Creating Connections: Finding balance.

Staying Connected

By Jennifer Eiben, The CyberWire

Was this shared with you? Subscribe here.

At this time each year, like many others tend to do, I look at the 12 months in front of me and spend some time looking ahead, planning, mapping things out. That usually leads to worries, stresses, and a thousand thoughts running through my head. But, this year, I am determined not to plan my life away, and instead, to look at where I am each day and live fully in that day. I'm not going to lie, I still find myself making mental lists at night when I lay my head down. I still have my notepad next to the bed, if I need it. But, I am trying to be present more. I am working to find more balance in my life. I still have to plan my worklife out because like so many of us, there are meetings and deadlines and too many emails, but I'm trying to let my inner planner take a break in my non-working life.

When I am seeking balance, I find myself returning to one of my favorite human beings and inspirational leader, Thich Nhat Hanh. I have a piece of his calligraphy hanging in my hallway that I read each day. It says, "breathe and be home". Simple words. Be present. Be at home in yourself. An expanded version of that quote is, "Your body is your first home. Breathing in, I arrive in my body. Breathing out, I am home." I was fortunate to have been in the present moment with him when I went to hear him speak in Washington, DC in 2011. I am sad to say that Thich Nhat Hanh passed away this month at the age of 95. So that is my challenge, finding balance in myself and my natural tendencies to sit at the front of the year and think about what I will want to have accomplished many months into it. I plan to be more present. To breathe and be home. To tackle all of the challenges that cross my desk in 2022 with more balance. What are you planning for this year? Taking any leaps you would like to share? Stay tuned as the CyberWire is growing and opportunities you haven't anticipated may present themselves.

Had some great experiences making a difference as a woman in cybersecurity? We’d love to hear about them. Please email us and we may feature it in our next newsletter.

Featured Cyber Women

Wait a minute…What did you just say?

By Joy Beland, CISM SSAP | CMMC PI PA, Senior Cybersecurity Consultant, Edwards Performance Solutions

Recently, I had an experience with a person who behaved badly (sharing something that was quite insensitive to me as a woman) in a meeting. What he said or didn’t say is not important; this is about how my brain and body received it, the warning signs I identified that helped me to measure my response, and the way that I eventually addressed it. As with everything in life, how I respond to what I feel is unfair is more important than the act itself. Read the full article on the CyberWire's website.

Would you like to be featured in a future issue of the Creating Connections newsletter? We are currently accepting submissions for pieces written by women, about women, and information on women in cyber related events. Simply email us to get started.

Ransoms demanded for hijacked Instagram accounts.

By Marcelle Lee, Senior Security Researcher, Emerging Threats Lead, Secureworks

An extensive phishing campaign has targeted corporate Instagram accounts since approximately August 2021. The threat actors demand ransoms from the victims to restore access.

Organizations typically focus on traditional enterprise cybersecurity threats. However, some threats are more subtle, targeting organizations on unexpected platforms. In October 2021, Secureworks Counter Threat Unit (CTU) researchers identified a phishing campaign that hijacks corporate Instagram accounts, as well as accounts of individual influencers who have a large number of followers. The threat actors then extort ransom payments from the victims. The activity continues as of this publication. Read the article.

Never lose your confidence.

By Eliana White, The CyberWire

Hi everyone! This is my first piece in Creating Connections! I’m going on month #2 at the CyberWire and I couldn’t be more excited to work with such an amazing team!

It’s 2022 and we’ve all had our fair share of remote work in the past couple years; countless Zoom meetings, Teams messages, and Slack Huddles. As a woman who has worked in several different industries, many of them male dominated (no surprise), I know how difficult it can be to assert your presence and be heard during in-person conversations, let alone virtual ones.

There are some who see a lack of confidence as an opportunity to make themselves look good at your expense. This is when we get the mansplaining, interruptions, and over-talking. The virtual workplace has made it so that sometimes we have to be a little more vocal to get our points and ideas across. Personally, I think this is a great exercise to make sure that you speak confidently no matter what setting you’re in.

If you’re someone that tends to struggle with confidence in the workplace here’s my advice: Never doubt your knowledge and expertise and most importantly, never let anyone make you doubt those things. Find your voice and if anyone tries to speak over you, talk louder.

Heard around the studio...

By The CyberWire staff

The CyberWire Network has some pretty fantastic podcasts that expand the depth and breadth of our own podcasts. We thought we'd share a few that we think might be of interest to our readers.

Afternoon Cyber Tea with Ann Johnson

Many know Ann Johnson in the industry and from women in cybersecurity events. She is Corporate Vice President, Business Development, Security, Compliance & Identity at Microsoft. On her Afternoon Cyber Tea (ACT) podcast, Ann talks with cybersecurity thought leaders and influential industry experts about the trends shaping the cyber landscape and what should be top-of-mind for the C-suite and other key decision makers. Ann and her guests explore the risk and promise of tools and systems powered by AI, IoT, machine learning, and other emerging technology, as well as the impact on how humans work, communicate, consume information, and live in this era of digital transformation. This is a bi-weekly podcast that releases on Tuesdays. Ann has had almost exclusively women guests since she joined our network with many topical discussions. To check ACT out and subscribe, find Afternoon Cyber Tea here and on your favorite podcast app.

8th Layer Insights

Another fascinating show on the CyberWIre Network is 8th Layer Insights (8LI), hosted by Perry Carpenter. On 8LI, Perry takes you on a deep dive into what cybersecurity professionals often refer to as the "8th Layer" of security: HUMANS. This podcast is a multidisciplinary exploration into how the complexities of human nature affect security and risk. Author, security researcher, and behavior science enthusiast Perry Carpenter taps experts for their insights and illumination. Topics include cybersecurity, psychology, behavior science, communication, leadership, and more. Tune in on Tuesdays every other week to take in Perry's variety of topics and guests beyond the typical cross-section of the cybersecurity industry. You can find 8th Layer Insights here and on your favorite podcast app.

Women on the CyberWire

CyberWire Daily

Dinah Davis from Arctic Wolf talks about Linux malware via IoT devices.

Carole Theriault examines a university data backup snafu.

Dinah Davis from Arctic Wolf on securing your smart speakers

Clar Rosso from ISC2 on the communication gap between cybersecurity teams and executive leaders when it comes to ransomware

Lisa Plaggemier from the National Cybersecurity Alliance on the ongoing threat of phishing

Carole Theriault examines international efforts to stop digital fraud.

Helen Patton from Cisco on her book, Navigating the Cybersecurity Career Path.

Andrea Little Limbago from Interos on technology spheres of influence.

Career Notes

Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest banks on Wall Street while leading a global team, being the CISO of a major university, and now Advisory CISO at Cisco. Helen recently wrote a book, "Navigating the Cybersecurity Career Path," to help others know when it's time to move on from one role to another role as part of her desire to give back to the community.

Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting "try to find other social engineers to mingle. It's in the name. We are social creatures."

Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from that tech startup doing cyber governance. Rois advises law students of many ways into the industry including doing coding, learning risk management, and understanding privacy legislation, and then "just get into the game."

Caveat

Susan St. Clair of WhiteSource discusses increased regulation in the open source community with Dave Bittner.

Hacking Humans

Jane Lee, Trust and Safety Architect at Sift, joins Dave Bittner to discuss the Digital Trust and Safety Index.

Research Saturday

Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security.

8th Layer Insights

If you've been following the cybersecurity industry for the past few years, you've likely heard about the "cyber skills gap." In this episode, Perry sits down with Heath Adams (TCM Security), Professor Karla Carter (Bellevue University), Sam Curry (Cybereason), and Lola Obamehinti (eBay) to explore what the skills gap is and how to begin to close the gap. We touch on subjects such as where traditional degrees, online training, certifications, mentorship, and networking fit in, as well as the value of diversity. And we offer thoughts for employers, current industry professionals, and job seekers.

Let's face it. Most of us have a love/hate relationship with technology and technological advances. We dream about the new thing... but when it arrives, we are usually a little disappointed. Many of us also lament the constant erosion of privacy, the changes in social norms, and more. And, little-by-little, we allow those aspects of new technology to make us numb. We accept the cognitive dissonance of not totally being happy with the trade-offs; yet we still make the trade. In this episode, we explore a few of the positives and some of the unintended consequences associated with recent technological advancements. We'll hear from Dr. Lydia Kostopoulos, Dr. Charles Chaffin, Andra Zaharia, and Aaron Barr.

Afternoon Cyber Tea with Ann Johnson

Runa Sandvik, a modern-day hacker and computer security expert joins Ann Johnson on this week's episode of Afternoon Cyber Tea. Having a reputation as a staunch proponent of strong encryption, Runa was hired by The New York Times as their first senior director of information security. Ann and Runa discuss instituting new high-tech security measures at The Times, what types of skills she believes all journalists should possess today, and what she believes the tech industry should be doing more of when protecting against disinformation.

Lauren Buitta, co-founder and CEO of Girl Security, shares how advancing girls, women, and gender minorities in national security leads to better cyber defense on today’s episode of Afternoon Cyber Tea with Ann Johnson. Lauren began as a policy analyst with the National Strategy Forum, a nonpartisan think tank, focusing on a wide range of national and global security issues, including domestic terrorism, transnational threats, and cybersecurity. Ann and Lauren discuss what led her to launch Girl Security, what the industry could do differently to help women grow in security, and why it is crucial to engage young girls in discourse about disinformation?

Aanchal Gupta, Vice President for Microsoft Azure, joins Ann on today's episode of Afternoon Cyber Tea. Aanchal is an executive with more than two decades of experience leading geographically distributed teams developing secure and trustworthy software used by billions of people. Aanchal joins us to discuss her work leading Microsoft's Security Response Center, giving our listeners a behind-the-scenes look into how the company’s security team tackles issues. Aanchal also talks with Ann about different lessons learned when tackling recent threats, her philosophy on cybersecurity, and how important she believes diversity and open work culture for diverse people are when trying to maintain trust and clarity in a crisis.

Security Unlocked

Alyssa Miller is a life-long hacker and highly experienced security executive. She runs the security strategy for S&P Global Ratings as the Business Information Security Officer (BISO), bringing together corporate security objectives and business objectives. Natalia and Alyssa discuss her journey in security from a young and curious hacker to a BISO of the largest credit-rating agency, and how she is shaping what the role of the BISO will be for future generations.

Events

Leading Virtual and Hybrid Teams (Virtual, Feb 10, 2022) Offices are changing, and more employees are splitting their time between a commute and a home office. This two-hour workshop allow participants to form a foundation of techniques and best practices for leading virtual and hybrid teams to overcome challenges and succeed. Learn more and register now!

Certified CMMC Professional (CCP) Exam Prep (Virtual, Feb 14 - 18, 2022) Edwards CMMC-AB approved CCP courses make you a valuable resource to a consultancy providing CMMC preparation/assessments or organization interested in having in-house CMMC trained resources. The release of CMMC 2.0 hasn’t changed what Edwards has to offer our CCP Exam Prep Course participants. The CMMC-AB has directed all LTPs to deliver CCP courses without modification, and will provide a free CMMC 2.0 “delta training” for all students before the exam becomes publicly available. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC Industry’s most respected consultants (Jacob Horne, Amira Armond, Chris Silvers, Sara Deaton, and Tony Buenger) along with Edwards’ internal SMEs (Joy Beland and Brian Hubbard) to deliver their action packed boot camps. Learn more and register now!

Leading Virtual and Hybrid Teams (Virtual, Mar 3, 2022) Offices are changing, and more employees are splitting their time between a commute and a home office. This two-hour workshop allow participants to form a foundation of techniques and best practices for leading virtual and hybrid teams to overcome challenges and succeed. Learn more and register now!

2022 Women's Global Cyber League (Virtual, Mar 23 - 24, 2022) 1,000 Women in Discord Playing Cyber Games. Across the World. Supporting Women & Girls. CYBER GAMES for all skill levels -Virtual Escape Rooms -Capture the Flag Challenges -Attack and Defend -Plus prizes & merch!

2022 DC Cyber 9/12 Strategy Challenge (Virtual, Mar 25 - 26, 2022) The Atlantic Council’s Cyber Statecraft Initiative will hold its tenth annual Cyber 9/12 Strategy Challenge in Washington, DC on March 25-26, 2022. In lieu of our usual in-person competition, we will host the entire event over the Zoom platform. The agenda and format will look very similar to past Cyber 9/12 Challenges, except that it will be held remotely. Plenary sessions will be livestreamed from the Atlantic Council headquarters via Zoom, and competition rounds will be held over Zoom meetings.

Selected Reading

Mentoring and Role Models Key to Improving Female Representation in Cybersecurity (Infosecurity Magazine) Panel of leading female figures in cybersecurity explore importance of role models in their career development

API Security Whitepaper: Hacking Banks and Crypto Exchanges (Noname Security) This API security white paper: Hacking Banks and Cryptocurrency Exchanges Through APIs explores API security vulnerabilities in the financial services industry.

50 Years of Text Games. (Twitter) One of the first complex computer games, a military wargame called HUTSPIEL (1955), was created by a woman, Dr. Dorothy K. Clark, a fact which to my knowledge has never previously been reported. #50YearsOfTextGames Thread!

Cyber workforce ranks among least diverse segments of federal government (Federal News Network) The federal cybersecurity workforce is less diverse than the rest of the federal government, and a unique series of challenges make it harder for agencies to show progress.

Hemaya upbeat as women represent 45% of Saudi cybersecurity staff (ITP.net) According to the SAFCSP, women now account for 45% of cybersecurity staff, Hemaya members note growing interest.

National Science Foundation Awards $29 Million In New Cybersecurity Scholarships (Forbes) The National Science Foundation is investing $29 million to establish eight new CyberCorps Scholarship programs.

On the Horizon: Nanosatellite Constellations Will Revolutionize the Internet of Things (IoT) (The Seattle Journal of Technology, Environmental & Innovation Law) The Internet of Things (IoT) has experienced exponential growth and use across the globe with 25.1 billion devices currently in use.1 Until recently, the functionality of the IoT was dependent on secure data flow between internet terrestrial stations and the IoT devices. Now, a new alternative path of data flow is on the horizon. IoT device manufacturers are now looking to outer space nanosatellite constellations to connect to a different type of internet. This new type of internet is no longer terrestrial with fiber cables six feet underground. It is now looking up, literally, 200 to 300 miles above the earth, to communicate, connect, and transmit data.

Why Cybersecurity is a Great Career Choice for Women Everywhere (Student Edge) You’d be forgiven for thinking that cybersecurity is a male-dominated industry–it’s kind of the idea film and TV feeds us. But there are heaps of incredible women breaking barriers in the industry.

PaperCall.io - 2022 Cyberjutsu Con: Cybersecurity Conference (Women of Cyberjutsu) We are looking to provide a day full of hands-on training and presentations about the latest in cutting-edge technologies and developments in the field of cybersecurity. Some to...

Top 29 cybersecurity conferences of 2022 (Security Magazine) Save the date for the top 29 cybersecurity conferences taking place around the world in 2022, featuring topics from ethical hacking to human behavior analysis in cybersecurity.

Increasing Women's Representation in Cybersecurity (CSRwire) NortonLifeLock and NASSCOM Foundation in India partner on the Cyber Security Skills Development Initiative for Women. The program is designed to create greater opportunities for female engineering grads by equipping them with in-demand job skills.

3 Ways to Encourage People to Pursue a Career in Cybersecurity (MUO) Lots of people are interested in cybersecurity, but as a career choice, it can be a bit intimidating. Here's how you can encourage like-minded folk.

The cybersecurity industry has few Latinas. Here's how one pioneer is trying to pave the way for more. (Silicon Valley Business Journal) Soledad Antelada Toledano knows how lonely it can be to be a Latina in cybersecurity. But she thinks the field is crying out for more diversity — and offers plenty of opportunities for more people like her.

Deloitte BrandVoice: Women In Tech: The Key To Success Post-Pandemic (Forbes) As leaders in technology gather in person and virtually this week at CES to witness the latest innovations, women in tech should be top of mind—especially given the continuing stresses of the global pandemic.

Connecting the dots on diversity in cybersecurity recruitment (TechCrunch+) Critical thinking and problem-solving are considered vital attributes for the cybersecurity professional — so it’s time our industry applied those capabilities to connect the dots between the skills shortage and lack of diversity.

CMMC Explained: CMMC 2.0 and the External Service Provider (Edwards Performance Solutions) How does CMMC 2.0 Level 2 scoping guidance impact ESPs (External Service Providers) and MSPs (Managed Service Providers)? We have more clarity in the scoping guidance and a lot to consider. In this episode, Joy walks through some specific areas of CMMC 2.0 Scoping that will be the focus for MSPs and their vendors of security solutions, as well as unpacks how the CMMC 2.0 model affects the CCP classes currently underway. Give it a watch now!

Ben's Book of the Month: Review of "Navigating the Cybersecurity Career Path" (RSA Conference) Ask anyone who works in information security, and they can tell you that they get many emails and calls from people interested in getting into the field. Drive down the freeway in Los Angeles or walk through an airport terminal or subway station in New York City, and there will be signs about information security courses. Many of them proclaim how you can start your cybersecurity career in just six months.

Synack + Hack The Box: Opening Doors to CyberSecurity Diversity (Synack) Synack and Hack The Box are working together to open doors to diverse talent around the world in cybersecurity.

Women in the News

Katherine Zuback on LinkedIn: After 22 of my 35 years at NSA in our business directorate (LinkedIn) After 22 of my 35 years at NSA in our business directorate (the last five of which I had the privilege of serving as NSA’s Director of Business Management and Acquisition), tomorrow will be my last official day in the directorate. Effective Monday I will be serving as the National Security Agency’s Diversity, Equality, and inclusion Director. I am so excited to be joining this endeavor to improve the agency (and Community) culture. Not even in the job yet, and have already begun much of the (additional!) background learning and participating in some pretty significant initiatives at both the NSA and federal level. So exciting!

A ‘NATO Nerd’ Thrown Into the Crisis Over Russia and Ukraine (NYTimes) Julianne Smith is the new U.S. ambassador to NATO, a post empty for a year, trying to consult and lead while bandaging the wounds of the Trump years.

Former DHS CIO Karen Evans discusses leadership | Federal News Network (Federal News Network) Former DHS CIO Karen Evans shares important leadership lessons and advice on how to build strong teams.

Epic Women in Cyber : Jaspreet Kaur (Medium) Myself (Jaspreet Kaur), a security professional as researcher, faculty, blogger as well as consultant. My working domains are blockchain…

Raising the profile of women and diversity at Bristol Myers Squibb (Security Magazine) Meet the women leading the security, cybersecurity and business continuity functions at Bristol Myers Squibb. Prioritizing inclusion has fostered diversity of thought and strengthened decision-making throughout the organization.

Interview With Elena Elkina – Women in Security and Privacy (PIA VPN Blog) Private Internet Access recently sat down with Elena Elkina, Co-Founder of Women in Security and Privacy (WISP) and asked her how her organization

Women in Security Feature: Sheryl Pinckney-Maas, Guardian Zone, LLC (Security Systems News) YARMOUTH, Maine—As part of Security Systems News’ and the Security Industry Association (SIA) Women in Security Forum’s (WISF’s) continuing series highlighting the contributions of women in security,

Ann Barron-DiCamillo on LinkedIn: New year, new chair. Congratulations to Ann Barron-DiCamillo, Managing (LinkedIn) New year, new chair. Congratulations to Ann Barron-DiCamillo, Managing Director, Global Head of Cybersecurity Operations of Citi, the new Chair of our ...

One Last Thing

Does your marketing team need to reach decision makers in hard-to-reach roles? Learn how top companies are developing tangible ROI in the burgeoning podcast advertising space with the CyberWire's free B2B Advertisers Guide to Podcast Marketing. Get it now at B2Baudio.com and impress the team with your next successful campaign.