Department of Commerce – Cybersecurity Solutions for Small Businesses (Phoenix)

Here, you can download the slides in PDF format from my talk at the U.S. Chamber of Commerce’s Small Business Series in Phoenix, AZ on 2017-12-14

My talk was entitled, The Hidden Threat:  Security attacks that small businesses need to worry about”

For a personal VPN to make connecting to *any* Wi-Fi safer, I recommend ExpressVPN

If you’re interested in learning more about some of the tools I spoke about, check out Hak5.

Click here to download the slides: Department of Commerce Small Business Masterclass – The Hidden Threat

#SBS17

5 reasons Cybersecurity is a fantastic career for female students to consider

Cybersecurity is an exciting and growing field of study and employment, expecting an increase to an estimated 1.5 million unfilled jobs within the U.S. by 2020 (Frost & Sullivan, 2017).  These are generally high-paying jobs, which are challenging, interesting, and flexible.

Here are 5 reasons cybersecurity is a fantastic career for female students to consider:

 

1) Women have many advantages in Cybersecurity

Careers in cybersecurity offer significant advancement paths for women, gained through programs designed to interest, train, cultivate, and ultimately retain female talent.

Due to a gender gap, opportunities for women within the field of cybersecurity are incredible.   This is no doubt due to the fact that women only represent about 11% representation in what is currently a male-dominated profession (Frost & Sullivan, 2017).

I have personally received mentoring and been granted many chances to grow and demonstrate my merit and succeed throughout my career.  Women love to 

Women are not attracted to cybersecurity as much as I think we should be.  Besides excellent education and employment, it represents a wealth of prospects for building a fun and solid career.

 

2) A range of cybersecurity jobs exist that can benefit from any type of her natural abilities

Security specialists represent an extensive range of roles that can be taken on, from defenders to programmers to project managers to auditors to people who simulate attacks a malicious hacker might do.  

Whatever a girl’s talent, there is a good fit for her in the security industry.  Whether she is better at math or art, prefers writing or talking to people, there is a place for her.

Below are some examples of security positions that women with different talents and abilities might consider:

– Creative:  Systems design and architecture, Programming (because code is an art form), Consulting

– Recommend women to follow on Twitter:  @vajkat  @k8em0 @SecBarbie

– Detail-Oriented:  Compliance, Audit, Engineering, Analysis, Research

– Recommend women to follow on Twitter: @hacks4pancakes @malwareunicorn @mzbat

– Natural Leader:  CISO, CSO, Process, Speaking, Training, Project Management

– Recommend women to follow on Twitter: @wendynather @aprilwright @SecureSun

– Thrill Seeker: Penetration Testing, Incident Response

– Recommend women to follow on Twitter: @HydeNS33k  @SultryAsian @_sn0ww 

These are just some examples, and there are many, many more roles that a woman can choose as a specialty.  Also, your specialty or specialties can change.  You don’t have to be one role for your entire career if you don’t want to.  A woman can change jobs based on what their interests are or learn a new skill at any time.  If you start out as an analyst, you can decide you’re interested in programming, and either focus on programming or combine the two skills.  There is essentially no such thing as knowing too much in the security industry.

 

3) She can succeed whether she is extroverted or introverted

One misconception about cybersecurity is that is made up of introverts working in their basements, not talking to anyone for days. This may be true for some folks, but soft skills and people-oriented women are needed throughout organizations in order to balance and further the social system.  

Extroverts can find many fulfilling roles in management, sales, training, or speaking.  We bring energy to group activities and are able to create and maintain relationships across an organization that can help a team execute their vision.

Introverts can absolutely succeed in cybersecurity, and it’s one of the best industries for this personality type!  Many introverted women (and men!) are successful based primarily on their technical skills and conscientiousness.  Certain roles within security can require a great deal of concentration, preparation, creativity, and practice which introverts have an abundance of.

Many people, including myself, fall somewhere in between extroverted and introverted, and I like to call us ‘omniverts’.  We are able to spend a weekend working on a project with no human contact, or we can be assertive and take charge when it needs to be done.

I tend to fall more on the introverted side of the line.  My current role frequently requires using “soft skills”, which are characteristics many women possess.  Soft skills are related to emotional intelligence and include skills such as communication, decision-making, leadership, team-work, and problem-solving.  

But don’t worry: if she doesn’t know these skills today, they can be learned!  I have not always had particularly good soft skills, so I learned, practiced, and developed them.  Soft skills have helped me improve my career and life; they were not difficult to comprehend but did require some effort on my part.  Learning these skills was worth every minute of my time.

 

4) She can benefit from a lot of flexibility as a cybersecurity professional

Whether a woman wants to have a family or not, a career in cybersecurity can offer lots of work-life balance and flexibility.  

Companies want happy employees, and invest heavily in us, so convenience benefits help to attract and retain talent.  

Many jobs today allow either part-time or full-time telecommuting, which can make it easier to juggle having a family and having a meaningful career while avoiding the stress of a commute. If you want to travel or live literally anywhere, a remote-work cybersecurity job is a wonderful option.

Don’t want to work a traditional 9-5 job?  It’s not necessary.  Many positions have flexible hours day-to-day, or perhaps she would rather work 4 days at 10 hours a day and have a 3 day weekend every week?  I’ve seen these all as options.

It usually doesn’t matter what her degree focus was.  If you have a liberal arts degree, or an MBA, you can still be a great security professional.  Hiring managers look for interest, passion, knowledge and either an ability to learn, or deep knowledge and consistency, depending on the role.  Experience is generally considered to be of greater importance than where you started out.  I built a successful career without having a two or four-year degree, and I did eventually graduate in my late 30’s with a Bachelor’s degree.  It’s fascinating to find out how many professionals have such varied backgrounds, relying on their skills and knowledge more than their education.

 

5) Cybersecurity matters.

The privacy and security of our data is important.  

Personal data, national secrets, and corporate information assets are under constant threat.  Digital attacks happen every minute of every day, and the primary goals of cybersecurity is to try to prevent, stop, and recover from these attacks.

From airplanes to food manufacturers, self-driving cars to social media, cybersecurity is a critical aspect of human safety, personal privacy, and national security.  There is a shortage of defenders who want to make the world a more secure place.  We are dedicated to protecting the information of billions of people, which is incredibly meaningful work.  Cyber defenders are exceptional people who provide a crucial service for our society, which is also very self-fulfilling.  

In the world of cybersecurity, women can achieve career goals through high-paying, flexible, meaningful jobs that suit their abilities and personality.  

 

References:

https://www.cybercompex.org/fileSendAction/fcType/0/fcOid/445471828686010375/filePointer/445471828686010530/fodoid/445471828686010527/frostsullivan-ISC2-global-information-security-workforce-2015.pdf

Mobile Device Security for International Travelers – Part 3: How to “Clean-up” Your Mobile Devices After International Travel

 

If you will be traveling internationally, you might be wondering how to protect your privacy and securely use your mobile devices (especially phones and tablets) while abroad.

First, you must understand and accept that EVERY place you visit (including your home city) is potentially hostile; this is not an isolated problem that only travelers must face.

There is no such thing as “zero risk” to a device.

However, there are certain things travelers can do when preparing for travel, while traveling, and after travel.  Performing these steps can help reduce your risk and information footprint while traveling.

In this three-part series of software-agnostic advice, we will explore the information security aspects of:

1. How to prepare your devices for travel
2. How to maintain security during travel
3. How to “clean-up” your mobile devices after travel

Read more…

ISSA New England 2017 – A Secure Foundation: Why building security into everything ‘from the start’ matters by April C Wright

A Secure Foundation: Why building security into everything ‘from the start’ matters

Thank you for joining ISSA for the September 2017 meeting!

Have a look around the site, and let’s get a conversation going:  https://twitter.com/aprilwright

 

Here is a link I reference in my talk:

SANS Reading Room:  Using Metrics to Manage Your Application Security Program

DefCamp 2017 Romania: INTERVIEW with April C Wright: “Infosec is like fighting an uphill battle, and it definitely takes a village”

The DefCamp Romania 2017 infosec conference organizers wanted to explore the topic of internal and external challenges that organizations face nowadays in terms of securing their assets and keeping them safe. I was interviewed, since I’ll be speaking there in November, and I pointed out a few of my thoughts on the topic.

Read the full article and interview here:

INTERVIEW with April C Wright: “Infosec is like fighting an uphill battle, and it definitely takes a village”

Mobile Device Security for International Travelers – Part 2: How to Maintain Privacy During International Travel

 

If you will be traveling internationally, you might be wondering how to protect your privacy and securely use your mobile devices (especially phones and tablets) while abroad.

First, you must understand and accept that EVERY place you visit (including your home city) is potentially hostile; this is not an isolated problem that only travelers must face.

There is no such thing as “zero risk” to a device.

However, there are certain things travelers can do when preparing for travel, while traveling, and after travel.  Performing these steps can help reduce your risk and information footprint while traveling.

In this three-part series of software-agnostic advice, we will explore the information security aspects of:

1. How to prepare your devices for travel
2. How to maintain security during travel
3. How to clean-up your devices after travel 

Read more…

Must-have Mac OS X Software to Protect Your Mac Computer

From the moment I first started using MacOS X, I fell in love.  It was like my long-time favorite Macintosh <= v9 had spawned with my other love, NeXTStep, to create an exquisite underlying

The Jurassic Park scene where the girl says “This is a UNIX system! I know this!”?  That was me…

In high school, I had read a *NIX book during detention (There was a time when I just didn’t like going to class…), and I consider that experience to be one of the defining moments of my life.

UNIX System Administration HandbookQ

I had been coding sprites since I lost my first teeth, learned BASIC and was already on IRC and BBS’s, but UNIX was a gloriously complex and special thing.  We didn’t have Linux back then really, People primarily used FreeBSD and some of the other commercial distros.

I still consider myself a System V fangirl, after paying many years of dues in UNIX Technical Operations for a large managed hosting company.  That’s how I got into security, so I’m really a paranoid UNIX admin who happened upon security.

But I digress.  UNIX is awesome. And MacOS + *NIX is even awesome-r.

Mac OS X is extremely secure to begin with, with fantastic built-in features such as full-disk encryption with FileVault, a firewall, many sharing and other more risky features disabled by default, and GateKeeper for application protection.

The standard features are great for most people, but remember – I’m paranoid. Security can generally always be improved for any device, system, solution, etc.

When I install a fresh copy of MacOS X, there are certain pieces of software that I absolutely must install, and most are security tools.

I’ve compiled a list of the security software I tend to install on every Mac I use.  These vary from network firewalls to monitoring of specific IOCs (indicators of compromise).

I’m not affiliated with any of these companies (that I know of), these are just awesome tools I recommend.

You’re perfectly okay only using stock Mac OS X, as these tools are mostly monitoring tools for the truly paranoid.  E.g. The Mac OS X Firewall works perfectly fine, but there are tools that offer additional functionality. These tools may also adversely affect performance, because they are constantly watching.

Read more…

Mobile Device Security for International Travelers – Part 1: How to prepare your phone and tablet for privacy and peace of mind while abroad

 

If you will be traveling internationally, you might be wondering how to protect your mobile devices (especially phones and tablets) while abroad.

First, you must understand and accept that EVERY NETWORK you connect to (including your home network) is potentially hostile; this is not an isolated problem that only travelers must face.

There is no such thing as “zero risk” to a device.

However, there are certain things travelers can do when preparing for travel, while traveling, and after travel.  Performing these steps can help reduce your risk and information footprint while traveling.

In this 3 part series of software-agnostic advice, we will explore the information security aspects of:

  1. How to prepare your devices for travel
  2. How to maintain security during travel
  3. How to clean-up after travel

Read more…

3 Inspiring Stories of Influential Women in Technology

1. Ada Lovelace is known as the first programmer in the history and pioneer of the modern computing. Her name is quite famous in the developers’ realm, but do You know everything?

http://fossbytes.com/know-everything-about-worlds-first-programmer-ada-lovelace/

 

2. Margaret Hamilton was the software genius of her times who made the smooth landing of the historic Apollo 11 on the Moon possible.

http://fossbytes.com/meet-the-woman-whose-code-took-man-to-the-moon/

 

And a more modern story:

 

3. “Parisa Tabriz-The Security Princess” is Google’s guardian who protects the tech giant from the ‘black hat’ attackers. She is Google’s biggest weapon against the outside hackers.

http://fossbytes.com/googles-guardian-parisa-tabriz-the-security-princess/