Real World Cyber Security Experience: From Learning to Earning

Real world, experiential learning helps students develop knowledge, skills, and abilities that they can take directly from the classroom to the workplace.

This direct connection from learning to earning is important to all students, but none more so than adult learners who have gone back to school, often while continuing to work full-time. Maybe their goal is to grow in their current job role or career. Maybe they are ramping up for a job or career change. Maybe they are exploring new interests. Regardless of motivation, after juggling the many demands of working while going to school, most adult learners expect to graduate with skills that they can immediately apply in the workforce or other direct activity.

To say that the cyber security industry is seeking skilled job candidates is an understatement.  Cybersecurity Ventures predicts that there will be 3.5 million (that’s million) unfilled cybersecurity jobs globally by 2021.   The interactive Cyber Seek website shows over 500,000 U.S. cybersecurity job openings as I write.  With gaps of this magnitude between open jobs and applicants, cyber security is a perfect discipline for educators to focus on and provide experiential learning that students can directly apply outside the classroom.

Capella University, an online university headquartered in Minneapolis, Minnesota, recently did just that by adding a hands-on lab component to the capstone course for its BS in Information Technology, Information Assurance and Cybersecurity program.  One of their over-arching design goals was to make the course as close as possible to the “real world” of cyber security work. We are proud that they chose Project Ares by Circadence to deliver this critical element.

In a recent Circadence webinar, Dr. James W. Barker, Adjunct Faculty in the School of Business and Technology spoke in detail about the process the team at Capella went through to integrate Project Ares into their capstone course.  Project Ares enabled them to address three objectives:

  1. Give students hands-on practice using their cyber skills against a variable adversary
  2. Provide authentic learning scenarios that students could report on to demonstrate their knowledge of the attack and recommendations for future prevention
  3. Create an opportunity for teamwork and collaborative problem solving, which are essential skill requirements for cyber teams and hiring managers

“By the end of the second week of the course,” said Dr. Barker, “almost to an individual, students stated that this is the most realistic, engaging, and challenging course that they have taken.  One group was so engaged and motivated by working on the Project Ares platform that they completed their final group mission two weeks early.”

From his faculty point of view, Dr. Barker is pleased that Capella has delivered the equivalent of a formal cyber security internship and cannot envision a better means of exposing their learners to “real world” security work.  And Capella isn’t stopping here; they are considering plans to incorporate Project Ares learning exercises into other courses at the undergraduate and graduate level.

Check out the webinar where Dr. Barker shares more about how he set up the course syllabus and learn more about the power of Project Ares as an on-demand and hands-on learning platform ​that uses cyber range-as-a-service technology to deliver Virtual Machine-based cyber security training exercises.

 

Photo Credit: Thanks to Joshua Ness for sharing their work on Unsplash.

3 Ways Tech Companies Can Improve the Talent Acquisition Process

It’s reasonable to correlate the quality of the talent acquisition process to the quality of employees in the company– which is tied to the success of the company. Yet, there is currently a shortage of qualified experts in field of cyber security and there has been for quite some time. And while tech companies have pulled back the reins on hiring tech talent due to the economic consequences of the coronavirus outbreak, reports CBNC, more emphasis is being placed on preserving team member jobs and revitalizing the hiring process as we all prepare to re-open and heal. Out of the chaos of recent events comes opportunity and tech companies are showing more resilience than ever as tech leaders identify pragmatic ways to staff up. We’ve got three foundational tips to help hiring managers and senior cyber security / IT leaders fill their cyber talent and candidate pools with qualified professionals who not only look good on paper, but can demonstrate their qualifications.

But before we dig into those recommendations, let’s establish some context first.

State of the cyber security talent in the tech sector

The role of the cyber security professional continues to develop and gain more authority and responsibility as the security landscape and the integration of business and technology evolves.

When we look at the current climate of cyber security jobs in the U.S., we see bleak yet in-demand overtones. Finding qualified cyber talent and candidates is very much like searching for a needle in a haystack for hiring managers and recruiters.

  • It takes an average of 3-6 months to fill a cyber security job position (Dark Reading)
  • In 2019, there were over 700,000 unfilled IT jobs in the U.S. (CNBC)
  • Employment of computer and information technology occupations is projected to grow 12 percent from 2018 to 2028 (Bureau of Labor Statistics)

While all companies likely struggle to find qualified cyber talent, the technology sector has its own unique set of challenges that are important to discuss and be aware of. Emerging technology, disruptive tech, the sheer evolution and the fast-paced nature of the industry make it hard to find candidates who have experience and knowledge in specialized areas of technology­–many of which are just now becoming adopted into businesses.

IT, security managers, operators and human resource leaders realize that:

  1. they need to focus on filling positions with quality candidates who can demonstrate their skills in a skills-deprived landscape
  2. to achieve that objective, more can be done in the recruitment and hiring phase.

Okay, let’s talk about those recommendations now. And if you have more suggestions based on what’s worked with your company, let us know!

Promote from within

The first logical step in filling a cyber position is to promote from within the company. It saves on time and cost to recruit. There may be IT generalists in your company who desire to take their career to a new level in cyber security and you’re just not aware of it (…and may have the aptitude and willingness to learn).

If an IT generalist is interested in filling a needed cyber security position (e.g. information security engineer, network architect, systems analyst), consider giving them a project to test their skills and ambition and see how they do. More on this in a second.

To promote from within, ensure you’ve communicated the requirements of the position clearly to the company across all departments. People in cyber security positions come from all walks of life: computer science, history, military, political science, yes, even fields like philosophy. Yet they all have one thing in common: They share a deep and abiding interest in how technology works, notes Cyber Degrees.

So find those individuals who are looking to grow into a new position within the company and interview them. You may be surprised to learn there are passionate people willing to learn and grow, right in your own company ‘backyard.’

Test skills during the interview process

Allow candidates the opportunity to demonstrate what’s on their resumé. Online cyber training platforms like Project Ares can help HR managers and decision makers ‘see’ how a prospect might tackle a realistic cyber security issue.

·     Evaluate candidate skills in real-time against resumé credentials

·     Assess cyber competencies against other candidates and co-workers

·     Identify strengths in cyber technique, tactics, and procedures

By completing a set of tasks or activities that put skills like digital forensics, Linux skills, ports and protocols, and regular expressions work, candidates can show employers what they know and how they work before they even move on to a second or third interview. It’s one thing to talk about your experience, it’s another to actually apply it in a realistic setting.

Use Project Ares to support internal hiring processes

Circadence’s Project Ares platform helps HR decision makers assess candidate skills and competencies in various aspect of cyber security. And the platform can work for both internal recruitment and external recruitment. If promoting from within and you identify interested candidates who may or may not have a rich cyber background, you can use the platform’s cyber learning games and foundational scenarios to learn aspects of cyber security and security operations in ‘safe’ cyber range environments. If candidates demonstrate a willingness to learn in the platform, that is a good sign. If they are able to follow the guidance and instructions and apply critical thinking to complete the scenarios in the platform, even better. Hiring mangers can literally ‘see’ how an internal candidate responds to the act of learning and one can glean a lot about a candidate’s fit for the position simply through this effort of cyber aptitude testing.

Use Project Ares to support external hiring processes

The same applies for external hiring of cyber security professionals. Hiring managers and cyber security leaders can use Project Ares foundational and specialized scenarios to teach certain cyber skills they are looking for. If you’re looking to fill a position that aligns to a NIST/NICE work role, several exercises in the platform can address those specific skill sets. Further, the Assessment Reports can help HR professionals evaluate candidate strengths and compare those results against other candidates who have engaged in the platform to identify the best company cultural fit and skills fit.

·     Nurture qualified candidates in the platform

·     Retain top talent with professional skills development efforts in the platform

A Wall Street Journal article, sums up the ‘what’s next?’ to these challenges, succinctly:

Tom Gimbel, CEO of LaSalle Network Inc., a technology staffing and recruiting firm, said that once the crisis fades he expects a rebound in tech hiring as businesses seek out technology tools to cut costs and eke out efficiencies during a prolonged economic recovery.

“While new product implementations will slow down, we will see strong hiring of corporate IT, infrastructure, development and security roles,” Mr. Gimbel said.

Living our Mission: Circadence Collaborates with Academia and Army to Support Cyber Range Virtual Environment Replication and Construction with N/CRAF

Circadence announced in May 2020 the latest development of an automated network mapping tool for IT use, based on collaborative work with Mississippi State University engineers and researchers. Circadence has had a six-year partnership with the university and the Threat Systems Management Office of Redstone Arsenal (TSMO) and has worked on several projects over the years to solve challenges related to National Defense. We sat down with two of our Circadence personnel: Dwayne Cole, the JMN NOSC (Network Operation and Security Center) Operations Manager and Craig Greenwood, Project Manager with Opposition Force/Advanced Red Team Intrusion Capabilities to understand more about the tool and learn about the benefits it provides to the technology community at large.

The Netmapper/Cyber Range Automation Framework (N/CRAF) project started as two separate projects, Netmapper and CRAF. The projects were recently combined to form a new tool integrating two previously independent efforts:

  • Netmapper — Commissioned by TSMO, developed by Circadence in collaboration with Mississippi State University (MSU) Center for Cyber Innovation (CCI). Netmapper is a graphical tool for the scanning and configuration collection of network infrastructure and integration with NOSC automation.

 

  • Cyber Range Automation Framework (CRAF) — Developed by NOSC engineers to meet mission requirements for rapid and repeatable deployment and configuration of virtual environments. CRAF uses Ansible and other open source tools to instantiate virtual environments.

ncraf logo

N/CRAF Netmapper/Cyber Range Automation Framework is the enabling mechanism for effecting physical resource provisioning and virtual environment instantiation in a rapid and repeatable fashion. It supports the full lifecycle of cyber range virtual environment events.

The Netmapper project was born out of the need to improve the accuracy of Cyber Range emulated network environments. Craig noted that before N/CRAF, range environments were built from a subject matter expert’s assumption/belief of what their network looked like but inevitably those assumptions were never 100% correct. The network mapping process previously required a network administrator or engineer to draw a picture/map of the network which became the basis of virtualize environment used in the exercise(s). One can understand how there was room for error in this manual process – at the least, a small level of concern as to whether a network drawing and virtualization of it was indeed as realistic and accurate as possible.

As a result, Craig says, professionals training in the cyber range environments weren’t actually training on networks that were as ‘close to the real thing’ as possible. There was room to improve.

When automation engineers have real-world scanned networks as a reference, they can more accurately emulate the customers environment. Simply put, as Craig notes, “we took the assumption out of network mapping” with N/CRAF. Now the training moves ever closer to real world environment.

“Imagine scanning a network to extract the DNA which can be used to clone and re-build it” Circadence’s Dwayne Cole describes.

Combining the two programs (Netmapper and CRAF) enabled an iterative approach to cyber range environment build out that also drastically improved the end product. The scanning technology helps the automation engineers verify what they have built; it adds a check for the automation framework. It also can be used by the customer to validate the environment. The customer can easily compare the original design or scan versus the final emulated environment hosted on the Cyber Range.

With N/CRAF, it becomes easier for engineers to share their network models with one another and build out high fidelity networks to facilitate technologies assessments. N/CRAF saves everything to a single XML file to include all the configuration data.  The tool also supports merging and diff’ing the output files. The merge capability allows the engineer to take parts and pieces from other networks or events to add to the current event. This allows the engineers to build special purpose network sections, like synthetic internet or traffic generation, that can be reused/added to current event. N/CRAF is a force multiplier, it enables repeatable, tedious deployment and configuration tasks and improves the reuse of detailed environments for multiple users to train within.

The tool is currently undergoing an accreditation process and is being demoed within defense departments with the goal to deploy it as a standardized tool across various agencies. The potential for the tool to be used in more commercial applications is promising as well.

To read the project announcement issued by Mississippi State University, read the news release: https://www.msstate.edu/newsroom/article/2020/04/msu-circadence-partner-create-virtual-cyber-defense-tool.

 

 

 

Cyber Security and Risk Mitigation Go Hand in Hand

Cyber Risk means different things to different people in an organization. Deloitte distinguishes it well: A CEO might worry about the expected financial loss related to cyber risk exposure; while the CFO is challenged to show the value of security while managing the associated costs. The CMO might worry about the impact to the brand if a breach to the company occurs; while the CISO is thinking about which key initiatives to prioritize to maximize risk buy down.  But one thing that savvy executives agree on is that cyber security is a business risk that should be included in corporate risk mitigation strategy and processes.

Cyber Risk Mitigation focuses on the inevitability of disasters and applies actions and controls to reduce threats and impact to an acceptable level.

Lisa Lee, Chief Security Advisor for Financial Services in Microsoft’s Cybersecurity Solution Group,  partnered with Circadence in April 2020 to talk about this topic in a webinar.  Originally broadcast for a financial risk mitigation audience, the practical advice Lisa offers in 6 areas of cyber risk mitigation is broadly applicable.

Cyber Risk Insurance

Insurance can help to reduce the financial impact of an incident, but it does NOT mitigate the likelihood of a cyber breach happening – in the same way that having car insurance helps with the financial consequences of an accident but cannot in anyway prevent an accident from occurring.

Identity and Access Management

Microsoft recommends making “Identity” the security control plane. Employees use multiple devices (including personal devices), networks, and systems throughout their lifecycle with a company. The explosion of devices and apps and users makes security built around the physical device perimeter increasingly complex.  At the same time, access to on-premise systems and cloud systems are shifting to transform to meet business needs.  Partners, vendor/consultants, and customers might also all require varying degrees of access.  A strongly protected, single user identity at the center of business for each of these constituents can exponentially improve the efficiency and efficacy of the overall security posture of the company.

Configuration and Patch Management

This is IT or cyber security 101.  Everyone should be doing it on a consistent basis.  But  20% of all vulnerabilities from unpatched software are classified as High Risk or Critical. The Center for Internet Security  is an excellent resource for more information on best practices.

Asset Protection (devices, workload, data)

There is a massive amount and diversity of signal data coming in from the network and there are many tools on the market to help assist in the collection, management, and assessment.  Lisa advised not to spend too much time trying to evaluate and select the best of breed tool in each category.  Rather, find a suite that works well together so that you don’t have to spend time on integration. Beyond devices, also consider your security policies and practices to ensure visibility for workloads across on-prem, cloud, and hybrid cloud environments.  And finally, consider protecting the information directly so that wherever data elements go, even outside the company, they carry protection with them.  The key to this is encryption.

Monitoring and Management

These two concepts are seemingly more about  ‘risk management’ vs. ‘risk mitigation’.  But monitoring helps you to ‘know what you don’t know’ in order to adapt and improve mitigation strategies.  And today, many of the monitoring tools from Microsoft and other vendors have features that enable cyber analysts to take action, i.e analysts can use the same tool that helps identify a vulnerability to then resolve it.

Cyber Security Training

Security is an ever-changing situation because bad actors are always developing new attacks.  Therefore, training and education is an ongoing requirement for cyber professionals.  Circadence’s Project Ares is a cloud-based learning platform specifically designed for continuous cyber security training and upskilling.   IT and cyber organizations that invest in on-going training for their people are making as strong an investment in mitigation as in the tool stack that the analysts use on-the-job.

With consideration in all 6 of these areas, you will be able to architect and compose a comprehensive cyber mitigation strategy.

Here’s a link to the full webinar.  It’s only 45 minutes long and Lisa provides more detail in each of these categories.

Great Dance Partners: How Cybersecurity and Risk Mitigation Go Hand in Hand

 

Photo by Toa Heftiba on Unsplash

Why Cyber Risk Mitigation is a Priority for Finance Leaders

The role of the CFO is evolving. Whether at a bank or credit union, today’s finance leaders wear many hats. One of which is a cyber security ‘hat’. Constant breaches within financial institutions warrant such a ‘wardrobe’. Insider threats are growing, outside adversaries are multiplying at rapid pace, and attacks on financial departments and companies are ever-increasing. Unfortunately, classic security controls like firewalls and antivirus are easily compromised as attackers become more sophisticated.

As threats increase, risks to businesses increase—and for CFOs and VPs of Finance, defining an adequate budget to account for those cyber risks and allocating proper resources is of the utmost importance to protect companies and its clients. Finance leaders are no longer siloed to reviewing financial statements and spreadsheets—their role extends far beyond the numbers to include cyber security.

Some CFOs may not be comfortable with this change but the reality of cyber security today mandates involvement from the CFO/VP of Finance to develop a cyber readiness strategy. Why are finance leaders critical to the cyber security conversation? Because many CFOs need to address and mitigate the business risk concerns of the C-suite , board , and investors (not to mention continuing to improve the ‘financial health’ of the company).

Any sort of digital compromise to a financial services company, results in damaging monetary and reputational outcomes that directly impact the financial function of the organization.

Hence why cyber risk mitigation is and should continue to be a critical priority for CFOs today. And for many, it already is: According to a 2019 study from Protiviti, 84% of global CFOs and VPs of Finance cited security and data privacy as a high priority[1] for them. Many CFOs are already taking the reins of the cyber security challenges to get ahead of looming risks and imminent vulnerabilities. How? By taking a more active role in defining cyber security strategy in a way that effectively hardens posture while ensuring company growth.

As such, the typical CFO responsibilities listed below, are only a part of many to come:

  1. identifying and monitoring risks of critical assets to protect company/client data
  2. ensuring critical infrastructure operations meet regulatory requirements
  3. contributing to the optimization of digital asset access and utilization to safeguard against attackers

That third responsibility may seem a tad ‘out of the norm’ for a CFO. Typically a CIO or CISO might be in charge of that objective. But as more financial services companies respond to digital transformation demands, data becomes a critical asset to protect. Much of that data “lives” on the devices that company employees use every day. CFOs should have a general awareness of who has access to what, where, and when and be aware of the policies in place that enforce security at all levels.

Since data is a valuable company asset, the CFO’s responsibility to ensure the financial ‘health’ of the company becomes much more complex as cyber security asset and risk management becomes a top priority. Security Boulevard writes “A modern CFO will have an excellent grasp on how an organization manages cyber security and will be able to ask the right questions.”[2] We agree!

For CFOs to make cyber security a priority, they are having to work across many lines of business within their organizations to contribute to the construction of a holistic cyber security program that has full buy-in from all employees (leadership/C-Suite included).

Learn how to prioritize risk mitigation in your financial services company.

Further, CFOs bring a unique perspective to the ‘building a culture of cyber security’ conversations as they are extremely committed to helping the company grow. While CFOs may not be cyber security experts, they do have a unique take on how and what solutions to invest in that will maximize the potential for company growth over time.

By working hand-in-hand across departments like IT and legal, CFOs and finance leaders can develop a holistic cyber security plan that goes beyond merely ‘evaluating cyber insurance coverage’. A huge part of strategic cyber planning includes understanding what current companies are doing to mitigate cyber risk. Foundational elements need to be established first.

While cyber insurance is a good start, other measures need to be taken to ensure that companies are not just reacting when threats occur, but instead, are taking proactive measures to get ahead of threats before they hit. A proactive approach should also include the adoption of a persistent cyber security training program to support frontline defenders who are doing the day-to-day defense against ambitious yet malicious adversaries.

With the right cyber security training in place, teams can be assessed on their abilities to identify and mitigate risks before they happen, while supervisors (e.g. CISOs) can glean insight into how teams are responding and areas for improvement. This intel can translate upward to the CFO who will need to know the risks associated with gaps in cyber security response.

 

Check out our webinar:
Great Dance Partners: How Cyber Security and Risk Mitigation Go Hand-in-Hand.

[1] https://www.cfodive.com/news/cybersecurity-is-latest-cfo-domain-study-finds/567056/

[2] https://securityboulevard.com/2019/08/is-it-critical-for-cfos-to-understand-cybersecurity-2/

Photo by Carlos Muza on Unsplash

Top Tax Season Scams and How to Avoid Them

Doing taxes can be stressful enough without worrying that your sensitive information may fall into the wrong hands. With more and more taxpayers doing their taxes online, having awareness of potential threats is the first step in practicing cyber safety this tax season. Here are 4 of the most popular tax scams used by hackers each year to be on the lookout for:

 

  1. Tax Refund Fraud – This scam involves and filing false returns with them. They will typically claim a low income with high deductions and will file electronically. When a taxpayer goes to legitimately file their return, it is rejected by the IRS because someone else already filed under that identity. To prevent this, one can request an Identity protection PIN from the IRS before filing. This is a six-digit pin that must be used on a tax return in addition to an SSN in order to verify the identity of the taxpayer.

 

  1. W-2 Email Phishing Scam – Some hackers choose to go straight to the source for private information: employers. Cyber criminals have been known to trick major companies into turning over copies of W-2 forms for their employees. This is actually a CEO imposter scam, where a criminal pretends to be a top company employee and asks payroll or human resources for sensitive information. This information is then used to file bogus returns or is sold online to other criminals.

 

  1. IRS Phone Scam – Scammers make calls claiming they are with the IRS, acting as though a tax bill is owed that one must pay immediately or be arrested. They use common names to identify themselves and fake IRS badge numbers to appear legitimate, send fake emails to support their verbal phone claims, and they will usually call again claiming to be the police department or the DMV in an attempt to extort additional funds. Yikes! One thing to note: the IRS will NEVER call an individual. They send official notices in the mail, but if the IRS pops up on the caller ID, don’t answer.

 

  1. Canceling Your SSN – Criminals are making calls and threatening to suspend or cancel your Social Security numberuntil overdue taxes are paid. The scam may seem legitimate because the caller has personal information, including the last four digits of your SSN. If someone calls and threatens to cancel or suspend your social security number, hang up immediately. If they call back, don’t answer. Write down the number and then report the call on this site, and send an email with the subject of “IRS Phone Scam” to phishing@irs.gov and include the phone number, as well as any other details that are relevant, in the body of the email.

With more taxes processed online and scammers always thinking one step ahead, it’s important for every employee receiving their W-2s to have cyber awareness training. Understanding the risks that are out there help people to feel more empowered to thwart them when handling personal online transactions.

Combatting Tax Scams with inCyt

Circadence is here to help. Our newest product, inCyt, is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. inCyt’s progressive, inventive cyber learning program teaches cybersecurity awareness through games and interactivity with colorful characters and friendly competition. Lessons are embedded in the gameplay, so players learn cybersecurity basics as soon as they engage with the program. Players start learning basic cybersecurity topics including email security and best practices for software updates before venturing to understand more nuanced concepts about social media, insider threats, ransomware and more. inCyt will be available in Spring 2020.

Empower your employees with persistent, hands-on cyber training. To learn more visit: https://www.circadence.com/products/inCyt

Things to do at RSA 2020 

This year’s RSA Conference is sure to be chockfull of exciting innovations, new technology, and swag galore. As much as we love the excitement of being on the expo floor, it’s always a good idea to take time to explore the conference, meet new people, and unwind with a few good colleagues or newfound friendsThis list of networking gatherings and affiliate events will help you make the most out of your RSA experience! 

 

Events through RSA: 

  • 2/25 6:00 pm to 8:00 pmCyBeer Ops Networking Reception – Craft beer tasting event that doubles as a great networking opportunity.
     
  • 2/27 6:00 pm to 9:00 pm: RSAC After Hours – Enjoy food, drinks, and dancing to a live 80’s cover band.
     
  • 2/25 5:00 pm to 7:00 pm: RSAC Women’s Networking Reception – Relaxed networking event celebrating women’s contributions to science and technology.
     
  • 2/24 5:00 pm to 7:00 pm: Welcome Reception – Kick off the conference with drinks and apps while previewing cyber solutions from over 700 exhibitors.
     
  • Multiple dates and times, registration required: RSAC Engagement Zone – Engage, network, and make personal connections with others who share your interests through Braindate, Birds of a Feather, Cooperative Learning roundtables, and more.
     
  • Multiple dates and times: RSAC Sandbox – Show off your cyber skills through hands-on experiences and mingle with peers at this engaging event.
     
  • 2/26 4:30 pm to 6:00 pm: Expo Pub Crawl – Enjoy complimentary beer, wine, and non-alcoholic beverages while visiting sponsor’s booths and learning about their latest innovations to support your business. 

 

Affiliate events: 

  • 2/24 7:00 pm to 10:00 pm: CYBERTACOS at RSAC – Talk over tacos with members of the local cybersecurity and broader IT community.
     
  • 2/24 7:00pm to 10:00 pm: Ignite – With live music, snacks, cocktails, and dancing, this is THE place to be Monday night.
     
  • 2/25 5:00 pm to 9:00 pmOptiv After Party – Thirsty Bear Organic Brewing Company will have great beer on tap while you network the night away. 
  • 2/25 6:00 pm, registration requiredVMware Carbon Black Networking Reception – This exclusive happy hour at the W San Francisco is sure to be the event you need to kick off your RSA experience just right. Register now as space is limited.
     
  • 2/25 6:00 pm to 9:00 pm: Non-Profits on the Loose – Meet and mingle with industry, policy, and government leaders in security and privacy at this soirée.
     
  • 2/26 11:30 am to 1:00 pm: Meet & Greet at RSA Conference 2020  Join the Executive Women’s Forum and meet the most amazing women at the RSA Conference.
     
  • 2/26 5:30 pm to 8:30 pmICMP Networking Social RSA 2020  – Network with members, friends, and guests of the International Consortium of Minority Cybersecurity Professionals.
     
  • 2/26 6:30 pm to 9:30 pmArctic Wolf Happy Hour – Sips and savors at TRES Tequila Lounge and Mexican Kitchen is the perfect mid-week way to unwind.
     

Stay up to date on any additional affiliate events as they get added by checking out this calendar provided by the conference, and be sure to swing by our booth #6480 to see what we’ve been working on and add to your swag collection

To get a sneak peek at our latest cyber training platform, inCyt and be sure to register for our webinar, inCyt: Inside the Human Element of Cyber. We can’t wait to see you at the conference and have some fun! 

Living Our Mission Blog Series:Early Aspirations in Technology Become a Reality for Circadence’s Paul Ellis

Early Aspirations in Technology Become Reality for Circadence’s Paul Ellis 

Paul Ellis, Senior Product Manager at Circadence, was always interested in technology, even at a young age. When Paul was 8-years oldhe rode his bike to the closest RadioShack to buy a book written for adults on the topic of electrical engineering no lessAfter saving enough allowance to purchase the book, he dove into it as soon as he got home and that’s where his love for technology really began. 

But perhaps, too, Paul’s passion stemmed from his father, who worked for a company developing computer robots. Their bond over technology contributed to Paul’s interest in the field. In factPaul and his father built their first computer together – an 8Mhz Intel 8088 PC when he was 10 years old. Paul read the entire instruction manual from front to back to learn what he could do with his newly built device. From that day on, he was always creating! He created electronic devices, computers, and even composed music. 

In high school Paul played many different instruments and began his college journey with aspirations to become a sound engineer to satisfy his interest for both technology and music. He quickly realized that his interest in technology outweighed his musical career interest, and that the lifestyle of a sound engineer wasn’t very appealing. 

He changed his major to Business and Marketing and graduated with a Bachelor of Science from California State University San Marcos in 2005. He then continued to Purdue University for an MBA in Technology Commercialization, Marketing and Finance. Throughout his academic journey and in his free time he continued to create and assemble tech devices. He was never afraid of technology; he was drawn to it and always knew there was a way to control it. 

Paul, a techie through and through, followed his cyber heart and became a Senior Product Manager for more than a decade for various leading tech firms. He began to learn about identity risk and how our technological advancements were increasing threats. During his time at a previous employer, LifeLock, he learned about risk prevention, identity theft, how vulnerable consumers are in the real worldand how risk would continue to escalate if companies and individuals weren’t taking precautions to protect themselves and their devices.  

Upon joining Circadence, Paul began to navigate the world of cybersecurityThe company’s cutting-edge ideas and technology designed to protect businesses, government and consumers were appealing to him given what he had observed in previous tech positions. He was interested in the innovative products that provided new ways for cybersecurity beginners and professionals to learn, and he could envision how it would improve the cyber posture of enterprises. 

“I feel like I’m doing something positive for society,” Paul said. He’s been with Circadence for a year now as the Senior Product Manager and continues to be inspired by his team and the revolutionary products Circadence brings to market.  

“There’s a huge threat out there, and a huge lack of skills in the industry, and being a part of the solution is a big part of my intrinsic motivation.”  

Paul enjoys partaking in all the different facets of a product’s lifecycle – how the product supports a need for the consumer or industry, how it is marketed, and how to assess its financial viabilityHe also enjoys talking to customers to learn about their experience with a product first-hand, because at the end of the day, a product’s success is dependent upon customer’s experience with it 

Managing the success of a product is how he gauges the success of his career – what did the product solve, and how did it benefit the customer and the industry? The payoff is seeing the cumulative effect of the entire product,” said Paul. For example, iNovember 2019 he worked long hours along-side his team to prepare for one of our largest partner events – Microsoft Ignite. They developed specific gamified battle rooms in Project Ares to teach user’s about Microsoft’s new security tools and how they can be utilized in realistic cyber scenarios. Attendees could get direct experience using Microsoft’s security tools within Project Ares, which runs on Microsoft Azure 

“Ignite was one of the most meaningful moments in my career and I’m fortunate I had the opportunity to work with my team to pull it off! There was so much teamwork, collaboration and problem solving from planning, developing, to deployment at the event. It’s only in bringing people together, that my work succeeds.”  

Paul not only enjoys doing something that keeps consumers and businesses safer, but he truly respects and values his team at Circadence. There’s a true sense of trust between everyone on his team and he feels fortunate to have this experience in the workplace.  

The need for improved cybersecurity is everywhere,” said Paul. The cyber learning products Circadence provides today will help teach the future cyber workforce and help protect us from the countless risks and threats that are out there. He continues to fulfill his passion for technology by bringing Circadence cyber learning products to marketHe appreciates Circadence products because they actually provide trainees what they need to knowand what they will be doing on a day-to-day basis. It’s not just about reading a white paper or watching a video – gamified platforms like Project Ares provide hands-on experience to master the craft of cybersecurity. 

Photo by Alexandre Debiève on Unsplash

Photo by Marvin Meyer on Unsplash

Living Our Mission: Building a Roadmap to Bring Product Vision to Reality with Circadence’s Raj Kutty

This installment of the “Living our Mission” blog series features Circadence’s Rajani “Raj” Kutty, Senior Product Manager.  

Raj is fascinated by technology’s evolution in the marketplace and that interest has informed her career path toward success. She achieved her masters degree in computer science from University of Pennsylvania in 2003. From there, she spent 15-16 years in the tech industry and has always been interested in the everchanging advancements in technology. Her tech background consists of Java programming, business analysis and product management. In the beginning of her career, she worked on mobile app designs, web app development, and programming for various industries including finance, insurance, retail, and more. For the last 10 years, she’s moved into the direction of product management. Her shift into this area began because she enjoys building a roadmap for product development and seeing it through the various stages from identifying a problem in the market, and creating a product that solves pain points for customers. Her experience working with many different industries provides an advantage to Circadence since she has a first-hand understanding of why these businesses can benefit from additional cyber security training to protect company assets.

Raj started at Circadence about 7 months ago and was immediately captivated by the concept of cyber readiness and the security industry as a whole. Throughout her profession, she noticed a growing issue many companies faced: a lack of cyber security awareness and training. Over the years, she heard a lot about the cyber workforce shortage and knew the first step to creating a solution for this problem was to get the user engaged with the right type of training. In her mind, if the user is engaged in training, then it would result in better cyber defense for the organization. Her previous work experience, thoughts about cyber security readiness and ideas around engaged training were validated when she heard what Circadence was doing to help companies be “cyber ready” using gamified learning platforms. In the past, training would consist of a video, classroom lecture or reading textbooks- something dry and boring, she said. Raj felt Circadence offered a unique solution to get people interested in cyber security, which could lead to more strategic cyber defense performance and possibly minimize the cyber workforce gap.

“Training has to be fun and interesting to the user, while still being effective. I feel like Circadence is offering this to the cyber workforce in a game-play mode, which is more engaging for the user.”

Day to day, Raj works with different departments and team members at Circadence developing product strategy and bringing a product roadmap to life. Her knowledge across many industries helps ensure our products meet the needs of different organizations, while still maintaining in-depth cyber training and ease-of-use for the customer. Much like planning a road trip, which requires knowledge of route to destination, Raj leads her team every day by investigating and communicating strategy and plans to determine where they need to go next to bring the product to market.

Her main focus over the last couple months has been a new portal Circadence is developing called CyberBridge. CyberBridge is the entry point at which users can access all Circadence cyber learning platforms including Project Ares®, inCyt®, Orion® and more. It’s a global SaaS platform that offers different types of cyber training content for different markets.

“I love that I get to help design a product that addresses the cyber challenges across different industries and the ability to provide a readiness solution pertinent to each sector’s security pain points.”

The products Raj helps map to market fulfills her goal of bringing much-needed cyber awareness and training solutions to everyone and every business. Her perspective: With every tech integration, Bluetooth connection, and device-to-device communication we implement to make our working lives easier, we inherently increase our cyber risk as our attack surface widens. There are no signs of a slowing tech usage, hence why the importance of cyber awareness continues to grow each day. When we talk about how businesses need to protect themselves, we’re really talking about the people of a business, since people are what make up a company. In today’s world of escalating cyber threats, it’s everyone’s responsibly to gain cyber awareness to protect a company.

“Cybersecurity is like community immunity, when everyone gets vaccinated, we are improving and protecting our greater community, and cyber security works the same way.”

Photo by John Lockwood on Unsplash

Photo by Bogdan Karlenko on Unsplash

Microsoft Security Blog: Rethinking cyber scenarios—learning (and training) as you defend

In this third and final post in the series, Microsoft’s Mark McIntyre addresses more advanced SecOps scenarios that an experienced cyber practitioner would be concerned with understanding.