jump to navigation

1,000,000 InfoSec Job Openings in 2016! May 10, 2016

Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.
Tags: , , , , , , , ,
add a comment

ATT_Sec_Conf_2015-076A recent article in Forbes Magazine outlines the current and projected information security job market.  According to the article the current job market is valued at $75 billion and is expected to grow to $170 Billion by 220.  More profoundly, CISCO estimates that there are currently 1 million InfoSec job openings in the US with, according to Peninsula Press, 209,000 currently unfilled! According to Virginia Lehmkuhl-Dakhwe, director of the Jay Pinson STEM Education Center at San Jose State University “The number of jobs in information security is going to grow tenfold in the next 10 years,”

I have been fortunate to have had a great career in information security over the past 15 years.  While my experience is unique, I have had opportunity to travel the World and work with some of the largest, and most complex companies around.  I have spoken at scores of events and have published dozens of articles and white papers.

Last year I wrote a blog post about how to get into the InfoSec career field.  Two things that many people may want to know off the bat.  1) a College Degree is NOT required (although often very helpful) and 2) The pay is VERY good. (basic supply and demand).  In my experience most people could probably get into the field with anywhere from 9-18 months of self-study.  You can get in quicker if you attend course.  For more information, please read my blog post: Getting Info Information Assurance Careers.

Dear OPM – Thanks for exposing my data!…”Clean up your own backyard!” (Elvis) October 20, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , , ,
add a comment

Let me start with Elvis’ “Clean up your own Backyard”

“Back porch preacher preaching at me
Acting like he wrote the golden rules
Shaking his fist and speeching at me
Shouting from his soap box like a fool
Come Sunday morning he’s lying in bed
With his eye all red, with the wine in his head
Wishing he was dead when he oughta be
Heading for Sunday school

Clean up your own backyard
Oh don’t you hand me none of your lines
Clean up your own backyard
You tend to your business, I’ll tend to mine”

menendezToday I received a letter from the United States Office of Personnel Management or OPM informing me that my personal data had been stolen in a data breach.  As a quick reminder the OPM was the victim of a major data breach in which over 22.4 million current and former federal workers and military members’ personal information was stolen by the Chinese Government although the Obama administration did not formally accuse Beijing.

The breach was finally disclosed by the OPM in June 2015 but started in March 2014. So what was stolen?  According to the report I received today…it included (ready for this)…1) Social Security Number 2) Full Name 3) Address 4) Education History 5) Employment History 6) Information on my dependents and close family and 7) my SF86 from when I applied for my security clearance…among other data. For those who are unaware..the SF86 is a 127 page document titled “Questionnaire for National Security Positions” that asks questions about every aspect of a person’s life to include 1) Friends’ names, 2) Emotional and Psychological health, 3) use of alcohol and drugs 4) financial issues 5) affiliations with groups and more!  This information is much more personal and sensitive than just a social security administration.

I find it amusing that within 2 days of Target notifying that they had been victimized by criminals who stole millions of credit card numbers that the “Honorable” Senator Menendez (D NJ) a sitting US Senator (and “back porch preacher” who is now under criminal indictment) would deride Target and ask whether the: “…FTC has the teeth to hold retailers who failed to protect consumers’ information accountable,” He then continued: “if a company doesn’t invest in security to ensure customer data can’t be stolen, “then you have to question why a company would not do that.” The Target CFO would be forced to APOLOGIZE to the US Congress for security ‘failures’ yet when the OPM is breached the US Government distances itself from any liability.  This is sine qua non for any action in which the Federal Government fails..they simply deny that they failed.  According to OPM spokesperson Samuel Shumach:  (more…)

Hillary Clinton’s Private Email Server Confirmed Hacked by the Chinese! (yes that was clickbait) September 30, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , ,
add a comment

HackedUPDATE– Yesterday I posted this “article” to demonstrate just how easy it is to convince people to click on malicious links.  Even with the end of the article saying that it was a spoof, there were still ~25% of readers (24 out of the first 95) who clicked on the link.   The point was simply to demonstrate that social engineering is alive and well and very easy to conduct.  The idea that Hillary’s private email was ‘secure’ is a preposterous claim.  Thanks for everyone who read this.

While denying that there is any evidence of her private email server being hacked…The Secret Service just released a report that proves Hillary Clinton’s private email server was hacked repeatedly by China, Russia and Iran using a common “spear fishing method’ known as a ‘drive by infection’. This is a common method used by the Chinese, Russians, Iranians and others to initiate an Advanced Persistent Threat (APT) attack. Click here to read the official government report! (more…)

Chris speaking at the 2015 AT&T Security Conference: “Mobile Retail Security” September 3, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
add a comment

17thATTI have been invited to co-present on Mobile Retail Security at the 17th Annual AT&T Cyber Security Conference. The conference is October 5th and 6th in Manhattan and will feature some amazing speakers including AT&T’s own CSO Dr. Ed Amoroso, Palo Alto’s CSO Rick Howard and “Dr. Chaos” Aamir Lakani to name but a few.  If you are going to be in NYC on Oct 5th and/or 6th and want to attend…registration is FREE!...Check it out!!

CyberGhost Guest Post- “5 easy steps to increase privacy on Windows 10” August 6, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
1 comment so far

cyberghostBelow is a guest post from CyberGhost  on how to increase privacy on Windows 10. This is very timely and great advice!.  I have upgraded to Windows 10 and really think it is a huge upgrade over Windows 8/8.1 but (there is always a but) there are some serious privacy concerns. (SERIOUS) Thanks to CyberGhost’s Silvana Demeter for providing this valuable info! BTW…I am very familiar with CyberGhost really like their products.  Check them out!

“On July 29, Microsoft has released its new operating system, Windows 10, available globally in 190 countries. The new version offers new features and completes different gaps. Windows 10 is fluid and fast and its new browser Microsoft Edge might win back a lot of users being super-fast.

Some privacy related concerns appear though, one possible problem being that data such as contacts, calendar, mail, messages are transferred to Microsoft’s servers, creating a more detailed user’s profile. Another feature that is infringing one’s privacy is the advertising ID assigned to individuals that are later targeted with specifically tailored ads. Even encrypting the hard drive won’t make an improvement to the privacy since the keys are stored by default on OneDrive. These new settings and features are aimed at increasing productivity, as they make apps and operating system smarter.

In order to improve the future experience of its users, Microsoft uploads data on their servers. As stated in the Terms of Service, Microsoft has the right to share this data whenever it has a good faith belief doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services.”

In addition, all these settings are ON by default and will remain enabled if not unchecked while installing or upgrading to Windows 10.

All the data used by the Microsoft account (@live.com, @outlook.com, @msn.com – necessary for most of the new features) is scanned by Microsoft’s services. The location or even the talks with Cortana (searches, reminders, notes, and actions) are also processed by Microsoft’s services: “We also share data with Microsoft-controlled affiliates and subsidiaries; with vendors working on our behalf; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights or property of Microsoft.”

How to increase privacy on Windows 10

The Privacy settings can be managed by searching the term privacy in the start menu and most of the modules that send data to Microsoft can be disabled.

Below are some important features that can be changed to obtain more privacy:

  • Disable advertiser ID: open the settings and search for “advertising;” open “Choose if apps can use your advertising ID” and disable the first option: “Let apps use my advertising ID for experiences across apps”
  • Disable “…info about how I write” so that the text one types and writes with a stylus is not sent to Microsoft servers
  • Disabling the Advertising ID in the “Privacy Settings.”

o    “Let apps use my Advertising ID…” -> OFF

o    “Send Microsoft info about how I write..” -> OFF

o    “Location” -> OFF

  • Speech, Inking, & typing: If all options are cleared, Cortana will also be disabled

Another new feature introduced by Windows 10 is “Wi-Fi Sense” – a feature that syncs all Wi-Fi passwords to the cloud and shares them with the contact list. Through this functionality, the PC will be able to exchange passwords and automatically connect to WIFI, even to unprotected hotspots. The “Wi-Fi Sense” feature can be disabled by accessing Settings, “Wi-Fi” and then “Change Wi-Fi Settings.” Lucian Crisan, Head of Support and QA at CyberGhost VPN and former Microsoft employee recommends this change in order to avoid man-in-the-middle attacks and phishing attempts.”

%d bloggers like this: