INFOSEC RECRUITING - IS THE INDUSTRY CREATING ITS OWN DROUGHT
We've all been blasted with many a report that infosec has a massive skills gap. But what if the problem doesn't lie with the lack of skilled professionals, but the hiring process itself?
Thomas Fischer makes a compelling argument, using some of his personal recent experiences from both sides of the hiring process.
InfoSec Recruiting – Is the Industry Creating its own Drought? | Liquid Matrix
Did you think that discussions around GDPR were over? You thought wrong.
Want to avoid GDPR fines? Adjust your IT Procurement methods | HelpNetSecurity
A clever new twist on an on extortion email scam includes a password the recipient previously used at a hacked website, to lend credence to claims that the sender has hacked the recipients computer / webcam and recorded embarrassing videos.
Sextortion Scam Uses Recipient’s Hacked Passwords | Krebs on Security
Elon Musk continues to make the headlines, sometimes for the right, and other times for the wrong reasons. But it's worth taking a look at the company's security. While there was the infamous email a few weeks back where Musk pointed the finger of blame to a rogue employee, it's not the first case of cybersecurity gone wrong in the company.
Tesla sued an oil-industry executive for impersonating Musk in an email. The trickster's goal was to undermine Tesla's energy-efficient transportation.
RELATED OLDER NEWS
So is Tesla more a car company or a software company that happens to make cars?
THOUSANDS OF MEGA LOGINS DUMPED ONLINE
Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online.
The text file contains over 15,500 usernames, passwords, and files names, indicating that each account had been improperly accessed and file names scraped.
Somewhat related, the NY Times has rolled out a new feature to secure subscriber accounts that locks accounts whose passwords have appeared in breaches.
WE'VE HAD A DATA BREACH... LET'S NOT TELL ANYONE
It’s a basic question in the face of a data breach: do we fix it and keep quiet? Or do we tell the world and risk the consequences. A major fuel company was recently confronted by this challenge, and their response and how they communicated it provides a worrying lesson for issue and crisis managers everywhere.
We’ve had a data breach… let’s not tell anyone | Mumbrella
DEMYSTIFYING THE PUBLIC OR PRIVATE CLOUD CHOICE
Everyone wants to operate like a tech company today. Chances are, your business can’t thrive without improving how you do IT, and executives must decide where to house and process their data. Companies like Liberty Mutual are able to enter a new market in just six months and double the average sales rate, while government organizations are defying expectations with rapidly developed and deployed applications across the board from tax collection to war-fighting.
Your cloud strategy is going to be nuanced. A recent Forrester study found that just four percent of organizations run their applications exclusively in the public cloud; 77 percent of organizations are using multiple types of clouds, both on-premises and off-premises. So do you go the public or private cloud route? It can be a complicated question. Let’s look at some starting considerations.
Demystifying the Public or Private Cloud Choice | Built to adapt
A few other stories I enjoyed reading recently.
The Industry Analyst Evaluation Game | Field thoughts
How not to be an analyst | IIAR
The SIM Hijackers | Motherboard
APT1 - what happened next? | Countercept