Intercast Staffing – September 2022
Welcome to the September edition of Intercast’s monthly newsletter for cybersecurity professionals. As always we’ll bring you the latest news and views to make you a better informed candidate. In This Issue:
- Client Insights
- All Change For Cybersecurity “Traffic Lights”
- Cybersecurity Hiring Boom Forecast
- Pop Star Proves Unlikely Security Threat
- Boosting Diversity In Cybersecurity
Every month we ask our clients what they are looking for when they consider candidates and how employees and contractors can do a better job. The big message this month is to remember the power of listening!
Several clients have mentioned that candidates sometimes either don’t understand an interview question or misinterpret it, then try to cover their confusion. In reality, being clear with your answers is key to building authority and credibility, so never be afraid to clarify what an interviewer meant by a question.
It’s also fine to say that you don’t know the answer to a question. That shows honesty and confidence, and it avoids the risk of talking off-base and going on a tangent for several minutes, wasting everyone’s time. There’s no room for bluffing or putting on a brave face when you’re working with others to solve cybersecurity problems, so there’s no point doing it in an interview.
All Change For Cybersecurity “Traffic Lights”
The standard system for labeling the confidentiality (or otherwise) of cybersecurity reports is getting an overhaul. Version 2.0 of the Traffic Light Protocol (TLP) changes one level and adds another, in both cases to boost clarity.
The idea of the protocol is to clearly mark the audience with whom you can share a cybersecurity report, maximizing its usefulness while keeping to the principles of responsible disclosure. The original version simply used Red, Amber and Green for decreasing levels of restriction plus a White level for information that can be shared with the general public.
Version 2.0, which took effect from August, replaced White with the more descriptive “Clear”. It also added a new “Amber+Strict” level for in-house use only. Sophos has the full details, but in summary:
- TLP:RED means do not share with anyone.
- TLP:AMBER+STRICT means only share within your organization.
- TLP:AMBER means only share within your organization, plus with clients where necessary.
- TLP:GREEN means only share with others in the cybersecurity community.
- TLP:CLEAR means you can share with anyone
Cybersecurity Hiring Boom Forecast
The cybersecurity industry’s total value will rocket from $86.4 billion in 2017 to $403 billion in 2027 according to a forecast from BrandEssence. Several experts quoted by Fortune say the forecast is plausible for three main reasons:
- Cyber attacks continue to rise.
- Businesses are becoming exposed to more potential points of weakness by using the internet in different ways, for example for cloud storage or online and mobile payments.
- The industry continues to develop new solutions through technologies such as artificial intelligence.
The bad news for employers – and the good news for qualified candidates – is that the increased demand further deepens the cybersecurity skills shortage. It’s something that could be eased by great cooperation between government, industry and the education sector, but even then it will take time for more would-be cybersecurity professionals to get the necessary training and experience.
Pop Star Proves Unlikely Security Threat
Janet Jackson could cause another bizarre malfunction – but this time it’s for laptops rather than her wardrobe. The unusual threat was shared by Microsoft blogger Raymond Chen, who revealed that playing the music video for Jackson’s 1989 track Rhythm Nation could not only crash a Windows laptop, but also other machines nearby.
It turned out not to be a software bug, but rather an unfortunate coincidence that part of the song contained sounds at a specific frequency. That happened to be the resonant frequency of a popular laptop hard drive. That could cause the drives to malfunction (and crash the computer) in the same way that people walking over a bridge at a particular pace can damage it.
The good news is that the problem was solved behind-the-scenes many years ago through a custom filter that removes audio at a specific frequency. However, it’s recently been added to the Common Vulnerabilities and Exposures list, the closest thing to a US government database of “official” security threats. It’s also a reminder that attack methods may ultimately be limited only by the imagination of malicious actors.
Boosting Diversity In Cybersecurity
The tech world isn’t always known for its diversity of workers, but cybersecurity could be a key way to increase representation. That’s the message from a recent security event at AWS. The company’s chief information security officer noted that as well as demographic and cultural diversity, this could also involve a wider range of personality types such as introversion and extroversion.
The theory is that people with different experiences, biases and ways of thinking could have different ways of solving problems, which is arguably a key to successful cybersecurity.
However, right now a comparison of two separate studies suggests women, Black and Latino people are underrepresented in cybersecurity even compared with the tech world as a whole. The article concludes that as well as making conscious hiring decisions, cybersecurity employers could also increase targeted ‘mentorship programs’ and help potential hires with the cost of certification programs.
Best Of The Rest
Here’s your monthly round up of the other news and views you need to know about:
- Can Chess help cybersecurity staff improve their skills?: https://www.darkreading.com/
careers-and-people/5-ways- chess-can-inspire-strategic- cybersecurity-thinking
- A government report suggest company boards wait till its too late to take cyber security seriously:https://www.computerweekly.
com/news/252523964/It-takes-a- breach-to-force-boards-to- take-notice-of-cyber-says-UK- government
- New York state plans to beef up its cyber breach notification rules: https://www.jdsupra.com/
- Accenture head of cyber shares tips on breaking into cybersecurity and boosting skills: https://fortune.com/education/
business/articles/2022/07/11/ how-to-break-into- cybersecurity-as-told-by- accentures-head-of-cyber/