles to their new careers 1 .
8. Ismaelle Vixsama: She has a degree in finance and business management and worked in the finance field for six months before founding a cyber consulting firm, Vix Cyber 1 .

This list should give you a good sense of the diverse backgrounds from which people have entered the field of cybersecurity. All of these individuals highlighted the importance of continuous learning and curiosity in their transitions. Many of them also noted the value of bringing a unique perspective from their previous careers to the field of cybersecurity.

Thank you, readers, for your continued support and engagement. Your curiosity drives the Cyber 411 community forward! Remember, you can also join me on [Medium] https://medium.com/@allen.westley and [Twitter] https://twitter.com/fwestley for more insights and discussions. Here's to another month of learning and growing together in the world of cybersecurity!