An astounding 82% of organizations believe they have experienced at least one data breach due to digital transformation, according to a recent survey. Fast paced cloud migrations have created new risks and challenges that require continuous monitoring of your digital assets. Attackers are now scanning for vulnerable endpoints within 15 minutes. Zero day vulnerabilities like Log4j are more frequent and difficult to address. Though the likelihood of a breach has never been higher, security teams still may be unable to commit to a full year of security testing due to a need for flexibility in developing and implementing a continuous testing strategy.

Synack is now offering Synack90, a 90-day pentest, as a new way for organizations to make meaningful progress toward implementing a continuous pentesting strategy.

What is Synack90? 

Synack90 includes 90 days of Synack Red Team (SRT) open vulnerability discovery (OVD) penetration testing combined with the machine power of SmartScan, a scanner that sniffs out vulnerabilities. The offering also includes access to the Synack Platform for the duration of their contract, which means the ability to launch on-demand security tasks such as OSINT, zero day response and compliance checklists like NIST 800-53 or OWASP at the click of a button. 

How does Synack90 work? 

Synack provides a customer success resource that leads a kick off call. After an initial kickoff call, SRT testing and DAST scanning will kick off for a 90-day period. All SRT vulnerability reports are triaged by our Vulnerability Operations team. Synack provides reporting on actionable, exploitable vulnerabilities in real-time through the client portal, which customers can easily operationalize through the API, RBAC and ticketing integrations. Synack90 also includes patch verification for 90 days, which can drastically reduce time to remediate vulnerabilities during the testing period. 

The benefits of continuous pentesting with Synack90

Many security teams are evolving toward a continuous pentesting model. There’s a number of reasons for the shift:

• Flexibility – Synack90 can only be purchased with credits, which means it can be launched at any time in the one-year window of the contract. Additionally, any customer that has existing credits can launch a Synack90 with their credit balance without starting a new contract.  
• Cloud security – Digital transformation and new hybrid, multi-cloud environments expand and complicate your attack surface. Synack can test dynamic IPs across most major providers to make sure you are on top of any risks. 
• Discover shadow IT –  Synack also offers OSINT and threat modeling to help inform your testing plans. Attack surfaces are changing and shadow IT is a concern. Testing continuously allows you to discover risks on unknown assets before your adversaries.
• Security and compliance – Synack90 still meets regulatory requirements while providing more coverage than a 14-day pentest. For a limited time, customers can purchase a web checklist at a 50% discount and run it during the 90-day testing period for a more structured testing experience. 
• Catch exploitable vulnerabilities before attackers – Unlimited re-testing of vulnerabilities ensures that vulnerabilities actually get patched and aren’t exploited by nefarious actors.

Launch Synack90 Today 

Synack customers are interested in Synack90 for a number of reasons, including testing high priority applications, fulfilling compliance obligations, discovering the value of continuous testing, and testing cloud services. Synack is providing an extra incentive with the launch of Synack90 that includes our Digital Reconnaissance or Web Premium checklist at a 50% discount when purchased with Synack90. Interested in Synack90? Read the full data sheet or contact us. 

The post A Flexible Way to Pentest Continuously: Synack90 appeared first on Synack.

Government cybersecurity leaders know all too well that traditional pentesting is complex and doesn’t scale. The need to quickly resource up in order to effectively identify, triage and remediate vulnerabilities has become increasingly critical and, for most, a compliance requirement. 

Synack empowers government agencies with on-demand, continuous pentesting, pairing the platform’s vulnerability management and reporting capabilities with a diverse community of vetted and trusted researchers to find the vulnerabilities that matter. 

Synack also helps government security teams achieve the most effective vulnerability management possible to satisfy Binding Operational Directive (BOD) 22-01’s identification, evaluation and mitigation/remediation steps. The Synack approach also facilitates detailed vulnerability reporting that the agency can easily hand off to CISA if desired. 

Let’s quickly review what BOD 22-01 mandates, and how federal agencies can achieve compliance with help from Synack. 

CISA Binding Operational Directive 22-01—Reducing the Significant Risk of Known Exploited Vulnerabilities

Recent data breaches, most notably the 2020 cyber attack by Russian hackers that penetrated multiple U.S. government systems, have prompted the federal government to improve its efforts to protect the computer systems in its agencies and in third-party providers doing business with the government. As part of the process to improve the security of government systems, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 22-01. 

CISA Directive 22-01 directs federal agencies and contractors to what they are required to do regarding the detection of and remediation for known exploitable vulnerabilities. The scope of this directive includes all software and hardware found on federal information systems managed on agency premises or hosted by third parties on the agency’s behalf. Required actions apply to any federal information system, including an information system used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information.

Directive 22-01 Compliance Requirements

In addition to establishing a catalog of known exploited vulnerabilities, Directive 22-01 establishes requirements for agencies to remediate these vulnerabilities. Required actions include: 

• Establishment of 1) a process for ongoing remediation of vulnerabilities and 2) internal validation and enforcement procedures
• Setting up of internal tracking and reporting
• Remediation of each vulnerability within specified timelines
• Reporting on vulnerability status to CISA

CISA’s Cybersecurity Incident & Vulnerability Response Playbooks describe a standard program for vulnerability management. The program steps are identification, evaluation, remediation and reporting.

1. Identify reports on vulnerabilities that are actively exploited in the wild.
2. Evaluate the system to determine if the vulnerability exists in the system, and if it does, how critical it is. If the vulnerability exists, determine if it has been exploited by said system.
3. Mitigate and Remediate all exploited vulnerabilities in a timely manner. Mitigation refers to the steps the organization takes to stop a vulnerability from being exploited (e.g. taking systems offline, etc.) and Remediation refers to the steps taken to fix or remove the vulnerability (e.g. patch the system, etc.).
4. Report to CISA. Reporting how vulnerabilities are being exploited can help the government understand which vulnerabilities are most critical to fix.

Evaluating Vulnerabilities with Synack

Synack finds exploitable vulnerabilities for customers through its unique blend of the best ethical hackers in the world, specialized researchers, a managed VDP, and the integration of its SmartScan product. SmartScan uses a combination of the latest tools, tactics and procedures to continuously scan your environment and watch for changes. It identifies potential vulnerabilities and engages the Synack Red Team (SRT) and Synack Operations to review suspected vulnerabilities. The SRT is a private and diverse community of vetted and trusted security researchers, bringing human ingenuity to the table and pairing it with the scalability of an automated vulnerability intelligence platform. 

If a suspected vulnerability is confirmed as exploitable, the SRT generates a detailed vulnerability report, with steps to reproduce and fix the vulnerability. Vulnerabilities are then triaged so that only actionable, exploitable vulnerabilities are presented – with severity information and priority information.

Mitigating and Remediating Vulnerabilities with Synack

Once the Synack team of researchers has verified the exploitability of the vulnerability, it leverages its expertise in understanding your applications and infrastructure. From that point, and in many cases, the SRT is able to recommend a fix with accompanying remediation guidance for addressing the vulnerability. And Synack goes one step further, verifying that the remediation, mitigation, or patch was implemented correctly and is effective.

Reporting to CISA

Synack’s detailed vulnerability reporting and analytics offer insight and coverage into the penetration testing process with clear metrics that convey vulnerability remediation and improved security posture. 

Comply with CISA Directive 22-01 with Help from Synack

CISA continues to add exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, and federal agencies are expecting urgent CVEs to pop up in the not-too-distant future. The recent rush to address the log4j vulnerability will come to mind for many. The Synack Red Team can aid organizations by rapidly responding to such situations.

To secure your agency’s attack surface and comply with the CISA Directive 22-01, a strong vulnerability management strategy is essential. The Synack solution combines the human ingenuity of the Synack Red Team (SRT) with Disclose (the Synack-managed VDP), along with the scalable nature of SmartScan, to continuously identify and triage exploitable vulnerabilities across web applications, mobile applications, and host-based infrastructure. Synack takes an adversarial approach to exploitation intelligence to show the enterprise where their most business-critical vulnerabilities are and how those vulnerabilities can be exploited by adversaries.

The post How Synack Helps Organizations Comply with Directive 22-01 appeared first on Synack.

Synack works with Microsoft to provide a one-stop shop for Microsoft Azure-based cloud security.

Microsoft Azure comes equipped with all the right security controls, but effective deployment and management of these controls is an ongoing process, driven by evolution and risk tolerance . Proper implementation of cloud rollouts and ongoing maintenance can be a challenge, even for large organizations, leading to a lack of protections such as least privilege for access controls. And attacks on the cloud appear to be growing. Verizon’s 2021 Data Breach Investigations Report found that “external cloud assets were more common than on-premises assets in both incidents and breaches.”

Security teams are left responsible for not only securing cloud assets, but also for ongoing cyber hygiene training and developing common sense policies to protect an organization’s assets. It can be an overwhelming task. Based on an increase in cloud misconfiguration vulnerabilities reported by the Synack Red Team in 2020, it is clear the existing solutions and frameworks are fragmented—leaving ample room for malicious exploits.

But now, finally, there is a better way!

By combining the power of Synack, the premier crowdsourced platform for on-demand security expertise, with Microsoft’s Azure Security Modernization (ASM) solution, enterprise and government organizations now have a scalable solution for cloud security planning, management, and improvement.

Per a Microsoft Blog Post from earlier this year, Microsoft Azure applications and infrastructure deployments have grown at leaps and bounds for nearly 20 years. In parallel, Microsoft has emerged as a cybersecurity leader—recently announcing a whopping $10 billion in revenue for its security business over the past 12 months. This represents more than 40 percent year-over-year growth (Vasu Jakkal, 2021). Microsoft security experts have deployed Microsoft services and solutions to secure 400,000 customers across 120 countries, including 90 of the Fortune 100. Integrations such as the one with Synack amplify Microsoft’s ability to continue to grow and innovate across all types of organizations.

Microsoft ASM solution  helps its clients stay ahead of adversaries. It deploys a Microsoft Azure-centric, continuous approach to security (see chart below), led by Microsoft security experts, and powered by the Synack Platform. ASM includes a four-phase continuous security model: Plan, Develop, Deliver, and Measure which programs, implements, and tests Microsoft Azure security requirements and controls.

Synack’s unique combination of a continuous, crowdsourced platform and smart vulnerability detection technology makes the discovery of security vulnerabilities easy, fast, and actionable! Synack-found vulnerabilities are reported and fed into ASM’s “Measure” phase to enable future “Planning” phases with real-world security testing data. Synack’s controlled and 24/7 testing, alongside its Azure integrations, ensures the changing boundaries and assets of today’s dynamic environments are tested safely and comprehensively.

“Thanks to our integration with Synack, we can now go beyond reviewing security configurations against recommended practices to include real time scanning of an environment against known security vulnerabilities. This allows us to help our customers further reduce risk by having a more comprehensive and tailored remediation plan fit to their needs.” says Heath Aubin, Director of Business Program Management, Security Strategy and Solutions at Microsoft Corp.

Synack’s cloud integrations allow for quick deployment of a variety of pentesting methodologies within a Microsoft Azure environment based on an organization’s goals and requirements. The first is open vulnerability discovery to uncover and report exploitable issues within a Microsoft Azure environment. The second includes targeted, offensive assessments aligned to the Microsoft Azure Security Benchmark.

Synack designed these targeted tests alongside the ASM Solution Owners for an on-demand mechanism to quickly highlight areas of weakness within a Microsoft Azure environment.

Leveraging the integration between Synack and ASM customers can experience a comprehensive testing and mitigation sequence to support compliance, asset management and planning, and expert level insight into the security of their Azure assets.

To find out more, download our datasheet here.

The post Synack Partners with Microsoft to Help Customers Improve Their Microsoft Azure Security Posture appeared first on Synack.

Synack Trust Report – an Essential Guide for CISO, CIOs, and Cybersecurity Professionals

The Synack 2021 Trust Report 

Well underway into 2021, we have already seen how cyber attackers have rocked consumers’ trust over the past few months and caused panic at the pump. Not only at the pump, but to our transportation systems, at our schools and to our daily necessities derailing our everyday life. 

All this comes after a year of business turmoil, and continued transformation. The pandemic accelerated initiatives to digitally transform operations, and drove efforts to implement Zero Trust security for remote workforces. Reinforcing cyber resilience continues to be top of mind in our organizations, firms, and societies, and goes hand in hand with trust. 

The Biden Administration has made cybersecurity a priority and recently issued a memo to business leaders urging them to take significant steps to prevent ransomware and other cyberattacks, including the use of third-party pen testing services to test systems and businesses’ “ability to defend against a sophisticated attack.” Executives that are actively focused on stakeholder trust and companies that put a premium on security testing, and take proactive steps to analyze new assets and digital applications will, in the long run, have stronger defenses and fewer breaches.

Trust continues to be more valuable than ever. Trust is not only crucial to our business relationships and customers, but in our everyday lives.

The 2021 Trust Report is Synack’s essential guide for CISOs, CIOs, security practitioners, C-suite and board executives to understand how to measure security, determine risks and build trust with data and insights on the state of different industries and sectors of the economy. 

In its fourth volume, the authoritative global report shares data from the most trusted brands based on thousands of security tests conducted by the world’s most skilled ethical hackers, The Synack Red Team (SRT). The report spotlights the different industries and sectors of the economy and reveals new insights into how critical organizations are prepared to fight ransomware and other digital threats and stay resilient. 

Average Industry ARS rating by years
(As published in previous Trust Reports)

ARS rating based on data from the Trust Report: 2019. Data through January 2019
ARS rating based on data from the Trust Report: 2020. Data through July 2020
ARS rating based on data from the Trust Report: 2021. Data through April 2021.

The report data is based on Synack’s patented Attacker Resistance Score (ARS) Rating and includes a macro industry comparison that demonstrates how the most trusted organizations use the ARS rating and how to use the rating to benchmark attacker resistance against other industries. 

All too often, vulnerabilities leave organizations dangerously exposed. Last year, the US-CERT Vulnerability Database recorded nearly 17,500 vulnerabilities—a record number for the fourth year in a row. More than a third— 16%—of vulnerabilities found in 2020-April 2021 by the Synack Red Team (SRT), our global network of highly skilled and vetted security researchers were considered critical. Beyond that, the SRT saw a 14% increase over the past two years in authorization and permission vulnerabilities, which can give attackers access to the most sensitive networks and systems. 

According to Synack’s CEO, Jay Kaplan “We’re facing a global cybersecurity crisis. Some organizations are doing the right thing, creating effective defense strategies and being proactive. Others are simply checking boxes. But the nature of today’s threat requires an aggressive and assertive approach,” said Jay Kaplan, CEO and Co-Founder of Synack. “The Trust Report and the ARS are vital tools for understanding the gaps in any organization’s security plan, and can be used as a tool for CISOs and other security leaders to prioritize security efforts and focus on the most pressing threats and vulnerabilities first.”

The increased sophistication of today’s threats makes the CISO even more vital. On top of digital transformations, organizations faced punishing nation-state hacks with cyber attacks continuing to rise in 2021. Going forward, the role of the CISO and security teams will continue to evolve and expand. In fact, 55% of enterprise executives plan to increase their cybersecurity budgets in 2021 and 51% are adding full-time cyber staff in 2021.  

“Testing—when it comes to security, safety, and resilience—makes all the difference in the world,” wrote Ritesh Patel, Security Principal at bp, in the foreword to the 2021 Synack Trust Report. “Measurements such as the Attacker Resistance Score (ARS) keep us honest and informed. The ARS lets us constantly assess our performance and compare how we’re doing across sectors. It’s a strong indicator that bp is performing above industry average, which sends a clear and powerful message within the organization that security—and trust—are essential in everything we do at bp.”

Read on to learn how the most trusted brands in the world measure security and build trust while diving into the different industries and sectors of the economy. 

Synack leads the industry in finding the most critical and dangerous vulnerabilities in customers’ digital assets and apps, giving them the insight necessary to prevent attacks as found in our report’s key findings. 

The Synack 2021 Trust Report is your guide for measuring the value of security and cyber resilience. 

The post The Economy Runs on Trust – The Synack Trust Report appeared first on Synack.

Synack’s Courageous Women in Security initiative was developed to bring female security leaders and executives at all levels together to empower each other to use our great talent to have a bigger impact at our organizations and in our  industries, while also having balance in our lives that all humans need. These events, while previously held in person over lively conversation and a glass of champagne in one hand, pivoted like the rest of the world to virtual over the last year. 

Although our lives shifted dramatically during the global pandemic, we made sure to continue the impactful, engaging and thoughtful conversations centered around women, first and foremost, and our careers in cybersecurity.

Igniting a new conversation, our most recent Courageous Women’s event centered on the future of work and how women can help drive change to build a more inclusive work environment and honing in on the current WFH environment. 

Joined by our very own Aisling MacRunnels, Chief Business & Growth Officer and the ladies at Synack, we explored discussions around the pros and cons of disciplined routines, and shared thoughts and brainstormed solutions together while discussing the future of work and how women can help drive change to build a more inclusive work environment.

Women’s roles during the pandemic have made media headlines. I am the prime example. An urban mother, wife and dedicated to my career, the burden placed on women during the pandemic across the country with the majority of schools being closed for nearly a year certainly caused an uproar and exodus (even I contemplated moving to Texas!). 

Bringing women together from different parts of the country and even a few from Europe, we all shared a common belief that although this year was challenging, it pushed us all to varying levels of growth. It challenged us to communicate better with our families, be more vocal and intentional in our security careers, and understand how we thrive as individuals – and how we do not. While WFH opened doors for a few, some yearned for the glory days of office culture and collaborating with teams in person. The daily commute of course was the least missed! 

I personally yearn for the days of yesterday, and although this past year has brought challenges as well as triumphs, I just can’t wait to be back in an office setting, brainstorming ideas in the conference room and connecting with other Synackers over lunch or walking past their desk. I miss the energy, the camaraderie, and flow of information and learning. While it’s been nice to be home, the dog barking when my nest doorbell goes off, limited childcare options in San Francisco (literally the last to open in the Bay Area) and no escaping the fog during my office commute has made me feel like the spark inside me has dimmed. 

Others echoed this sentiment. Shared during our conversation from an attendee “I don’t want for anything and yet I’m missing something” spoke volumes and you could see the head’s nod in approval. 

I applaud the Courageous Women in our network who rose to the occasion and every single woman in our network deserves a medal of perseverance and grit in their professional lives and personal lives. Women need and should continue to have a voice around the future of work and lead the conversation. 

With the COVID-19 vaccine rollout well underway and companies like Salesforce making headlines allowing some employees to return to the office, we can’t help but wonder what this means for us… as women, as leaders, as mothers, as partners, as humans…

Conversations about disciplined routines and distributed work will intensify in 2021. Now’s the time for us to speak up if we want to make an impact for the future of work as Courageous Women and lead the conversation within our cybersecurity industry. 

I look forward to our next event where we will hone in more on a cybersecurity topic with one of our guest speakers and reconnect with a lot of the women in our network. Time to unmute – let’s continue to talk ladies! Join us on LinkedIn 

The post Courageous Women: Time to Unmute – let’s continue to talk, ladies!  appeared first on Synack.

Lessons From a Synack Security Analyst

By Aigerim Kikabayeva

Security teams inside your organization can’t be the only ones guarding against cyberthreats. But that’s all too often the case. Many of us may think what we don’t know, can’t hurt us, and we tend to focus on business issues rather than the potential impact of cyberattacks. However, every line of business is vulnerable, and, in many cases, successful breaches will affect LOB executives the most due to lost revenue or brand damage. 

In Part 1 of this article, we’ll discuss four of the eight biggest threats facing businesses and describe common scenarios for how malicious hackers might exploit vulnerabilities to carry out an attack.   

Threat No. 1: Access Control Violation

Access Control vulnerabilities are among the most commonly found flaws on the Synack security testing platform. This is a major issue as this kind of vulnerability can give privileges to unauthorized users. 

Although researchers are able to find numerous vulnerabilities through automated scanner tests, scanners cannot catch Access Control vulnerabilities. This requires an actual researcher to go through the application logic and corresponding roles, testing various scenarios.

One recent Access Control vulnerability discovered using the Synack platform could have allowed an attacker to place orders without any validation on a payment processing platform.

Threat No. 2: Code Injection Attacks 

Code injection attacks are simply attacks that happen when malicious hackers insert code into an application and then manipulate it to cause some damage or gain control. These attacks take advantage of vulnerabilities that allow unauthorized users to inject code into programs. These are not common flaws and often require skilled adversaries to exploit, yet Synack researchers find them all too often.

File upload services are commonly known to be especially vulnerable to Code injection attacks. Attackers are often able to bypass extension restrictions on sites and upload dangerous files into systems that can then give them the ability to execute arbitrary commands to access other parts of the network and sometimes steel or manipulate data across entire systems.   

Threat No. 3: SQL Injection Attack 

This is another data manipulation attack that occurs when an attacker inserts an unvalidated SQL query into an application. This will give an attacker the ability to manipulate and steal data, spoof identities and generally wreak havoc inside a victim’s inside databases. These can be prevented by making sure user input validation and parameterized queries are in place and up to date so that unauthorized use isn’t allowed.

Since SQL injection provides full access into the database and its data, an attacker can take advantage of further database misconfigurations. One such critical vulnerability was a PCI violation revealed through SQL injection where hundreds of credit card accounts had expiration dates and cvv numbers stored in cleartext.

Threat No. 4: Business Logic Flaws

While these often appear to be low impact flaws, they can actually allow attackers to interrupt business operations by taking advantage of poorly designed processes. Business Logic Flaws aren’t technically vulnerabilities, but are operational glitches that can allow malicious hackers to manipulate the process for financial gain or cause other damage. And because these aren’t vulnerabilities in a technical sense, scanners aren’t going to catch them and traditional testers could miss them or down play them.

A simple example of a very basic Business Logic Flaw was discovered in movie theater booking systems that allowed customers to hold seats for 10 minutes before actually buying seats for the next show time. If someone wanted to get a whole theater to themselves, they could carry out an attack on a  ticket seller and they could select all the seats and hold them every 10 minutes and prevent other customers from buying any seats at all. The result would be total financial loss for the ticket seller. 

The post The Eight Most Dangerous Cybersecurity Threats Facing Your Business – Part 1 appeared first on Synack.

Authors: Bella DeShantz-Cook, Security Operations Engineer 

Jennifer Bennett, Communications Manager

The dramatic skills gap in the cybersecurity industry is well documented, with one report predicting 3.5 million unfilled positions by next year. That’s a huge problem considering the rise in cyber attacks, exacerbated by the WFH response to the pandemic.

The cybersecurity industry is working hard to fill this gap, but maybe not in all the right places. There’s so much more that we can do as a community, especially when it comes to creating new pathways for minorities to excel in the field. We must generate new passions and interests in future careers in cybersecurity for underrepresented minorities. Many of us were inspired as a high school or college student to imagine the endless possibilities and we assure the same opportunities are available and not out of reach in all communities.

An inspiration to women everywhere regardless of color is former first lady Michelle Obama.

The Reach Higher initiative efforts inspire every student in America to take charge of their future by completing their education past high school, whether at a professional training program, a community college, or a four-year college or university. A lot of today’s youth have a variety of interests, but by the time they reach high school, most need the extra guidance and mentorship to bring their career dreams to fruition and start their career journey.

Enter the Synack Academy, a cohort program in partnership with Blacks in Cybersecurity (BIC) aimed at providing up-and-coming individuals from underrepresented minority groups access to career pathways in technology and/or cybersecurity through structured, support-driven training and mentorship.

BIC will spearhead working with high school and college students to gain industry certifications as well as mentoring and provide a gateway to full-time positions and internships in the cybersecurity industry.

Through weekly virtual cohort check-in meet-ups, mentorship by Synack staff and/or Synack Red Team members, and a structured weekly curriculum schedule, the goal is to provide participants with the opportunity to gain foundational technical knowledge and subsequent skill-sets.

In partnership with BIC, our first cohort will complete the Google ​Technical Support Fundamentals via Coursera with the goal to recruit a cohort of 10 young aspiring cybersecurity professionals (ages 16-18) through BIC and Awakening Stem. A second cohort will consist of 10 young aspiring cybersecurity professionals from Historically Black Colleges and Universities (HBCUs) across the country.

The Synack Academy Details: 

• Cohort Start Date: Monday, Dec. 7, 2020

• Cohort Duration: Three Months (curriculum can be completed as quickly as six weeks, but participants will have up to the full three months of the program to complete it, if needed.)

• Application Deadline: Please submit your application by Wednesday, November 25th.

The Synack Academy mission is to create a welcoming and inclusive environment in cybersecurity anchored by ongoing mentorship. The Academy programs are designed to ensure student participants receive comprehensive technology and cybersecurity education in which their unique circumstances and skill-sets are recognized, their goals are supported, and their developmental needs remain at the forefront.

BIC seeks to educate and operate in a way to expose cybersecurity as a hobby and outlet that can be experienced in any walk of life, in a casual and no-pressure environment. In reimagining the traditional way in which knowledge is shared and presented, and adopting a philosophy that encourages lifelong learning, skill building and “tinkering” with concepts to gain hands-on understanding, BIC seeks to change the face of what a stereotypical cybersecurity professional or hobbyist may look like.

Two key tenets of the program are scale and sustainability. Synack will ensure the program is sustainable (time, funding, resources) and will scale over time to support additional cohorts from within the high school and HBCU communities. As students in the first cohort complete the program, they will not only have the beginnings of foundational knowledge for continued learning and careers in technology from the Google course, they will also have the confidence and support to continue this learning process. After the cohort concludes, students will be able to continue through the remaining classes in Coursera to earn the Google IT Support Professional Certificate, which will demonstrate to potential employers their competency in IT.

Through the Synack Academy and BIC, students will have the foundational knowledge and confidence to continue their cybersecurity journey and pursue further knowledge that can be applied to many fields within the technology and security sector. It’s a start!

The post Synack & Blacks in Cybersecurity Launch The Synack Academy appeared first on Synack.