• Former Justice Department employees have an alumni network to turn to for help with looking for work. An employee organization called Justice Connection said it recently expanded its DOJ alumni network, aiming to help employees navigate transitions out of the agency. The organization is offering to connect current and recent DOJ employees with more than 100 agency alumni. They’ll be able to get informational interviews, advice and insights for how to continue on a specific career path, including attorneys, legal support staff and many others.
  (Expanding network to help DOJ employees find work - Justice Connection)
• The House on Thursday passed the final group of spending bills needed before the Jan. 30 funding deadline. In a vote of 341 to 88, lawmakers approved fiscal 2026 funding for the departments of Defense, Labor, Education, Transportation and Health and Human Services. But due to Democratic opposition over ICE funding, the spending bill for the Department of Homeland Security passed with a much narrower margin, in a party line vote of 220 to 207. The appropriations package now heads to the Senate for consideration.
  (House passes final bills to complete fiscal 2026 appropriations - House Appropriations Committee)
• The Postal Service is now accepting bids from shippers for use of its nationwide last-mile delivery network. USPS already has agreements with shipping giants like Amazon and UPS to get packages to their final destination. But it’s looking to give other delivery companies an opportunity to strike similar deals. Last-mile delivery is the most expensive leg of deliveries, and USPS goes to more addresses than its private-sector competitors. USPS said winning bidders will be notified during the second quarter of this calendar year.
  (U.S. Postal Service opens bid solicitation platform for entry to last-mile delivery network - U.S. Postal Service)
• The Department of Veterans Affairs has officially lifted its hiring freeze, but staffing caps are still in place for a smaller workforce. The VA saw its first-ever workforce net decrease last year and is unlikely to hire its way to a higher headcount than what it currently has. VA’s Under Secretary for Health said the hiring freeze is over, but VA facilities generally can’t exceed staffing caps set for their regions. A report from Senate VA Committee Democrats said the VA lost more than 40,000 employees last year. About 10,000 of those employees worked in frontline positions that the department has struggled to fill.
  (VA officially lifts hiring freeze, but staffing caps still in place for shrinking workforce - Federal News Network)
• Value-added resellers finally get a chance to weigh in on the concerns about their business model and the changes the General Services Administration has been considering. GSA issued a request for information yesterday seeking feedback from VARs and others to gain a clearer understanding of the value added by resellers, and the resulting impact of these services on pricing and the ability to meet the government’s requirements. The initial focus of the feedback is for companies in a specific special item number for IT hardware, 33411. Responses to the RFI are due by Feb. 9.
  (GSA seeks feedback from VARs - General Services Administration)
• The Small Business Administration suspended nearly a quarter of all participants in the 8(a) program. The SBA has suspended more than 1,000 companies in the program. SBA made the decision after it deemed those small businesses non-compliant with its financial data request from December. An SBA spokesperson said these suspended firms have 45 days to file an appeal. At the same time, SBA issued new guidance yesterday clarifying how it will run the small business development program going forward. Among the changes is that SBA will administer the 8(a) program based on race-neutral requirements. It also will no longer approve the use of “socially disadvantage narratives” as a way to get into the program.
  (SBA ends use of ‘socially disadvantage narratives’ for 8(a) program - Federal News Network)
• The Marine Corps has tapped GenAI.mil as its official enterprise generative artificial intelligence platform that will consolidate all duplicative, general-purpose GenAI usage into one system. Marines, civilians and contractors can start using GenAI.mil immediately. The platform is approved only for processing Controlled Unclassified Information, but the service plans to expand GenAI.mil to higher classification networks. The service also plans to integrate Marine Corps data sources and agentic AI development solutions in the future.
  (Marine Corps designates GenAI.mil its enterprise AI platform - MARADMIN)
• Congress wants the Space Force to organize its programs and people by mission area. One of the root causes of the Defense Department's failed acquisition system is the military rotation system, which often replaces program managers every two to three years. That turnover, lawmakers argue, prevents personnel from staying in place long enough to develop the technical expertise needed to manage increasingly complex systems. Now, Congress is directing the Pentagon to propose a Space Force pilot program that would keep personnel assigned to specific mission areas for substantially longer tours. The pilot program should also examine eliminating traditional occupational specialty categories, such as acquisition or operations, in favor of mission-focused specializations, such as missile warning or satellite communications.
  (Congress wants Space Force to organize programs and people by mission area - House.gov)

The post Former Justice Dept employees form alumni network to help with job searches first appeared on Federal News Network.

© Federal News Network

As he marked one year since being sworn into office, President Donald Trump on Tuesday touted the actions of his administration — including praising the major reductions to the federal workforce throughout 2025.

“I don’t want to cut people, but when you cut them and they go out and get a better job, I like to cut them,” Trump said during a nearly two-hour press briefing, while also stating his administration “slashed tremendous numbers of people off the federal payroll.”

The White House on Tuesday also released a list of “365 wins” over the last year, commending the administration’s efforts to ensure a “merit-based” federal workforce. The list includes federal workforce actions overhauling the probationary period; eliminating diversity, equity and inclusion across government; requiring employees to work on-site full-time; slashing federal jobs; and limiting agencies to one new hire for every four employees who exit the civil service.

“I say, get rid of everybody that’s unnecessary, because that’s the way you make America great again,” Trump said. “When you have all these jobs where people are sitting around doing nothing and they get a lot of money from the government, it’s no good.”

But good government groups such as the Partnership for Public Service tell a much different story of the administration’s impact on the federal workforce. Max Stier, the Partnership’s president and CEO, described 2025 as “the most significant reduction in federal government capacity that we’ve ever experienced in our history.”

“And that reduction in capacity is best represented in our most important asset: our federal workforce,” Stier told reporters on a press call last week.

Governmentwide, federal workforce data shows that about 320,000 federal employees left government during 2025, while just tens of thousands joined the civil service. The Office of Personnel Management reported a net loss of about 220,000 federal employees over the course of the year.

“It tells a disturbing story about who we’ve lost in our government and what is actually happening to the workforce,” Stier said. “But it doesn’t tell you anything about what is truly most fundamental — their morale and what they think about what’s happening right now.”

The Partnership, a non-profit organization that advocates for non-partisan, “good government” reforms, released a report on Tuesday, noting that the Trump administration’s actions over the last year created “confusion, distrust and stress within the federal workforce.”

“There were large-scale layoffs of employees, cuts to government programs and the ending of many grants, altering how the government does — or does not — serve the public and the outcomes it can achieve,” the report states. “Not only did the government lose invaluable expertise, it became less responsive to public needs and less prepared to keep Americans safe.”

“It is impossible to gain a full picture of the layoffs and their impact,” the Partnership added. “The administration has provided few specifics about what positions have been eliminated and which personnel have been laid off or incentivized to resign.”

The Partnership’s report also detailed the specific impacts of federal workforce losses over the last year, including effects at agencies like the IRS, Social Security Administration, Department of Health and Human Services, FEMA and many others.

As a result of the governmentwide staffing cuts, the Partnership argued, agencies are less prepared to deliver disaster assistance during emergencies, and less efficient in administering crucial government programs, leading to delays in basic services and increased wait times.

By contrast, OPM Director Scott Kupor has argued that the Trump administration’s federal workforce overhauls will lead to better employee accountability, merit and performance across government. Kupor also touted the loss of one-third of OPM’s internal workforce during 2025, while saying the agency’s service delivery improved.

“President Trump was clear from day one: The federal workforce must be accountable, performance-driven and focused on serving the American people,” Kupor said in a Dec. 31 press release. “This year, OPM delivered on that vision — modernizing government operations, rewarding excellence and putting taxpayers first.”

But Rob Shriver, director of the Civil Service Strong program at Democracy Forward, questioned the Trump administration’s workforce reductions, saying there are no forward-looking plans for continuing to effectively deliver services after the cuts.

“The singular focus on headcount reduction as a blunt instrument reveals that DOGE was never about efficiency,” Shriver, a former acting director of OPM during the Biden administration, said in commentary on Tuesday. “It was about retribution and stifling dissent by intimidating federal workers into leaving their jobs or, if they decided to stay, intimidating them into not questioning their political leaders.”

At the same time, information on the federal workforce’s perspective over the course of 2025 will likely be limited. After months of postponing, OPM last year opted to cancel the 2025 Federal Employee Viewpoint Survey. In an attempt to fill the data gap, the Partnership conducted its own federal workforce survey.

The results of the Partnership’s survey are expected to be released in March. But Partnership officials have said it will still be difficult as an external organization to replicate the depth of data OPM can attain through FEVS.

Going forward, the Trump administration is looking to make further changes for the federal workforce, including overhauls to the probationary period and federal hiring processes, as well as performance management and senior executive development.

OPM’s Kupor said the upcoming changes will make government “leaner,” while making federal employees more results-oriented, accountable and efficient.

But some painted a darker picture for federal employees throughout 2026.

“The harms caused by these cuts have already begun to play out, and we’ll see more and more of that in 2026, when the impacts of the thoughtless workforce cuts are felt more deeply around the country,” Shriver said.

The Trump administration is also expected to soon issue a final rule to implement “Schedule Policy/Career.” The forthcoming regulations will let agencies reclassify career federal employees in “policy-influencing” positions, in effect removing their civil service protections and making them easier to fire at-will.

“The change of our federal government into one that is a loyalist workforce, as opposed to a professional one, is a process that we anticipate moving forward in 2026,” Stier said. “As challenging as 2025 was, I think we can expect even harder days ahead in 2026.”

The post Trump lauds ‘tremendous’ federal workforce cuts. Good government group calls them ‘disturbing.’ first appeared on Federal News Network.

© AP

The world is in major need of more cyber security expert with relevant cyber security skills. A recent report by Cybersecurity Ventures predicted that around 3.5 million cybersecurity positions will be unfilled by 2021. Between 2017 and 2018, demand for cybersecurity professionals grew 7% according to Indeed. Unemployment rates in the industry have remained at […]

The post 7 Best Ways to Turn Your Cyber Security Skills Into a $100,000 Career appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

After a year of upheaval for federal employees, the Trump administration appears to be only getting started on its plans for overhauling the career civil service.

Further federal workforce changes are expected to continue into 2026 and beyond, according to the goals the administration recently laid out in its President’s Management Agenda.

Many of the priorities, as the Office of Management and Budget outlined, either already have — or soon will — significantly impact federal employees.

Here are three workforce changes from the Trump administration that federal employees should look for in the new year:

Future federal staffing plans

The sheer size of the federal workforce changed considerably over the past year, with executive branch agencies losing a cumulative total of more than 300,000 federal employees, according to numbers from the Office of Personnel Management.

With those staffing cuts in place, agencies are beginning to assemble future-looking plans to further reshape their workforces over the next few years.

As a months-long hiring freeze starts to thaw, the Trump administration has required all agencies to submit annual staffing plans for the coming year, subject to review and approval by OMB and OPM officials. The administration also directed agencies to form strategic hiring committees, composed mainly of political appointees, to oversee all recruitment efforts.

Agencies’ staffing plans must “consider efficiencies” of organizational restructuring and consolidation, removal of “unnecessary management layers,” the elimination of “unnecessary” jobs and contractor positions, managing the performance of underachieving employees — and much more, Trump administration officials explained in November guidance.

Until OMB and OPM approve the staffing plans, agencies will have to stick to a four-to-one ratio of removing to hiring employees, according to the guidance.

An OMB senior official speaking on background recently told Federal News Network that the administration will measure agencies’ progress toward fulfilling the first PMA priority by seeing how they adhere to Trump’s latest executive order on federal hiring. The goal over the next few years is to ensure that while hiring does take place, it’s in a way that maintains the smaller size of the current federal workforce.

“A key part of that will be making sure agencies are putting in place those hiring committees,” the official said. “They’re making very strategic decisions around who they’re hiring and what positions they’re hiring for, so we don’t just inflate the federal government again and overwhelm all the success we’ve had in reductions to date.”

In past administrations, there have been efforts to dramatically downsize the federal workforce — most recently during the Clinton administration in the 1990s. But a recent report from the Federation of American Scientists said those prior efforts had “decidedly mixed results,” and cautioned the Trump administration not to make the same mistakes.

“The cuts came before changes to agency to-do lists that never materialized,” FAS wrote. “It will be important for this administration to learn lessons from the past to avoid some of the long-term damage wrought by the Clinton years, for which agencies are still paying.”

Many experts have also raised concerns of the loss of federal workforce expertise, due to the reductions that have already taken effect. Max Stier, president and CEO of the Partnership for Public Service, warned that the loss of institutional knowledge will worsen over time.

“The forced exodus of over 212,000 civil servants has created dangerous gaps in food safety inspection, Social Security processing, veterans’ healthcare and disaster response,” Stier told Federal News Network. “This loss of expertise directly harms Americans’ access to critical services and will take decades to repair.”

Going forward, Robert Shea, a former OMB official in the George W. Bush administration, said doing more work with significantly fewer employees is both a challenge, and a possible opportunity.

“Agencies that rely on existing processes will fail. Agencies that rethink how work gets done may actually improve,” Shea told Federal News Network. “The upside of AI and automation only materializes if feds are given the authority, training and political cover to use these tools.”

“Accountability” of federal employees

A focus on “accountability” has been another common theme for the Trump administration’s federal workforce changes — it’s an area of emphasis in the PMA, and likely to strengthen and expand in 2026 and beyond.

Already, “accountability” has appeared as a priority in the administration’s efforts to remove protections for career federal employees in “policy-influencing” positions, make reforms to the Senior Executive Service, and create a new governmentwide recruitment plan.

Heading into 2026, OPM has also estimated that around 50,000 career federal employees will be reclassified as “Schedule Policy/Career,” a move that would make the impacted workers at-will and easier to fire.

The Trump administration touted Schedule Policy/Career as a way to drive “accountability” in the federal workforce, while offering agencies more flexibility. But critics of the policy, formerly known as “Schedule F,” have warned that it will politicize the non-partisan career civil service.

“Ultimately, this ‘trauma’ leads to the federal government’s loss of talent and institutional knowledge, which damages our national security and makes us more vulnerable to bad actors; reduces government accountability to its citizens; and generates even more loss of trust in government,” said Raymond Limon, a former member of the Merit Systems Protection Board and career-long federal executive in human capital.

Going forward, the Trump administration’s efforts on expanding these plans are “on track to get more severe,” according to the Partnership’s Stier.

“The expansion of Schedule Policy/Career authority threatens career protections, creates a climate of fear that drives talented professionals to leave government and further diminishes the services received by the public,” Stier told Federal News Network.

All told, the administration’s overhauls will lead to a “collapse of long-standing assumptions about civil service protections,” according to Shea.

“Constraints on removing career employees that were once treated as untouchable have been challenged directly,” Shea said. “Regardless of how courts ultimately rule, the impact will be long lasting.”

In 2026, federal employees are also facing significant changes in the way agencies measure performance, another way that OPM has said it is looking to increase “accountability” of employees.

OPM is looking to change performance management standards for federal employees. OPM Director Scott Kupor argues that “performance culture” in government is broken, and far too many federal employees are rated as high performers at their agencies.

“We have rampant ratings inflation and a lack of accountability for poor performers that fails to meaningfully differentiate between excellence, successful achievement of one’s objectives and poor performance,” Kupor wrote in a Dec. 5 blog post.

In June, OPM outlined plans to end “inflation” in performance ratings, and more strictly delineate between different levels of performance for employees. The changes also call on agencies to swiftly remove poor performers — and not substitute a suspension, for instance, when a full removal is more appropriate.

Forthcoming final regulations are expected to cement the emphasis of “accountability” in the administration’s changes to employee performance evaluations.

The idea of “accountability” also appears in the President’s Management Agenda, as part of a goal of fostering a “merit-based federal workforce.”

“The president’s executive orders and the PMA, together, call for revolutionary change, and together with OPM, we’re delivering,” OMB Deputy Director for Management Eric Ueland said in a Dec. 9 CHCO Council meeting. “The president directed agencies to reform the workforce, to maximize efficiency and productivity … Federal agencies have created meaningful efficiencies, allowing them to laser focus on their statutory duties.”

“Merit-based” workforce reforms

Finally, the Trump administration is calling for a focus on “merit-based” hiring across the federal workforce. It’s a top priority of the administration’s President’s Management Agenda, but also something that has appeared across multiple efforts from OPM.

In May, OPM first issued the administration’s new “merit hiring plan,” setting goals for reducing the government’s time-to-hire, as well as focusing on skills-based recruitment and a streamlined process.

The hiring guidance also required all agencies to assess candidates on USAJobs on how they plan to support the administration’s priorities when applying for open positions.

But in 2026, the goals of the “merit hiring plan,” in combination with the Trump administration’s PMA priority, are expected to take further effect, as agencies move forward with their new annual staffing plans.

“Moving forward, hiring will be based on merit and focused on practical skill, competence and dedication to the Constitution,” OMB’s Ueland said.

Combined, the merit hiring plan, performance changes, and newly required annual staffing plans will significantly reshape the federal workforce going forward.

“For those of you who have been in the private sector, much of this will seem like motherhood and apple pie,” Kupor wrote in a Nov. 21 blog post. “We are now inviting the federal government to join the planning party.”

OPM’s new “Tech Force” recruitment initiative, as an example, will embed the “merit hiring” principles as agencies look to onboard private-sector technologists and early-career talent through the new program.

But some of the hiring changes are common across recent presidential administrations. Recruitment strategies such as skills-based hiring and the use of shared certificates appeared in the Trump administration’s hiring guidance, similar to prior efforts from the Biden administration.

The FAS report noted, “the perennial need to hire federal employees more quickly and efficiently … have appeared in every PMA to date.”

The post 3 efforts federal employees should track from Trump’s management agenda first appeared on Federal News Network.

© Amelia Brust/Federal News Network

With the cost of data breaches at an all-time high, organizations are working to proactively identify areas of risk on the network. Using pentesters to conduct penetration (pen) testing is becoming more common. To protect themselves, businesses must know their risk areas before hackers find vulnerabilities. Organizations can lower their attack risk by protecting against weaknesses or eliminating them.

The 2022 IBM Cost of a Data Breach found that data breaches cost an average of $4.35 million per breach, an increase of 12.7% from 2020. For many businesses, breaches are becoming a “when”, not an “if” proposition. Of the organizations participating in the study, 83% have experienced more than one data breach — and only 17% said it was their first time.

As a result, many organizations are turning to pen testing to improve their overall security. 

What is Penetration Testing?

During pen testing, pentesters determine how secure an app or network is by trying to break into it. Pentesters often use black box testing, where the tester does not know the underlying infrastructure, apps or code. The process allows pentesters to conduct the tests from the perspective of an outside hacker and uses automated processes to test vulnerabilities.

Other forms of pen testing can be used as well. White box pen testing relies on the tester’s knowledge of the infrastructure to quickly test security using specialized tools. Gray box testing blends white box and black box testing as the tester uses personal knowledge of the infrastructure and both manual and automated tools to exploit weaknesses.

Pen testing provides numerous benefits to companies, including infrastructure knowledge and fewer errors. While some companies balk at the initial price, the approach saves significant costs by reducing risk and the likelihood of a breach. Companies regulated by compliance guidelines often turn to pen testing as part of their compliance process.

While penetration testing is similar to ethical hacking, some differences exist. Mainly, penetration testing focuses on breaching specific systems to take over the environment. Ethical hacking, on the other hand, uses all hacking techniques. Ethical hackers are usually not company employees, although some companies hire ethical hackers as full-time employees. Bug bounty programs are a bit similar, but they’re more focused on all types of bugs instead of just breaching a system. Because bug bounty programs are open to the cybersecurity community, external hackers typically participate as well as the occasional internal employee.

Responsibilities of a Pentester

Pentesters who work as contractors are typically responsible for following testing protocols designed by the hiring agency or organization. Full-time pentesters usually start with a goal and then determine which tools and methods will best help them reach it. After completing their tests, pentesters write documentation detailing the results to help make security changes.

In addition to technical skills, pentesters need good written and verbal communication skills. Pentesters often need to collaborate with the IT department to help create solutions based on the results of the tests. Because of the types of attacks happening in the real world and the technology used by cyber criminals, pentesters need to stay on top of the latest trends in the cybersecurity industry.

Pursuing a Career as a Pentester

Some companies require pentesters to have a computer science degree or cybersecurity certificate. However, many others accept on-the-job experience — especially experience in the cybersecurity industry. While some companies may require a bachelor’s degree, others look for candidates with digital badges or certifications.

Some companies hire internal pentesters, especially for white box pen testing. However, contract pentesters hired for specific projects typically conduct black box pen testing to ensure they don’t have prior knowledge of the infrastructure. If you are looking for a job as a pentester, consider looking for both full-time employment and contract gigs.

Pentesters looking for full-time employment often find jobs at non-technical companies that want to ensure their infrastructure is secure. Other testers work for cybersecurity firms that offer services to other companies. With IT spending on cybersecurity increasing as risks escalate, the demand for pentesters will also likely continue to climb.

Overall, pen testing is a great entry-level career for tech workers or people who want to enter the cybersecurity field. While some technical knowledge is needed, many of the tools and techniques are learned on the job.

 

The post What is a Pentester, and Can They Prevent Data Breaches? appeared first on Security Intelligence.

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.

Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk assessment, oversight, patching of critical systems and proper system configuration.

Many factors have contributed to this gap in essential cybersecurity workers. Some of the top reasons the survey identified were a lack of internal promotion opportunities, struggles with turnover and attrition, budget issues and a lack of qualified talent. But what defines “qualified talent” in cybersecurity today?

The industry has two options. The first is to cut the pie by continuing to focus on degree and certification holders. The other is to make a bigger pie by widening the talent pool and offering on-the-job training to applicants with the passion and mindset to succeed.

Looking for Talent in All the Wrong Places?

The term “cybersecurity” has been overly mystified. Does it involve a reclusive hoodie-wearing night owl? A math whiz writing complex code or working with cryptography?

Unfortunately, misconceptions and complexity have built a wall around the industry. This, at least in part, may explain the high percentage of people with university degrees working in cybersecurity fields. In fact, 82% of the workforce have a Bachelor’s or Master’s degree.

That level of formal education may have been necessary in the past, but the industry requires all types of workers right now. The first step to closing that worker gap will be to ensure that the public understanding of “cybersecurity” is demystified. Core skills aren’t coding or highly advanced math; core skills are problem-solving, investigative thinking, dedication and hard work.

The Making of a Cybersecurity Specialist

Recently, the Australian Signals Directorate (ASD) identified that a “cybersecurity specialist” is “just your average person” that can come from varying backgrounds. This is completely true, especially when key cybersecurity tasks today revolve around monitoring, detection and the ability to spot anomalies. Contrary to popular thinking, cybersecurity is not a bunch of blinking lights and super-secret artificial intelligence — though there are elements of that.

The cybersecurity industry could be morphing into a 21st Century version of manufacturing and assembly lines. Yes, there are still skilled labor requirements. But there is still no substitute for “hands-on keyboard” or “taking live fire” during an incident response case. That comes through experience.

Therefore, this begs the question: Who is better suited for a cybersecurity position? Somebody with a high school diploma but has managed computers and IT systems since they were a teenager, making mistakes along the way but solving them with passion and curiosity? Or a person with a cybersecurity degree who read about the field in a book, spending limited time with hands on a keyboard?

Focus on the Person, Not the Paper

Let’s return to the (ISC)2 study. Participants are trending towards practical skills and experience as more important qualifications. Certification, degrees and training are nice, but problem-solving abilities and related work experience are what employers are looking for. Interestingly, certifications are seen to be more valuable for skills growth than a means to jump into a career in cybersecurity.

It almost feels as though there is an elephant in the room: are we considering the right people for cybersecurity jobs, especially for entry-level jobs?

Granted, some positions require a strong mix of experience, paper qualification and/or validation, and years of battle hardening. For instance, a CISO or senior-level SOC analyst will almost certainly have done time in the trenches.

But some positions grant some low-risk, hands-on experience. If an organization finds a candidate with sincere curiosity, problem-solving skills and the appropriate soft skills, their paper qualifications may not matter. Rather, what will determine success is the organization’s ability to train the individual on the necessary tools and the core technical competencies required to complete the job. A curious person with problem-solving skills can figure out the rest. Just do not leave them hanging because they may suffer from burnout.

Training Can Bridge the Gap

Back to the assembly line analogy: Let’s say you are new to the machinery or protocols in a manufacturing shop. If you can be trained, shadow somebody more experienced for a period of time and have the right work ethic you can pick up the skills and excel. It’s the same principle in cybersecurity.

This is how to bridge the gap, especially in the short term. Waiting three to seven years for individuals to complete advanced degrees may no longer be practical, given the high demand. Technologies will change and there is no guarantee of “hands on keyboard” battle scars.

It’s time to start thinking outside the box. Pitch these two scenarios to a hiring manager today:

1. Individual A works on IT systems and remotely manages a SIEM. They have no certifications or paper qualifications but have worked like this for a couple of years, come highly referred as a dedicated worker, are dependable and require little oversight.
2. Individual B completed a Bachelor’s degree in computer science and a Master’s degree in cybersecurity. They also have completed some basic cybersecurity certifications but have no previous work experience or references.

Based on these surface descriptions, who are you inclined to interview first for a cybersecurity job?

The Pathway to Filling Future Needs

The above example is not a knock on those seeking university degrees or certifications; rather, it is a reality check. If 80% of workers in the industry have university degrees and there are not enough people to meet the need, well, you need to start looking elsewhere to fill the gap. Otherwise, expect retention problems.

For hiring managers, that will mean carefully crafting your requisitions and keeping your expectations in check. These new hires will be your apprentices for a while. Know that if you get them early, reward them with the opportunity and treat them right, you may also be filling a long-term need.

The post Bridging the 3.4 Million Workforce Gap in Cybersecurity appeared first on Security Intelligence.

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and disruption. 

Wyler shows that threat hunters can help prevent a cybersecurity catastrophe. But what is a threat hunter, and how can they improve an organization’s security posture?

What is Threat Hunting?

While enterprise security systems are a key part of cybersecurity, threat hunters provide organizations extra protection. A threat hunter reviews all the security data and systems to look for abnormalities and potential malware issues. Threat hunting complements automated security tools and is best used in conjunction with that technology. By combining the strengths of both human expertise and artificial intelligence (AI) tools, companies can find cyber threats faster and reduce damage.

Responsibilities of a Threat Hunter

Threat hunters search, log, monitor and neutralize threats to find issues before they become serious problems. In some companies, threat hunters design the threat-hunting program, which starts by building the hypothesis the program is looking to answer, such as searching for malware with specific criteria. Threat hunting typically involves looking for malware threats incorporated into commercial technology but not yet known.

Threat hunters use three approaches: structured, unstructured and situational.

During structured tests, the threat hunter leverages indicators of attack (IoAs) and the tactics, techniques and procedures (TTPs) of an attacker. Unstructured hunts occur when a trigger indicates a compromise, and the hunter looks at patterns before and after the detection. Situational hunts commence when a risk assessment is warranted, such as knowing attacks are happening at similar companies.

What makes threat hunting different from other cybersecurity tasks is that they don’t just use security information and event management (SIEM), endpoint detection and response (EDR) and other typical processes. Instead, threat hunters search through security data to look for patterns that indicate malware or attackers. Once they discover a cyber criminal’s potential entry method, they work to patch the issue to prevent future incidents.

Pursuing a Career as a Threat Hunter

Threat hunting is often one of the responsibilities of a cybersecurity analyst. However, some managed service professionals (MSPs) hire threat hunters whose primary responsibility is threat hunting for clients. Cybersecurity firms also hire threat hunters to provide the service to their clients. Additionally, threat hunters can work freelance for companies that need threat-hunting expertise but don’t want to hire an MSP.

Companies often look for certifications or bachelor’s degrees when hiring for analyst and threat-hunting positions. Candidates can also go into threat hunting with digital badges or certifications. However, cybersecurity analysts can learn threat-hunting skills on the job and then move into a threat-hunting role.

Threat hunters need strong technical skills and expertise with cybersecurity tools. However, the most important skills are problem-solving and analysis because the role requires manually reviewing data. Threat hunters must also have a strong interest in cybersecurity and a willingness to continually stay updated on cyber criminals’ latest TTPs. Additionally, threat hunters need good written skills to communicate findings to IT leaders. Because threat hunters often work on a team with other cybersecurity professionals, they also need the ability to collaborate and verbally communicate with others.

As cybersecurity risks and threats continue to increase, threat hunting is apt to become an even more crucial facet of cybersecurity. Organizations need the human touch to catch sophisticated threats, even using sophisticated tools. Cybersecurity professionals specializing in threat hunting or adding it to their skill set will likely have solid employment opportunities.

The post How Do Threat Hunters Keep Organizations Safe? appeared first on Security Intelligence.

Today I’ll share with you my thoughts on a career in IT security and give some hints on how to get started.

People fresh out of IT-related studies, or those who are just going to study IT more or less know what they want to do or will learn from lecturers and colleagues. More difficult is for those who change their careers completely.

The post Humans of Detectify: You don’t need to be an expert to get into security appeared first on Detectify Blog.

The post Meet the team: Andrea Palaia – From particle physics at CERN to Detectify data appeared first on Detectify Blog.

The post Meet the team: Johan Norrman – From building code to building teams to building companies appeared first on Detectify Blog.

The post Meet the team: Martina Janevska – Problem solver who loves a challenge appeared first on Detectify Blog.

The post Team event – Detectify Sailing appeared first on Detectify Blog.

The post Awards to Detectify’s team members appeared first on Detectify Blog.