Creating Connections: Recognize the opportunities.

Staying Connected

By Jennifer Eiben, The CyberWire

Was this shared with you? Subscribe here.

Read any good cybersecurity books lately? Where do you go to get recommendations for books to learn more about the industry? One of my colleagues, Rick Howard, the CyberWire's CSO and Chief Analyst, helped to create the Cybersecurity Canon in 2013. According to their Twitter account, the Cybersecurity Canon "is a curated collection of "must-read #InfoSec books that are of the highest quality and, if not read, will leave a hole in the #cybersecurity professional's education that will make the practitioner incomplete." You can learn more about the Cybersecurity Canon here.

I'm sharing this because during the week of May 24th, Rick will be interviewing authors of five of the winning books that are being inducted into the Cybersecurity Canon Hall of Fame for 2021 on the CyberWire's Daily Podcast. One of the authors he is interviewing is Liza Mundy. She is the author of Code Girls: The Untold Story of the American Women Code Breakers of World War II. Goodreads introduces "Code Girls" as:

Recruited by the U.S. Army and Navy from small towns and elite colleges, more than ten thousand women served as codebreakers during World War II. While their brothers and boyfriends took up arms, these women moved to Washington and learned the meticulous work of code-breaking. Their efforts shortened the war, saved countless lives, and gave them access to careers previously denied to them. A strict vow of secrecy nearly erased their efforts from history; now, through dazzling research and interviews with surviving code girls, bestselling author Liza Mundy brings to life this riveting and vital story of American courage, service, and scientific accomplishment.

While "Code Girls" does not discuss modern cybersecurity, Rick said the book "highlights key women being successful in our field at the very beginning of cybersecurity history." Rick's interview with Liza Mundy airs on the CyberWire's Daily Podcast on May 27th. Our team recommends you check out "Code Girls" and the books that not only were named winners, but all that were nominated. There are some really great reads in the collection.

Read a good book relating to Women in Cyber recently? We’d love to hear about it! Please email us with the link and we may feature it in our next newsletter.

Featured Cyber Women

Women leaders and forced digital transformation.

By Jaclyn Miller, NTT Ltd.

Digital transformation (DT or DX) may be a defining term of the last decade, for both the technology sector and many other industries. However, unplanned or “forced” digital transformation may define the next decade as we continue to work, live and do business during a global pandemic.

I recently had the opportunity to speak about forced digital transformation with my friend and colleague Jason Lee, director of cybersecurity advisory for NTT Managed Services. The topic is a familiar one for many who work in managed services, and the discussion stuck with me as particularly resonant for women leaders in IT and cybersecurity. Read the full article.

Would you like to be featured in a future issue of the Creating Connections newsletter? We are currently accepting submissions for pieces written by women, about women, and information on women in cyber related events. Simply reply to this email to get started.

The CyberWire at RSAC.

By Kelsea Bond, The CyberWire

The 2021 RSA Conference kicks off today, and my team at the CyberWire has been heads down prepping our virtual booth. Like many others express, it’s definitely weird to not be attending live in San Francisco like we always do (Throwback 2020). We will miss seeing everyone in person, meeting new fans and seeing old friends, but the team at RSAC is keeping the energy going by making the virtual experience interactive and the content relevant and valuable to all corners of the globe. If you're curious how RSAC will be running things this year, check out our interview with Linda Gray Martin & Britta Glade with a preview of this year’s conference, as well as an overview on the RSAC Innovation Sandbox contest happening this Wednesday with Cecelia Marinier.

If you’ll be attending this year, be sure to visit us at Broadcast Alley by heading over to the Media Center tab when you are logged in. Rick Howard, our Chief Analyst and CSO also wrote a piece for the RSAC blog to share his thoughts about the conference's theme - Resilience. We hope to see you there!

Special topics podcasts as resources.

By the CyberWire staff

As our RSA experiences are markedly different from years past, we offer up some CyberWire-X episodes as educational resources for your professional development. While not a regular feature, the CyberWire produces a series of specials called CyberWire-X where our team collaborates with cybersecurity experts from a wide range of disciplines to create a diverse array of informed and fresh perspectives. Three recent episodes may be of interest to our readers:

Channeling the data avalanche. In this episode of CyberWire-X, guests discuss present and future threats posed by an unmanageable data avalanche, as well as emerging technologies that may lead public and private sector efforts through the developing crisis. Don Welch of Penn State University and Steve Winterfeld of Akamai share their insights with Rick Howard, and Egon Rinderer from sponsor Tanium offers his thoughts with Dave Bittner.
Street cred: increasing trust in passwordless authentication. In this episode of CyberWire-X, guests discuss a framework of technical controls to ensure only trusted sessions authenticate, regardless of faults or failures in any one factor. We share a path forward for increasing trust in passwordless authentication. Nikk Gilbert of CISO of Cherokee Nation Businesses and retired CSO Gary McAlum share their insights with Rick Howard, and Advisory CISO of Duo Security at Cisco Wolfgang Goerlich from sponsor Duo Security offers his thoughts with Dave Bittner.
Zeroing in on zero trust. In this episode of CyberWire-X, guests discuss the origins of the model, cut through the hype, and discuss what you really need to know to design, implement, and monitor an effective Zero Trust approach. John Kindervag of ON2IT Cybersecurity, also known as the "Creator of Zero Trust," shares his insights with the CyberWire's Rick Howard, and Tom Clavel of sponsor ExtraHop joins Kapil Raina from their partner CrowdStrike to offer their thoughts to the CyberWire's Dave Bittner.

Have a listen. Thanks for joining us this month! Stay tuned for our next CyberWire-X which includes female voices.

Women on the CyberWire

The Daily

Andrea Little Limbago from Interos addresses asymmetric power within cyberspace and how that plays out in warfare.

Betsy Carmelite looks at the intersection of 5G and zero trust.

May Habib from Writer on how the AI is helping the security industry with outdated and problematic terminology.

Dinah Davis from Arctic Wolf has tips on preventing RDP attacks.

Betsy Carmelite from Booz Allen Hamilton on telemedicine security concerns.

Linda Gray Martin & Britta Glade from RSA with a preview of this year’s RSAC conference.

Cecelia Marinier from RSA on the RSAC Innovation Sandbox.

Carole Theriault on non-fungible tokens (NFT): what they are, why people are talking about them, and what to look out for.

Research Saturday

Jen Miller-Osborn from Palo Alto Networks' Unit 42 on their 2021 Unit 42 Ransomware Threat Report, which highlights a surge in ransomware demands based on a global analysis of the threat landscape in 2020.

LTC Erica Mitchell from Army Cyber Institute on their infrastructure resiliency research project called Jack Voltaic.

Career Notes

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research]

Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture]

Dominique West: Security found me. [Strategy]

Pro: CSO Perspectives

Denise Anderson joins a conversation discussing cybersecurity strategies and tactics in healthcare.

Helen Patton joins a conversation discussing cybersecurity strategies and tactics in the energy sector.

Caveat

Caitlin Fennessy from International Association of Privacy Professionals (IAPP) joins Dave to discuss the shift in the privacy sector under the Biden administration.

Hacking Humans

Margaret Cunningham from Forcepoint talks with Dave about cognitive biases that lead to reasoning errors in cybersecurity

Stacey Nash, Head of Fraud and Central Operations at USAA, joins Dave to discuss romance or sweetheart scams

Julie Smith from the Security Alliance on Identity Management Day

Helen Lee Bouygues of the Reboot Foundation on social media’s effect within the misinformation ecosystem and how users can best fight fake news

Interview Selects

Jaclyn Miller on diversity, inclusion and remote access security.

Events

RSA Conference 2021 (Virtual, May 17 - 21, 2021) The 30th anniversary of RSA Conference will take place the week of May 17, 2021 at the Moscone Center in San Francisco versus in February. The physical event will be accompanied by a robust and innovative virtual experience.

I’m a technologist, do I really need Soft Skills? (Virtual, May 19, 2021) In this session you will learn the importance of building and leveraging personal networks, diplomacy, problem solving and a host of other skills.

Understanding Burnout: Recovery & Prevention (Virtual, May 20, 2021) Occupational burnout is becoming the "common cold" of the workplace, especially for millennials. In this talk, Dr. Candice Schaefer will review what burnout is, and more importantly, how to recover from it and how to prevent it from happening all together.

Women in Security and Privacy: Who is the future you? (Virtual, May 25, 2021) "Every decision made about you and your opportunities is made in a room you're not in." - Joanna Bloor What Joanna will also tell you is that in that "room" she's talking about, people are making decisions based on their perception of your potential, the Future You. Join Joanna as she shares how and why you need to think about the Future You and why it's critical to creating the future YOU want in the modern working world. You will learn: Why you need to create your own professional "Future You" plan - the professional development plan. What tools you need to start building. How this impacts your professional ambitions and potential paths to promotion.

vGHC EMEA - Europe, Middle East and Africa (Grace Hopper) (Virtual, May 25 - 27, 2021) AnitaB.org is planning our first ever Virtual Grace Hopper Celebration (vGHC) in the European, Middle Eastern, and African (EMEA) region, which will be our first soiree outside the English-speaking world and onto Continental Europe. With our goal to uplift and celebrate the diversity and power of all women technology leaders worldwide, we are thrilled to bring the legacy of GHC to the entire EMEA region. This includes women technologists most underrepresented in the tech field. Together, we look to provide technical training and career development opportunities to these women and their allies, as well as develop novel solutions for ethical and social responsibility issues in technology.

Selected Reading

RSA Conference 2021 Kicks Off as a Fully Virtual Experience (RSAC 2021) RSA® Conference, the world's leading information security conferences and expositions, opens its 30th annual event today as a fully virtually experience. RSA Conference is the premier event for...

The Woman Who Clarified Einstein’s Idea (WSJ) Emmy Noether, a pioneer of abstract math, helped explain the theory of relativity to mathematicians.

What CISOs really want from security vendors (CSO Online) Less risk? Better security? Value for dollars spent? Check, check, and check. But of all the things CISOs want from security vendors, trusted partnership tops the list. Here's how leading CISOs find and foster those relationships.

UK faces significant cyber talent shortfall (ComputerWeekly.com) Cyber security sector is struggling to attract the talented workforce it needs.

Cyber-bullying Spawns Artistic Protest (Infosecurity Magazine) Artists turn 700 misogynistic comments made online into 3,000m-long artwork

Quarter of CISOs and IT Leaders Self-Medicate as Pandemic Stress Spikes (Infosecurity Magazine) Quarter of CISOs and IT Leaders Self-Medicate as Pandemic Stress Spikes. OneLogin claims only half have access to mental health services

Challenging Our Education System to Nurture the Cyber Pipeline (Dark Reading) Let's teach students how to teach themselves. Once we do that, we will have taught a generation of students how to think like hackers.

How to select a cybersecurity framework to protect your greatest assets: People, property and data () Even if you are not mandated to adhere to any particular regulations, it still makes sense for your business to be proactive in managing risk. All frameworks include guidance for good cybersecurity hygiene, such as effective inventory and asset management, contingency planning, personnel security, system access control, and staff awareness and training, to list a few. To prepare for the aftermath of a cyber incident, frameworks provide incident response guidelines you can follow to recover and try to limit the damage. Establishing a framework can not only help your organization follow best practices but also bring rigorous cyber discipline to your organization.

Cybercriminals exploit these cognitive biases the most () A new report examines how cybercriminals are using cognitive bias techniques to target employees in social engineering attacks.

President Biden signs executive order to strengthen U.S. cybersecurity defenses () U.S. President Joe Biden has signed an executive order (EO) to improve the cybersecurity of the U.S. As the U.S. faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately people’s security and privacy, the EO seeks to improve efforts to identify, deter, protect against, detect, and respond to these actions and actors. Specifically, the EO will:

Half of women in cybersecurity report positive career impact from COVID-19 () While the global job market has been hit hard by the pandemic, cybersecurity job recruitment thrived in 2020. According to a new global report from human layer security company Tessian, titled Opportunity in Cybersecurity 2021, 94% of women in cybersecurity hired new staff members in 2020 to support their teams, with IT, finance and healthcare industries making the most hires.

A New On-Ramp To Cyberspace (Cybercrime Magazine) Career paths for young people, minorities, and women

Women Hold 25 Percent of Cybersecurity Jobs Globally In 2021 (Cybercrime Magazine) Cybersecurity Ventures and WiCyS announce research and media partnership

Deloitte puts women in cyber in the spotlight (PR Newswire) /PRNewswire/ -- Deloitte Cyber introduced today a new global awareness and recruitment campaign to attract more women with diverse skill sets and backgrounds...

2021 Return to Workplace Survey | Deloitte US (Deloitte United States) Deloitte's Return to Workplaces Survey provides insights from clients on hybrid work models, masks, distancing and vaccines as we navigate the next new normal.

Ransomware Gangs: We Applied for a Job With One Online | CyberNews (CyberNews) We spoke with threat actors who were running a Ragnar Locker ransomware affiliate operation for more than a decade.

APT in action: XDSpy and Sandworm | CyberNews (CyberNews) Numerous APT groups have been attacking governments and the private sector. Some of them operated undetected for as long as a decade.

Katie Moussouris about cyberespionage: it is getting a lot muddier | CyberNews (CyberNews) It is quite tricky to parse out whether a cyberattack, such as SolarWinds, is an act of espionage or cyberwar.

10 APT groups that joined the MS Exchange exploitation party | CyberNews (CyberNews) At least five APTs were exploiting the Microsoft Exchange servers before the company released patches. After that, five others joined the party.

Coded bias: do you need to be white to play peekaboo with a robot? | CyberNews (CyberNews) When Joy Buolamwini first started working with social robots, she had to wear a white mask while coding. Otherwise, the robot would simply ignore her.

The NFT craze: buy, mint, or stay away from it? | CyberNews (CyberNews) While NFTs provide bread for some artists, they also come with weighty problems of copyright infringement and potential theft.

Women in the News

BlackCloak's Ingrid Gliottone Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2021 (PR Newswire) /PRNewswire/ -- BlackCloak is proud to announce we have won the following award from Cyber Defense Magazine (CDM), the industry's leading electronic...

Karen Kukoda: Channel Chief And Woman In Cybersecurity (Cybercrime Magazine) Paving the way for future generations

The Top 25 Women Leaders in Cybersecurity of 2021 (PRWeb) NEW YORK (PRWEB) April 20, 2021 The Software Report is pleased to announce The Top 25 Women Leaders in Cybersecurity of 2021. In all industries, cybersecurity is of critical importance. As legacy

Epic Women in Cyber — Amy Stokes-Waters (Medium) Amy is a sales executive for Cognisys, a security consultancy based in Yorkshire. She has worked in IT for 9 years with a focus on cyber for the last 3. A single mum to a little girl called Margaux…

Epic Women in Cyber — Priya Pandey (Medium) Priya is a senior consultant at one of the consulting firms. She has over 6 year of experience in Cybersecurity. She has extensively worked on cloud security, data privacy and protection and risk…

Epic Women in Cyber — Navjot Kaur (Medium) Navjot is a cybersecurity practitioner working as an ICT Security Engineer. She started her journey in July 2019 as Information Security Officer after graduating from University of South Australia…

Epic Women in Cyber — Michala Liavaag (Medium) Michala discovered the joys of information security almost 10 years ago after a career in retail, ICT, and project management. She specialises in cybersecurity governance, risk and compliance and has…

Epic Women in Cyber — Deika Elmi (Medium) International Business Operations and Technology leader with over 15 years of experience in Information Security, Risk and Compliance. Specialized in seeing the big picture, identifying…

Epic Women in Cyber — Ranjeeta Rani (Medium) Ranjeeta is a Lead/staff cyber security engineer at one of the research companies. She has over 13 years of experience protecting Energy, Healthcare, Power distribution, Insurance and mortgage…

Epic Women in Cyber — Neha Malhotra (Medium) Neha Malhotra is a passionate information & cyber security enthusiast, working as a Vice President, Cybersecurity Program manager with Credit Suisse. She was recently listed in Business of InfoSec…

Sally Buzbee of the Associated Press named executive editor of The Washington Post, the first woman to lead the newsroom (Washington Post) The longtime journalist has led the news service since 2017, serving as Washington bureau chief before that. She succeeds Martin Baron, who retired in February.

MITRE Names Wen Masters as Vice President for Cyber Technologies (BusinessWire) MITRE has named Wen Masters as vice president for cyber technologies, where she will lead corporate cybersecurity strategy.

Kate Barecchia Named Global Data Privacy Officer and Deputy General Counsel at Imperva® (GlobeNewswire) Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to protect data and all paths to it, announces Kate Barecchia as Global Data Privacy Officer and Deputy General Counsel.

One Last Thing

Security leaders across the globe trust the CyberWire and depend on us every day to deliver the news and analysis they need to do their jobs. That’s also why so many top security companies and hot startups trust us to help get the word out about their brand and fill their sales funnels. We have lots of great sponsorship opportunities that can help you get the word out too. Learn more or contact us to get started.