This week on the GeekWire Podcast: Newly unsealed court documents reveal the behind-the-scenes history of Microsoft and OpenAI, including a surprise: Amazon Web Services was OpenAI’s original partner. We tell the story behind the story, explaining how it all came to light.

Plus, Microsoft CEO Satya Nadella debuts a new AI catchphrase at Davos, startup CEO Dave Clark stirs controversy with his “wildly productive weekend,” Elon Musk talks aliens, and the latest on Seattle-area physical AI startups, including Overland AI and AIM Intelligent Machines.

Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.

With GeekWire co-founders John Cook and Todd Bishop; edited by Curt Milton.

AI coding work is rising fast, but the biggest payoff isn’t evenly shared. A Science analysis suggests seasoned developers get stronger gains than newcomers, which could reshape how you learn, interview, and prove value.

The post AI coding work is shifting fast, and your career path may split appeared first on Digital Trends.

Bicycles for the mind. … Information at your fingertips. … Managers of infinite minds?

Microsoft CEO Satya Nadella riffed on some famous lines from tech leaders past this week in an appearance at the World Economic Forum in Davos, Switzerland, and offered up his own trippy candidate to join the canon of computing metaphors. 

Nadella traced the lineage in a conversation with former UK Prime Minister Rishi Sunak.

• “Computers are like a bicycle for the mind” was the famous line from Apple’s Steve Jobs.
• “Information at your fingertips” was Bill Gates’ classic Microsoft refrain back in the day.

And now? “All of us are going to be managers of infinite minds,” Nadella said. “And so if we have that as the theory, then the question is, what can we do with it?”

He was referring to AI agents — the autonomous software that can take on tasks, work through problems, and keep going while you sleep. Microsoft and others have been talking for the better part of a year now about people starting to oversee large fleets of them. 

Nadella said it’s already reshaping how teams are structured. At Microsoft-owned LinkedIn, the company has merged design, program management, product management, and front-end engineering into a single new role: full-stack builders. Overall, he called it the biggest structural change to software teams he’s seen in a career that started at Microsoft in the 1990s.

“The jobs of the future are here,” Nadella said, putting his own spin on a famous line often attributed to sci-fi writer William Gibson. “They’re just not evenly distributed.”

Nadella’s comments came during a live stream for LinkedIn Premium members, hosted from Davos by LinkedIn VP and Editor in Chief Daniel Roth, after Sunak mentioned his two teenage daughters, and the world they’ll enter. Young people may not manage lots of people at age 20 or 21, he said, “but they will be managing a team of agents.” 

Sunak was referencing an essay by Goldman Sachs CIO Marco Argenti in Time. 

The agentic shift, Argenti wrote, requires “moving from being a sole performer to an orchestra conductor” — your team now includes AI agents that “must be guided and supervised with the same approach you would apply to a new, junior colleague.”

Nadella agreed, saying “we do need a new theory of the mind” to navigate what’s coming, before he offered up his new metaphor about managing infinite minds.

In other remarks at Davos, Nadella made headlines with his warning that AI’s massive energy demands risk eroding its “social permission” unless it delivers tangible benefits in health, education, and productivity. Energy costs, he added, will decide the AI race’s winners, with GDP growth tied to cheap power for processing AI tokens.

Whether “infinite minds” catches on like “bicycles” and “fingertips” remains to be seen. But it’s definitely more psychedelic. And if this shift is stranger than what came before, maybe we do need a mind-expanding metaphor to make sense of it all.

Glassdoor’s 2026 list of best places to work reveals that the winners are employee-centric, and the number of tech companies declined slightly.

The post Best Places to Work in Tech 2026: The Companies Employees Trust Most appeared first on TechRepublic.

Glassdoor’s 2026 list of best places to work reveals that the winners are employee-centric, and the number of tech companies declined slightly.

The post Best Places to Work in Tech 2026: The Companies Employees Trust Most appeared first on TechRepublic.

From enterprise architects to data scientists, these are the highest-paid tech jobs in 2026 based on salary and hiring trends.

The post Top 10 Highest-Paid Tech Jobs in 2026 appeared first on TechRepublic.

From enterprise architects to data scientists, these are the highest-paid tech jobs in 2026 based on salary and hiring trends.

The post Top 10 Highest-Paid Tech Jobs in 2026 appeared first on TechRepublic.

Hello, aspiring digital forensics investigators!

In this article, we continue our journey into digital forensics by examining one of the most common and underestimated attack paths: abusing file upload functionality. The goal is to show how diverse real-world compromises can be, and how attackers can rely on legitimate features and not only exotic zero-day exploits. New vulnerabilities appear every day, often with proof-of-concept scripts that automate exploitation. These tools significantly lower the barrier to entry, allowing even less experienced attackers to cause real damage. While there are countless attack vectors available, not every compromise relies on a complex exploit. Sometimes, attackers simply take advantage of features that were never designed with strong security in mind. File upload forms are a perfect example.

Upload functionality is everywhere. Contact forms accept attachments, profile pages allow images, and internal tools rely on document uploads. When implemented correctly, these features are safe. When they are not, they can give attackers direct access to your server. The attack itself is usually straightforward. The real challenge lies in bypassing file type validation and filtering, which often requires creativity rather than advanced technical skills. Unfortunately, this weakness is widespread and has affected everything from small businesses to government websites.

Why File Upload Vulnerabilities Are So Common

Before diving into the investigation, it helps to understand how widespread this issue really is. Platforms like HackerOne contain countless reports describing file upload vulnerabilities across all types of organizations. Looking at reports involving government organizations or well known companies makes it clear that the same weaknesses can appear everywhere, even on websites people trust the most.

As infrastructure grows, maintaining visibility becomes increasingly difficult. Tracking every endpoint, service, and internal application is an exhausting task. Internal servers are often monitored less carefully than internet-facing systems, which creates ideal conditions for attackers who gain an initial foothold and then move laterally through the network, expanding their control step by step.

Exploitation

Let us now walk through a realistic example of how an attacker compromises a server through a file upload vulnerability, and how we can reconstruct the attack from a forensic perspective.

Directory Fuzzing

The attack almost always begins with directory fuzzing, also known as directory brute forcing. This technique allows attackers to discover hidden pages, forgotten upload forms, administrative panels, and test directories that were never meant to be public. From a forensic standpoint, every request matters. It is not only HTTP 200 responses that are interesting.

In our case, the attacker performed directory brute forcing against an Apache web server and left behind clear traces in the logs. By default, Apache stores its logs under /var/log/apache, where access.log and error.log provide insight into what happened.

bash# > less access.log

Even without automation, suspicious activity is often easy to spot. Viewing the access log with less reveals patterns consistent with tools like OWASP DirBuster. Simple one-liners using grep can help filter known tool names, but it is important to remember that behavior matters more than signatures. Attackers can modify headers easily, and in bug bounty testing this is often required to distinguish legitimate testing from malicious activity.

bash# > cat access.log | grep -iaE 'nmap|buster' | uniq -d

You might also want to list what pages have been accessed during the directory bruteforce by a certain IP. Here is how:

bash# > cat access.log | grep IP | grep 200 | grep -v 404 | awk ‘{print $6,$7,$8,$9}’

In larger environments, log analysis is usually automated. Scripts may scan for common tool names such as Nmap or DirBuster, while others focus on behavior, like a high number of requests from a single IP address in a short period of time. More mature infrastructures rely on SIEM solutions that aggregate logs and generate alerts. On smaller systems, tools like Fail2Ban offer a simpler defense by monitoring logs in real time and blocking IP addresses that show brute-force behavior.

POST Method

Once reconnaissance is complete, the attacker moves on to exploitation. This is where the HTTP POST method becomes important. POST is used by web applications to send data from the client to the server and is commonly responsible for handling file uploads.

In this case, POST requests were used to upload a malicious file and later trigger a reverse connection. By filtering the logs for POST requests, we can clearly see where uploads occurred and which attempts were successful.

bash# > cat * | grep -ai post

The logs show multiple HTTP 200 responses, confirming that the file upload succeeded and revealing the exact page used to upload the file.

The web server was hosted locally on-premises rather than in the cloud, that’s why the hacker managed to reach it from the corporate network. Sometimes web servers meant for the internal use are also accessible from the internet, which is a real issue. Often, contact pages that allow file uploads are secured, but other upload locations are frequently overlooked during development.

Reverse Shell

After successfully uploading a file, the attacker must locate it and execute it. This is often done by inspecting page resources using the browser’s developer tools. If an uploaded image or file is rendered on the page, its storage location can often be identified directly in the HTML. Here is an example of how it looks like:

Secure websites rename uploaded files to prevent execution. Filenames may be replaced with hashes, timestamps, or combinations of both. In some cases, the Inspect view even reveals the new name. The exact method depends on the developers’ implementation, unless the site is vulnerable to file disclosure and configuration files can be read.

Unfortunately, many websites do not enforce renaming at all. When the original filename is preserved, attackers can simply upload scripts and execute them directly.

The server’s error.log shows repeated attempts to execute the uploaded script. Eventually, the attacker succeeds and establishes a reverse shell, gaining interactive access to the system.

bash# > less error.log

Persistence

Once access is established, the attacker’s priority shifts to persistence. This ensures they can return even if the connection is lost or the system is rebooted.

Method 1: Crontabs and Local Users

One of the most common persistence techniques is abusing cron jobs. Crontab entries allow commands to be executed automatically at scheduled intervals. In this case, the attacker added a cron job that executed a shell command every minute, redirecting input and output through a TCP connection to a remote IP address and port. This ensured the reverse shell would constantly reconnect. Crontab entries can be found in locations such as /etc/crontab.

bash# > cat /etc/crontab

During the investigation, a new account was identified. System files revealed that the attacker created a new account and added a password hash directly to the passwd file.

bash# > cat /etc/passwd | grep -ai root2

The entry shows the username, hashed password, user and group IDs, home directory, and default shell. Creating users and abusing cron jobs are common techniques, especially among less experienced attackers, but they can still be effective when privileges are limited

Method 2: SSH Keys

Another persistence technique involves SSH keys. By adding their own public key to the authorized_keys file, attackers can log in without using passwords. This method is quiet, reliable, and widely abused. From a defensive perspective, monitoring access and changes to the authorized_keys file can provide early warning signs of compromise.

Method 3: Services

Persisting through system services gives attackers more flexibility. They also give more room for creativity. For example, the hackers might try to intimidate you by setting up a script that prints text once you log in. This can be ransom demands or other things that convey what they are after.

Services are monitored by the operating system and automatically restarted if they stop, which makes them ideal for persistence. Listing active services with systemctl helps identify suspicious entries.

bash# > systemctl --state=active --type=service

In this case, a service named IpManager.service appeared harmless at first glance. Inspecting its status revealed a script stored in /etc/network that repeatedly printed ransom messages. Because the service restarted automatically, the message kept reappearing. Disabling the service immediately stopped the behavior.

Since this issue is so widespread, and because there are constantly new reports of file upload vulnerabilities on HackerOne, not to mention the many undisclosed cases that are being actively exploited by hackers and state-sponsored groups, you really need to stay vigilant.

Summary

The attack does not end with persistence. Once attackers gain root access, they have complete control over the system. Advanced techniques such as rootkits, process manipulation, and kernel-level modifications can allow them to remain hidden for long periods of time. In situations like this, the safest response is often restoring the system from a clean backup created before the compromise. This is why maintaining multiple, isolated backups is critical for protecting important infrastructure.

As your organization grows, it naturally becomes harder to monitor every endpoint and to know exactly what is happening across your environment. If you need assistance securing your servers, hardening your Linux systems, or performing digital forensics to identify attackers, our team is ready to help

Morgan Stanley projects Europe’s banks could cut about 10% of jobs by 2030 as AI and branch closures drive cost cuts under investor pressure.

The post Morgan Stanley Warns AI Could Eliminate 200,000 Banking Jobs in Europe appeared first on TechRepublic.

Morgan Stanley projects Europe’s banks could cut about 10% of jobs by 2030 as AI and branch closures drive cost cuts under investor pressure.

The post Morgan Stanley Warns AI Could Eliminate 200,000 Banking Jobs in Europe appeared first on TechRepublic.

The past year may go down as one of the most consequential in technology history, in both the Seattle tech community and the world. But in some ways, it’s not without precedent.

As we sat down to reflect on the past year, we rewound all the way back to January — when, as part of a larger discussion with Bill Gates, we asked the Microsoft co-founder to compare the early days of the PC with these early years of AI.

Gates reflected on the PC era as a moment of computing becoming free, effectively.

“Now what’s happening is intelligence is becoming free,” he said, “and that’s even more profound than computing becoming free.”

As we looked through GeekWire’s top stories of the year, almost every one felt like a subplot to that larger narrative. On this special year-end episode of the GeekWire Podcast, we reviewed the articles that resonated most with readers, and compared notes to make sense of it all.

Listen below, and continue reading for episode notes and links.

Enigma of success: ‘Brutal reality’ of tech cycles

• Best of times, worst of times: Massive AI infrastructure spending alongside widespread layoffs.
• Satya Nadella on the Stargate announcement: “I’m good for my $80 billion.“
• The unexpected way AI is affecting jobs — not by replacing workers directly, but by pressuring companies to cut costs as they pour money into infrastructure.
• MIT study: 95% of projects using generative AI have failed or produced no return.
• Worker stress: Mandates to use AI, but no playbook on how.
• One tech veteran’s take: “The enigma of success is a polite way of describing the brutal reality of tech cycles. … The challenge, and opportunity for leadership, is whether the bets actually compound into something durable, or just become another slide deck for next year’s reorg.”
• Bill Radke on KUOW: “The tech industry had quite a year. Amazon ordered their workers back to the office. You must come back to the office. Are you here? Good. You’re laid off. Not all of you. Just the humans.“

A pivotal year for Amazon

• Andy Jassy’s explanation: Not financially driven, not even really AI driven — it’s culture.
• After rapid growth, Amazon trying to get back to operating like “the world’s largest startup.”
• The new motto seems to be: Get small and nimble, faster.
• Can Amazon find that next pillar of business, as Jeff Bezos used to say?

Coding is dead, computer science is not

• Most popular story of the year: Coding is dead: UW computer science program rethinks curriculum for the AI era.
• Magdalena Balazinska, director of the Paul G. Allen School: “Coding, or the translation of a precise design into software instructions, is dead. AI can do that. We have never graduated coders. We have always graduated software engineers.”
• The issue was explored by the New York Times in its Daily podcast on Code.org and the shifting landscape for coding education. See the response from Hadi Partovi of Code.org.

Seattle’s future as a tech hub

• Wall Street Journal report: Seattle, Tech Boomtown, Grapples With a Future of Fewer Tech Jobs
• One source quoted: “Between 2012 and 2022 it was a great period … until everything flipped.”
• GeekWire coverage: Is Seattle’s tech scene in trouble? WSJ report highlights concerning trends — with a potential opening for startups
• But: Atlas Van Lines data shows Washington state still among top 10 destinations for movers.
• The strengths remain: Anchor tenants, investors, startups, smart people, UW, healthcare infrastructure, etc.
• We’re seeing AI expand from individual productivity to enterprise efficiency — an area where the Seattle region has historically excelled.

Sense of place: More important for some, less for others

• Amazon brings employees back five days a week; Microsoft announces three days starting in 2026.
• Rebooting Redmond: The conclusion of our Microsoft 50th anniversary series explored the new campus and what it signals.
• Yet many startups are more distributed and diffuse than ever — sometimes it’s hard to even pin down where their headquarters are.
• Statsig, entirely in-office in Bellevue, acquired by OpenAI for $1.1 billion.
• The perennial question: Why don’t more of these companies become Seattle’s next tech giant?

M&A and IPOs: Base hits, not home runs

• Didn’t see as much deal activity as some predicted for 2025.
• GeekWire deals list reflects smaller acquisitions, not blockbusters.
• One tech IPO from Washington state: Kestra Medical Technologies, $202 million in March.
• Complex alchemy of interest rates, regulation, and market conditions.

AI becomes real

• Brad Smith at Microsoft’s annual meeting: Asked Copilot’s researcher agent to produce a report on an issue from seven or eight years ago. Fifteen minutes later: 25-page report with 100 citations.
• What’s happening now: the shift from individual productivity to team productivity, from people using AI to organizations figuring it out.
• As companies implement AI agents, we move from desktop/individual applications to true enterprise services, playing to Seattle’s strengths.

Quote of the Year

“We look forward to joining Matt on his private island next year.” — Kiana Ehsani, CEO of Vercept, after her co-founder Matt Deitke left to join Meta for a reported hundreds of millions of dollars.

Stickler of the Year

Proud Seattleite and grammarian Ken Jennings on Jeopardy!, correcting a contestant: “Sorry, Dan, we are sticklers in Seattle. It’s Pike Place — no s.”

Feel-Good Moment of the Year

Ambika Singh, CEO and founder of Armoire, accepting the Workplace of the Year award at the GeekWire Awards: “It is not a surprise to any of you that we are losing community outside of these walls in this country. But here, it feels alive and well.”

Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.

Audio editing by Curt Milton

Tech-related job postings remain stuck well below pre-pandemic levels in Seattle, according to a new hiring trends report from Indeed.

The site uses a measure called the Indeed Job Postings Index, which treats Feb. 1, 2020 as the “normal” baseline of 100. Numbers below 100 mean fewer job postings than before the pandemic.

In Seattle, the index for Software Development was 32 as of Nov. 27, 2025 — meaning postings are about two-thirds lower than the pre-COVID benchmark. Data & Analytics is even lower at 29.

Those numbers haven’t moved much over the past two years. Software Development was 31 in late 2023 and Data & Analytics was 38, for example.

Nationally, tech job postings are almost a third lower compared to early 2020, according to Indeed.

Seattle is seeing a more concentrated pullback in tech-related hiring. It makes for an unfamiliar economic environment in the Emerald City, which has seen its tech industry surge for much of the past decade, including a hiring spree early in the pandemic.

A report from CBRE in 2021 showed that the Seattle region added more than 48,000 tech jobs from 2016 to 2020, an increase of more than 35% — growing at a faster rate than any other large U.S. tech market for that time period. Amazon was growing exponentially, Microsoft had a massive revival, and the startup scene was producing multiple billion-dollar companies.

It’s a different climate now, just as the artificial intelligence era gets going amid broader macroeconomic uncertainty.

Microsoft and Amazon had substantial layoffs this year, though both are still hiring in select areas as they invest heavily in AI infrastructure. Some startups, once so-called “unicorns,” have also shed staff due to financial trouble.

The tech slowdown in Seattle got the national spotlight in September, when The Wall Street Journal detailed the broader fallout from widespread layoffs, including decreased retail spending in tech-heavy districts and record-high office vacancies.

The latest trends may help explain why some job seekers, including longtime leaders, are having trouble landing tech gigs in Seattle.

The tech industry accounts for a whopping 30% of the economy in the Seattle region, according to a report from CompTIA. That ranks second in the U.S. behind San Jose. Tech also accounts for more than 12% of the overall workforce in the Seattle area.

Workers in the “computer and mathematicals” occupation category in the Seattle area had the highest median earnings in 2024 by a wide margin ($163,609), according to the Seattle Times.

Other hiring trends in Seattle and nationally

As of late 2025, only seven of 45 sectors in the Seattle area were above 100, per the Indeed Job Postings Index — and all of them were in healthcare. Two years earlier, 22 sectors were still above 100, showing a much broader economy with stronger hiring demand. Overall, Seattle had a 35% decline in job postings from February 2020 to October 2025, Axios reported.

The weakest Seattle sectors right now include Data & Analytics, Software Development, Project Management, Human Resources, and Media and Communications.

Some of the largest declines over the past two years came in non-tech areas such as Driving, Pharmacy, Cleaning and Sanitation, Civil Engineering, and Childcare — though Indeed notes that Pharmacy and Civil Engineering still remain relatively high compared with pre-pandemic levels.

Indeed said in nearly every state, the highest job posting levels are found in smaller and mid-sized regions, rather than big cities.

“Employment in many of the largest MSAs tends to be skewed towards tech, business, and professional services, which are seeing lower levels of job postings,” the company wrote in a blog post. “Smaller MSAs, however, tend to have heavier employment shares in sectors, including manufacturing, leisure and hospitality, and healthcare, which generally have job postings that remain near or higher than pre-COVID norms.”

Indeed said the most probable outcome for next year’s labor market is an extension of the current “low-hire, low-fire” environment. It noted that large coastal metro areas with slower population growth and more exposure to tech and professional services “are likely to face tougher conditions.”

With the cost of data breaches at an all-time high, organizations are working to proactively identify areas of risk on the network. Using pentesters to conduct penetration (pen) testing is becoming more common. To protect themselves, businesses must know their risk areas before hackers find vulnerabilities. Organizations can lower their attack risk by protecting against weaknesses or eliminating them.

The 2022 IBM Cost of a Data Breach found that data breaches cost an average of $4.35 million per breach, an increase of 12.7% from 2020. For many businesses, breaches are becoming a “when”, not an “if” proposition. Of the organizations participating in the study, 83% have experienced more than one data breach — and only 17% said it was their first time.

As a result, many organizations are turning to pen testing to improve their overall security. 

What is Penetration Testing?

During pen testing, pentesters determine how secure an app or network is by trying to break into it. Pentesters often use black box testing, where the tester does not know the underlying infrastructure, apps or code. The process allows pentesters to conduct the tests from the perspective of an outside hacker and uses automated processes to test vulnerabilities.

Other forms of pen testing can be used as well. White box pen testing relies on the tester’s knowledge of the infrastructure to quickly test security using specialized tools. Gray box testing blends white box and black box testing as the tester uses personal knowledge of the infrastructure and both manual and automated tools to exploit weaknesses.

Pen testing provides numerous benefits to companies, including infrastructure knowledge and fewer errors. While some companies balk at the initial price, the approach saves significant costs by reducing risk and the likelihood of a breach. Companies regulated by compliance guidelines often turn to pen testing as part of their compliance process.

While penetration testing is similar to ethical hacking, some differences exist. Mainly, penetration testing focuses on breaching specific systems to take over the environment. Ethical hacking, on the other hand, uses all hacking techniques. Ethical hackers are usually not company employees, although some companies hire ethical hackers as full-time employees. Bug bounty programs are a bit similar, but they’re more focused on all types of bugs instead of just breaching a system. Because bug bounty programs are open to the cybersecurity community, external hackers typically participate as well as the occasional internal employee.

Responsibilities of a Pentester

Pentesters who work as contractors are typically responsible for following testing protocols designed by the hiring agency or organization. Full-time pentesters usually start with a goal and then determine which tools and methods will best help them reach it. After completing their tests, pentesters write documentation detailing the results to help make security changes.

In addition to technical skills, pentesters need good written and verbal communication skills. Pentesters often need to collaborate with the IT department to help create solutions based on the results of the tests. Because of the types of attacks happening in the real world and the technology used by cyber criminals, pentesters need to stay on top of the latest trends in the cybersecurity industry.

Pursuing a Career as a Pentester

Some companies require pentesters to have a computer science degree or cybersecurity certificate. However, many others accept on-the-job experience — especially experience in the cybersecurity industry. While some companies may require a bachelor’s degree, others look for candidates with digital badges or certifications.

Some companies hire internal pentesters, especially for white box pen testing. However, contract pentesters hired for specific projects typically conduct black box pen testing to ensure they don’t have prior knowledge of the infrastructure. If you are looking for a job as a pentester, consider looking for both full-time employment and contract gigs.

Pentesters looking for full-time employment often find jobs at non-technical companies that want to ensure their infrastructure is secure. Other testers work for cybersecurity firms that offer services to other companies. With IT spending on cybersecurity increasing as risks escalate, the demand for pentesters will also likely continue to climb.

Overall, pen testing is a great entry-level career for tech workers or people who want to enter the cybersecurity field. While some technical knowledge is needed, many of the tools and techniques are learned on the job.

 

The post What is a Pentester, and Can They Prevent Data Breaches? appeared first on Security Intelligence.

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.

Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk assessment, oversight, patching of critical systems and proper system configuration.

Many factors have contributed to this gap in essential cybersecurity workers. Some of the top reasons the survey identified were a lack of internal promotion opportunities, struggles with turnover and attrition, budget issues and a lack of qualified talent. But what defines “qualified talent” in cybersecurity today?

The industry has two options. The first is to cut the pie by continuing to focus on degree and certification holders. The other is to make a bigger pie by widening the talent pool and offering on-the-job training to applicants with the passion and mindset to succeed.

Looking for Talent in All the Wrong Places?

The term “cybersecurity” has been overly mystified. Does it involve a reclusive hoodie-wearing night owl? A math whiz writing complex code or working with cryptography?

Unfortunately, misconceptions and complexity have built a wall around the industry. This, at least in part, may explain the high percentage of people with university degrees working in cybersecurity fields. In fact, 82% of the workforce have a Bachelor’s or Master’s degree.

That level of formal education may have been necessary in the past, but the industry requires all types of workers right now. The first step to closing that worker gap will be to ensure that the public understanding of “cybersecurity” is demystified. Core skills aren’t coding or highly advanced math; core skills are problem-solving, investigative thinking, dedication and hard work.

The Making of a Cybersecurity Specialist

Recently, the Australian Signals Directorate (ASD) identified that a “cybersecurity specialist” is “just your average person” that can come from varying backgrounds. This is completely true, especially when key cybersecurity tasks today revolve around monitoring, detection and the ability to spot anomalies. Contrary to popular thinking, cybersecurity is not a bunch of blinking lights and super-secret artificial intelligence — though there are elements of that.

The cybersecurity industry could be morphing into a 21st Century version of manufacturing and assembly lines. Yes, there are still skilled labor requirements. But there is still no substitute for “hands-on keyboard” or “taking live fire” during an incident response case. That comes through experience.

Therefore, this begs the question: Who is better suited for a cybersecurity position? Somebody with a high school diploma but has managed computers and IT systems since they were a teenager, making mistakes along the way but solving them with passion and curiosity? Or a person with a cybersecurity degree who read about the field in a book, spending limited time with hands on a keyboard?

Focus on the Person, Not the Paper

Let’s return to the (ISC)2 study. Participants are trending towards practical skills and experience as more important qualifications. Certification, degrees and training are nice, but problem-solving abilities and related work experience are what employers are looking for. Interestingly, certifications are seen to be more valuable for skills growth than a means to jump into a career in cybersecurity.

It almost feels as though there is an elephant in the room: are we considering the right people for cybersecurity jobs, especially for entry-level jobs?

Granted, some positions require a strong mix of experience, paper qualification and/or validation, and years of battle hardening. For instance, a CISO or senior-level SOC analyst will almost certainly have done time in the trenches.

But some positions grant some low-risk, hands-on experience. If an organization finds a candidate with sincere curiosity, problem-solving skills and the appropriate soft skills, their paper qualifications may not matter. Rather, what will determine success is the organization’s ability to train the individual on the necessary tools and the core technical competencies required to complete the job. A curious person with problem-solving skills can figure out the rest. Just do not leave them hanging because they may suffer from burnout.

Training Can Bridge the Gap

Back to the assembly line analogy: Let’s say you are new to the machinery or protocols in a manufacturing shop. If you can be trained, shadow somebody more experienced for a period of time and have the right work ethic you can pick up the skills and excel. It’s the same principle in cybersecurity.

This is how to bridge the gap, especially in the short term. Waiting three to seven years for individuals to complete advanced degrees may no longer be practical, given the high demand. Technologies will change and there is no guarantee of “hands on keyboard” battle scars.

It’s time to start thinking outside the box. Pitch these two scenarios to a hiring manager today:

1. Individual A works on IT systems and remotely manages a SIEM. They have no certifications or paper qualifications but have worked like this for a couple of years, come highly referred as a dedicated worker, are dependable and require little oversight.
2. Individual B completed a Bachelor’s degree in computer science and a Master’s degree in cybersecurity. They also have completed some basic cybersecurity certifications but have no previous work experience or references.

Based on these surface descriptions, who are you inclined to interview first for a cybersecurity job?

The Pathway to Filling Future Needs

The above example is not a knock on those seeking university degrees or certifications; rather, it is a reality check. If 80% of workers in the industry have university degrees and there are not enough people to meet the need, well, you need to start looking elsewhere to fill the gap. Otherwise, expect retention problems.

For hiring managers, that will mean carefully crafting your requisitions and keeping your expectations in check. These new hires will be your apprentices for a while. Know that if you get them early, reward them with the opportunity and treat them right, you may also be filling a long-term need.

The post Bridging the 3.4 Million Workforce Gap in Cybersecurity appeared first on Security Intelligence.

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and disruption. 

Wyler shows that threat hunters can help prevent a cybersecurity catastrophe. But what is a threat hunter, and how can they improve an organization’s security posture?

What is Threat Hunting?

While enterprise security systems are a key part of cybersecurity, threat hunters provide organizations extra protection. A threat hunter reviews all the security data and systems to look for abnormalities and potential malware issues. Threat hunting complements automated security tools and is best used in conjunction with that technology. By combining the strengths of both human expertise and artificial intelligence (AI) tools, companies can find cyber threats faster and reduce damage.

Responsibilities of a Threat Hunter

Threat hunters search, log, monitor and neutralize threats to find issues before they become serious problems. In some companies, threat hunters design the threat-hunting program, which starts by building the hypothesis the program is looking to answer, such as searching for malware with specific criteria. Threat hunting typically involves looking for malware threats incorporated into commercial technology but not yet known.

Threat hunters use three approaches: structured, unstructured and situational.

During structured tests, the threat hunter leverages indicators of attack (IoAs) and the tactics, techniques and procedures (TTPs) of an attacker. Unstructured hunts occur when a trigger indicates a compromise, and the hunter looks at patterns before and after the detection. Situational hunts commence when a risk assessment is warranted, such as knowing attacks are happening at similar companies.

What makes threat hunting different from other cybersecurity tasks is that they don’t just use security information and event management (SIEM), endpoint detection and response (EDR) and other typical processes. Instead, threat hunters search through security data to look for patterns that indicate malware or attackers. Once they discover a cyber criminal’s potential entry method, they work to patch the issue to prevent future incidents.

Pursuing a Career as a Threat Hunter

Threat hunting is often one of the responsibilities of a cybersecurity analyst. However, some managed service professionals (MSPs) hire threat hunters whose primary responsibility is threat hunting for clients. Cybersecurity firms also hire threat hunters to provide the service to their clients. Additionally, threat hunters can work freelance for companies that need threat-hunting expertise but don’t want to hire an MSP.

Companies often look for certifications or bachelor’s degrees when hiring for analyst and threat-hunting positions. Candidates can also go into threat hunting with digital badges or certifications. However, cybersecurity analysts can learn threat-hunting skills on the job and then move into a threat-hunting role.

Threat hunters need strong technical skills and expertise with cybersecurity tools. However, the most important skills are problem-solving and analysis because the role requires manually reviewing data. Threat hunters must also have a strong interest in cybersecurity and a willingness to continually stay updated on cyber criminals’ latest TTPs. Additionally, threat hunters need good written skills to communicate findings to IT leaders. Because threat hunters often work on a team with other cybersecurity professionals, they also need the ability to collaborate and verbally communicate with others.

As cybersecurity risks and threats continue to increase, threat hunting is apt to become an even more crucial facet of cybersecurity. Organizations need the human touch to catch sophisticated threats, even using sophisticated tools. Cybersecurity professionals specializing in threat hunting or adding it to their skill set will likely have solid employment opportunities.

The post How Do Threat Hunters Keep Organizations Safe? appeared first on Security Intelligence.

A well-written cover letter can be the make or break for your job application. And given how competitive the job market in the UK is at the moment, every advantage you have over your competitors can be crucial.

Before you even think about how to write the perfect cover letter, you need a well-written CV that grabs a Hiring Manager’s attention. Lucky for you, we’ve put together tips on writing CVs here. But once you’ve got the attention of the Hiring Manager, that’s where your cover letter comes in and highlights why you’re the right candidate for the job.

Here at Dynamic we speak to Hiring Managers everyday. And we know exactly what they want to see from a candidate. And we’re here to share those secrets with you, so you can write a cover letter that’s impossible to ignore, and lands you that interview for your dream job.

 

How Important Is a Cover Letter?

But before we get started, it’s important to ask the question, do you need a cover letter in 2023? We would argue that whether a job application asks for a cover letter or not, you should still include one. And we’re not the only ones who think so.

A study from ResumeLab, shows that 83% of recruiters agree that while they aren’t ‘strictly necessary’, a well-written cover letter, tailored to the job you are applying for, can be an important part of their hiring decision.

And 74% of recruitment decision makers prefer to receive a job application which includes a cover letter that’s separate from the CV.

So while skilled professionals are as in demand as they have ever been, there is still a huge amount of competition for the roles out there. And a great way to set yourself apart from other applicants is to write a cover letter that shows you’ve done your research and want the job more than the next applicant.

 

How To Write The Perfect Cover Letter in 7 Easy Steps

So here’s our 7 steps on how to write a cover letter that helps you stand out from the crowd and gets you into that interview!

 

1. Do Your Research and Tailor Your Cover Letter to the Job, Company, and Hiring Manager

Let’s start with the most obvious. If you send over a generic cover letter that you send for every job, it’s going to be just that: Generic.

Your cover letter should talk about the role and how your experience relates to the job. Use specific examples from the job description and your own experience. And what work does the company do that you’re excited to be a part of? Even showing your understanding of the work the company does, or the clients they work with, shows you’ve done your research. 

And you should also aim to address the cover letter to the hiring manager of the business. You can usually find out this information from LinkedIn or the company website.

 

2. Use Specific Examples of Your Experience, to Demonstrate Why You Can Do the Job.

Similar to in your CV, you should aim to use statistics and figures to back up any arguments you make in your cover letter. If the job is asking for applicants to have experience 

When writing your cover letter, you should keep the job description you’re applying for close to hand. This is so you can relate your experience to the requirement of the job: Essentially showing why you’re perfectly equipped to do the job at hand.

Spelling it out and making it a reality for the hiring manager on why you’re their perfect candidate, makes it impossible for them to not give you an interview.

 

3. Emphasise Your Technical Ability to do the Job.

At the end of the day, a lot of hiring decisions are based on technical ability to do the job. So in an industry like IT where you need experience with a variety of technologies and software, this becomes even more important. 

And despite what you may think, from our experience there is very rarely the perfect candidate for a job. Businesses will happily hire someone who fills 80% of the requirements, who they can teach the other 20%, and build them out into the employee they are looking for. 

And given the wide variety of tech out there in the IT industry, you may not have worked with all the software they want. But if you have worked with similar tech, it’s well worth emphasising the fact that you do have those transferable skills: Alongside all the tech that you have worked with that they want.

 

4. Explain Why You’re Excited for the Opportunity and the Company.

A cover letter should also convey your excitement at the opportunity, for both the position and the company.

Highlight examples of what’s so great about the company, and what aspect of the job interests you the most. Because what really interests hiring managers is seeing your passion for your work come through the page: Something that’s often hard to convey with merely a CV.

 

5. Keep It Short.

Hiring Managers want to see a cover letter. But, what they don’t want to see is a 10 page cover letter detailing your life story, or repeating everything you already stated in your CV!

So aim to keep your cover letter to one page or less. The Hiring Manager reading your application is likely reading through many CVs and cover letters. So you want to keep yours short, to the point, and get straight into why they should give you the job.

 

6. Have a Clear Structure: Introduction, Body, Conclusion.

Your cover letter should have a clear structure that makes it easy for the reader to follow and find the relevant information: Introduction, body, and conclusion.

The introduction paragraph should introduce yourself and why you are writing.

The body of the message should discuss why you are applying for the role, and why they should give it to you. Using specific examples of your previous experience and skills to show why you’re a good fit for the job.

Finally, you should use the conclusion as an opportunity to reiterate your interest in the position and to thank the hiring manager for considering your application.

 

7. Proofread, or Have Someone Else Look Over it.

Now it’s all finished, it’s time to proofread before you send it off. When hiring managers are looking for their next Network Engineer or Cyber Security Analyst, they’re not looking for someone who has a passion for writing. But if your cover letter is riddled with spelling mistakes, it doesn’t look great, and can actually hurt your chances of getting an interview.

Another great step to take (if possible) is to have someone else look over it for you. Sometimes a fresh pair of eyes can help you spot mistakes you don’t even realise you’re making.

 

Cover Letter Template

But better than telling you how to write the perfect cover letter, is giving you a cover letter template to work with. Below is an example cover letter you can use to create your own individual cover letter. 

The areas marked in red are the details you will need to edit for your cover letter. Many of these areas will need to be changed for each individual job that you apply for.

 

Dear (Hiring Manager’s Name),

My name is (Your Name) and I am writing to express my interest in the (Position) role. I have (Number) years of experience as a (Your current position) and I am confident in my ability to make a valuable contribution to your team.

I have previous experience working with (Skills and technologies mentioned in job posting), and I’m excited to continue to develop these skills at (Company). What really excites me about this position, is the opportunity to work with (Specific technology). I have previous experience working with (Technology), and this previous experience will be crucial to my success in the (Position).

I currently hold (Relevant/ similar certifications to those mentioned in the job posting) certifications, that will assist me in the (Position) role. Additionally, I am working towards earning (X certification), to support my own professional development, and my career goal of reaching a (Position you want to reach in your career).

Thank you for considering my application. I look forward to speaking with you further about how my skills and experience will make me an effective part of your team.

Sincerely,

(Your Name)

 

Cover Letter Template Example

Now the above may seem a bit confusing. So here is what this Cover Letter may actually look like for you.

 

Dear Mrs Brown,

My name is Hames Jones and I am writing to express my interest in the Network Engineer position. I have 2 years of experience as a Junior Network Engineer and I am confident in my ability to make a valuable contribution to your team.

I have previous experience working with LAN and WLAN environments, from implementation to management, and I’m excited to continue to develop these skills at IT Solutions Inc. What really excites me about this position, is the opportunity to work with Cisco FirePOWER. While I haven’t used it before, I’ve previously worked with FortiGate, and this previous experience will be crucial to my success in the Network Engineer Position.

I currently hold a CCNA certification, which will assist me in the Network Engineer role. Additionally, I am working towards earning a CCNP Enterprise, to support my own professional development, and my career goal of reaching a Senior Network Engineer position in the near future.

Thank you for considering my application. I look forward to speaking with you further about how my skills and experience will make me an effective part of your team.

Sincerely,

James Jones

 

Your cover letter may contain much more information than this, referencing more of the skills that the job advert asks applicants to have. But this should give you an accurate idea of how to create your own cover letter, and how to relate your own experiences to the position you are applying for.

 

The Only Time You Don’t Need to Write a Cover Letter.

One of the only times when you don’t need to know how to write a cover letter, is when you’re working with a recruiter or recruitment agency in your industry. 

Here at Dynamic, we’re experts in recruiting in the IT Industry: Network, Infrastructure, IT Sales, Cyber and Cloud… Because we understand our market, our clients and our candidates: And our clients trust us to bring applicants to them who are right for the role. This means they often don’t ask for a cover letter, because a recruiters job is to sell you to the Hiring Manager without the need for a cover letter.

If you’re looking for your next IT position, you can look at our open job vacancies here. Or reach out to us here for a confidential chat about taking the next step in your IT career.

The post How To Write The Perfect Cover Letter in 2023 appeared first on Dynamic Search Solutions.