Tag Archive for: Top

Air Force cyber wing looking for new ways to recruit, keep top talent

/in


Amid a global competition for cyber experts, one Air Force wing is looking at new and different ways to recruit and retain service members with the right know-how.

Attracting and maintaining top talent is becoming even more critical as the Air Force must provide six additional cyber mission force teams on behalf of U.S. Cyber Command.

“I would anticipate CMF growth, continuing through the years. We know we probably don’t have the capacity [that] we likely really need,” Col. Sean Kern, commander of 67th Cyberspace Wing, told DefenseScoop in a December interview.

The cyber mission force began building in 2012, with an end goal of 133 teams. The Department of Defense did not add to that number for several years after those groups reached full operational capability in 2018. Starting with the fiscal 2022 budget, Cybercom was authorized funding to augment the CMF, which consists of the offensive, defensive and support teams that the military branches provide to the command to conduct cyber operations. Now, the plan is to increase the capacity to 147 teams over the next five years or so.

The six additional Air Force teams —a total of 264 airmen spanning two offensive teams, two defensive teams and two support teams — that will be added to the CMF, will be built with a phased approach. The first three will start forming in 2024. They’re scheduled to reach initial operational capability 18 months after establishment and full operational capability 18 months after IOC — setting them up to be fully ready by 2027. The next slate of teams will begin building in 2025, with the expectation that they’ll be fully ready by 2028.

“Imagine already presenting, trying to present 1,715 [personnel and] add 264 in a pretty difficult mission area to bring talent into,” Kern said of his position right now.

However, officials across the DOD have consistently maintained that recruiting new talent for the cyber mission force is not the main problem — it’s retention. With lucrative pay opportunities in the private sector, it has been a struggle to keep the experts the military has spent millions of dollars and several years to train.

Kern is looking at…

Source…

Top 10 investigations and national security stories of 2023

/in


This year saw Computer Weekly and Byline Times reveal an extraordinary secret campaign by right-wing Brexit supporters against the world’s leading science journal, Nature. The group, which had high-level connections in politics, business and intelligence, attempted to put Nature and its editor under surveillance and investigated by intelligence agencies for alleged “extreme Sinophile views”.

Surveillance has also been a preoccupation of the Home Office this year, as the government seeks to revise the Investigatory Powers Act 2016 to make it easier for police and intelligence agencies to access large databases on the population, and controversially to require tech companies to inform the government in advance if they make changes to their platforms that could impact surveillance capabilities.

Pressure from the government against tech companies that offer encrypted messaging and email services intensified with the passing of the Online Safety Act in October. The act gives regulator Ofcom powers to require tech companies to scan encrypted services for illegal content, a move that threatens to undermine the security of technology platforms. The act has become law, but it is yet to be seen how – or if – Ofcom will enforce it.

Electronic evidence has been another running theme this year, as Computer Weekly reported on a dispute by an NHS whistleblower and health trust over the authenticity of emails that relate to patient safety concerns. Another NHS employee, meanwhile, deleted thousands of emails before being due to give evidence at an employment tribunal. The courts have also yet to decide whether messages obtained from the police hacking of the EncroChat encrypted phone network are admissible. If they are not, people who have been convicted solely on the basis of EncroChat messages may have their cases overturned.

An investigation by Computer Weekly and Byline Times revealed that the science journal, Nature, had been the target of sustained secret attacks by extreme Brexit supporters with high-level political, commercial and intelligence connections. The group, which included former MI6 chief Sir Richard Dearlove, attempted to put members of staff at Nature

Source…

Top 12 Online Cybersecurity Online Courses for 2024 (Free and Paid)

/in


With so much online courseware on cybersecurity today, it can be a daunting task to narrow the top choices. To create this list of cybersecurity courses online, we talked to leading security professionals about what they recommend to newbies, computer science students, businesspeople and security pros looking to advance their careers.

When it comes to free cybersecurity courses online, keep in mind there’s no free lunch. Many free courses make students pay for a certificate on the back end, and online groups sometimes offer short seven-day or 30-day trials followed by a monthly subscription charge. Federal agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), are great sources of free security information. And those new to the field should check out the National Cyber Security Alliance (NCSA).

For paid courses, we started with some of the favorites among hackers and security researchers and refer readers to MIT cyber training courses, as well as online courses at the University of Maryland Global Campus (UMGC), Western Governors University (WGU) and Cybrary. As a bonus, we also linked to the NSA’s Centers of Academic Excellence (CAE) courses. While not exclusively online, people seriously pursuing careers in security need to be aware of these courses and the fact that many programs offer online options in the wake of COVID-19.

Best of the free cybersecurity courses online

1. TryHackMe

TryHackMe features content for people new to cybersecurity and covers a broad range of topics, including training for offensive and defensive security. TryHackMe also has Capture the Flag exercises with walk-through write-ups by contributing users that let members see how to approach and solve problems. Four levels are available:

  1. Complete Beginners. For those with no computing knowledge and who are unsure of where to start.
  2. Early Intermediates. For those who have basic computing knowledge and have used Linux.
  3. Intermediates. For those who know how computers work and have basic security experience.
  4. Advanced. For those who work in cybersecurity and penetration testing.

TryHackMe also has…

Source…

Top Five Security Controls SMEs Must Have In Place In 2024

/in


Chief technology officer of Corvus Insurance.

We released our Q3 Global Ransomware Report in October 2023, which showed that 2023 has been a record-breaking year for ransomware events, with an 11.2% increase over Q2 and a 95.4% increase year-over-year. With the increasing risk of threats from ransomware along with business email compromise (BEC), hacking and social engineering, this article focuses on pragmatic ways small and medium-sized enterprises (SMEs) can secure their companies and systems.

Many Solutions, Few Resources

Tackling the complex and technical world of security controls is hard for any SME leader or IT person (who is often a team of one). You’re bombarded with “helpful” salespeople trying to sell you expensive solutions to problems you don’t fully understand. Worse, there are so many things you’re told you must do and that if you miss one of the steps, your organization may be left vulnerable.

Where Do I Start?

The NIST Cybersecurity Framework is a good starting point for organizations of any size looking to commence or improve their cybersecurity program, and solution partners frequently mention it as they map control actions back to the framework.

A key part of this is implementing security controls to mitigate the risks. To help prioritize the most critical security controls, security standards have emerged. Some of the most impactful are the Center for Internet Security’s (CIS) Critical Security Controls.

However, even these can be quite daunting for an SME, and certainly, not all security controls are created equal. Let’s dive into some of the most critical controls based on an analysis of tens of thousands of insurance claims data as well as threat intelligence insights from compromised assets and data breach notifications.

Five Security Controls To Have In Place In 2024

Knowing Your Assets

Today, almost every small business has a multitude of digital assets with the adoption of the Internet of Things (IoT), cloud SaaS services and bring-your-own-device policies (BYOD). Understanding what you’re trying to protect and its criticality to your business function is the foundation for any vulnerability management, configuration management or…

Source…