Hi there,
Landing a job offer in cybersecurity is equally as tricky as filling the role.
That’s why there’s a shortage of working security professionals and why the existing ones get so burnt out.
The root of the problem (apart from outdated, overly complex systems and tools) is that cybersecurity job requirements are too stringent, with many asking for elite college degrees and off-center qualifications like mathematics.
In reality, there’s no evidence that going to a prestigious school or even getting a degree prepares you for more success in security than getting mentored in the field right out of high school.
We had the pleasure of speaking with Ron Sharon, Director of Technology and Head of Information Security at Mercer Advisors, who said that many companies are missing out on incredible talent because of old-school thinking around prospects needing specific backgrounds. Ron encourages managers to look for the “X-Factor” - a trait or soft skill - in candidates who strive to learn the ropes.
Watch for comprehensive tips on finding the best people, reclassifying folks into security from various backgrounds, and breaking into infosec as a newbie.
More You Should Know
We whipped up some quick tips that security newbies can take with them to win brownie points and that teams can use to ease their companies’ transition to the cloud.
When leadership decides to onboard new SaaS apps, you can inform them of associated security risks and how security policies should change. Some best practices to keep in mind:
- Educate employees on new security policy
Training employees on a new security policy and why it benefits everyone rather than just security and IT departments will keep your business’s and customers’ data safe.
- Focus on the behaviors of people and machines
Embrace tools that use natural language processing. They can quickly let you know in human terms when somebody in your organization is acting off, and whether it’s by accident or because their account is hacked.
- Set best practices right for your business
Know how your CSA controls have followed frameworks like SOC2 or HIPAA, and plan how you’ll get visibility across your infrastructures. Then, find and eliminate gaps in cloud controls accordingly.
- Keep daily emerging cyber threats in mind
Mitigate risk by categorizing your data and implementing new tools that can triangulate your priorities with daily cyber attacks broadcasted on the news to confirm you’re protected.
Book Recommendation
The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity - Christian Espinosa, who went from cybersecurity engineer to company CEO, describes a high IQ as a lost superpower in the absence of effective communication, emotional intelligence, and self-confidence - hence the brightest person isn’t always the best choice for your company to thwart cyber attacks.
This book will help you understand your risks and develop your team’s technical minds so they become strong, multi-faceted leaders who can excel in every role.
Emerging Threats
With our continuous Emerging Cyber Threat Analysis, you'll never be left guessing whether you're vulnerable to or compromised by the latest threats in the news, like the ones below.
| Update your Confluence server now | The NPM package with millions of weekly downloads has fixed a remote code execution flaw |
|---|---|
|
Atlassian, the company behind Jira, Confluence, Hipchat, and other tools, released an update to fix the CVE-2021-26084 vulnerability in its corporate wiki tool, Confluence. Since the update, security experts have noticed widespread searches for vulnerable Confluence servers and active breach attempts. CVE-2021-26084 (CVSS severity rating: 9.8) originates from the use of Object-Graph Navigation Language (OGNL) in Confluence’s tag system. It permits the injection of OGNL code and thus arbitrary code execution on computers with the Confluence Server or Confluence Data Center installed. If the Allow people to sign up to create their account option is active, unauthenticated users can exploit the vulnerability. Confluence users are encouraged to download the latest release ASAP. |
“Pac-resolver”, a popular NPM package for the JavaScript programming language, has been fixed in response to a remote code execution flaw that could affect many Node.js apps. (Node.js is the popular JavaScript runtime for running JavaScript web apps). The developer who found the flaw noted that it could have allowed an attacker on a local network to remotely run malicious code inside a Node.js process whenever an operator tried to send an HTTP request. The vulnerability, marked as CVE-2021-23406, was fixed in v5.0.0 of all affected packages. Developers using Node.js applications who are thus potentially impacted are recommended to update to version 5.0. |
Fletch Updates/Announcements
We now have a long list of great organizations excited to try our first two offers focused on quickly evaluating risk across your organization and the impact of emerging cyber threats against your resources. We are letting people in one at a time, and we thank you for your patience. 🙏
If you want to learn more about our offerings, please find the links below or reply to this email asking us anything.
Note: Both offers are FREE for early adopters and take only 15 minutes to set up.
Thanks for reading!
If you enjoy our content, invite a friend to subscribe by sending them this link or post about your subscription on Twitter.
