Creating Connections: Make a difference.

Staying Connected

By Jennifer Eiben, The CyberWire

Was this shared with you? Subscribe here.

It's my favorite day of the year: GivingTuesday. Of all of the hype around the holiday season, I find GivingTuesday to be a true gift. It is time to slow down, take stock of what is important to myself personally and professionally, and take some action for others. Make a difference. This year is no different.

For those unfamiliar, "GivingTuesday was created in 2012 as a simple idea: a day that encourages people to do good. GivingTuesday was born and incubated at the 92nd Street Y and its Belfer Center for Innovation & Social Impact in New York City. GivingTuesday is now an independent nonprofit and a global movement that inspires hundreds of millions of people to give, collaborate, and celebrate generosity."

Personally, we have always gathered as a family from the time our children were small and collectively talked about ways to help others, including our family philanthropy. We wanted to lead by example and instill a tradition of giving in our daughters. Our extended family would assemble all of the cousins together at family Chanukah parties and the kids would advocate for their favorite organizations to receive a portion of their collective donation allotment. It was fun for the adults to watch the kids discuss and finally vote on where the money went. We called it sharing our light with others (went along with our Chanukah theme). While they cannot always be in the same room as they are now all young adults with other commitments, the cousins still share their favorite charities with one another and encourage giving. Everyone can make a difference. That's why I love GivingTuesday.

Professionally, I am so excited to share a pay-it-forward type of offering to you, our women in cybersecurity community, today. I am giving 10 free 1-year subscriptions to our CyberWire Pro, two each to five members of our audience. CyberWire Pro, or CWPro, offers exclusive podcasts, briefings, articles, and events. You have access to ad-free versions of our public podcasts, and our popular Quarterly Analyst Calls which are live webcasts discussing critical events of the last 90 days. Why would one person need two memberships? Well, there's the catch. You knew there had to be one. Each recipient must pay it forward and give the second membership to a student pursuing a cybersecurity education. Interested? Please email me and if you are one the first five to do so, the memberships are yours!

I hope you all find a way to make a difference today and everyday. As a woman in the cybersecurity industry, I know that you do! Cheers!

Had some great experiences making a difference as a woman in cybersecurity? We’d love to hear about them. Please email us and we may feature it in our next newsletter.

Featured Cyber Women

How much privacy are you willing to sacrifice for safety?

By Swathi West, BARR Advisory

When we live in a world where our personal data is constantly tracked and collected, privacy, the state of being free from observation by others, and security, the state of being free from danger, are paramount. We need both privacy and security for a better world. But who owns our personal data, really? There’s a complex balance between privacy and safety, as evidenced by “true crime” examples in which law enforcement used data collected from smart devices to solve cases. The lens of true crime shows us how privacy is often sacrificed for safety—but where do we draw the line? Read the full article.

Would you like to be featured in a future issue of the Creating Connections newsletter? We are currently accepting submissions for pieces written by women, about women, and information on women in cyber related events. Simply email us to get started.

Sponsorship vs. mentorship.

By Jessica Lyons Hardcastle, SDxCentral

While women (or anyone) in security (or any industry) may have many different mentors throughout their career that provide them guidance and coaching about how to navigate a particular challenge or grow into a new position within an organization, sponsorship is more active.

“Sponsorship, for me personally, is really advocating for someone when they’re not in the room,” Intel VP Suzy Greenberg said at a recent women in cybersecurity panel presented by Intel. When a job promotion or new opportunity arises, “there’s someone in the room that is speaking on your behalf, and what you’re capable of, when you’re not there to advocate for yourself,” she continued. “Sponsorship is a very intimate experience, and it’s very intentional as well.” Read the full article.

Veterans: Serving our nation after they hang up the uniform.

By Gina Johnson, The CyberWire

The recent passage of the President’s infrastructure bill has been a hot topic for quite some time, and refreshingly enough, nearly $2BN has been earmarked for cybersecurity. We in this industry know how desperately these funds are needed to strengthen our nation’s cybersecurity posture, but we also know how desperately we need practitioners across the cyber landscape. Fortunately, educational institutions are quickly beginning to recognize that current military service members and veterans are uniquely qualified to rise to the challenge, and are working to increase their outreach specifically to university students who are currently serving or have recently separated from service. Having the backing of federal funds will enable these institutions to broaden their reach and provide more training to those who wish to be a part of the defense of our cyber infrastructure.

Transitioning to roles in cybersecurity can be a natural order of events for veterans and soon-to-be-separated servicemembers due to their ability to assess challenges, respond appropriately on-the-fly, and maintain constant situational awareness during high-tension events. They are also able to produce results quickly and reliably, as well as maintain mission integrity by keeping sensitive and classified material fully confidential. This dedication to mission response and results is precisely what cyber infrastructure needs in order to continue to serve our nation now and in the future, so why not enable the servicemembers who held fast the physical lines in service and battle to also hold fast the virtual lines in cybersecurity to continue to protect our nation?

Thank you to all of the veterans in our audience, and to those who aren’t; we are eternally grateful for your service and the sacrifices made that keep our nation standing strong.

Join us at the movies.

By The CyberWire Staff

If you are a regular listener of the CyberWire’s social engineering podcast, you may have come across some special episodes added to the Hacking Humans podcast feed this month. On Veterans Day and Thanksgiving, we shared the first two episodes of an occasional series we are calling Hacking Humans Goes to the Movies.

Hosted by Dave Bittner from the CyberWire and his Hacking Humans co-host Joe Carrigan from the Johns Hopkins University Information Security Institute, Dave and Joe watch clips from some of their favorite movies, clips which demonstrate some of the scams and schemes they talk about on Hacking Humans. Dave and Joe are joined on these special episodes by Rick Howard, the CyberWire’s Chief Security Officer and Chief Analyst, who tweeted about his appearances in the show, “Life Goal Achieved: I get paid money to watch movies. Sweet!!”

The group watches the movie clips in real time together, and they share a link to each clip from YouTube in the episode's show notes so if listeners want to watch along with them, they can do that. Hosts describe the scene while it is happening, and then afterwards the three of them deconstruct what they’ve seen and describe the social engineering that took place. Sound like fun? Grab some popcorn and check out the Hacking Humans podcast feed on your favorite podcast app for the episodes on 11/11/21 and 11/25/21 to join in, and stay tuned, there will be more episodes to come.

Women on the CyberWire

CyberWire Daily

Carole Theriault gives her take on Facebook banking on the metaverse and what the metaverse could mean.

Dinah Davis from Arctic Wolf shares what security gifts to get your family this year.

Carole Theriault talks about online gaming during the pandemic.

Dinah Davis from Arctic Wolf on double the zero days in 2021.

Carolyn Crandall of Attivo Networks talks about what organizations should be focused on to protect Active Directory.

Carole Theriault shares her thoughts on the supply chain.

Jessica Hetrick of Optiv Security shares thoughts on cyber fraud running rampant.

Carole Theriault takes on high value targets.

Carole Theriault wonders if you can train yourself free of social engineering.

Career Notes

Anisha Patel of Raytheon Intelligence and Space in the Cyber Protection Services Division always loved math and it defined her career journey.

Swati Shekhar of Ground Labs shares her circuitous route from and back to engineering.

Caveat

Jenny Lee from Arent Fox LLP discusses the recent Facebook whistleblower testimony.

Hacking Humans

Guest Dr. Jessica Barker from Cygenta talks with UK correspondent Carole Theriault about how every month should be cyber awareness month.

Interview Selects

Carolyn Crandall of Attivo Networks on what organizations should be focused on to protect AD (extended interview).

Research Saturday

Tara Gould, Senior Intelligence Researcher at Anomali, discusses their team's work on "Inside TeamTNT’s Impressive Arsenal: A Look Into A TeamTNT Server."

Afternoon Cyber Tea

Diana Kelly of SecurityCurve about helping inexperienced organizations get up to speed on the cybersecurity landscape, some of the current significant security and privacy hurdles currently plaguing the field, and some of the best practices to assist network defenders and users trying to combat botnet threats.

Rinki Sethi of Twitter on the recent rise in cybercrime.

Amy Hogan-Burney of Microsoft on how to address the leap in cyberattack sophistication seen in the new Microsoft Digital Defense Report, and the steps needed to establish new rules for cyberspace.

Security Unlocked

Whitney Merrill of Asana discusses how to avoid common privacy mistakes, current privacy attack trends, and the importance of thinking like an attacker.

Events

Certified CMMC Professional (CCP) Exam Prep (Orlando, Florida, USA, Dec 6 - 10, 2021) Edwards CMMC-AB approved CCP courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC Industry’s most respected consultants (e.g., Jacob Horne, Amira Armond*) along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now!

Women Leaders in Cybersecurity - Critical Cybersecurity Updates (Virtual, Dec 7, 2021) Women Leaders in Cybersecurity - Critical Cybersecurity Updates: Digital Extortion; International Supply Chain Attacks; and Critical Infrastructure Risk. In our sixth year of programming, Women Leaders in Cybersecurity invites you to our December program Critical Cybersecurity Updates: Digital Extortion; International Supply Chain Attacks; and Critical Infrastructure Risk. We will feature a star lineup of women speakers from government, the private sector and academia for an interdisciplinary discussion of the legal, policy, technological and ethical issues regarding these key concerns. You will not want to miss this update!

CIA Cyber Innovations Webinar (Virtual, Dec 9, 2021) Register now for the CIA Cyber Innovations Webinar on December 9 at 9:00 AM ET featuring Jennifer Ewbank, Deputy Director of CIA for Digital Innovation and Jennifer Nelson, AWS Director, National Security, moderated by Thomas K. Billington, CEO, Billington CyberSecurity. Topics to be discussed include: The top cyber priorities and digital innovations at the CIA, Ways to leverage the workforce to address key cyber challenges, How can the private sector and public sector interact most successfully, How to attract and retain technical talent and to approach workforce development and upskilling with its customers and its own workforce, The background for merging the CIA CISO organization into the DDI, The biggest innovation and modernization opportunities within the national security community, How and what is needed from the private sector to help the CIA get data security, cybersecurity, and data value extraction right to meet its multiple missions, and Where does the CIA and the DDI fit into the overall government cybersecurity efforts?

NSA Codebreaker Challenge 2021 (Virtual, Dec 31, 2021) The 2021 Codebreaker Challenge consists of a series of tasks that are worth a varying amount of points based upon their difficulty. Schools will be ranked according to the total number of points accumulated by their students. Solutions may be submitted at any time for the duration of the Challenge. While not required, we recommend that you solve tasks in order, since they flow with the storyline. Later tasks may rely on artifacts / inputs from earlier tasks. Each task in this year's challenge will require a range of skills. We need you to call upon all of your technical expertise, your intuition, and your common sense. Good luck. We hope you enjoy the challenge!

Selected Reading

EU needs more cybersecurity graduates, says ENISA (Register) Skills gap needs filling somehow

45% of organisations prefer not to disclose employee information leaks: Kaspersky report (Business Today) According to the same Kaspersky report, only 44% of businesses offer IT security training to its employees.

FBI: Online shoppers risk losing over $53M to holiday scams (BleepingComputer) The Federal Bureau of Investigation (FBI) warned today that online shoppers risk losing more than $53 million during this year's holiday season to scams promising bargains and hard-to-find gifts.

Rising Cybersecurity Star Hopes New Blockchain Characters Will Get Girls Into Tech | Scoop News (Scoop Independent News) Entrepreneur Ankita Dhakar, 27, is launching a world of butt-kicking female NFT characters, called Cyber Cosmos Warriors as she campaigns to increase the number of women working in tech. Dhakar is the award-winning founder of international cybersecurity ...

A message from Judge William Webster 2021 award recipient - Sue Gordon (International Spy Museum on LinkedIn) Join us for an evening of intrigue! The Honorable Susan M. Gordon will be awarded the William H. Webster Distinguished Service Award on Wednesday, December...

The DoD Announces CMMC 2.0 - Edwards Performance Solutions (Edwards Performance Solutions) On November 4, The Department of Defense (DoD) announced changes to the Cybersecurity Maturity Model Certification (CMMC) framework, calling it CMMC 2.0. Significant updates were made to the CMMC infrastructure, but overall CMMC 2.0 simplifies the standard. The DoD also expressed it's support of the CMMC Accreditation Body (CMMC-AB), with…

Encouraging more women in cyber security (Information Age) Andrea Babbs, head of sales UK & Ireland at VIPRE Security, discusses how organisations can better encourage women in cyber security

Cyberthreat awareness low among remote workers (SC Media) A Unisys study revealed that only 21% of hybrid and remote workers were knowledgeable of advanced online threats even though 61% felt having primary responsibility for their digital security.

Comcast Rise Announces Major Expansion To All Women-Owned Small Business Nationwide Starting In 2022 (Oregon Business) In its first year alone, Comcast RISE has provided over $60 million in grants, marketing, and technology services to support more than 6,700 small businesses owned by people of color. With the expansion to all women-owned small businesses, the program is on track to support 13,000 business by the en...

Time to close the gender gap - why we need more women in STEM (Information Age) Crissi Williams, CEO of the Institute of Telecommunications Professionals (ITP), discusses why we need more women in STEM

Cybersecurity Careers: Are Women in Cyber Faring Better Than Those in IT? (Toolbox) The participation of women in tech and cybersecurity sectors is rising at a snail’s pace. Let’s look at whether the cybersecurity sector can serve as a key vector for women empowerment in the days ahead.

Op-Ed: Why Sponsorship Matters to Women in Cybersecurity (SDxCentral) “Sponsorship is advocating for someone when they’re not in the room,” Intel VP Suzy Greenberg said during a women in cybersecurity panel.

Homeland Security takes a step to bolster the cybersecurity workforce | Federal News Network (Federal News Network) The Cybersecurity and Infrastructure Security Agency, part of Homeland Security, has awarded a $1 million grant to a non-profit — the CyberWarrior Foundation.

Instituting transparency in cybersecurity (Security) Foregrounding transparency can go a long way in securing your organization's technology and workforce, according to four cybersecurity experts from Intel. Suzy Greenberg, Vice President of Communications and Incident Response; Maggie Jauregui, Offensive Security Researcher; Katie Noble, Director of Intel's Product Security Incident Response Team (PSIRT) and Bug Bounty; and Amit Elazari, Director of Global Cybersecurity Policy discussed transparency in bug bounty and vulnerability disclosure programs, as well as gender parity in cybersecurity.

Women in Cybersecurity Aren’t Unicorns: ‘We Do Exist’ (SDxCentral) Women currently make up close to 25% of the cybersecurity workforce, according to WiCyS and Cybersecurity Ventures’ estimation.

The shared responsibility of tech to break down diversity barriers (Information Age) Alison Tierney, GVP EMEA at Snowflake, discusses the shared responsibility that the tech sector has in breaking down diversity barriers

Supporting women in tech is as prevalent as ever - Information Age (Information Age) Kevin Dainty, business development manager at Reed - Technology, discusses why supporting women in tech is as prevalent as ever

Women Know Cyber: The Documentary (YouTube) "WOMEN KNOW CYBER: THE DOCUMENTARY" features women in cybersecurity from across the globe who share their stories in an effort to recruit more female cybercr...

Pre-IDF program seeking young women to train in cybersecurity skills (Times of Israel) Military school under C4I and Cyber Defense Directorate offers specialized preparatory program for cyber defense, DevOps courses

The rift tearing apart white women (POLITICO) Tuesday night might have been the last night pollsters and pundits talk about white women as a singular political unit. That’s because exit polls in the Virginia governor’s race showed a huge rift in the way white women with college degrees and white women without college degrees vote. Fifty-four percent of white college-educated women voted for Democratic candidate Terry McAuliffe, while 45 percent voted for Republican candidate Glenn Youngkin. On the other hand, 68 percent of white non-college-educated women voted for Youngkin, while 31 percent voted for McAuliffe. Those numbers, which came from Fox’s voter analysis, were among the most striking from Youngkin’s surprise victory Tuesday night.

Awareness and Training for CMMC Model | Cyber Security with Dana Mantilia (Edwards Performance Solutions: YouTube) Join Senior Cyber Security Consultant, Joy Beland, in this "Cyber Security with Dana Mantilia" interview, as they discuss:-Awareness and Training for CMMC Mo...

The Future of Cybersecurity: What Will it Look Like in 2031? (Security Intelligence) What's coming for attackers, security teams and online and network security in 10 years? Three experts in the field predict the future of cybersecurity.

CMMC Explained: RP & RPO (Edwards Performance Solutions: YouTube) Exactly how much knowledge and experience will a Registered Practitioner (RP) or the Registered Provider Organization (RPO) bring to an organization that is ...

Women in the News

Building the future of continuing education (financialpost) When Tracey Taylor-O’Reilly was recruited to join York University as assistant vice-president, continuing studies, she was given a once-in-a-lifetime opportunity to build an entirely new model for continuing professional education from the ground up — literally and figuratively.

11 diverse women helping shape Gloucestershires cyber sector - SoGlos (SoGlos) With Gloucestershires cyber sector growing at an astonishing rate, SoGlos takes a look at some of the talented women helping shape its future as part of the CyberGlos series.

KC cybersecurity expert: Women will flock to STEM careers post-pandemic (Kansas City Business Journal) Women who left the workforce during the pandemic may be planning their comebacks, and some are giving STEM careers strong consideration.

Epic Women in Cyber — Ana Ferreira (Medium) Ana Ferreira (PhD, CISSP, HCISPP), is an Information Security & Health Researcher at the University of Porto, Portugal. In 2021, she was…

KeyCaliber raises $2.6M to accelerate platform development and propel go-to-market channels - Help Net Security (Help Net Security) KeyCaliber announced its $2.6M seed funding from leading venture capital firms Lytical Ventures, Unusual Ventures, and HearstLab.

Epic Women in Cyber —Sema Yuce (Medium) Sema is the founder and director of a boutique London-based information security governance, risk, and compliance (GRC) management…

The Power of Diversity: Women 100 (City & State NY) The female leaders evening out the balance of power in New York.

N-able Appoints Ann Johnson to Board of Directors and Launches New Board-Level Cybersecurity Committee (Business Wire) N-able, Inc. (NYSE: NABL), the purpose-built technology partner for managed services providers (MSPs), today announced the addition of Ann Johnson as

Cybersecurity leader gives $50k, establishes CISO Fund Cybersecurity Scholarship Endowment - University of West Florida Newsroom (University of West Florida Newsroom) The University of West Florida has created the CISO Fund Cybersecurity Scholarship Endowment with a $50,000 gift from Adam Ely, technology executive and chief information security officer for Fidelity. The endowment, established in honor of Ely’s illustrious career as an entrepreneur and cybersecurity expert, will provide scholarship support for students to launch or advance cybersecurity […]

Sivan Tehila: Shaping the Cybersecurity Industry (CIO Look) Sivan Tehila is the Founder of Cyber Ladies NYC, Program Director & Professor at the Yeshiva University & the co-founder of Onyxia

Female-Founded Cybersecurity Startup Wabbi Raises Over $2M in Seed Funding (Dark Reading) Wabbi enables companies to assimilate application security processes into development pipelines to produce and scale application security across enterprises.

One Last Thing

Give your sales team the gift of leads. The CyberWire's sponsorship programs reach security leaders across the globe and they depend on us every day to deliver the news and analysis they need to do their jobs. What better way to start the year than getting your brand and message out to our audience and filling your sales funnel. Learn more or contact us to get started.