The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability.
from darkreading https://ift.tt/iXOurH7
via IFTTT
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks.
Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.
from The Hacker News https://ift.tt/byDpvaC
via IFTTT
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it’s also in the process of migrating the Entra ID signing service as well.
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
from The Hacker News https://ift.tt/xfieaZC
via IFTTT
Many small and medium-sized businesses (SMBs) operate under the assumption that cybercriminals won’t target them, believing their data or systems lack the value to entice hackers. After all, these businesses often can’t afford the hefty ransoms that typically interest cyber attackers. However, this misconception is increasingly outdated. Hackers have shifted their tactics and are now eyeing SMBs as prime targets.
According to a report by Dark Atlas, a web monitoring platform, cybercriminal groups, particularly those behind Akira Ransomware, have broadened their focus to include smaller businesses, launching double-extortion attacks. In these attacks, cybercriminals not only encrypt a company’s data but also steal it, threatening to release sensitive information unless a ransom is paid.
In 2024 alone, the Akira Ransomware group targeted over 350 organizations globally, generating an estimated $42 million in ransom payments. The majority of this money came from victims in North America.
How These Attacks Work
The method used by these cybercriminals is relatively simple yet effective: they exploit stolen credentials to infiltrate networks that rely on basic, single-factor authentication for security. Once inside, they deploy file-encrypting malware, locking up critical data and demanding a ransom for its release.
The primary targets are SMBs, often with fewer than 100 employees, who typically lack the robust IT resources needed to prevent or respond to such sophisticated attacks. Without dedicated cybersecurity teams, these businesses are particularly vulnerable, leaving them with little choice but to pay the ransom.
Key Targets and Profitable Regions
Research from Dark Atlas indicates that Akira Ransomware’s main targets in 2024 were organizations in North America, Europe, and Australia, where the value of cryptocurrencies against the dollar is high, maximizing the criminals’ profits. Sectors such as education, finance, healthcare, and manufacturing were hit the hardest, with some organizations in the defense industry also affected.
Should You Pay the Ransom?
While paying the ransom might seem like the quickest way to regain access to locked data, experts warn against it. Not only does paying ransom fuel further criminal activity, but it doesn’t guarantee that the attackers will actually provide the decryption key. Additionally, once a company has been attacked, it’s possible that they could be targeted again, especially if security vulnerabilities aren’t addressed.
The post Akira Ransomware shifts focus to SMBs first appeared on Cybersecurity Insiders.
The post Akira Ransomware shifts focus to SMBs appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/vwYe7Lr
via IFTTT
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.
The cover letter from Berulis’s whistleblower statement, sent to the leaders of the Senate Select Committee on Intelligence.
The allegations came in an April 14 letter to the Senate Select Committee on Intelligence, signed by Daniel J. Berulis, a 38-year-old security architect at the NLRB.
NPR, which was the first to report on Berulis’s whistleblower complaint, says NLRB is a small, independent federal agency that investigates and adjudicates complaints about unfair labor practices, and stores “reams of potentially sensitive data, from confidential information about employees who want to form unions to proprietary business information.”
The complaint documents a one-month period beginning March 3, during which DOGE officials reportedly demanded the creation of all-powerful “tenant admin” accounts in NLRB systems that were to be exempted from network logging activity that would otherwise keep a detailed record of all actions taken by those accounts.
Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases. The new accounts also could restrict log visibility, delay retention, route logs elsewhere, or even remove them entirely — top-tier user privileges that neither Berulis nor his boss possessed.
Berulis writes that on March 3, a black SUV accompanied by a police escort arrived at his building — the NLRB headquarters in Southeast Washington, D.C. The DOGE staffers did not speak with Berulis or anyone else in NLRB’s IT staff, but instead met with the agency leadership.
“Our acting chief information officer told us not to adhere to standard operating procedure with the DOGE account creation, and there was to be no logs or records made of the accounts created for DOGE employees, who required the highest level of access,” Berulis wrote of their instructions after that meeting.
“We have built in roles that auditors can use and have used extensively in the past but would not give the ability to make changes or access subsystems without approval,” he continued. “The suggestion that they use these accounts was not open to discussion.”
Berulis found that on March 3 one of the DOGE accounts created an opaque, virtual environment known as a “container,” which can be used to build and run programs or scripts without revealing its activities to the rest of the world. Berulis said the container caught his attention because he polled his colleagues and found none of them had ever used containers within the NLRB network.
Berulis said he also noticed that early the next morning — between approximately 3 a.m. and 4 a.m. EST on Tuesday, March 4 — there was a large increase in outgoing traffic from the agency. He said it took several days of investigating with his colleagues to determine that one of the new accounts had transferred approximately 10 gigabytes worth of data from the NLRB’s NxGen case management system.
Berulis said neither he nor his co-workers had the necessary network access rights to review which files were touched or transferred — or even where they went. But his complaint notes the NxGen database contains sensitive information on unions, ongoing legal cases, and corporate secrets.
“I also don’t know if the data was only 10gb in total or whether or not they were consolidated and compressed prior,” Berulis told the senators. “This opens up the possibility that even more data was exfiltrated. Regardless, that kind of spike is extremely unusual because data almost never directly leaves NLRB’s databases.”
Berulis said he and his colleagues grew even more alarmed when they noticed nearly two dozen login attempts from a Russian Internet address (83.149.30,186) that presented valid login credentials for a DOGE employee account — one that had been created just minutes earlier. Berulis said those attempts were all blocked thanks to rules in place that prohibit logins from non-U.S. locations.
“Whoever was attempting to log in was using one of the newly created accounts that were used in the other DOGE related activities and it appeared they had the correct username and password due to the authentication flow only stopping them due to our no-out-of-country logins policy activating,” Berulis wrote. “There were more than 20 such attempts, and what is particularly concerning is that many of these login attempts occurred within 15 minutes of the accounts being created by DOGE engineers.”
According to Berulis, the naming structure of one Microsoft user account connected to the suspicious activity suggested it had been created and later deleted for DOGE use in the NLRB’s cloud systems: “DogeSA_2d5c3e0446f9@nlrb.microsoft.com.” He also found other new Microsoft cloud administrator accounts with nonstandard usernames, including “Whitesox, Chicago M.” and “Dancehall, Jamaica R.”
A screenshot shared by Berulis showing the suspicious user accounts.
On March 5, Berulis documented that a large section of logs for recently created network resources were missing, and a network watcher in Microsoft Azure was set to the “off” state, meaning it was no longer collecting and recording data like it should have.
Berulis said he discovered someone had downloaded three external code libraries from GitHub that neither NLRB nor its contractors ever use. A “readme” file in one of the code bundles explained it was created to rotate connections through a large pool of cloud Internet addresses that serve “as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.” Brute force attacks involve automated login attempts that try many credential combinations in rapid sequence.
The complaint alleges that by March 17 it became clear the NLRB no longer had the resources or network access needed to fully investigate the odd activity from the DOGE accounts, and that on March 24, the agency’s associate chief information officer had agreed the matter should be reported to US-CERT. Operated by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), US-CERT provides on-site cyber incident response capabilities to federal and state agencies.
But Berulis said that between April 3 and 4, he and the associate CIO were informed that “instructions had come down to drop the US-CERT reporting and investigation and we were directed not to move forward or create an official report.” Berulis said it was at this point he decided to go public with his findings.
An email from Daniel Berulis to his colleagues dated March 28, referencing the unexplained traffic spike earlier in the month and the unauthorized changing of security controls for user accounts.
Tim Bearese, the NLRB’s acting press secretary, told NPR that DOGE neither requested nor received access to its systems, and that “the agency conducted an investigation after Berulis raised his concerns but ‘determined that no breach of agency systems occurred.’” The NLRB did not respond to questions from KrebsOnSecurity.
Nevertheless, Berulis has shared a number of supporting screenshots showing agency email discussions about the unexplained account activity attributed to the DOGE accounts, as well as NLRB security alerts from Microsoft about network anomalies observed during the timeframes described.
As CNN reported last month, the NLRB has been effectively hobbled since President Trump fired three board members, leaving the agency without the quorum it needs to function.
“Despite its limitations, the agency had become a thorn in the side of some of the richest and most powerful people in the nation — notably Elon Musk, Trump’s key supporter both financially and arguably politically,” CNN wrote.
Both Amazon and Musk’s SpaceX have been suing the NLRB over complaints the agency filed in disputes about workers’ rights and union organizing, arguing that the NLRB’s very existence is unconstitutional. On March 5, a U.S. appeals court unanimously rejected Musk’s claim that the NLRB’s structure somehow violates the Constitution.
Berulis shared screenshots with KrebsOnSecurity showing that on the day the NPR published its story about his claims (April 14), the deputy CIO at NLRB sent an email stating that administrative control had been removed from all employee accounts. Meaning, suddenly none of the IT employees at the agency could do their jobs properly anymore, Berulis said.
An email from the NLRB’s associate chief information officer Eric Marks, notifying employees they will lose security administrator privileges.
Berulis shared a screenshot of an agency-wide email dated April 16 from NLRB director Lasharn Hamilton saying DOGE officials had requested a meeting, and reiterating claims that the agency had no prior “official” contact with any DOGE personnel. The message informed NLRB employees that two DOGE representatives would be detailed to the agency part-time for several months.
An email from the NLRB Director Lasharn Hamilton on April 16, stating that the agency previously had no contact with DOGE personnel.
Berulis told KrebsOnSecurity he was in the process of filing a support ticket with Microsoft to request more information about the DOGE accounts when his network administrator access was restricted. Now, he’s hoping lawmakers will ask Microsoft to provide more information about what really happened with the accounts.
“That would give us way more insight,” he said. “Microsoft has to be able to see the picture better than we can. That’s my goal, anyway.”
Berulis’s attorney told lawmakers that on April 7, while his client and legal team were preparing the whistleblower complaint, someone physically taped a threatening note to Mr. Berulis’s home door with photographs — taken via drone — of him walking in his neighborhood.
“The threatening note made clear reference to this very disclosure he was preparing for you, as the proper oversight authority,” reads a preface by Berulis’s attorney Andrew P. Bakaj. “While we do not know specifically who did this, we can only speculate that it involved someone with the ability to access NLRB systems.”
Berulis said the response from friends, colleagues and even the public has been largely supportive, and that he doesn’t regret his decision to come forward.
“I didn’t expect the letter on my door or the pushback from [agency] leaders,” he said. “If I had to do it over, would I do it again? Yes, because it wasn’t really even a choice the first time.”
For now, Mr. Berulis is taking some paid family leave from the NLRB. Which is just as well, he said, considering he was stripped of the tools needed to do his job at the agency.
“They came in and took full administrative control and locked everyone out, and said limited permission will be assigned on a need basis going forward” Berulis said of the DOGE employees. “We can’t really do anything, so we’re literally getting paid to count ceiling tiles.”
Further reading: Berulis’s complaint (PDF).
from Krebs on Security https://ift.tt/1Itx7py
via IFTTT
Since the launch of AWS Graviton processors in 2018, we have continued to innovate and deliver improved performance for our customers’ cloud workloads. Following the success of our Graviton3-based instances, we are excited to announce three new Amazon Elastic Compute Cloud (Amazon EC2) instance families powered by AWS Graviton4 processors with NVMe-based SSD local storage: compute optimized (C8gd), general purpose (M8gd), and memory optimized (R8gd) instances. These instances deliver up to 30% better compute performance, 40% higher performance for I/O intensive database workloads, and up to 20% faster query results for I/O intensive real-time data analytics than comparable AWS Graviton3-based instances.
Let’s look at some of the improvements that are now available in our new instances. These instances offer larger instance sizes with up to 3x more vCPUs (up to 192 vCPUs), 3x the memory (up to 1.5 TiB), 3x the local storage (up to 11.4TB of NVMe SSD storage), 75% higher memory bandwidth, and 2x more L2 cache compared to their Graviton3-based predecessors. These features help you to process larger amounts of data, scale up your workloads, improve time to results, and lower your total cost of ownership (TCO). These instances also offer up to 50 Gbps network bandwidth and up to 40 Gbps Amazon Elastic Block Store (Amazon EBS) bandwidth, a significant improvement over Graviton3-based instances. Additionally, you can now adjust the network and Amazon EBS bandwidth on these instances by up to 25% using EC2 instance bandwidth weighting configuration, providing you greater flexibility with the allocation of your bandwidth resources to better optimize your workloads.
Built on AWS Graviton4, these instances are great for storage intensive Linux-based workloads including containerized and micro-services-based applications built using Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Container Registry (Amazon ECR), Kubernetes, and Docker, as well as applications written in popular programming languages such as C/C++, Rust, Go, Java, Python, .NET Core, Node.js, Ruby, and PHP. AWS Graviton4 processors are up to 30% faster for web applications, 40% faster for databases, and 45% faster for large Java applications than AWS Graviton3 processors.
Instance specifications
These instances also offer two bare metal sizes (metal-24xl and metal-48xl), allowing you to right size your instances and deploy workloads that benefit from direct access to physical resources. Additionally, these instances are built on the AWS Nitro System, which offloads CPU virtualization, storage, and networking functions to dedicated hardware and software to enhance the performance and security of your workloads. In addition, Graviton4 processors offer you enhanced security by fully encrypting all high-speed physical hardware interfaces.
The instances are available in 10 sizes per family, as well as two bare metal configurations each:
| Instance Name | vCPUs | Memory (GiB) (C/M/R) | Storage (GB) | Network Bandwidth (Gbps) | EBS Bandwidth (Gbps) |
|---|---|---|---|---|---|
| medium | 1 | 2/4/8* | 1 x 59 | Up to 12.5 | Up to 10 |
| large | 2 | 4/8/16* | 1 x 118 | Up to 12.5 | Up to 10 |
| xlarge | 4 | 8/16/32* | 1 x 237 | Up to 12.5 | Up to 10 |
| 2xlarge | 8 | 16/32/64* | 1 x 474 | Up to 15 | Up to 10 |
| 4xlarge | 16 | 32/64/128* | 1 x 950 | Up to 15 | Up to 10 |
| 8xlarge | 32 | 64/128/256* | 1 x 1900 | 15 | 10 |
| 12xlarge | 48 | 96/192/384* | 3 x 950 | 22.5 | 15 |
| 16xlarge | 64 | 128/256/512* | 2 x 1900 | 30 | 20 |
| 24xlarge | 96 | 192/384/768* | 3 x 1900 | 40 | 30 |
| 48xlarge | 192 | 384/768/1536* | 6 x 1900 | 50 | 40 |
| metal-24xl | 96 | 192/384/768* | 3 x 1900 | 40 | 30 |
| metal-48xl | 192 | 384/768/1536* | 6 x 1900 | 50 | 40 |
*Memory values are for C8gd/M8gd/R8gd respectively
Availability and pricing
M8gd, C8gd, and R8gd instances are available today in US East (N. Virginia, Ohio) and US West (Oregon) Regions. These instances can be purchased as On-Demand instances, Savings Plans, Spot instances, or as Dedicated instances or Dedicated hosts.
Get started today
You can launch M8gd, C8gd and R8gd instances today in the supported Regions through the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS SDKs. To learn more, check out the collection of Graviton resources to help you start migrating your applications to Graviton instance types. You can also visit the Graviton Getting Started Guide to begin your Graviton adoption journey.
How is the News Blog doing? Take this 1 minute survey!
(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)
from AWS News Blog https://ift.tt/YrSC9iZ
via IFTTT
Last week, we had the AWS Summit Amsterdam, one of the global Amazon Web Services (AWS) events that offers you the opportunity to learn from technical and industry leaders, and meet AWS experts and like-minded professionals. In particular, most AWS Summits have Developer and Community Lounges in their exhibition halls.
A photo taken by Thembile Martis in AWS Summit Amsterdam 2025
Here, you can experience generative AI services for developers or participate in developer sessions prepared by the AWS community. You can also take a turn at the prize wheel, where you can receive special gifts after signing up for AWS Builder ID to use Amazon Q Developer, AWS Skill Builder, AWS re:Post, and AWS Community for developers.
Check your schedule and join an AWS Summit in a city near you: Bangkok (April 29), London (April 30), Poland (May 5), Bengaluru (May 7–8), Hong Kong (May 8), Seoul (May 14–15), Dubai (May 21), Tel Aviv (May 28), Singapore (May 29), Stockholm (June 4), Sydney (June 4-5), Hamburg (June 5), Washington, D.C, (June 10–11), Madrid (June 11), Milan (June 18), Shanghai (June 19–20), Mumbai (June 19), and Tokyo (June 25–26).
Last week’s launches
Here are some launches that got my attention:
example.com) with CloudFront. This new feature simplifies DNS management by providing only three static IP addresses instead of the previous 21, making it easier to configure and manage apex domains with CloudFront distributions. To learn more, visit the CloudFront Developer Guide for detailed documentation and implementation guidance.For a full list of AWS announcements, be sure to keep an eye on the What’s New with AWS? page.
Other AWS news
Here are some additional news items that you might find interesting:
From community.aws
Here are my personal favorites posts from community.aws:
Upcoming AWS events
Check your calendars and sign up for these upcoming AWS events:
You can browse all upcoming in-person and virtual events.
That’s all for this week. Check back next Monday for another Weekly Roundup!
— Channy
This post is part of our Weekly Roundup series. Check back each week for a quick roundup of interesting news and announcements from AWS!
How is the News Blog doing? Take this 1 minute survey!
(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)
from AWS News Blog https://ift.tt/ZfHA4gY
via IFTTT
The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.
from darkreading https://ift.tt/SWqoJjl
via IFTTT
Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.
from darkreading https://ift.tt/2OIDALU
via IFTTT
I love my job
This isn’t said sarcastically or trying to convince myself. I genuinely love my job. I love my company and coworkers and the ability to help clients. I think I have the best job out there and I feel blessed. Japanese ikigai describes the intersection of what you love, what you’re good at, what the world needs, and what you can be paid for. I have that.
And I’m always passionate about helping others find their way into security and dispelling myths and supporting underrepresented groups. Security professionals come from all walks of life, we need all perspectives to solve some of these challenging problems.
The Reality of the Cybersecurity Job Market
I saw the initial posts by ISACA about how there are 2 million openings in cybersecurity. I followed as the number bloomed to 4 million and regularly quote it. When people said they don’t believe it because they’ve been looking for a while and unsuccessful, I suggested that there may be other reasons they’re unsuccessful finding a job.
And the layoffs—previously they did not affect cybersecurity but now they definitely are. The job market is challenging, but I still believe that if you are a motivated individual, you can work your way to your dream job. I no longer believe that there are 4 million openings sitting vacant. Maybe that’s the number of cyber professionals the world needs, but I’d need to see data backing up claims that there are 4 million openings today.
Breaking Into Cybersecurity: A Realistic Approach
You do not have to have a degree in cybersecurity, but it certainly doesn’t hurt. Here are my 5 steps for becoming a security professional:
1. Learn to Speak the Language
Familiarize yourself with industry concepts and terminology through courses. Mike Chapple’s SSCP and CISSP courses are on LinkedIn Learning—often free with a library card. There are many free options here! This step helps you determine if security is truly your calling.
Don’t underestimate the value of understanding the fundamentals. Security is built on concepts like confidentiality, integrity, and availability. Knowing how to discuss these concepts intelligently will set you apart in interviews and networking events.
The security field has its own vocabulary, and fluency in this language signals to potential employers that you’ve done your homework. Terms like “threat modeling,” “defense in depth,” and “least privilege” should become second nature.
2. Network Relentlessly
Join organizations like ISACA (Information Systems Audit and Control Association), ISC2 (International Information System Security Certification Consortium), ISSA (Information Systems Security Association), or CSA (Cloud Security Alliance). Local meetups are invaluable too, depending on where you live.
You’ll never find a profession where people are more willing to help you get ahead. Security professionals genuinely want to see newcomers succeed and will offer guidance, mentorship, and sometimes even job leads.
Remember that security professionals come from all walks of life. It’s not all IT/technical backgrounds, and it’s not all firefighting or getting called in the middle of the night. The diversity of pathways into security is something to embrace rather than fear.
Consider Certification
While certifications aren’t mandatory, they provide structured learning and validate your knowledge to employers. They also demonstrate commitment to the field.
For beginners, I recommend considering the free Certified in Cybersecurity (CC) certification from ISC2. This helps with both speaking the language and building credentials without financial risk.
When it comes to certifications, I tell people that employers primarily recognize CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), and CISM (Certified Information Security Manager). Check job postings—they often list “one of the SANS certifications” rather than specifying which ones.
There’s an exception if you’re interested in red teaming/penetration testing, where certifications like LPT (Licensed Penetration Tester), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker), and OSCP (Offensive Security Certified Professional) carry more weight.
Both CISSP and OSCP are challenging exams, so I recommend warming up with an entry-level certification first to get used to test-taking under pressure. If you’re aiming for CISSP, consider Security+ or SSCP (Systems Security Certified Practitioner) as stepping stones. The SSCP is offered by the same organization as CISSP (ISC2), as is the free CC certification.
Get on Stage
Present on a security topic—perhaps something you already know about with a security angle added. This builds your reputation and demonstrates expertise.
Public speaking might seem intimidating, but it’s one of the fastest ways to establish yourself in the field. Start small, perhaps at a local meetup or a lightning talk at a conference. Choose topics where you have unique insights or experiences.
The ability to communicate complex security concepts clearly is a rare and valuable skill. By presenting, you not only build this skill but also make connections with potential employers and mentors who appreciate good communicators.
Claim Your Identity as a Security Professional
Cybersecurity is largely an unregulated industry. At some point, you need to confidently present yourself as a security professional. Update your LinkedIn profile, participate in forums, contribute to open-source projects, or write blog posts about security topics.
This step is often the hardest for newcomers—feeling confident enough to claim the identity. But remember that everyone starts somewhere, and the industry needs fresh perspectives. Your background, whatever it may be, likely gives you unique insights that will benefit the security community.
Finding Your Security Niche
The beauty of cybersecurity is its breadth. You can focus on governance and policy if you enjoy working with frameworks and documentation. You can dive into technical specialties like cloud security, application security, or network defense. You might prefer security education and awareness if you enjoy working with people.
Take time to explore different domains before specializing. Your previous experience likely gives you advantages in certain areas. Former developers often excel in application security, while those with business backgrounds might find governance roles more natural.
The Path Forward
Breaking into cybersecurity requires persistence, continuous learning, and networking. The field is challenging but rewarding, with problems that matter and colleagues who care. The 4 million job openings might be aspirational rather than current reality, but the need for talented, passionate security professionals remains strong.
What draws most of us to this field isn’t just the job security or pay—it’s the mission. We protect people, organizations, and critical systems from harm. We solve puzzles that matter. We make a difference.
If you’re serious about joining our ranks, start with step one today. Learn the language. Join a community. Begin the journey. The security community will welcome you, support you, and challenge you to grow.
And perhaps someday soon, you’ll find yourself saying, without a hint of sarcasm: “I love my job.”
The post Cybersecurity Talent Gap first appeared on Cybersecurity Insiders.
The post Cybersecurity Talent Gap appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/fm4HeTb
via IFTTT