I love my job

This isn’t said sarcastically or trying to convince myself. I genuinely love my job. I love my company and coworkers and the ability to help clients. I think I have the best job out there and I feel blessed. Japanese ikigai describes the intersection of what you love, what you’re good at, what the world needs, and what you can be paid for. I have that.

And I’m always passionate about helping others find their way into security and dispelling myths and supporting underrepresented groups. Security professionals come from all walks of life, we need all perspectives to solve some of these challenging problems.

The Reality of the Cybersecurity Job Market

I saw the initial posts by ISACA about how there are 2 million openings in cybersecurity. I followed as the number bloomed to 4 million and regularly quote it. When people said they don’t believe it because they’ve been looking for a while and unsuccessful, I suggested that there may be other reasons they’re unsuccessful finding a job.

And the layoffs—previously they did not affect cybersecurity but now they definitely are. The job market is challenging, but I still believe that if you are a motivated individual, you can work your way to your dream job. I no longer believe that there are 4 million openings sitting vacant. Maybe that’s the number of cyber professionals the world needs, but I’d need to see data backing up claims that there are 4 million openings today.

Breaking Into Cybersecurity: A Realistic Approach

You do not have to have a degree in cybersecurity, but it certainly doesn’t hurt. Here are my 5 steps for becoming a security professional:

1. Learn to Speak the Language

Familiarize yourself with industry concepts and terminology through courses. Mike Chapple’s SSCP and CISSP courses are on LinkedIn Learning—often free with a library card. There are many free options here! This step helps you determine if security is truly your calling.

Don’t underestimate the value of understanding the fundamentals. Security is built on concepts like confidentiality, integrity, and availability. Knowing how to discuss these concepts intelligently will set you apart in interviews and networking events.

The security field has its own vocabulary, and fluency in this language signals to potential employers that you’ve done your homework. Terms like “threat modeling,” “defense in depth,” and “least privilege” should become second nature.

2. Network Relentlessly

Join organizations like ISACA (Information Systems Audit and Control Association), ISC2 (International Information System Security Certification Consortium), ISSA (Information Systems Security Association), or CSA (Cloud Security Alliance). Local meetups are invaluable too, depending on where you live.

You’ll never find a profession where people are more willing to help you get ahead. Security professionals genuinely want to see newcomers succeed and will offer guidance, mentorship, and sometimes even job leads.

Remember that security professionals come from all walks of life. It’s not all IT/technical backgrounds, and it’s not all firefighting or getting called in the middle of the night. The diversity of pathways into security is something to embrace rather than fear.

Consider Certification

While certifications aren’t mandatory, they provide structured learning and validate your knowledge to employers. They also demonstrate commitment to the field.

For beginners, I recommend considering the free Certified in Cybersecurity (CC) certification from ISC2. This helps with both speaking the language and building credentials without financial risk.

When it comes to certifications, I tell people that employers primarily recognize CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), and CISM (Certified Information Security Manager). Check job postings—they often list “one of the SANS certifications” rather than specifying which ones.

There’s an exception if you’re interested in red teaming/penetration testing, where certifications like LPT (Licensed Penetration Tester), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker), and OSCP (Offensive Security Certified Professional) carry more weight.

Both CISSP and OSCP are challenging exams, so I recommend warming up with an entry-level certification first to get used to test-taking under pressure. If you’re aiming for CISSP, consider Security+ or SSCP (Systems Security Certified Practitioner) as stepping stones. The SSCP is offered by the same organization as CISSP (ISC2), as is the free CC certification.

Get on Stage

Present on a security topic—perhaps something you already know about with a security angle added. This builds your reputation and demonstrates expertise.

Public speaking might seem intimidating, but it’s one of the fastest ways to establish yourself in the field. Start small, perhaps at a local meetup or a lightning talk at a conference. Choose topics where you have unique insights or experiences.

The ability to communicate complex security concepts clearly is a rare and valuable skill. By presenting, you not only build this skill but also make connections with potential employers and mentors who appreciate good communicators.

Claim Your Identity as a Security Professional

Cybersecurity is largely an unregulated industry. At some point, you need to confidently present yourself as a security professional. Update your LinkedIn profile, participate in forums, contribute to open-source projects, or write blog posts about security topics.

This step is often the hardest for newcomers—feeling confident enough to claim the identity. But remember that everyone starts somewhere, and the industry needs fresh perspectives. Your background, whatever it may be, likely gives you unique insights that will benefit the security community.

Finding Your Security Niche

The beauty of cybersecurity is its breadth. You can focus on governance and policy if you enjoy working with frameworks and documentation. You can dive into technical specialties like cloud security, application security, or network defense. You might prefer security education and awareness if you enjoy working with people.

Take time to explore different domains before specializing. Your previous experience likely gives you advantages in certain areas. Former developers often excel in application security, while those with business backgrounds might find governance roles more natural.

The Path Forward

Breaking into cybersecurity requires persistence, continuous learning, and networking. The field is challenging but rewarding, with problems that matter and colleagues who care. The 4 million job openings might be aspirational rather than current reality, but the need for talented, passionate security professionals remains strong.

What draws most of us to this field isn’t just the job security or pay—it’s the mission. We protect people, organizations, and critical systems from harm. We solve puzzles that matter. We make a difference.

If you’re serious about joining our ranks, start with step one today. Learn the language. Join a community. Begin the journey. The security community will welcome you, support you, and challenge you to grow.

And perhaps someday soon, you’ll find yourself saying, without a hint of sarcasm: “I love my job.”

The post Cybersecurity Talent Gap first appeared on Cybersecurity Insiders.

The post Cybersecurity Talent Gap appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/fm4HeTb
via IFTTT

Data breaches are no occasional crisis – they are a persistent, costly epidemic wreaking global havoc on businesses.

While organizations leverage the latest technological advancements in perimeter defense, access management, and cloud and application security, one area that is overlooked is data encryption. 

Where Do Gaps in Encryption Exist?

Enterprise data follows a lifecycle encompassing creation, collection, transfer, storage, processing, analysis, and archival. Traditional encryption methods typically include encryption at rest (when data is stored) and encryption in motion (when data is transferred between systems). However, these approaches need more protection because data must be decrypted for processing and analysis. Additionally, vulnerabilities arise during transitions between encryption in motion and processing or when shifting to encryption at rest.

These security gaps expose organizations to malicious parties – insiders and external hackers – who increasingly target such weak points to gain access to sensitive information. Attackers’ ability to identify and exploit these lifecycle vulnerabilities puts organizations at significant risk of data exfiltration resulting from a breach, underscoring the urgent need for comprehensive encryption solutions that protect data across every stage of its lifecycle.

The risks multiply in cloud-based and data-sharing environments where data is frequently in motion and accessed by multiple parties.

The Promise of Fully Homomorphic Encryption: Continuous Data Protection

Fully homomorphic encryption (FHE) solutions shield data from unauthorized access and render it useless to threat actors when other defenses fail and a breach is successful. FHE allows computations on encrypted data,, eliminating critical vulnerabilities created by conventional encryption and the need to decrypt data for processing and analysis.  

FHE’s promise is transformative. It allows sensitive data to be processed without exposure in plaintext, enabling multiple parties to perform computations while ensuring data confidentiality and providing robust protection against software—and hardware-based attacks.

FHE enables operations on encrypted data without decryption, maintaining continuous protection throughout data workflows.

FHE is an indispensable tool for mitigating many cyber threats. Its application can reduce insider threats and man-in-the-middle attacks by ensuring that data remains encrypted during transmission and processing, reducing the risk of interception and tampering.

It safeguards third-party data sharing by eliminating plaintext exposure and defends against data exfiltration by ensuring that encrypted data is unreadable without proper decryption keys. The technology also strengthens cloud security by allowing secure data processing in untrusted environments.

Why FHE Hasn’t Achieved Mainstream Success

Despite its vast potential, FHE hasn’t achieved widespread adoption due to several inherent limitations hindering its practicality in real-world applications. The combination of high costs, resource demands, and incompatibility with existing software has further limited its adoption, especially in environments requiring real-time processing.

Traditional FHE solutions often cause data to balloon 100 to 1,000 times in size when encrypted, driving up storage costs and slowing data transfer.  These scalability issues have made handling large datasets or complex computations difficult, particularly for big data analytics and machine learning. Performance bottlenecks can make operations on encrypted data thousands to millions of times slower than plaintext processing, requiring immense computational power.

Only when FHE is optimized can it empower organizations to maintain trust and integrity in an ever-evolving threat landscape. 

Advances in cryptographic algorithms and computing power bridge the gap between security and usability in FHE, making it viable for real-world applications. Optimized Fully Homomorphic Encryption (FHE) solutions are emerging as practical, efficient tools for protecting sensitive data without compromising speed or scalability.

One of the most transformative developments in optimized FHE is the ability to inspect encrypted data at near-plaintext speeds.

Unlike traditional FHE, which could take hours, days, or weeks to process encrypted computations, cutting-edge solutions now operate within nanoseconds. This performance boost is critical in real-time processing scenarios like fraud detection, transaction monitoring, or high-frequency trading. Fast encryption and decryption enable organizations to maintain security without sacrificing efficiency, ensuring seamless operations across time-sensitive use cases.

An optimized FHE solution must align with stringent security standards, such as the Federal Information Processing Standard (FIPS) 140-2 certification, to ensure it meets the compliance and encryption benchmarks mandated by governments and regulatory bodies. This certification demonstrates the solution’s robustness and readiness for deployment in industries like finance, healthcare, and government, where data protection is paramount. FIPS compliance ensures secure encryption and fosters trust and confidence in the solution’s reliability.

Optimized FHE solutions eliminate one of the most significant pain points of earlier iterations—data expansion. In traditional FHE systems, encrypted data often ballooned up to 1,000 times its original size, which slowed down processing and created logistical challenges in storage and transmission.

Modern FHE, by contrast, ensures the size of encrypted data remains consistent with its plaintext equivalent, allowing for faster performance and reduced bandwidth and storage costs. This breakthrough is particularly beneficial for large-scale data-sharing applications requiring high computational efficiency.

When evaluating an FHE solution, it’s critical to ensure the offering incorporates key features and capabilities that enable organizations to fully unlock its potential.

The post Gaps In Encryption Create Exploitable Vulnerabilities first appeared on Cybersecurity Insiders.

The post Gaps In Encryption Create Exploitable Vulnerabilities appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/O1eokQZ
via IFTTT

The number of dark web marketplaces, also known as darknet markets, continues to grow year-on-year, despite law enforcement’s efforts to close the networks down. Cybercriminals use these illicit platforms to trade hacking tools, services, stolen data and other sensitive information obtained from cyber attacks. Tools such as malicious software, phishing kits and email extractors are being sold by sophisticated hackers through these darknet markets to inexperienced cybercriminals, democratising their use.  

With advancements in these tools and technologies (such as AI) driving wider use of ransomware and malware-as-a-service (MaaS), the need for organisations to protect digital identities through robust cybersecurity has never been greater. To address and mitigate the vulnerabilities leaving them exposed to cyber attacks, organisations must familiarise themselves with the tools and tactics cybercriminals are using.    

Last year, half of UK businesses experienced a cyber attack or some kind of breach, with the primary attack type being phishing (84%), and viruses or other malware accounting for only 17% of attacks. With phishing’s main purpose being to steal credentials or sensitive information, this knowledge gives organisations a better understanding of what cybercriminals are after and, by extension, where cybersecurity efforts should be prioritised. As organisations struggle to combat cyber attacks, now must be the time to refer to the hacker’s playbook and beat them at their own game.  

Battling hacker sophistication  

More sophisticated attacks and entrepreneurial approaches to the tools hackers make available to other cybercriminals are threatening to outpace organisations in the cyber race. As well as this, evolving technologies, like AI, are accelerating the democratisation of cyber attacks, giving less experienced threat actors the resources they need to carry out a serious breach.  

Recent cases have shown us the extent of damage MaaS attacks can cause. The cybercriminals who carried out the Snowflake data theft and extortion used infostealer malware and purchased credentials to carry out the attack which left up to 165 businesses compromised. The data stolen from such attacks is a valuable commodity on darknet marketplaces, with darknet market ‘vendors’ making the sensitive information available to even the most novice cybercriminals. Last year’s attack on Synnovis, an NHS provider, is another example of this kind of work in the wild, resulting in the ransomware gang which carried out the attack (Qilin) publishing 400GB of private healthcare data online. These attacks reveal how hacking tools and sensitive information is being made available for all types of cybercriminals to utilise. 

Readily available MaaS, including adware, keyloggers, spyware, worms, Trojan horses and more is concerning. Organisations are racing against time to combat the ever-growing volume and complexity of attacks fuelled by open trade on darknet markets.

How organisations can take advantage of the playbook  

The World Economic Forum’s Global Cybersecurity Outlook report for 2025 found a 223% increase in deepfake-related tools being traded on the dark web, outpacing organisations’ abilities to keep up with AI-driven cyber attacks.  

As attacks and the technology behind them evolve, so too must cyber defences. For organisations to defend digital identities from malicious intentions, they must stay informed of the technologies and strategies hackers are exploiting, as well as the most valuable targets for cybercriminals.  

Understanding how hacking tools are being used and what data is most valuable for cybercriminals will become more critical as organisations develop strategies to tackle threats. With bad actors continuously adopting new technologies and changing their attack styles, proactive defence measures, such as behavioural analytics and AI-driven threat detection, should be widely implemented to outsmart cybercriminals before an attack is successfully completed.  

Importantly, personally identifiable information (PII), financial information and passwords or login credentials top the list of the most valuable data cybercriminals sell on the dark web. Alongside proactive defence measures, focusing cybersecurity efforts on these vulnerabilities is critical, and as this information is often stolen through phishing attacks, email and password security should be a primary focus. 

The importance of password-related security is often overlooked. Alternative authentication methods, such as multi-factor authentication (MFA), token authentication and biometric identification can easily be implemented to defend against attacks carried out by sophisticated hackers and less skillful cybercriminals alike. Decentralising identity is also often under-utilised as a defence strategy, despite its proven benefit of making it more difficult for cybercriminals to carry out an attack.  

Darknet markets will remain 

Protecting significant vulnerabilities, such as passwords, which are knowingly exploited to steal PII, financial details and credential information, is of ever-growing importance as hackers continue to go to great lengths to steal one of the dark web’s most valuable commodities – data.  

As technologies and cybercriminals rapidly evolve, organisations must rethink their approach to cyber defence. By keeping well informed of hacking tools and techniques and focusing resources into defences protecting the most valuable aspects of data, businesses can better position themselves to secure digital identities.

 

The post What can organisations learn about cybersecurity from the hacker’s playbook? first appeared on Cybersecurity Insiders.

The post What can organisations learn about cybersecurity from the hacker’s playbook? appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/4fZ7CLz
via IFTTT

Palo Alto, California, April 16th, 2025, CyberNewsWire

SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser. 

DLP is a core pillar of every enterprise security stack. Data breaches can result in severe consequences including IP loss, regulatory violations, fines, and severe reputational damage. With over 60% of corporate data being stored in the cloud, browsers have become the primary way for employees to create, access, and share data. Consequently, the browser has become a particularly attractive target for external attackers and insider threats alike. Yet, existing endpoint and cloud DLP solutions have limited telemetry and control over how employees interact with data on the browser. 

Additionally, there are several unique challenges when it comes to maintaining data lineage in the browser. This includes managing multiple personal and professional identities, the wide landscape of sanctioned and shadow SaaS apps, and the numerous pathways in which sensitive data can flow between these apps. Unlike managed devices where enterprises have full control over what can be installed on the device, employees can easily sign up for various SaaS services without the IT team’s knowledge or oversight. 

SquareX researcher Audrey Adeline says, “Data splicing attacks are a complete game changer for insider threats and attackers that are seeking to steal information from enterprises. They exploit newer browser features that were invented long after existing DLP solutions and thus the data exfiltrated using these techniques are completely uninspected, resulting in full bypasses. With today’s workforce heavily relying on SaaS apps and cloud storage services, any organization that uses the browser is vulnerable to data splicing attacks.”

As part of the talk, they will also be releasing an open-source toolkit, “Angry Magpie”, which will allow pentesters and red teams to test their existing DLP stack and better understand their organization’s vulnerability to Data Splicing Attacks. SquareX hopes that the research will highlight the severe threats that browsers pose on data loss and serve as a call to action for enterprises and vendors alike to re-think their data loss protection strategies. 

Upon the completion of BSides San Francisco, the SquareX team will also be presenting at RSAC 2025 and will be available at Booth S-2361, South Expo for further discussions on the research.

Talk Details:

Title: Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out

Speakers: Jeswin Mathai and Audrey Adeline

Event: BSides San Francisco 2025

Location: San Francisco, CA

Toolkit Release: Angry Magpie (Open Source)

About the Speakers

Jeswin Mathai, Chief Architect, SquareX

Jeswin Mathai serves as the Chief Architect at SquareX, where he leads the design and implementation of the company’s infrastructure. A seasoned speaker and researcher, Jeswin has showcased his work at prestigious international stages such as DEF CON US, DEF CON China, RootCon, Blackhat Arsenal, Recon Village, and Demo Labs at DEFCON. He has also imparted his knowledge globally, training in-classroom sessions at Black Hat US, Asia, HITB, RootCon, and OWASP NZ Day. He is also the creator of popular open-source projects such as AWSGoat, AzureGoat, and PAToolkit.

Audrey Adeline, Researcher

Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. She is also a published author of The Browser Security Field Manual. Key discoveries from YOBB include Polymorphic Extensions, Browser Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping Computer and Mashable. She is passionate about furthering cybersecurity education and has run multiple workshops with Stanford University and Women in Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor at Sequoia Capital and graduated from the University of Cambridge with a degree in Natural Sciences.

About SquareX

SquareX’s industry-first Browser Detection and Response (BDR) helps organizations detect, mitigate, and threat-hunt client-side web attacks targeting employees happening against their users in real-time. This includes defending against identity attacks, malicious extensions, spearphishing, browser data loss, and insider threats. 

SquareX takes a research and attack-focused approach to browser security. SquareX’s dedicated research team was the first to discover and disclose multiple pivotal attacks, including Last Mile Reassembly Attacks, Browser Syncjacking, Polymorphic Extensions, and Browser-Native Ransomware. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month.  

Contact

Head of PR
Junice Liew
SquareX
junice@sqrx.com

The post SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions first appeared on Cybersecurity Insiders.

The post SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/BsjUD6E
via IFTTT