Cyber Work

Today on Cyber Work Ché Wijesinghe of Cape Privacy talks about the safe and ethical collection of user data when creating machine learning or predictive models. When your bank is weighing whether to give you a loan, they can make a better choice the more info they know about you. But how secure is that contextual data? Hint: not as secure as Wijesinghe would like! – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Machine learning and data collection2:37 - Getting started in cybersecurity3:15 - Being drawn to big data4:35 - What data is driving decision-making?9:04 - How is data collection regulated?15:02 - Closing the encryption gap16:50 - Careers in data privacy19:07 - Where can you move from data privacy?21:20 - Ethics of data collection 23:25 - Learn more about Wijesinghe 23:55 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A Privacy Manager is responsible for the development, creation, maintenance and enforcement of the privacy policies and procedures of an organization. They ensure compliance with all privacy-related laws and regulations. The Privacy Manager takes an active lead role when a privacy incident or data breach occurs and will start the investigation. They will then monitor, track and resolve any privacy issues. The Privacy Manager builds a strategic and comprehensive privacy program for their organization that minimizes risk and ensures the confidentiality of protected information.Advanced knowledge of privacy law and data protection is critical to success in this role.– Free cybersecurity training resources: https://www.infosecinstitute.com/free- Learn more about privacy managers: https://www.infosecinstitute.com/role-privacy-manager/0:00 - Working as a privacy manager0:40 - What does a privacy manager do? 3:02 - Experience a privacy manager needs5:15 - Is college necessary for a privacy manager?8:05 - Skills needed to be a privacy manager10:30 - What tools does a privacy manager use?11:15 - Where do privacy managers work? 12:15 - Roles privacy managers can move to13:30 - How do I get started becoming a privacy manager?About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Just getting started?  This role is for you!The Cybersecurity Beginner role focuses on the foundational skills and knowledge that will allow anyone to take the first step towards transitioning into a cybersecurity career.  No prior knowledge of cybersecurity or work experience is required. The only prerequisite is a passion for technology and cybersecurity.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more about the role here: https://www.infosecinstitute.com/role-cybersecurity-beginner/0:00 - Working as a cybersecurity beginner0:41 - Tasks a cybersecurity beginner may take on4:15 - Cybersecurity work imposter syndrome5:49 - Common tools cybersecurity beginners use9:08 - Jobs for cybersecurity beginners13:50 - Get started in cybersecurity About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Industrial control system (ICS) security practitioners are responsible for securing mission-critical SCADA and ICS information systems. They are responsible for restricting digital and physical access to ICS devices, such as PLCs and RTUs, to maximize system uptime and availability. Extensive knowledge of OT and IT protocols, incident response, Linux and Windows OS, configuration management, air-gapped or closed networks, insider threats and physical security controls are important competencies for any ICS security practitioner.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more about ICS security practitioners: https://www.infosecinstitute.com/skills/train-for-your-role/ics-security/O:00 - ICS security practitioners 0:25 - What is an industrial control system practitioner?2:22 - How to become an ICS practitioner 4:00 - Education required for an ICS practitioner 5:00 - Soft skills ICS practitioners need6:05 - Common tools ICS practitioners use 7:59 - Where do ICS practitioners work? 10:05 - Can I move to another role after ICS practitioner? 12:18 - Getting started as an ICS practitioner About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!This episode was recorded live on April 12, 2022. Want to join the next Cyber Work Live and get your career questions answered? See upcoming events here: https://www.infosecinstitute.com/events/.0:00 - Intro and guests3:45 - What is privacy as a career? 8:15 - Day-to-day work of a cybersecurity privacy professional?16:45 - Intersection of law and tech degrees20:30 - What beginner privacy certifications should I pursue? 25:45 - Best practices for studying for IAPP certifications33:00 - How to gain experience in cybersecurity privacy work40:27 - How to interview for a cybersecurity privacy job45:00 - GDPR and ransomware 51:52 - Implementation of privacy laws and security positions 58:15 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Security engineers are responsible for implementing, and continuously monitoring security controls that protect computer assets, networks and organizational data. They often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network/web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more: https://www.infosecinstitute.com/skills/learning-paths/security-engineering/0:00 - What is a security engineer? 3:39 - How do I become a security engineer? 4:52 - Studying to become a security engineer5:47 - Soft skills for security engineers7:05 - Where do security engineers work? 9:43 - Tools for security engineers12:10 - Roles adjacent to security engineer 13:15 - Become a security engineer right nowAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Information risk analysts conduct objective, fact-based risk assessments on existing and new systems and technologies, and communicate findings to all stakeholders within the information system. They also identify opportunities to improve the risk posture of the organization and continuously monitor risk tolerance.– Free cybersecurity training resources: https://www.infosecinstitute.com/free– Learn more: https://www.infosecinstitute.com/skills/train-for-your-role/information-risk-analyst/0:00 - Information risk analyst career0:30 - Day-to-day tasks of an information risk analyst2:09 - How to become an information risk analyst4:00 - Training for an information risk analyst role5:42 - Skills an information risk analyst needs9:24 - Tools information risk analysts use10:51 - Jobs for information risk analysts 13:08 - Other jobs information risk analysts can do18:05 - First steps to becoming an information risk analystAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Moshe Zioni of Apiiro talks about threat research and how to properly report discovered code vulnerabilities. We discuss the ways that vulnerabilities can find their way into code despite your best intentions, the difference between full disclosure and responsible disclosure, and being in the last generation to still grow up before the internet changed everything. – Free cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity threat research 2:21 - Getting interested in computers3:25 - Penetration testing and threat research 6:15 - Code vulnerabilities 10:58 - Research process for vulnerabilities 17:05 - Proper reporting of threats23:11 - Full disclosure vs proper disclosure25:53 - Current security threats30:20 - Day-to-day work of security researchers 32:02 - Tips for working in pentesting 35:32 - What is Apiiro?39:11 - Learn more about Moshe Zioni 39:42 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

TEDx speaker, security researcher, host of the podcast MiC Club and all-around expert on security awareness and social engineering, Dr. Erik Huffman, is today's guest. Huffman spoke at the 2021 Infosec Inspire virtual conference, and for those of you who were captivated by his presentation, prepare for another hour of Dr. Huffman’s insights on why we need to teach security awareness from insight, rather than fear or punishment, how positive name recognition in an email can short-circuit our common sense and how to keep your extrovert family members from answering those questions online about your first pet and the street you lived on as a child.– Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Clicking on phishing attacks3:13 - First getting into cybersecurity5:00 - Higher education and cybersecurity 7:41 - Cybersecurity research projects10:05 - Impacting a cybersecurity breach 11:14 - Security awareness and social engineering15:45 - Common social engineering tricks 23:00 - Changing security habits30:15 - Cybersecurity communication avenues33:30 - Getting family members cyber safe38:00 - Harvesting info via social media42:13 - Working in security awareness and threat research44:54 - Importance of white papers and documentation 55:04 - Learn more about Erik Huffman56:00 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Marcus Fowler, senior vice president of strategic engagement and threats at DarkTrace, talks about attack vectors currently facing embedded journalists, their need to be available at all times for potential sources and how that openness makes them, their company and their confidential sources potential attack vectors for cybercriminals. Fowler talks about security hardening strategies that don’t compromise journalistic availability, the work of threat research and why people with natural interests in cybersecurity will have their career path choose them, not the other way around. – Start learning cybersecurity for free: https://www.infosecinstitute.com/free – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Cybersecurity threats to journalists 3:00 - Getting into cybersecurity 5:50 - CIA cybersecurity training7:18 - Joining DarkTrace in engagement threat roles10:22 - Tasks with engagement threat jobs13:22 - Cybersecurity work balance17:49 - Advanced persistent threats against media23:33 - Attack vectors journalists face26:14 - Journalist cybersecurity savvy 28:08 - A truly secure journalism source 32:58 - Damage from a compromised source36:05 - Main cybersecurity threats right now38:37 - Qualifications needed to work as a threat researcher42:52 - Safe cybersecurity jobs 47:05 - What is DarkTrace?49:06 - Learn more about Marcus Fowler50:11 - OutroAbout InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.