Author: hello@alienvault.com

Introduction

In recent years, the field of cybersecurity has witnessed a significant influx of professionals from non-Information Technology (IT) backgrounds who are making the leap into this dynamic industry. As a cybersecurity technical developer and instructor, I have had the privilege of delivering many customers in-person and virtual training courses and meeting numerous individuals seeking to transition into cybersecurity from diverse non-IT related fields.

I can remember Cindy, a lawyer in a large firm, not really finding fulfillment after a “boring” eighteen months at the firm. Also, Ann, an actress with over 17 successful years of movie and theater experience, wanting to get into the industry for higher income to support her daughter. Then Richard, a radiologist tired of the customer abuse he was receiving and wanting more in life.

Everything starts with the right mindset at the onset; and not every career in cybersecurity is deeply technical.

Cybersecurity is a broad field and cybersecurity professionals may do their jobs in a variety of ways. This includes the following roles – keeping in mind that at least two of them are not 100% technical.

• They can have roles that protect a company’s internal networks and data from outside threat actors as information security professionals.
• They can have roles in risk management where they can confirm businesses take appropriate measures to protect against cybercrime.
• They can have roles where they can confirm businesses comply with local, state, and federal cybersecurity and data protections laws.

Aside from being super solid on the OSI Model, hands-on TCP/IP, networking skills, a couple of industry certifications, a drive to self-study, some basic coding and a couple of bootcamps, an aspiring cybersecurity professional must also consider their skills. They bring things to the table from the fields where they come from, which are useful, fully transferable and appreciated!

Sometimes as “seasoned professionals” we forget to investigate fresh ways to pivot in incident response (IR) scenarios for example.

Technical skills can, with some education, hands-on practice, and self-study, be mastered, but the main ones that you will need for the transition are not going to be found in the classroom, or in the computer screen. These are the face-to-face interactions we have with friends, family, coworkers, and strangers. In other words, the soft skills; those skills that cannot be coded or productized but indeed can be monetized. 

Transitioning from entertainment/law/health and many other industries to the cybersecurity field does bring valuable transferable skills. In this article I aim to explore the many valuable skills career changers bring to the table and highlight seven essential skills they must possess to successfully embark on this exciting and amazing journey.   

Attention to detail:

Actors pay great attention to detail, focusing on nuances in dialogue, characterization, and stage directions. In cybersecurity, meticulousness is essential when reviewing code, identifying vulnerabilities, conducting security assessments, and analyzing logs. Her ability to spot inconsistencies and pay attention to minute details can be valuable.

Radiology technicians work with complex medical imaging equipment, where precision and attention to detail are crucial. This skill translates well to the cybersecurity field, where professionals need to analyze large amounts of data, identify vulnerabilities, and detect potential threats with accuracy.

Lawyers pay great attention to detail when reviewing legal documents, contracts, and evidence. This attention to detail can be valuable in cybersecurity, where professionals must review policies, analyze security controls, and identify potential vulnerabilities. They can also contribute to ensuring cybersecurity practices align with legal and regulatory standards.

Communication and persuasion skills:

Radiology technicians often collaborate with radiologists, other healthcare professionals, and patients, conveying complex medical information effectively. This communication skill is essential in the cybersecurity field, where professionals need to explain technical concepts to non-technical stakeholders, present findings, and provide guidance on security measures.

Ann, as an actress, she has likely honed excellent verbal and nonverbal communication skills. This skill is crucial in cybersecurity, as professionals need to effectively convey complex technical concepts to non-technical stakeholders, write clear reports, and collaborate with team members.

Lawyers are skilled in written and oral communication, as they draft legal documents, argue cases, and negotiate on behalf of their clients. In cybersecurity, effective communication is vital for conveying complex technical concepts, presenting findings to stakeholders, and advocating for security measures. Cindy’s ability to articulate and persuade can be beneficial in this field.

Analytical thinking, research skills, and adaptability:

Lawyers are trained to analyze complex legal issues, conduct thorough research, and extract relevant information from vast amounts of data. These analytical and research skills can be applied to cybersecurity, where professionals need to investigate security incidents, analyze threats, and evaluate legal implications of cybersecurity practices.

Radiology technicians analyze and interpret medical images, looking for abnormalities and making diagnostic decisions. This analytical mindset is highly relevant in cybersecurity, where professionals need to assess and analyze complex systems, identify patterns, and evaluate potential risks and vulnerabilities.

Actors often face diverse roles and quickly adapt to different characters, settings, and situations. This adaptability translates well to the dynamic and ever-evolving nature of the cybersecurity field. The ability to learn and adapt to new technologies, methodologies, and threats is crucial for success.

Problem-solving and critical thinking:

Actors regularly encounter challenges during rehearsals and performances and need to find creative solutions. This skillset is valuable in cybersecurity, where professionals face intricate problems related to system vulnerabilities, breaches, and data protection. Ann can leverage her creative problem-solving abilities to analyze and mitigate risks effectively.

Lawyers are trained to identify and solve legal problems by applying critical thinking skills. This ability to assess situations, identify key issues, and propose logical solutions is valuable in the cybersecurity field, where professionals encounter complex technical challenges and need to mitigate security risks.

Radiology technicians often encounter challenges while operating imaging equipment, troubleshooting technical issues, or adapting to unique patient circumstances. This problem-solving ability is valuable in the cybersecurity field, where professionals face complex security issues, breaches, and emerging threats. Richard can leverage his experience to approach cybersecurity challenges systematically.

Compliance, legal, and regulatory knowledge:

In the healthcare field, radiology technicians must adhere to strict privacy and compliance regulations, such as HIPAA (Health Insurance Portability and Accountability Act). This familiarity with regulatory frameworks and data protection can be advantageous in the cybersecurity field, where professionals must navigate various compliance requirements, such as GDPR (General Data Protection Regulation) or PCI DSS (Payment Card Industry Data Security Standard).

With a background in law, Cindy possesses a strong understanding of legal frameworks, regulations, and compliance requirements. This knowledge is crucial in the cybersecurity field, where professionals must navigate various laws and regulations pertaining to data privacy, intellectual property, and cybersecurity standards.

In the entertainment industry, as an actress, Ann has encountered contracts and agreements throughout her career, such as talent contracts, license agreements, or production contracts. She may have developed an understanding of copyright laws, trademarks, intellectual property (IP) and trade secrets during her career. This knowledge can be valuable in cybersecurity where professionals need to safeguard sensitive information, protect proprietary systems, and ensure compliance with IP laws. In the same manner, she will have a solid understanding of the importance of data protection, confidentiality, and consent, when working with sensitive information in the cybersecurity field.

Ethical mindset and ethical hacking skills:

Integrity and an ethical mindset are fundamental prerequisites for success in the cybersecurity industry. Professionals in this field handle sensitive information and possess immense power to protect or exploit digital assets. Career changers should understand the ethical considerations surrounding cybersecurity and uphold the principles of integrity, confidentiality, and privacy.  

Additionally, possessing strong ethical hacking skills can be advantageous. Ethical hackers, known as penetration testers or white hat hackers, play a crucial role in identifying vulnerabilities within systems and networks, helping organizations fortify their defenses against malicious actors.

Teamwork and collaboration:

This is the one that is most transferable for all three “non-IT related” fields. Perhaps it’s time that we in cybersecurity put on our humble hats on accept our new brothers and sisters where we will always find a plethora of unique experiences directly transferable and are 1000% “IT Related”. Career changers can bridge the gap between technical and non-technical teams, fostering a more secure and productive environment.

Conclusion:

By honing their analytical abilities, career changers can excel in threat analysis, incident response, and vulnerability assessment—key areas in which cybersecurity professionals are in high demand.

As the cybersecurity industry continues to grow rapidly, individuals from non-IT backgrounds are increasingly venturing into this field. While career changers bring diverse perspectives, they must possess certain essential skills to thrive in the cybersecurity domain.

Adaptability, analytical thinking, communication and collaboration, and an ethical mindset, are crucial abilities that aspiring cybersecurity professionals must acquire. By embracing these skills, career changers can successfully transition into this exciting industry, contribute to the ever-expanding and cross-pollinated disciplines of the cybersecurity workforce, and help safeguard digital ecosystems against emerging threats.

The very last thing is job interview preparation. That goes without saying. If you’re transferring internally to a cybersecurity position, or if you are coming in new, nailing the interview is paramount. The hard skills will get you the interview; the “soft” skills will get you the dream job of your future. Interview practice is another topic that plays a huge role in getting hired, but mastering the interview is another topic for another day.

We must act NOW and push for diversity and engrain it into our everyday life. If we hire people from diverse backgrounds, we gain the benefit of different viewpoints and different ways of thinking that we had not thought about. This will enrich and make it where we can go to work and have fun while doing already challenging tasks. 

The post Cybersecurity is not a tool or software piece; is a state of mind: Bridging the gap for career changers appeared first on Cybersecurity Insiders.

As everyone looks about, sirens begin to sound, creating a sense of urgency; they only have a split second to determine what to do next. The announcer repeats himself over the loudspeaker in short bursts… This is not a drill; report to your individual formations and proceed to the allocated zone by following the numbers on your squad leader’s red cap. I take a breather and contemplate whether this is an evacuation. What underlying danger is entering our daily activities? 1…2….3…. Let’s get this party started!

When I come to… I find that the blue and red lights only exist in the security operations center. Intruders are attempting to infiltrate our defenses in real time; therefore, we are on high alert. The time has come to rely on incident response plans, disaster recovery procedures, and business continuity plans. We serve as security posture guardians and incident response strategy executors as organizational security leaders. It is vital to respond to and mitigate cyber incidents, as well as to reduce security, financial, legal, and organizational risks in an efficient and effective manner.

Stakeholder community

CISOs, as security leaders, must develop incident response teams to combat cybercrime, data theft, and service failures, which jeopardize daily operations and prevent consumers from receiving world-class service. To maintain operations pace, alert the on-the-ground, first-line-of-defense engagement teams, and stimulate real-time decision-making, Incident Response Plan (IRP) protocols must include end-to-end, diverse communication channels.

Stakeholder Types

 

What does an incident response plan (IRP) do?

That’s an excellent question. The incident response plan gives a structure or guideline to follow to reduce, mitigate, and recover from a data breach or attack. Such attacks have the potential to cause chaos by impacting customers, stealing sensitive data or intellectual property, and damaging brand value. The important steps of the incident response process, according to the National Institute of Standards and Technology (NIST), are preparation, detection and analysis, containment, eradication, and recovery, and post-incident activity that focuses on a continual learning and improvement cycle.

Lifecycle of Incident Response

Many company leaders confront a bottleneck when it comes to assigning a severity rating that determines the impact of the incident and establishes the framework for resolution strategies and external messaging. For some firms, being able to inspect the damage and appropriately assign a priority level and impact rating can be stressful and terrifying.

Rating events can help prioritize limited resources. The incident’s business impact is calculated by combining the functional effect on the organization’s systems and the impact on the organization’s information. The recoverability of the situation dictates the possible answers that the team may take while dealing with the issue. A high functional impact occurrence with a low recovery effort is suited for fast team action.

The heart beat

Companies should follow industry standards that have been tried and tested by fire departments to improve overall incident response effectiveness. This includes:

• Current contact lists, on-call schedules/rotations for SMEs, and backups
• Conferencing tools (e.g., distribution lists, Slack channels, emails, phone numbers)
• Technical documentation, network diagrams, and accompanying plans/runbooks
• Escalation processes for inaccessible SMEs

Since enemies are moving their emphasis away from established pathways to avoid defenders, it is vital to enlist third-party threat landscape evaluations. These can halt the bleeding and cauterize the wound, much like a surgeon in a high-stress operation. Threat actors are always improving their abilities using the same emerging sizzling cyber technologies that defenders use.

Despite widespread recognition of the human aspect as the weakest link, threat actors study their prey’s network to seek alternative weak points such as straddle vulnerability exploitation and credential theft. Employ Managed Threat Detection Response (MTDR), Threat Model Workshop (TMW), and Cyber Risk Posture Assessment (CRPA) services to expertly manage your infrastructure and cloud environments in a one-size-fits-all way.

Takeaways

Take inventory of your assets

• Increase return on investment
• Provide comprehensive coverage
• Accelerate compliance needs
• Create a cybersecurity monitoring response strategy
• Emphasize essential resources, attack surface area, and threat vectors
• Deliver transparent, seamless security

Elevate security ecosystem

• Improve the efficiency and effectiveness of incident response systems.
• The Cyber Risk Posture Assessment (CRPA) encourages better decision-making in order to assess governance security posture.
• The Cyber Risk Posture Assessment (CRPA) & Threat Model Workshop (TMW) provide a method for evaluating the security attack surface and threat vectors.
• The Managed Threat Detection Response (MTDR) expands the security team’s capabilities and competencies.
• Use scenario-based tabletop exercises and incident response planning exercises.

In the future, businesses should implement an incident response strategy, a collection of well-known, verified best practices, and assess their actual versus realized assets and security attack surface portfolio. Is your organization crisis-ready? A strong incident management solution increases organizational resiliency and continuity of operations in the event of a crisis.

The post What is an incident response plan (IRP) and how effective is your incident response posture? appeared first on Cybersecurity Insiders.

A way to manage too much data

To protect the business, security teams need to be able to detect and respond to threats fast. The problem is the average organization generates massive amounts of data every day. Information floods into the Security Operations Center (SOC) from network tools, security tools, cloud services, threat intelligence feeds, and other sources. Reviewing and analyzing all this data in a reasonable amount of time has become a task that is well beyond the scope of human efforts.

AI-powered tools are changing the way security teams operate. Machine learning (which is a subset of artificial intelligence, or “AI”)—and in particular, machine learning-powered predictive analytics—are enhancing threat detection and response in the SOC by providing an automated way to quickly analyze and prioritize alerts.

Machine learning in threat detection

So, what is machine learning (ML)? In simple terms, it is a machine’s ability to automate a learning process so it can perform tasks or solve problems without specifically being told do so. Or, as AI pioneer Arthur Samuel put it, “. . . to learn without explicitly being programmed.”

ML algorithms are fed large amounts of data that they parse and learn from so they can make informed predictions on outcomes in new data. Their predictions improve with “training”–the more data an ML algorithm is fed, the more it learns, and thus the more accurate its baseline models become.

While ML is used for various real-world purposes, one of its primary use cases in threat detection is to automate identification of anomalous behavior. The ML model categories most commonly used for these detections are:

Supervised models learn by example, applying knowledge gained from existing labeled datasets and desired outcomes to new data. For example, a supervised ML model can learn to recognize malware. It does this by analyzing data associated with known malware traffic to learn how it deviates from what is considered normal. It can then apply this knowledge to recognize the same patterns in new data.

Unsupervised models do not rely on labels but instead identify structure, relationships, and patterns in unlabeled datasets. They then use this knowledge to detect abnormalities or changes in behavior. For example: an unsupervised ML model can observe traffic on a network over a period of time, continuously learning (based on patterns in the data) what is “normal” behavior, and then investigating deviations, i.e., anomalous behavior.

Large language models (LLMs), such as ChatGPT, are a type of generative AI that use unsupervised learning. They train by ingesting massive amounts of unlabeled text data. Not only can LLMs analyze syntax to find connections and patterns between words, but they can also analyze semantics. This means they can understand context and interpret meaning in existing data in order to create new content.

Finally, reinforcement models, which more closely mimic human learning, are not given labeled inputs or outputs but instead learn and perfect strategies through trial and error. With ML, as with any data analysis tools, the accuracy of the output depends critically on the quality and breadth of the data set that is used as an input.

A valuable tool for the SOC

The SOC needs to be resilient in the face of an ever-changing threat landscape. Analysts have to be able to quickly understand which alerts to prioritize and which to ignore. Machine learning helps optimize security operations by making threat detection and response faster and more accurate.

ML-powered tools automate and improve the analysis of large amounts of event and incident data from multiple different sources in near real time. They identify patterns and anomalies in the data and then prioritize alerts for suspected threats or critical vulnerabilities that need patching. Analysts use this real-time intelligence to enhance their own insights and understand where they can scale their responses, or where there are time-sensitive detections they need to investigate.

Traditional threat detection methods, such as signature-based tools that alert on known bad traffic can be augmented with ML. By combining predictive analytics that alert based on behavioral anomalies with existing knowledge about bad traffic, ML helps to reduce false positives.

ML also helps make security operations more efficient by automating workflows for more routine security operations response. This frees the analyst from repetitive, manual, and time-consuming tasks and gives them time to focus on strategic initiatives.

New capabilities enhance threat intelligence in USM Anywhere

The USM Anywhere platform has long utilized both supervised and unsupervised machine learning models from AT&T Alien Labs and the AT&T Alien Labs Open Threat Exchange (OTX) for most of its curated threat intelligence. The Open Threat Exchange is among the largest threat intelligence sharing platforms in the world. Its more than 200,000 members contribute new intelligence to the platform on a daily basis.

Alien Labs uses ML models in several ways, including to automate  the extraction of indicators of compromise (IOCs) from user threat intelligence submissions in the OTX and then enrich these IOCs with context, such as associated threat actors, threat campaigns, regions and industries being targeted, adversary infrastructure, and related malware.

The behind-the-scenes capabilities in USM Anywhere have been reinforced by new, high-value machine learning models to help security teams find today’s most prevalent threats.

These new models help the platform generate higher-confidence alerts with less false positives and provide advanced behavioral detections to facilitate more predictive identification of both insider and external threats. Its supervised models can identify and classify malware into clusters and families to predict behaviors. They can also detect obfuscated PowerShell commands, domain generation algorithms, and new command-and-control infrastructure.

Since the platform has an extensible architecture, new models can be introduced as the threat landscape dictates, and existing models can be continuously refined.

For more on how machine learning is transforming today’s SOC and to learn how the USM Anywhere platform’s own analytics capabilities have evolved, tune in to our webinar on June 28.

Register now!

The post Toward a more resilient SOC: the power of machine learning appeared first on Cybersecurity Insiders.

Introduction

In recent years, the field of cybersecurity has witnessed a significant influx of professionals from non-Information Technology (IT) backgrounds who are making the leap into this dynamic industry. As a cybersecurity technical developer and instructor, I have had the privilege of delivering many customers in-person and virtual training courses and meeting numerous individuals seeking to transition into cybersecurity from diverse non-IT related fields.

I can remember Cindy, a lawyer in a large firm, not really finding fulfillment after a “boring” eighteen months at the firm. Also, Ann, an actress with over 17 successful years of movie and theater experience, wanting to get into the industry for higher income to support her daughter. Then Richard, a radiologist tired of the customer abuse he was receiving and wanting more in life.

Everything starts with the right mindset at the onset; and not every career in cybersecurity is deeply technical.

Cybersecurity is a broad field and cybersecurity professionals may do their jobs in a variety of ways. This includes the following roles – keeping in mind that at least two of them are not 100% technical.

• They can have roles that protect a company’s internal networks and data from outside threat actors as information security professionals.
• They can have roles in risk management where they can confirm businesses take appropriate measures to protect against cybercrime.
• They can have roles where they can confirm businesses comply with local, state, and federal cybersecurity and data protections laws.

Aside from being super solid on the OSI Model, hands-on TCP/IP, networking skills, a couple of industry certifications, a drive to self-study, some basic coding and a couple of bootcamps, an aspiring cybersecurity professional must also consider their skills. They bring things to the table from the fields where they come from, which are useful, fully transferable and appreciated!

Sometimes as “seasoned professionals” we forget to investigate fresh ways to pivot in incident response (IR) scenarios for example.

Technical skills can, with some education, hands-on practice, and self-study, be mastered, but the main ones that you will need for the transition are not going to be found in the classroom, or in the computer screen. These are the face-to-face interactions we have with friends, family, coworkers, and strangers. In other words, the soft skills; those skills that cannot be coded or productized but indeed can be monetized. 

Transitioning from entertainment/law/health and many other industries to the cybersecurity field does bring valuable transferable skills. In this article I aim to explore the many valuable skills career changers bring to the table and highlight seven essential skills they must possess to successfully embark on this exciting and amazing journey.   

Attention to detail:

Actors pay great attention to detail, focusing on nuances in dialogue, characterization, and stage directions. In cybersecurity, meticulousness is essential when reviewing code, identifying vulnerabilities, conducting security assessments, and analyzing logs. Her ability to spot inconsistencies and pay attention to minute details can be valuable.

Radiology technicians work with complex medical imaging equipment, where precision and attention to detail are crucial. This skill translates well to the cybersecurity field, where professionals need to analyze large amounts of data, identify vulnerabilities, and detect potential threats with accuracy.

Lawyers pay great attention to detail when reviewing legal documents, contracts, and evidence. This attention to detail can be valuable in cybersecurity, where professionals must review policies, analyze security controls, and identify potential vulnerabilities. They can also contribute to ensuring cybersecurity practices align with legal and regulatory standards.

Communication and persuasion skills:

Radiology technicians often collaborate with radiologists, other healthcare professionals, and patients, conveying complex medical information effectively. This communication skill is essential in the cybersecurity field, where professionals need to explain technical concepts to non-technical stakeholders, present findings, and provide guidance on security measures.

Ann, as an actress, she has likely honed excellent verbal and nonverbal communication skills. This skill is crucial in cybersecurity, as professionals need to effectively convey complex technical concepts to non-technical stakeholders, write clear reports, and collaborate with team members.

Lawyers are skilled in written and oral communication, as they draft legal documents, argue cases, and negotiate on behalf of their clients. In cybersecurity, effective communication is vital for conveying complex technical concepts, presenting findings to stakeholders, and advocating for security measures. Cindy’s ability to articulate and persuade can be beneficial in this field.

Analytical thinking, research skills, and adaptability:

Lawyers are trained to analyze complex legal issues, conduct thorough research, and extract relevant information from vast amounts of data. These analytical and research skills can be applied to cybersecurity, where professionals need to investigate security incidents, analyze threats, and evaluate legal implications of cybersecurity practices.

Radiology technicians analyze and interpret medical images, looking for abnormalities and making diagnostic decisions. This analytical mindset is highly relevant in cybersecurity, where professionals need to assess and analyze complex systems, identify patterns, and evaluate potential risks and vulnerabilities.

Actors often face diverse roles and quickly adapt to different characters, settings, and situations. This adaptability translates well to the dynamic and ever-evolving nature of the cybersecurity field. The ability to learn and adapt to new technologies, methodologies, and threats is crucial for success.

Problem-solving and critical thinking:

Actors regularly encounter challenges during rehearsals and performances and need to find creative solutions. This skillset is valuable in cybersecurity, where professionals face intricate problems related to system vulnerabilities, breaches, and data protection. Ann can leverage her creative problem-solving abilities to analyze and mitigate risks effectively.

Lawyers are trained to identify and solve legal problems by applying critical thinking skills. This ability to assess situations, identify key issues, and propose logical solutions is valuable in the cybersecurity field, where professionals encounter complex technical challenges and need to mitigate security risks.

Radiology technicians often encounter challenges while operating imaging equipment, troubleshooting technical issues, or adapting to unique patient circumstances. This problem-solving ability is valuable in the cybersecurity field, where professionals face complex security issues, breaches, and emerging threats. Richard can leverage his experience to approach cybersecurity challenges systematically.

Compliance, legal, and regulatory knowledge:

In the healthcare field, radiology technicians must adhere to strict privacy and compliance regulations, such as HIPAA (Health Insurance Portability and Accountability Act). This familiarity with regulatory frameworks and data protection can be advantageous in the cybersecurity field, where professionals must navigate various compliance requirements, such as GDPR (General Data Protection Regulation) or PCI DSS (Payment Card Industry Data Security Standard).

With a background in law, Cindy possesses a strong understanding of legal frameworks, regulations, and compliance requirements. This knowledge is crucial in the cybersecurity field, where professionals must navigate various laws and regulations pertaining to data privacy, intellectual property, and cybersecurity standards.

In the entertainment industry, as an actress, Ann has encountered contracts and agreements throughout her career, such as talent contracts, license agreements, or production contracts. She may have developed an understanding of copyright laws, trademarks, intellectual property (IP) and trade secrets during her career. This knowledge can be valuable in cybersecurity where professionals need to safeguard sensitive information, protect proprietary systems, and ensure compliance with IP laws. In the same manner, she will have a solid understanding of the importance of data protection, confidentiality, and consent, when working with sensitive information in the cybersecurity field.

Ethical mindset and ethical hacking skills:

Integrity and an ethical mindset are fundamental prerequisites for success in the cybersecurity industry. Professionals in this field handle sensitive information and possess immense power to protect or exploit digital assets. Career changers should understand the ethical considerations surrounding cybersecurity and uphold the principles of integrity, confidentiality, and privacy.  

Additionally, possessing strong ethical hacking skills can be advantageous. Ethical hackers, known as penetration testers or white hat hackers, play a crucial role in identifying vulnerabilities within systems and networks, helping organizations fortify their defenses against malicious actors.

Teamwork and collaboration:

This is the one that is most transferable for all three “non-IT related” fields. Perhaps it’s time that we in cybersecurity put on our humble hats on accept our new brothers and sisters where we will always find a plethora of unique experiences directly transferable and are 1000% “IT Related”. Career changers can bridge the gap between technical and non-technical teams, fostering a more secure and productive environment.

Conclusion:

By honing their analytical abilities, career changers can excel in threat analysis, incident response, and vulnerability assessment—key areas in which cybersecurity professionals are in high demand.

As the cybersecurity industry continues to grow rapidly, individuals from non-IT backgrounds are increasingly venturing into this field. While career changers bring diverse perspectives, they must possess certain essential skills to thrive in the cybersecurity domain.

Adaptability, analytical thinking, communication and collaboration, and an ethical mindset, are crucial abilities that aspiring cybersecurity professionals must acquire. By embracing these skills, career changers can successfully transition into this exciting industry, contribute to the ever-expanding and cross-pollinated disciplines of the cybersecurity workforce, and help safeguard digital ecosystems against emerging threats.

The very last thing is job interview preparation. That goes without saying. If you’re transferring internally to a cybersecurity position, or if you are coming in new, nailing the interview is paramount. The hard skills will get you the interview; the “soft” skills will get you the dream job of your future. Interview practice is another topic that plays a huge role in getting hired, but mastering the interview is another topic for another day.

We must act NOW and push for diversity and engrain it into our everyday life. If we hire people from diverse backgrounds, we gain the benefit of different viewpoints and different ways of thinking that we had not thought about. This will enrich and make it where we can go to work and have fun while doing already challenging tasks. 

The post Cybersecurity is not a tool or software piece; is a state of mind: Bridging the gap for career changers appeared first on Cybersecurity Insiders.

In today’s fast-paced digital landscape, businesses proactively seek innovative ways to optimize their networks, enhance operational efficiency, and reduce costs. Network Functions Virtualization (NFV) emerges as a transformative technology that leads the charge.

NFV revolutionizes traditional, hardware-based network functions by converting them into flexible, software-based solutions. Virtual Network Functions (VNFs) can be deployed on commodity servers, cloud infrastructure, or even in data centers, freeing businesses from the constraints of specialized, proprietary hardware.

NFV simplifies network operations and significantly reduces hardware costs by allowing network functions, such as firewalls, load balancers, and routers, to run on general-purpose servers. This leads to substantial savings in both capital expenditure (CAPEX) and operational expenditure (OPEX).

Furthermore, NFV equips businesses with the agility and flexibility necessary to adapt quickly to changing network demands. Unlike traditional hardware-based network functions, which are static and require manual configuration, VNFs can be rapidly deployed, scaled, or modified to accommodate fluctuating network requirements. This provides a level of scalability and agility that was previously unattainable.

NFV also streamlines network management and automation. With NFV Management and Orchestration (MANO) systems, businesses can centrally manage and orchestrate VNFs, reducing the complexity and manual effort associated with network administration. This simplifies the deployment and management of network services, improves efficiency, and minimizes the risk of errors.

Moreover, NFV contributes to more sustainable and environmentally friendly operations by reducing energy consumption. By consolidating multiple network functions onto shared infrastructure, NFV lowers energy usage and cooling requirements.

The NFV architecture, standardized by the European Telecommunications Standards Institute (ETSI), provides a blueprint for implementing and deploying NFV solutions. It comprises three main components:

• Virtual Network Functions (VNFs): Software implementations of network functions deployable on Network Function Virtualization Infrastructure (NFVI). Each VNF runs on generic server hardware and interconnects with other VNFs to create extensive networking communication services.
• NFV Infrastructure (NFVI): The environment hosting the VNFs. It includes the hardware resources and the software layers that abstract, pool, and manage the physical resources.
• NFV Management and Orchestration (MANO): The framework orchestrating and managing physical and/or virtual resources that support the VNFs. The MANO layer consists of the NFV Orchestrator, VNF Manager, and Virtualized Infrastructure Manager (VIM).

This architecture decouples network functions from proprietary hardware appliance which is how NFV enhances network flexibility, scalability, and service deployment speed, while cutting costs and energy consumption.

NFV not only brings cost savings and efficiency but also fosters innovation. The ability to quickly and easily deploy new network functions enables businesses to experiment with new services and features, accelerating innovation and enhancing competitiveness.

NFV represents a paradigm shift in networking. By transforming rigid, hardware-based network functions into flexible, software-based solutions, NFV equips businesses with the agility, cost-efficiency, and innovation potential necessary to thrive in the digital age. Embracing NFV is a strategic move for businesses looking to future-proof their networks and maintain a competitive edge in the digital era. Don’t let your current network setup hold you back; explore the possibilities NFV offers with AT&T Cybersecurity and transform your network infrastructure today.

The post What is NFV appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In the vast realm of digital investigations, there exists a fascinating technique known as recycle bin forensics. Delving into the depths of this captivating field unveils a world where seemingly deleted files can still reveal their secrets, allowing digital detectives to reconstruct user activities and uncover valuable information. So, let’s embark on a journey to demystify recycle bin forensics and understand its role in the realm of cybersecurity.

Recycle bin forensics is a specialized branch of digital forensics that focuses on the retrieval and analysis of deleted files from the recycle bin or trash folder. This intriguing technique holds the potential to unlock a treasure trove of evidence, shedding light on cybercrimes and aiding in the investigation process.

To comprehend the intricacies of recycle bin forensics, it’s essential to grasp how the recycle bin functions.

When you delete a file on your computer, it often finds its way to the recycle bin or trash folder. It’s a convenient feature that allows you to recover accidentally deleted files with a simple click. But did you know that even after you empty the recycle bin, traces of those files may still linger on your system?

Welcome to the fascinating realm of recycle bin forensics, where digital detectives can uncover valuable information and shed light on a user’s activities.

Location of Deleted files

C:RECYCLED          Win 95/98/Me

C:RECYCLER          Win NT/2000/ XP

C:$Recycle.bin         Win Vista and later

Metadata file

INFO2(Win 95/98/Me)

C:RECYCLERSID*INFO2 (Win NT/2000/XP) (SID denotes security identifier)

Windows Vista and later

C:Recycle.binSID*$I******(Contains Metadata)

C:Recycle.binSID*$R******(Contents of deleted file)

Both files will be renamed to a random 6-character value. These directories are hidden by default; however, you can access them using command prompt with elevated privileges (Run as administrator) on your windows system using command dir /a.

Recycle bin forensics assumes a critical role in digital investigations, enabling law enforcement agencies, cybersecurity experts, and forensic analysts to piece together the puzzle. By analyzing deleted files, forensic professionals can reconstruct a timeline of events, unearth vital evidence, and recover seemingly lost data, aiding in the pursuit of justice.

Unveiling the secrets hidden within the recycle bin requires specialized tools and techniques. Forensic software empowers investigators to extract deleted files, even after the recycle bin has been emptied. Through careful analysis of file metadata, paths, and content, digital detectives can gain insights into file origins, modifications, and deletions, painting a clearer picture of the user’s activities.

One such utility we will be using is $IPARSE which can be downloaded here.

Steps to find metadata related to a deleted file ($I****** file)

• Run command prompt as administrator

• cd .. (Twice)

• after that use command dir /a and check if you are able to see $RECYCLE.BIN directory

• cd $RECYCLE.BIN to go inside the directory and use command  dir /a

now you will see multiple entries starting with S in the list of directories.

To check users associated with the SID directories you can use command wmic useraccount get name,sid

It will list all the users associated with SID’s. After that copy any SID by selecting and using ctrl C (as well you can use tab key to autocomplete the SID after typing first few characters of SID).

Now, to move into the SID directory:
 

cd SID (paste the copied value)

for example, if the SID directory name was S-1-5-32

• cd S-1-5-32

after that use command dir /a to list the components of that directory you shall see $I and $R files. In certain cases, only $I****** file will be available.

For illustration purposes, we are using files acquired from other systems.

• Now, create a folder and give a path to copy the file. Syntax would be file name “path” ($IABTIOW.doc “D:DesktopTest filesi filesTESTOutput”), you can alternatively use the copy command.

• Copy the file/folder name (while inside the said directory) and copy to path (where you wish to copy the said file or folder). The path can be copied by going in folder and clicking the address bar – your file will be copied and the associated software will try to open it, but won’t be able to open (like photos app for png/jpeg files)

• Extract and run the $Iparse utility you downloaded. Browse the directory/folder you copied $I files in. Now, browse to the directory where you want to put the result file at and provide a file name.

Click on save. After that, you should be able to see an interface like below:

Then click parse. It will display the file for you if it has successfully parsed it – the output file will be in .tsv format. You can open the .tsv file with notepad or notepad++. Now, you will be able to see details pertaining to the said $I file.

While recycle bin forensics is a powerful tool, it is not without its challenges and limitations. As time progresses and new files are created and deleted, older remnants in the recycle bin may be overwritten, making the recovery of certain deleted files more challenging or even impossible. Additionally, the effectiveness of recycle bin forensics can vary based on the operating system and file system in use, presenting unique obstacles.

To protect sensitive information and thwart potential recovery through recycle bin forensics, implementing secure data deletion practices is vital. Merely emptying the recycle bin offers no guarantee of permanent erasure. Instead, employing specialized file shredding or disk wiping tools can ensure that deleted data is securely overwritten, rendering it irretrievable.

In conclusion, recycle bin forensics is a remarkable field that uncovers the hidden remnants of deleted files, holding the potential to transform investigations. As we navigate the digital landscape, understanding the power of recycle bin forensics reminds us of the importance of safeguarding our digital footprint. Through knowledge, diligence, and secure practices, we can protect our sensitive information and fortify the realm of cybersecurity for the benefit of all.

The post Digital dumpster diving: Exploring the intricacies of recycle bin forensics appeared first on Cybersecurity Insiders.

In today’s digital era, businesses actively strive to heighten network agility, boost security, and slash operational costs. Network Function Virtualization (NFV) and Secure Access Service Edge (SASE) stand at the forefront of this revolution, reshaping enterprise networking and security.

NFV breathes new life into traditional, hardware-based network functions, turning them into versatile, software-based solutions deployable on virtualized infrastructure. As a result, businesses cut hardware costs, speed up service deployment, and streamline network management and automation. When you incorporate NFV into your organization’s network architecture, you unlock these benefits:

• Cut hardware costs and physical footprint: Virtual Network Functions (VNF) operate on general-purpose servers, delivering a more cost-effective solution.
• Scale the edge swiftly: NFV grants networks that frequently or unpredictably change, greater flexibility and agility. You can deploy, modify, or scale them to adapt to shifting demand.
• Speed up service deployment: Forget procuring, installing, and configuring specialized hardware. Instead, launch VNFs fast and hassle-free to deploy new network services.
• Enhance network management and automation: NFV management and orchestration (MANO) systems allow central management and orchestration of VNFs, reducing network administration’s complexity and manual effort.
• Decrease energy consumption: NFV consolidates multiple network functions onto shared infrastructure, lowering energy consumption and cooling requirements, contributing to greener and more sustainable operations.

On the flip side, SASE represents a departure from the traditional network architecture that depends on separate devices for each function. It pulls network and security services closer to the edge, providing consistent security policies, better performance, and simplified management. With its flexible, programmable, and secure networking capabilities, NFV is a critical enabler of SASE. NFV and SASE architectures also deliver these benefits:

• Scalability: As a cloud-based service, SASE and NFV work in harmony to scale up or down effortlessly based on demand, helping organizations adapt quickly to evolving network conditions and requirements.
• Performance and user experience: SASE and NFV draw network and security services closer to the edge, reducing latency and enhancing performance for users, especially those remote from the organization’s data centers or main offices.
• Consistent security policies: SASE and NFV ensure the consistent application of security policies across the entire network, regardless of users or devices’ location. This is particularly advantageous for organizations with remote workers or multiple branches.
• Cost efficiency: By merging multiple network and security functions into a single service, and on single physical servers, SASE and NFV help organizations slash costs linked to hardware procurement, installation, and maintenance.

The powerhouse duo of Network Function Virtualization (NFV) and Secure Access Service Edge (SASE) empowers modern businesses to amplify their network agility, bolster security, and curb operational costs. Their synergy keeps organizations in step with the fast-paced rhythm of today’s digital business landscape, offering a network architecture that is flexible, scalable, secure, and efficient.

Adopting NFV can fuel cost savings, expedite service deployment, enhance network management, and promote sustainability. Simultaneously, embracing SASE can deliver consistent security policies, improve performance, and simplify management, especially beneficial for businesses with a dispersed workforce or multiple branch locations. Together, NFV and SASE form a robust framework for securing and managing modern networks.

The time to integrate NFV and SASE into your network architecture is now. Considering the multitude of benefits they offer, it’s not a mere option; it’s a strategic imperative to future-proof your network infrastructure. Don’t let your current network setup hinder your business growth. Contact AT&T Cybersecurity to discover how NFV and SASE can revolutionize your network infrastructure and propel your business forward.

The post Benefits of Using NFV with SASE appeared first on Cybersecurity Insiders.

The post Next-Generation Firewalls: A comprehensive guide for network security modernization appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

An interesting detail about the organization is that they do not make their own strains of malware. Rather, they opt to repurpose pre-existing strains to achieve their end goal of monetary gain. Two of the most popular tools that have been used by the cybercrime group are LockBit 3.0 for targets using Windows OS and Babuk for targets using Linux OS. Both LockBit 3.0 and Babuk are strains of ransomware that encrypt files on a victim’s machine and demand payment in exchange for decrypting the files. These tools allow Blacktail to operate using a RaaS (ransomware as a service) model which falls in line with their goal of monetary gain.

Lockbit 3.0 is the latest version of the Lockbit ransomware which was developed by the Lockbit group in early 2020. Since its launch it has been linked to over 1400 attacks worldwide. This has led to the group receiving over $75 million in payouts. This ransomware is most distributed through phishing attacks where the victim clicks on a link which starts the download process.

Babuk is a ransomware that was first discovered in early 2021. Since then, it has been responsible for many cyber-attacks that have been launched against devices using Linux OS. This strain of ransomware serves a similar purpose to Lockbit 3.0 and its main purpose is to compromise files on a victim’s machine and make them inaccessible until the ransom is paid.

Recently, this group has been seen leveraging two different exploits. The first is CVE-2023-27350 which allows attackers to bypass the authentication required to utilize the Papercut NG 22.05 on affected endpoints. They leverage this vulnerability to install programs such as Cobalt Strike, Meterpreter, Sliver, and ConnectWise. These tools are used to steal credentials and move laterally within the target network. The second vulnerability, CVE-2022-47986, which affects the IBM Aspera Faspex File Exchange system allows attackers to perform remote code execution on the target devices.

Blacktail represents a significant threat in the world of cybercrime, employing a wide range of sophisticated methods to attack its victims. From phishing and social engineering to ransomware campaigns and APT attacks, their tactics demonstrate a high level of expertise and organization. To counter such threats, individuals, businesses, and governments must prioritize cybersecurity measures, including robust firewalls, regular software updates, employee training, and incident response plans. The fight against cybercrime requires constant vigilance in order to stay one step ahead of the attackers.

Reference:

https://heimdalsecurity.com/blog/buhti-ransomware-blacktails-newest-operation-affects-multiple-countries/

The post Blacktail: Unveiling the tactics of a notorious cybercrime group appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

While cryptocurrencies have been celebrated for their potential to revolutionize finance, their anonymous nature has also been exploited for illicit activities. From drug dealing and arms trafficking to funding terrorism, black market activities have thrived under the cloak of cryptocurrency’s pseudonymity. According to a report by Chainalysis in 2023, around $21 billion in crypto transactions were linked to illegal activities.

Money laundering, too, has found a home in the crypto space. Overall, between 2017 and 2021, crooks laundered over $33 billion worth of cryptocurrency.

Moreover, tax evasion has surged with crypto’s rise. Crypto traders evading their tax obligations could be costing the Internal Revenue Service upwards of $50 billion annually.

Law enforcement’s response to technological challenges

While the majority of cryptocurrency transactions remain legitimate, these dark sides of cryptocurrency cannot be ignored. Regulatory and law enforcement agencies worldwide have an urgent task ahead: to develop robust mechanisms to combat these illicit uses while supporting the technology’s legitimate growth. We should craft and use Blockchains that are safe and advantageous to everyone except lawbreakers.

There is a long-standing tradition of law enforcement agencies modifying their approaches to chase criminals who exploit the newest technologies for illicit purposes. This adaptability was evident when technologies like fax machines and pagers were invented. Throughout history, the legal system has consistently demonstrated its ability to adapt and grow in order to confront emerging technological challenges.

Even though Blockchain represents a revolutionary development in the finance and tech spheres, it is merely the latest example of how law enforcement must continually innovate and adapt to new technologies. Given this perspective, it is hard to argue that Bitcoin and other coins pose an insurmountable problem for law enforcement.

As Blockchain technology is still young, we have a unique opportunity to enhance law enforcement’s understanding of it and improve its security. Individuals interested in Blockchain should assist law enforcement in understanding and harnessing the potential of this technology.

A practical approach to achieving this is implementing a public-private information-sharing process like the one employed to exchange cybersecurity threat details. These dialogues can establish a mechanism through which the Bitcoin community can contribute their knowledge to help law enforcement overcome challenges encountered during cybercrime investigations.

Challenges for law enforcement in investigating cryptocurrency crimes

Still, certain features of Bitcoin and other popular cryptocurrencies present substantial challenges for law enforcement. Collaborating with distant international counterparts, each with its distinct policies often complicates investigative efforts. Identifying an individual from a Bitcoin address is also not easy. Cryptocurrency exchanges operating in different jurisdictions, the use of mixers and tumblers to obfuscate transactions, and the rapid evolution of technology pose significant hurdles for investigators.

The greatest obstacle in any cybercrime investigation is attributing a specific person to a virtual offense. Prosecutors often attempt to link a particular MAC or IP address, or an email address, to a specific individual. This becomes significantly more challenging when someone utilizes Tor, proxies, or employs privacy coins like Monero.

Another complication arises from the fact that many email providers, as well as cell phone companies, either cannot or do not find it necessary to validate the information their users provide them.

One potential solution to overcome these challenges is to employ data analysis from multiple sources, aiming to isolate and identify the single offender in the crowd.

Advantages of Blockchain for law enforcement

Despite the various challenges it presents, the Blockchain actually offers several advantages to law enforcement. One of the notable benefits is the ability to trace all transactions associated with a particular Bitcoin address, including records dating back to its initial transaction.

Cases like Silk Road, Mt. Gox, and others have showcased the proficiency of law enforcement agencies in tracing transactions on the Blockchain. Carl Force, a DEA agent, faced accusations of pilfering Bitcoins during the Silk Road investigation. During the trial, a chart was presented as evidence, demonstrating how law enforcement successfully tracked the funds across the Blockchain, despite Carl Force’s attempts to divide the transactions among multiple addresses.

Contrary to popular belief, Bitcoin is not as anonymous as many people think. Each Bitcoin address may serve as an account number for an individual. If a person can be linked to a specific address, it becomes possible to access information about all the transactions associated with that person.

If an individual utilizes a crypto wallet to interact with the Blockchain, the wallet organization will associate the address with the individual, similar to how a bank keeps records of its customers and their accounts.

New software tools can identify patterns in Blockchain transactions, such as repeated transactions between specific addresses or sudden large transactions, indicating potential illegal activity and leading to particular people.

The Blockchain operates as a peer-to-peer system, where no single entity has exclusive authority to remove records. It functions as a publicly accessible ledger of data blocks, and it cannot be revised or tampered with. This ability allows law enforcement to track the flow of funds in a manner that was previously impossible.

Law enforcement agencies often face a significant challenge when dealing with phone and Internet companies due to varying regulations regarding the retention of customer data. The process of locating the specific provider that possesses the information needed to trace a high-level cyber-criminal can be time-consuming, spanning multiple providers and even different countries.

Furthermore, there is always a risk that the trail may have gone cold by the time the relevant provider is identified. In contrast, the Blockchain serves as a permanent repository for all data. It retains information indefinitely, ensuring that it is always accessible. This eliminates the need for extensive investigations across multiple providers and offers a streamlined way to obtain the required data.

The Third Party Doctrine states that individuals should not expect confidentiality for data shared with third parties such as ISPs, banks, etc., creating complications for law enforcement. It enables law enforcement to obtain records from ISPs, banks, and cellphone carriers through a subpoena rather than a search warrant. However, Blockchain operates differently in this regard. There are no such complications when it comes to Blockchain. It is straightforward to utilize Blockchain and trace transactions without needing a subpoena. The Blockchain is intentionally designed to be open and accessible to all, eliminating the need for legal procedures to access its data.

When evidence emerges in a foreign country, U.S. law enforcement is required to adhere to the Mutual Legal Assistance Treaty (MLAT) procedure in order to seek assistance from foreign agencies. One significant example highlights the Department of Justice engaging in a legal battle against Microsoft. This case revolved around the question of whether the DOJ possesses the authority to access data stored in a Microsoft data center located in Ireland. Microsoft argued that the DOJ could not employ a search warrant to obtain overseas data and must follow the MLAT procedure instead. However, with Blockchain, such issues do not arise as it allows access from anywhere in the world without the need for MLAT.

Final thoughts

It is an undeniable reality that illegal money transfers will persist. It is impossible to completely eliminate criminals from utilizing Blockchain or the internet as a whole. However, what we can strive for is to develop solutions that make it increasingly challenging for illicit parties to thrive. Law enforcement should concentrate their efforts on the specific areas of the Blockchain where criminal activities frequently emerge. Individuals must collaborate and devise innovative strategies that law enforcement can adopt to combat these challenges effectively.

The post Law enforcement’s battle against Cryptocurrency crime appeared first on Cybersecurity Insiders.