Cybersecurity and Protection Playbook
[real3dflipbook pdf="https://www.bizzboard.com/wp-conte...
Own Your Future!
“It is time for us all to stand and cheer for the doer, the
achiever – the one who recognizes the challenges and
does something about it.” Vince Lombardi
ONLY talents! NO ranking here!
With the global skills shortage, it is crucial to encourage talents who
dedicate their life and career to cybersecurity.
This special edition spotlights remarkable cybersecurity and
industry 4.0 professionals. Top Cyber News Magazine is pleased to
unveil a constellation of young and devoted men and women:
amabasadors, erudites, and influencers.
All, part and inspiring force behind the global Cybersecurity
Awareness movement. These talented experts and brilliant people
coming from nineteen countries and five continents.
I invite you to discover these wonderful people. Speak about them.
See the light in others and you will be stunned how this light comes
back to you! Enjoy reading! Share! Learn!
Yours the most sincerely, Ludmila M-B
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
2
3
It’s 2022 – Every job is a technology job!
40 under 40
Move to the Front Lines!
Editorial by Steve KING
Managing Director at CyberTheory
As the gap expands between supply and demand in cybersecurity skills, we now see over 70 online
eLearning courses available that focus across a wide range of upskilling opportunities from data privacy to
compliance to risk and vulnerability assessment and audit. As we celebrate our newest class of 40 under 40,
we are optimistic that this generation of cybersecurity enthusiasts are interested in the actual battle zones
upon which our current war is being fought and not on preparation for the administrative roles which are
also necessary in battle, yet not feeling the pressure from the current skills gap.
In our work with our own eLearning platform, CyberEd.io, we have discovered that the key employment
opportunities lie along the front lines of deployment, where trained cyber-warriors are so necessary not just
to defend our critical assets but to serve as a deterrent to the flood of cyber-criminals assaulting our
fortresses. Every CISO we talk to confirms this requirement with both anecdotal and empirical evidence that
is leading to almost daily breaches across all industrial sectors with specific threats to banking, education,
healthcare, military and industrial control systems in automated factories (OT).
The cyber-warrior education career path starts with a solid grasp of network engineering fundamentals,
followed by security architecture & engineering with an emphasis on Cloud/SysOps/*nix (*Unix/Linux Linux,
FreeBSD, and Mac OS X), ICS/IoT, identity access management, security assessment & testing, current
threat profiles and malware infrastructure and architecture, vector identification, incident detection, security
operations with forensics and incident handling, pen testing, and exploitation.
Without properly trained resources in advanced cyber-warfare, we will never prevail in our constant
challenge to protect and defend, let alone being able to take the threat to the enemy. As more and more
entry candidates choose training to prepare them for certifications, we are optimistic that they will
increasingly choose skills training that matches with the current gaps.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
4
Cyber 2022
The Time Is Now
by Dr. Nikki ROBINSON, the USA
Looking back on 2021, the field of cybersecurity is
only becoming more challenging. We have increased
presence of effective ransomware, malware, and
insanely exploitable vulnerabilities within the software
supply chain, such as with SolarWinds and Log4j.
I end this with a final thought, “consider how other
fields may be integrated into cybersecurity programs.
Look at psychology, behavioral analysis, human
factors and UX design, and how they may improve
cybersecurity across the organization. “
While the field of cybersecurity is exploding with new
disciplines, tactics, and tools, we’re still missing
something. We have policies, frameworks, security
controls, and all the tools available to us to achieve a
secure infrastructure.
“So, what is holding us back? Why can’t we
get to this place of security?”
Looking on to 2022, I want to discuss what I hope to
see, but what I think may be more of a reality for
cyber trends.
I hope that as security practitioners, we consider
more partnerships with our academic partners. There
is cutting edge research being done by smaller
researchers at schools and universities across the
world. Partnering technical practitioners with
academic research can help to improve cybersecurity
practices.
Another hope for 2022, is the ability for organizations
to start to speak the same language and understand
how cybersecurity is essential at this point. Small
budgets, small teams, and lack of training leads to
ransomware attacks that cripple private and public
organizations.
Dr. Nikki ROBINSON is a Security Architect as well as
an Adjunct Professor, and holds a Doctorate of
Science in Cybersecurity, as well as several industry
certifications (CISSP, CEH, MCITP, etc).
A final hope is that cybersecurity professionals learn
more about the integration of psychology and human
factors engineering. These fields have major
implications on how effective a cybersecurity program
is.
She recently received a PhD in Human Factors and
research in blending psychology and cybersecurity.
Nikki has a background in IT Operations and
Engineering and moved into Security several years
ago.
An example, how do users understand cybersecurity
within their tools, even something so simple as
email? But in a realistic way, I am aware that change
can be slow and may take time.
Nikki’s expertise spans vulnerability management,
security architecture and design, as well as
integrating human factors into security engineering
practices.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
5
Raising Public Awareness
of The Importance of Cybersecurity
by Mikhail IVANOV, RUSSIA
Graduated from the HSE University (Russian:
«Высшая Школа Экономики», ВШЭ), officially the
National Research University Higher School of
Economics, Moscow State Institute Of Electronics And
Mathematics; Certified Information Systems Security
Professional (CISSP), Mr. Mikhail IVANOV enjoys
near twenty years of experience in the financial
industry, continually adding professional upskilling,
re-training, mentoring colleagues as part of his career
accomplishments.
As with most human-centred challenges, there
continues to be a disturbingly large gap between the
standards of life in many parts of the world. Do we
even know how many people live in poverty or close
to the poverty line? These people are very vulnerable
to cybercrime, especially, cyber-fraud, which can have
a dramatic effect on their lives.
Cybersecurity is of concern and should be taken
seriously by all nations. Cybersecurity awarenessraising campaigns should be encouraged and
supported for the most unprotected parts of the
population, addressing major risks (including the
newest forms of online fraud known as “phishing”
and “vishing”), new technical tools, free anti-virus
and anti-spam software and other security measures.
“In the battle against cybercrime, raise
public awareness of the importance of
cybersecurity and of various aspects of the
fight against cybercrime.”
Currently, Director of Information Security
Department at Rosbank and Chief Information
Security Officer at Societe Generale, Moscow, Russia,
his knowledge and expertise are recognised and in
demand on an international scale through his work
and projects in areas / fields of: Development,
implementation and enforcement of the firm-wide
framework for information security management and
strategy; managing IS Department, deliver strategic
enterprise information security management system
(ISMS), Information security governance based on
ISO methodology (controls and IS processes);
Information Security Program management… etc.
In banking, financial transactions must be protected
against cyber fraud and cybersecurity must be the top
priority. Speaking about the banking industry, we live
in an age of the growing uncertainty caused by:
rapidly changing operating and financial models;
unplanned or unpredictable changes in technologies,
the disturbing instability of the banking industry
worldwide, legal and regulatory restrictions, importsubstitution of information technologies (in Russia),
and other volatile factors (ex: COVID-19).
The most significant challenges for cybersecurity in
the next 3-5 years lie in the fields of disruptive
technologies, increasing number of cyber-attacks, and
Gray Rhinos (The Gray Rhino is a metaphor for the
threats that we can see and acknowledge yet do
nothing about). Companies must prioritize their
investments to support the business transition to
digital technologies, operating models and a durable
improvement of the cyber resilience.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
6
A Journey…
Not A Destination
by Karim BOUACEM, FR ANCE
Achieving perfect protection in terms of security is
and will always remain an aspirational undertaking but
one impossible to obtain. Now and for the
foreseeable future, agility will be the network
defender’s most prized asset. Adapting quickly to a
rapidly evolving threat is proving far more beneficial
than reliance on a rigid security apparatus.
I do believe Cybersecurity will remain a major
strategic issue for companies for the foreseeable
future. I do think there’s going to have to be quite a
few conceptual breakthroughs in IT Infrastructure
innovations, in legacy IT Infrastructure management,
and control and restrictive use. Organizations need to
adopt a new approach to cybersecurity to include
providing continuous user awareness and education
for their staffs in order to address the challenges in
2022 and beyond.
Hostile actors continue to evolve as well, becoming
increasingly more professional by creating business
models inspired from legitimate business practices. I
expect this trend to continue for years to come, as by
professionalizing their services, these actors have
created a profitable enterprise by implementing a
best-practice approach and incorporating the
technologies used by legitimate business such as
Artificial Intelligence, Machine Learning, and even
quantum computing to break or pass a targeted
organization’s defense.
Considering these realities, while it may not be
possible to stop all attacks, a sound cyber security
strategy will focus on discouraging these attackers in
order to raise the cost to such a degree that the
consequences outweigh any potential gain.
Companies must prepare to defend themselves
against attackers by making themselves a difficult
target that will ultimately discourage attackers to
concentrate their efforts elsewhere. The objective here
is to influence attacker behavior to pursue easier
targets.
The Team Leader of the Information Technology (IT)
Security Team, Karim BOUACEM initiates and leads
work flow and tactical tasks as part of the Groupe SEB
Cybersecurity transformation management processes.
Karim credits more than ten years of his rewarding
career at the international corporation with the
leadership style and global success of the
organisation.
Sensitive data (intellectual property, personal
information, research and development, etc.) will
remain highly sought after by attackers because it can
be monetized in different ways and for different
purposes, whether its used by the attackers or sold to
other groups or individuals. Such data can directly
impact a company’s finances, hurt customer
confidence in the company, and ultimately negatively
impact the company brand and reputation. Properly
safeguarding sensitive data will help ensure that a
company does not become a potential victim of
hostile actor operations and create a condition where
it can be susceptible to competitive advantage.
As “Cybersecurity is much more than an IT topic”,
Karim’s resume reflects this statement the best. His
career achievement(s) today is the result of his
education (Conservatoire National des Arts et Métiers
-Computer, Network & Multimedia Systems Engineer,
MS) and professional experience that includes major
projects in roles such as: system and network
engineer & project leader (In Extenso), IT architect
(Groupe SEB), a few to mention. Karim’s recognized
expertise & immense achiever attitude communicated
with his colleagues create supportive knowledge
sharing experience as part of Groupe SEB’s core task
of collective cybersecurity success story.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
7
You Are In The Heart
of Cybersecurity
By Denae BROOKS, the USA
“Cybersecurity growth, quality, strength and
sustainment is driven by those dedicated
professionals who never give up, embrace life-long
learning, foster diversity, equity, and inclusion, and
serve the cybersecurity community through advocacy
and/or mentoring.” ~ Denae BROOKS
She has also served and continues to serve others as
a mentor in the cybersecurity space.
After a 15-year career in communications
(marketing/branding/graphic
design)
and
subsequently several more years working in
information technology, Denae leveraged her
communications skills and experience to land an
opportunity in 2016 as a social media marketing
manager for CyberTexas Foundation, a non-profit
organization dedicated to the advancement of
cybersecurity education in Texas (United States).
Denae went on to receive her big break into
cybersecurity in 2017 when she was hired as a cyber
threat intelligence analyst at (Ernst & Young) EY, one
of the Big Four accounting firms. In 2020, Denae
transitioned to USAA (financial services) where she
currently works in the area of enterprise cybersecurity
risk management.
Denae obtained a Master of Science degree in
Information Systems and Security from Our Lady of
the Lake University in 2018. She also holds a
Bachelor of Science degree in Communication from
The University of Houston.
Denae BROOKS is currently pursuing a PhD in
Cybersecurity Leadership from Capitol Technology
University.
Her scholarly research is focused on exploring the
value, attitudes, and strategies of cyber threat
intelligence-driven phishing awareness programs.
She is a strong advocate for cybersecurity newcomers
and is a strong proponent of Diversity, Equity, and
Inclusion (DEI). By leveraging her own professional
network,
she
spearheaded
cybersecurity
breakthrough initiatives to help connect those
individuals wanting to break into cybersecurity or
transition to other domains with qualified professional
mentors.
Additionally, she currently holds and maintains the
following active professional certifications: Certified in
Risk and Information Systems Control (CRISC) (from
ISACA), GIAC Cyber Threat Intelligence (GCTI), GIAC
Security Essentials Certification (GSEC), Control
Objectives for Information and Related Technologies
(COBIT) (from ISACA), and CompTIA Security+. She
is a life-long learner.
Denae’s greatest accomplishment and biggest
motivator is her family, who motivated her to pursue a
career switch into cybersecurity. Denae is the proud
mother of four children, including three siblings she
and her wife of 12 years adopted from foster care.
She currently resides with her family in San Antonio,
Texas, United States.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
8
Business First
Cyber Security
by Dr. Tim NEDYALKOV, AUSTR ALIA
Technology is a primary enabler of innovation and
competitive advantage across modern businesses.
The objective of cyber security is to protect these
capabilities in a safe, sound, and secure manner.
While making technology safer and more secure, it
does not need to be harder to operate and use.
Unfortunately, security professionals often take a very
aggressive approach to protect environments that
could cause friction or negatively impact business
and operational teams. Instead, security professionals
should build cyber security practices that deliver the
best business outcomes. A business first cyber
security approach starts with understanding how a
business operates and the primary challenges of the
ever-evolving cyber threat landscape.
Security professionals should provide enough
background in an easy to understand business and
operational language to help business owners and
executives understand the key considerations about
cyber security. The first step often includes aligning
with the existing risk management practices and
articulating the impact and likelihood of a cyber
incident. Many security professionals have trouble
promoting their security initiatives because they do
not use the appropriate means to ascertain why some
issues are more important than others and how the
budget spent on cyber would make an organisation
more secure. Focusing on impact and putting specific
metrics around financial consequences, operational
implications, and reputational damage is a good
starting point for a business representative to
understand the importance of the relevant cyber
threats. Creating mutual trust with stakeholders,
seeking to achieve similar goals and objectives would
demonstrate that cyber security does not live in
isolation and many issues could be addressed
collectively. A good starting point includes regular
engagement and alignment with Risk, HR, Legal,
Audit, Compliance, and Financial functions. Building a
trusted relationship with these areas could involve
investing time to take the lead on issues that would
benefit the whole organisation.
For example, it could include simplifying policy and
guidelines, streamlining decision-making processes,
and aligning with industry best practices. Usually,
prioritising inherited audit findings, penetration
testing outcomes and residual risks with near-term
remediation expectations could lead to mutual
benefits to several organisational functions.
At the end of the day, business success pays the bills.
Therefore, “a Business First Cyber Security Approach
and the development of trusted relationships with key
stakeholders are essential considerations to help
cyber security professionals better articulate and
achieve the relevant security objectives.” Eventually,
this will lead to sustainable competitive advantage and
business success.
Dr. Tim NEDYALKOV brings over 18 years of multiindustry experience in Information Technology and
Cyber Security across Europe, the USA, Australia, and
the Middle East. He is a Technology Information
Security Officer at the Commonwealth Bank of
Australia. Most recently, he established the cyber
security practice for the $24 billion Riyadh Metro
transport network. Earlier, he was an Information and
Cyber Security Manager at the Australian
Broadcasting Corporation, country’s largest public
broadcaster with over 5,000 employees across 70
locations. Dr. Nedyalkov holds a doctorate in Cyber
Security, a master’s in IT Management, and a
bachelor’s degree in Computer Science/Applied
Informatics. His certifications include C|CISO, CISSP,
CCSP, CEH, CISA, CISM, CRISC, CGEIT, CDPSE, ISO
27001 LA, CompTIA Security+, ITIL, and Agile PM.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
9
CISOs v2022
by Dr. Atef ABDELKEFI, FR ANCE
Dr. Atef ABDELKEFI is an experienced professional in
the field of cybersecurity with over 12 years of
leadership, consultancy, architecture, and a PhD in
cybersecurity from the Norwegian University of
Science and Technology.
We can all agree that 2021 was one of the most
challenging and unique years in modern times. For
the CISO however, 2021 represented one of the most
impactful times. From an increase in scope, to an
increase in executive level exposure and a change of
skills and expertise required. I believe that 2022 will
see a further development in CISO role as follows
CISO organizations
More organizations are recognizing the importance of
security through the CISO role, as a business enabler
and a differentiator. We have seen a dramatic increase
in demand for CISOs in startups and small and
medium businesses and I anticipate this trend to
continue.
CISO reporting structure
Senior Manager at Deloitte, Dr. Abdelkefi supports his
costumers, in all industries, in their secure digital
transformation journey and coaches his cyber-junior
colleagues.
The CISO position has seen a nuance in its role,
responsibility, and its place among the c-suite over
the years. In a traditional organization structure,
CISOs report to the CIOs. However, we have seen a
shifting trend over 2021 and a strengthening of the
link between the CISO and the CEO which I expect to
grow over 2022.
CISO skills and expertise
While at Accenture, Atef led the Norwegian Cyber
Defense chapter, and at Qatar Petroleum and Aker
Solutions worked as SCADA and ICS security
consultant. Atef contributed to hundreds of national
and international talks in cybersecurity.
The CISO role has been traditionally adapted to the
organization’s size. In large enterprises, the CISO is
required to be rather strategic than technical, while in
SMBs, the CISO is required to be particularly handson to handle security design and implementation. In
2021, we have seen signs of change in this trend.
SMBs’ CISOs are required to build a strong cyber
governance structure, manage risks, strengthen the
cyber awareness across the organization, in addition
to the deployment of the operative technology.
Winner of the “IBM communication Ambassador”
award, Atef promotes cybersecurity and particularly
cloud security in Norway as a Board member of
Cloud Security Alliance. In his free time Atef studies
for his Executive MBA at Quantic School of Business
and Technology.
On the other hand, CISOs are always required to be
technology-aware and particularly Cloud-sensitive.
We have noticed an explosive demand for CISOs
which have a minimum understanding of the cloud
technology in 2021 and we expect this trend to
continue in 2022.
As a CISO and Lead Security Architect for IBM´s
Danish Account, Atef ensured a secure hybrid-cloud
infrastructure and a robust Managed Security Service
to IBM’s Nordic’s customers.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
10
What Will Be Served
On The Table Of Cybersecurity In 2022?
by Inna VASILYEVA, the USA
Past year, we have seen several major attacks on the
supply chain; the scenario will continue to gain
popularity among cybercriminals. This profitable
bridgehead allows intruders to hit multiple targets at
once. Governments will likely develop laws, policies
to protect networks and combat such attacks and will
cooperate with private organizations or other
countries to fight them at the international level.
“Since cybercriminals always go where the
money is, they will continue to spread
malware for a variety of malicious and
fraudulent activities with cryptocurrencies.”
Ransomware attacks will continue to evolve and
become even more advanced. Threat actors will
increase the usage of penetration tools to set up
attacks in real time, as well as to get access to victim’s
networks. Based on latest trends it is very likely that
APT groups will increase their interaction with other
cybercrime associations (for example, buy data on the
shadow market to access corporate resources).
In 2022, sophisticated attacks on mobile devices will
definitely be a trend. Mobile devices are an ideal
target for attackers. Users are almost never part with
their smartphones storing personal information while
infection of these gadgets is very difficult to prevent
and detect. Given the differences of mobile OS,
Android devices will continue to be prone to malware
from the cybercriminals’ arsenal (fraud, financial crime
etc.), while iOS will likely attract the attention of
groups specializing in cyber espionage.
Disinformation campaigns will return stronger and
cybercriminals will leverage it to conduct phishing
attacks and fraud. In addition, due to improved
infrastructure and increased technical capabilities,
cyberattacks will play a role of a proxy to destabilize
activities around the world. Deepfakes will become a
real weapon that scammers will use to manipulate
opinions/stock or to conduct social engineering
attacks.
Inna VASILYEVA is a technical threat intelligence
researcher and reverse engineer HUMAN She
specializes in mobile and malware analysis, threat
intelligence, network analysis and threat hunting. Her
steady record of influential contributions already has
significant impact in the world of cybercrime. She has
served as a principal analyst and leader of a cyber
threat intelligence unit proactively hunting cyber
threats related to industry (cybercrime) & government
(cyberterrorism).
In 2022, phishing-as-a-service will remain popular;
threat actors will offer the phishing infrastructure for
rent to anyone who can’t develop their own tools.
With this trend going up, the number of phishing
attacks aimed at stealing cryptocurrency will rise as
well.
She developed & implemented novel methods for
detection of highly malicious malware (such as
Emotet, Trickbot and others), as well as research on
national security, geopolitical confrontation &
information/cyber warfare among the United States,
China and Russia.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
11
Staying Secure
In 2022
by Ilia KOLOCHENKO, SWITZERLAND
Comprehensive visibility of your IT systems and data
across cloud and on-premises environments remains
vital to prevent data breaches and meet regulatory
requirements in 2021. Creation and continuous
improvement of a risk-based Third-Party Risk
Management Program (TPRM) is indispensable to
prevent surging supply chain attacks, one-size-fits-all
vendor questionnaires don’t work anymore.
Ilia KOLOCHENKO is a Swiss cybersecurity expert and
entrepreneur with over 15 years of cybersecurity
practice.
As a CEO & Chief Architect at ImmuniWeb, he leads
data scientists, security analysts and software
engineers serving enterprise customers in over 50
countries.
Intelligent automation of security monitoring, patch
and configuration management, and incident
response helps to offset shortage of cybersecurity
skills and keep your team focused on those tasks that
truly deserve human intelligence. Keep in mind,
however, that new technologies and automation, for
instance, container orchestration or your CI/CD
pipeline, also expand your attack surface, should be
hardened and adequately protected. Ongoing training
of your security team remains essential to stay ahead
or the rapidly evolving cyber threat landscape.
Countries are now actively adopting new data
protection and privacy legislation that, among other
things, has a strong impact on cybersecurity. Brazil,
China, South Africa and Switzerland to name a few.
Infringers may face severe monetary penalties and
even criminal prosecution. To comply with the
mushrooming data protection and privacy laws in
2022, every cybersecurity team will need a
professional legal advice. So, it’s good idea to team
up with your legal department or talk to an external
law firm specialized in data protection law.
Next year agendas of governments and lawmakers
have a focus to penalize organizations for poor
cybersecurity practices. While deterrence of a
deliberate misconduct is crucial, I’d rather focus on
supporting victims of cybercrime, notably SMEs,
healthcare providers and educational institutions.
Provision of free cybersecurity training may prevent
millions of security incidents. While “creation of
public-private partnerships in cybersecurity may
be a rocket fuel for national cyber resilience in
2022.”
Ilia is also a member of Europol Data Protection
Experts Network and a cybersecurity expert at the EU
CyberNet. Ilia has GIAC GCPN, GPCS, GCSA, GCTI,
GMOB and GLEG certifications and is a Certified
Information Privacy Professional (CIPP/US/E/A/C).
Being a PhD Candidate, Ilia holds a Master of Science
in Criminal Justice (Cybercrime Investigation) and a
Master degree in law.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
12
Women + Cybersecurity =
Women’s Society of Cyberjutsu
by Mari GALLOWAY, the USA
Cybersecurity Executive | Speaker | Published Author
Award Winning CEO, Cyberjutsu | Editor | Leader
Mari is currently a resident of Las Vegas working as a
Customer Success Architect for Palo Alto Networks.
She regularly contributes content to security blogs
and training companies across the country as well as
an Adjunct Professor for UMGC. She also lends her
time to various organizations as an award judge,
mentor, and advisor. Outside of being a geek, Mari
enjoys arts, puzzles, and legos! @marigalloway
mostlymimi.com
ABOUT WOMEN’S SOCIETY OF
CYBERJUTSU
An Air Force brat turned Army spouse, and a 10 plus
year veteran to the tech and cyber world., Mari
GALLOWAY is the CEO and a founding board member
for the Women’s Society of Cyberjutsu (WSC), one of
the fastest growing 501c3 non-profit cybersecurity
communities dedicated to bringing more women and
girls to cyber. WSC provides its members with the
resources and support required to enter and advance
as a cybersecurity professional.
Mari began her cyber career with Accenture where
she excelled as a Network Engineer. Mari is also the
inaugural ISC2 Diversity Award winner for 2019. With
over 12 years of Information Technology, 10 of which
are in cybersecurity, her experience spans network
design and security architecture, risk assessments,
vulnerability management, incident response and
policy development across government and
commercial industries. She holds a variety of
technical and management certifications (CISSP,
GIAC, CCNA, etc) as well as a Bachelor’s degree in
Computer Information Systems from Columbus State
University and a Master of Science in Information
Systems from Strayer University.
Founded in 2012, the Women’s Society of Cyberjutsu
(WSC) is a Northern Virginia–based 501(c)3 nonprofit organization, focused on empowering women to
succeed in the cybersecurity industry. WSC’s mission
is to advance women in cybersecurity careers by
providing programs and partnerships that promote
networking, education, training, mentoring, resourcesharing and other professional opportunities.
WSC serves thousands of women across the globe by
bringing awareness to, and advancing careers in,
cybersecurity. The WSC community includes
information security professionals, IT professionals,
programmers, computer scientists and engineers, as
well as women wanting to explore and join the field.
Recognizing the importance of encouraging girls to
embrace a future in STEM-related professions
through its Cyberjutsu Girls Academy, WSC provides
a unique hands-on curriculum focused on securing
information technology. For more information, visit
http://www.womenscyberjutsu.org
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
13
People
The Strongest Cybersecurity Asset
by Victoria GR ANOVA, CANADA
(My opinions are my own. VG)
Victoria GRANOVA is Founder of CyberToronto
Conference, an annual community conference for the
GTA – GTA- Greater Toronto Area, in Canada. Victoria
is also the President of the (ISC)² Toronto Chapter
board, where she works to create professional
education opportunities and connects security groups
across the GTA to advance the industry together.
Cybersecurity has increased in visibility and
importance for organizations. High-profile supply
chain attacks in recent years have emphasized the
need for support and investment into growing
cybersecurity talent.
While I foresee that many companies will increase
investments into cybersecurity in 2022, it is important
that they don’t forget to invest into their most
important cybersecurity asset – their people.
In 2022, the most successful organizations won’t be
the companies with the highest walls or strongest
cybersecurity systems: they will be the ones with the
most resilient cybersecurity culture.
The best-in-class companies will be investing in their
people from two angles: training for all employees to
understand that security is everyone’s job, and
investment into core cybersecurity teams to support
their mental health and well-being. This investment
can come from multiple avenues, such as competitive
compensation, location flexibility, work-life balance,
and appropriate staffing levels for the amount of work.
Cybersecurity practitioners who have those basic
needs met will excel at their work and will help their
organizations react quickly to prevent and mitigate the
next wave of attacks.
In industry, she works in cybersecurity risk at a
FAANG organization. Victoria also contributes as an
Instructor at York University in the Cybersecurity
Certificate Program.
Victoria is also pursuing a part-time PhD in
Management, channeling her passion about
strengthening the “human factor” in cybersecurity
into interdisciplinary research in cybersecurity and
psychology. Victoria holds the CISSP, CISA and CPA
designations and has an MBA from Queen’s
University. She was awarded Canadian Security’s Top
10 Under 40, as well as Canada’s Top 20 Women in
Cybersecurity in 2021.
Doubtlessly, there will still be companies that will view
cybersecurity as the responsibility of IT and treat
cybersecurity as just another operating expense.
The companies that “get it” will set themselves up for
a great 2022 and will attract the best talent this
industry has to offer.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
14
The Security
aaS Journey
by James J. A ZAR, the USA
“2022 is going the be the year of aaS.”
Many organisations over the last two years have
moved to the cloud, created hybrid environments and
added a load of Microservices to their business and
all this in one of the many popular models of SaaS,
PaaS, IaaS or any other aaS type of service. These
services come together to create a modern workplace
and enterprise. This is introducing a whole new threat
vector that’s going to require creativity and resolve to
defend over time.
Driven Security minded and business oriented
security professional James J. AZAR works, leads,
and is dedicated to the security and business
mission. In his experience, James has served as CTO,
CIO, and CISO but his true passion lays at
intersection of Security and Business where
innovation and out of box thinking are needed to
drive security growth within an organization.
This isn’t the traditional threat landscape anymore,
log4j is the beginning of old software coming back to
haunt us in modern environments and this will
require the industry to re-evaluate its approach and
posture. This is going to take a true partnership
model to overcome the next set of threats with
adversaries far and wide planning a multiyear
campaign to weaken our defences and gain entry to
data, environments and financials they would have
otherwise.
The term it takes a village applies now more than ever
to cybersecurity. In 2022 it’s going to take a village to
defend the hybrid infrastructure that still relies on old
tech and code. We are talking about multi million if
not billion lines of code that need review and updates
with a high cost and low incentive to get it done but
rather replace it.
We are going to witness the toughest decisions as
security and business intersect and will require a new
vision for long term security success.
James is the host of the fastest-growing cybersecurity
podcast in the country CyberHub Podcast, CISO Talk,
and a new and noteworthy privacy podcast called
Goodbye Privacy as well as the Other Side of Cyber
on ClubHouse.
We now have the chance to show the true value of
security to our organizations and we can do that
effectively by using these situations to leverage our
knowledge to be the modern leaders in our aaS orgs.
James is a global public speaker having spoken at
events like CyberTech Israel, RSA, Data Connectors,
FutureCon and has been published in Fox, OANN,
AJC, ABC, NBC and James also writes for Substack.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
15
Cybersecurity 2022
Collaboration, Culture, Convergence!
by Dr. Prof. Sally EAVES, ENGLAND
The time is now to come together and build a
contagion of collaborative change around
cybersecurity progress. As industries, businesses and
consumers become ever more reliant on a connected
economy, its catalyst as the foundation for digital
transformation will grow. This must be underpinned
by security embedded by design across software and
hardware, addressing rising threats across bad actor
collaboration, IoT, Cloud and API acceleration,
ransomware, phishing, Log4j, DDoS… The list goes
on! But we can and must fight back.
“I believe the time is now to reduce the cost
of security and forge a more powerful
connected future – let’s do it together! “
I believe this can be achieved in 3 ways.
Firstly, through collective industry effort. This takes
cross-sectoral thinking across business, technology,
academia and citizens, establishing a baseline of best
practice. Look out for a ‘call-to-arms’ research-toaction piece on IoT security in early 2022 bringing
this very approach to life.
Secondly, progress necessitates convergence,
comprising technology integration and convergence
of thinking too. Cybersecurity cannot be considered
in isolation, there is a clear social impact perspective
with communities left behind in terms of connectivity,
similarly disadvantaged around security and
environmental factors. The digital divide is frequently
a sustainability and cybersecurity divide – please look
out for a related initiative in April 2022 with my nonprofit Aspirational Futures.
Thirdly, this all takes investment in education culture
and ‘changing the narrative’ on what cybersecurity
careers ‘look like’ to close talent gaps. Data literacy
needs are not confined to technology-facing roles or
the security department, everyone must be
empowered with access, enabling the actualisation of
shared responsibility culture.
The earlier we can start the better! look out for my
new non-for-profit cybersecurity book this year
focussed at children – let’s build curiosity with fun
learning and inspire the next-generation of security
leaders too!
Prof. Sally EAVES is Senior Policy Advisor and Chair
of Cyber Trust for the Global Foundation of Cyber
Studies and Research, and CEO of Aspirational
Futures which enhances inclusion and diversity in
education and technology.
A highly experienced Chief Technology Officer,
Professor in Advanced Technology and Global
Strategic Advisor, Sally is an International Author and
Keynote Speaker on Digital Transformation (AI,
Security, IoT, 5G, Cloud, Blockchain) alongside
Culture, Skills, Sustainability and SDGs Impact.
Sally is editor of Cyber Insights, has developed
courses across the data and technology discipline
spectrum and is publishing her new book ‘Tech For
Good’ in 2022.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
16
The NEW
Trust Conversation
by Kai Michael HERMSEN, GERMANY
Over the past years, we saw a tremendous increase in
digital technologies – from use of smartphones,
digital collaboration, e-commerce to decentralized
infrastructure and modern forms of transportation.
Marvels of modern technology, facilitating new
applications and doing no less than altering the way
we live our lives.
Only if we „re-unite“ people and technology
can we increase the rate of adoption of digital
technologies, make them inclusive and will
turn them into the positive force for change we
all want them to be – for the environment, for
society and for ourselves.
Ultimately, however, if knowledge is power, that
access to data-based business models needs to be
fair, unbiased and open – it needs to be trustworthy.
“We need to be mindful that digital
transformation does not only bring large
opportunities, but all the like large
responsibility. “
Becoming trustworthy is an up-levelling of the
security conversation to include attributes such as
transparency, privacy, collaboration and even
business ethics.
These elements transform the conversation from what
“must” a company do to prevent negative outcomes
to what “should” a company do. In many ways, trust
in technology will be as important as any innovations
in technology itself. For the question of our time is no
longer if „technology can do this“ but if „technology
should do this“.
Ultimately, I see organizations move from the
commonplace “security by design” and „privacy by
design“ to “trust by design” – the leaders already
begin developing their corporate trust program build
on ethical behaviour now, before their customers
demand it.
The main benefit of building digital business on trust
is a different rate of adoption of these new digital
technologies, at an unprecedented speed while
simultaneously fulfilling the promise of simplifying
our lives and improving the state of the world.
This requires to look at both technology and how
people develop it, bring it to market and finally use it.
Kai Michael HERMSEN believes all people need to
understand current digital topics and how they impact
their lives, to enable trust in technology and good
stewardship of our societies. He believes for
technology to serve its purpose, trust is a
prerequisite.
In his previous role at the Charter of Trust and in his
current role at Identity Valley, to achieve change, Kai
formulates ambitious goals, builds common ground
for collaboration, activates communities, and rolls up
his sleeves to put them into practice.
As a father of two, he is passionate about finding
balance in life as the only way to fuel our best at work
and make an impact.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
17
Cloud-Native
Modern DevSecOps
by Francesco CIPOLLONE, ENGLAND
Francesco CIPOLLONE is the CEO & Founder of
Appsec Phoenix a revolutionary cloud-based
DevSecOps platform. Francesco is also a seasoned
entrepreneur having founded other 2 successful
businesses one of which was an exit.
struggle to find back footing and a place in this
modern and fast-paced world. Modern teams are fastpaced with 100 releases to production per day, and
data drive decisions and automation are the only
techniques that cover such a rapidly changing
landscape. Nonetheless, many security teams operate
with a manual spreadsheet, manual reports and vague
executive directions. This work methodology is
antiquated and leaves everyone frustrated, starting
with the security team completely overwhelmed with
reports on vulnerabilities. Modern security
landscapers look like the picture below, and for
executives is becoming increasingly difficult to set
targets that make sense to the next level down. This
methodology results in targets that are nonmeasurable and not applicable across an entire
organisation.
On top of this landscape of millions of reports and
vulnerabilities,
cybersecurity
professionals,
executives, and developers face the challenge of rapid
moving landscapes and a fast attacker with average
exploitation of 3-15 days from an attacker on new
vulnerabilities and an average resolution time of 80100 day.
Francesco was the AppSec and Cloud Security lead
for HSBC, Lead Cloud Security for AWS Professional
Service, and consulted with the United Nations.
Francesco is also Chair of the Cloud security alliance,
published author of 7 books on network,
cybersecurity and application security, host of the
Cyber Security & Cloud Podcast. Francesco is also a
seasoned public speaker having spoken at AppSec
Cali, Cyber Security Cloud Expo, and many more
conferences.
The modern organisation landscape has changed.
The new and modern organisations work with various
technologies, cloud, container (Docker, Kubernetes),
software, open-source libraries, web, API, token
authentication
system
etc…
With
Digital
Transformation and covid pushing more and more
organisations to the cloud, modern security teams
The cybersecurity teams need to also deal with red
team exercises, pentest exercises, and external
assessments that add additional vulnerabilities. The
process of dealing with this large amount of issues is
usually left to a non-systematic approach that is very
people-centric, leaving the devsecops professional
overwhelmed and prone to burning out (average time
in the organisation of professionals is 2-3 years). The
Devsecops teams are overwhelmed and struggle to
keep up with the increasing demand for software,
leaving the security team matching 100 or 750
developers in the worst-case scenario.
The solution to those problems is a modern datadriven approach to DevOps and dev sec ops that
offers security team with data and insights to enable
them to scale and target what is the most efficient
problem to fix and the one that will bring the biggest
reduction in risk and maximise the protection of the
attack surface. At the same time, the modern
devsecops team should be removed from daily fire
fighting of the problem and focus on a more systemic
approach that offers developers secure by default
solution and paves the way of security with
automation and central-data-driven controls.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
18
From Theory
To Practice
by Dr. Alina MATYUKHINA, SWITZERLAND
All my life I dreamt of doing something that helps
society. Today, as a Cybersecurity Manager in
Siemens Smart Infrastructure I am helping to protect
people’s livelihoods and privacy, as well as the
cybersecurity of the essential systems in smart
buildings, where people live and work.
Do you remember the time you got asked what your
favorite lesson at school is? To me, it was and has
always been clear: mathematics. Ever since then, my
passion and skills grew and I have received many
academic prizes and awards, conducted research in
the field of number theory which led to new use
cases for cryptography and finally, I finished my PhD
in Computer Science at the age of 25.
Having accomplished many academic achievements, i
wanted to aim for the real problems and how to solve
them. All my life I was dreaming of doing something
which can help our society. Today, as a Cybersecurity
Manager at Siemens Smart Infrastructure, I am
ensuring that products and solutions for smart
buildings meet the required cybersecurity standards
while supporting the needs of users and
stakeholders.
Quality of life and cybersecurity through
smart building solutions
Dr. Alina MATYUKHINA is a cybersecurity manager at
Siemens Smart Infrastructure Global HQ.
Our world becomes more and more connected:
Digitalization does not only concern businesses but
has direct impact on people’s daily lives. However, the
incremental integration of IoT and cloud connection
in smart buildings and the increasing trend towards
IT-OT convergence exposes building systems to
cyberattacks, if not adequately protected.
In her role, Alina is responsible for ensuring that
products and solutions for smart buildings meet the
required cybersecurity standards while supporting the
needs of users and stakeholders. Previously, she has
worked as a cybersecurity researcher at the Canadian
Institute for Cybersecurity and Swiss Federal Institute
of Technology Lausanne.
Through interconnected building systems and
products, our business provides innovative or
ingenious solutions for hospitals, offices, schools and
other places where peoples comfort and lives largely
depend on the quality of their environment.
She holds a Ph.D. in computer science for her work
in software security and data privacy, namely
protecting developers’ identity in open-source
projects. Alina is currently serving as a Chair of
“Smart Infrastructure” working group at Swiss Cyber
Forum to improve the digital safety and security of
society and economy in Switzerland and globally.
More from / about Dr. Alina Matyukhina: at
ingenuity.siemens.com
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
19
Cybersecurity Trends
That Need Greater Focus In 2022
by Jay HIR A, AUSTR ALIA
Jay HIRA is a Cybersecurity Strategy and
Transformation Director with over 15 years of
international experience supporting financial services
organisations to become more cyber resilient through
Zero Trust adoption to build trust and attract more
customers, enabling growth.
Mr Hira is experienced at developing efficient and
business-aligned cyber resilience strategies that
transform businesses, foster customer trust, and
enhance revenue security and net promoter score.
Jay has a proven track record of building highperformance teams ground up and creating an
inclusive culture that empowers individuals and
promotes equality, well-being and fairness. The
gratitude of the people around him rewards Jay.
Successfully influencing change and delivering cyberresilience capabilities aligned with IT strategy and
broader business objectives, Mr Hira has a proven
track record of partnering with stakeholders across
the organisation, including the Board and CxO.
The three foundational pillars for the success of any
data protection and privacy program comes from:
Keeping the data available when needed; Keeping the
data safe from unauthorised access; and Protecting
the data accuracy.
One common trend that we witness is that while the
confidentiality and availability aspects of data gain the
most attention, focus on integrity is often overlooked.
This strategy essentially assumes that the threat actor
is a malicious outsider and only aims to exfiltrate data
leaving the data source as-is without compromising
integrity. This strategy fails considering the insider
threat or threat from privilege access abuse,
intentional or unintentional. The whole foundation of
the CIA triad is to balance efforts equally, and the
integrity of data needs an equal amount of effort, if
not more. Businesses should broadly focus on asking
the question of controls built into the critical
platforms they leverage to store customer or sensitive
data to ascertain that data accuracy is checked at the
time of collection and data traceability and auditibility
can be established.
The second trend that we are witnessing is the
adoption of the cybersecurity catchphrase of the year,
Zero Trust. With the adoption of cloud technology,
BYOD, work from anywhere, the attack surfaces have
expanded. Our customers, partners and the supplier
ecosystem access data and services remotely.
Cybercriminals are leveraging both the expansion of
the attack surface and the default trust, which is an
outcome of the traditional perimeter-based
approaches to cybersecurity. Zero Trust throws the
idea of a trusted network out the window in favour of
verification and validation of every user, device,
system and network at every step. These trends
coincide with significant changes in the way
consumers and employees engage online. We’re
witnessing data being shared more freely and
accessed from anywhere across multiple devices. In
the forthcoming years, the challenge for businesses
of all sizes are scaling rapidly without disrupting the
user experience, securely providing access to
sensitive data, and being resilient.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
20
Stop, Collaborate, Listen
Cyber Advice for 2022
by Kerissa VARMA, SOUTH AFRICA
Why a Rapper From 30 Years Ago Has Valid Cyber
Advice for 2022?
When i was a child, vanilla Ice (a famous American
rapper) released a song called “Ice, Ice baby” which
quickly spread through the world in flurry of
popularity. A phrase that has always stuck with me
from the song “Stop, collaborate and listen” is the
inspiration for my advice for 2022. Stop trying to
build strong fences and forgetting about the outside
world, collaborate to find solutions to global
cybersecurity problems and listen to the murmurs of
your people – increasing and retaining talent is
critical.
“It always seems impossible until it is done”
~ Nelson Mandela
STop: Thinking you are an island; we are an
ecosystem. For years we have focused on building
strong boundaries from the outside world and
pretending we could insulate ourselves from external
impact. The trend of vulnerabilities in our supply
chain impacting organisations globally is becoming
increasingly common and will continue. Supply chain
risk proves that societal upliftment of cyber posture is
critical for all our protection. Additionally, our ability
to rapidly determine impact and respond to supply
chain risk will become more critical in 2022 as
frequency continues to rise
Collaborate: Collaboration will increase in 2022 –
cross sector, cross-industry, private- public
collaboration will increase out of necessity. In
realising we are a hyperconnected ecosystem
increased collaboration will become a critical tool to
curb cybercrime. Problems too big to be solved
individually will benefit greatly from this level of focus
and integration.
Listen: war on talent will continue into 2022 – The
last two years has catalysed a demand for digital
capabilities. Along with this demand, the need for
cybersecurity skills has grown exponentially and will
continue to do so in 2022. Our ability to encourage
young and mid-career individuals into the field and
provide rewarding work for those in our current teams
becomes critical in the 2022 landscape.
Kerissa VARMA leads Cybersecurity with dispersed
teams across Africa for Vodacom and Vodafone. She
is a seasoned cybersecurity and technology leader
who believes strongly that technology is a critical
economic lever that is pivotal to growth in Africa.
She has held multi-national CISO roles in multiple
sectors, demonstrating history of building and scaling
security
capabilities
across
healthcare,
telecommunications, transport, government and
financial services and is a passionate advocate for
everything cybersecurity.
She volunteers widely to increase cybersecurity skills
across the globe with a keen focus in Africa and she
is the founder and President of Women in
Cybersecurity (WiCyS) Southern Africa and the
Cybersecurity Digital Alliance South Africa (CDSA).
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
21
Walking Towards
The European Cyber Resilience Act
by Nuno Martins da Silveira TEODORO, PORTUGAL
“We cannot talk about defence, without talking
about cyber,” Ursula von der Leyen said in her
annual State of the Union speech in Parliament,
September 2021.
Moreover, Ursula added that “If everything is
connected, everything can be hacked,” pointing
out that the growing number of connected devices
also increases vulnerability to cyber attacks, taking
our attention to the rapid spread of digital
technologies and the growing concern on critical
infrastructures such as public administration and
health systems.
Global Fortune 500 Chief Information SEcurity Officer
with expertise on Cyber Security Strategies and
Programs, Threat Intelligence, SOCs, Cyber Crime
and Warfare, Data Privacy and Application Security
Programs. Executive level Cyber Security professional
with experience on engaging with regulating bodies
and managing international wide certifications and
cyber programs.
“And given that resources are scarce, we have
to bundle our forces. And we should not just
be satisfied to address the cyber threat, we
should also strive to become a leader in cyber
security,” – Ursula von der Leyen
Taking a step back, and looking to the EU Cyber
Resilience Act
First of all, lets put everyone on the same page of
what cyber resilience stands for: cyber resilience
refers to the ability to protect electronic data and
systems from cyber-attacks, as well as to resume
business operations quickly in case of a successful
attack.
Its clear from the European Commission speech that
Europe should develop, own and manage cyber
defence tools, allowing us to walk towards the
implementation of an European Cyber Defence Policy,
including legislation on common standards under an
overarching paradigm – the European Cyber
Resilience Act.
More from / About Nuno Martins da Silveira
TEODORO, Cyber Security and Privacy Officer, CISO
at Huawei:
https://www.linkedin.com/pulse/walking-towardseuropean-cyber-resilience-act-nuno/
Background on B.Sc. and M.Sc. in computer
engineering. Specialization in Cybersecurity Risk by
Harvard and Cyber Warfare and Terrorism by Charles
Sturt University, with several published papers.
Current acting Cyber Security and Privacy Officer for
Huawei and previous Global Chief Information
Security Officer (CISO) for Truphone. Served as an
Information Security Expert and Information Security
Officer in multinational Organizations like Vodafone
and Allianz. Board member of ISACA Portugal, GSMA
Fraud and Security member, member of the Executive
Cyber Exchange and ClubCISO. Invited professor in
several universities scoping lectures in Cybersecurity
Strategies and digital resilience.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
22
Time!
To Get Tested
by Jay Jay DAVEY, ENGLAND
The theory of Moore’s Law results in faster data
processing, higher bandwidth usage, and more
security events which means more tuning and more
complex deployment of tooling.
However, the effects of increased computational
power don’t stop there. It means threat intelligence
data will be processed and ingested in much higher
volumes, putting more strain on both the systems and
the analysts using them.
Jay Jay’s passion for technology starts from when he
was a child as his father was a UNIX System
Administrator who taught him how to use a computer,
after struggling with school and ultimately leaving
with nothing from school and college he decided to
join the armed forces.
Jay Jay started his security journey after leaving the
armed forces working for a helpdesk at Lockheed
Martin, feeling uncomfortable he strived to gain a
position within a SOC without certifications or a
degree and was successful.
But what does this mean for SOC analysts?
First, it means we must adapt; we have to work
smarter and think more critically with our
investigations. Most importantly, we promptly address
security events and incidents in light of advancements
in technology. These technological advancements can
help us and hinder us; the same is true for our
adversaries.
Far too many SOCs are untested until zero hour.
“We need to test the SOC’s capabilities
regularly and proactively. We need to
purposefully put our playbooks, processes,
technology, and the team under pressure
through different types of testing.”
So what is the purpose of testing?
It goes further than confirming your team’s readiness,
it will highlight weaknesses in the processes, people,
and technology before these weaknesses rear their
ugly heads during an actual incident.
Testing is ultimately the best way to get that muchneeded assurance that your team is ready to respond
to cyber attacks as they occur. Testing will help
identify training requirements, technological
restraints, playbook gaps, and process gaps.
Ultimately, it will determine if what is in
place is fit for purpose while giving you
visibility of what needs improving.
Jay Jay DAVEY is a leader and mentor in security
operations.
Stemming from an armed forces background, Jay Jay
swiftly became a leader in security operations,
helping people understand how to build, implement
and govern a SOC team to maximise operational
effectiveness. In addition, he has an endeavour to
help businesses understand how to align their SOC,
ensuring that it complements their risk management
function.
Jay Jay has selflessly committed himself to assist
others to break into the industry through mentorship
and guidance.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
23
Growing
Threat Landscape OT/IoT
by Craig FORD, AUSTR ALIA
“Get to know your networks, find out who
has access and why. Then make sure you
have control of this, you can thank me later.“
We all see articles and news about the constant
bombardment of cyber-attacks. Businesses and
consumers are in a constant influx of threats, aimed
at disrupting our daily digital lives and harvesting
every drop of data about us that can be found. This
trend is only set to continue with one change that I
feel has been coming for a while now. I feel a strong
focus of threats will be aimed toward both OT and IoT
devices. IoT devices are becoming more and more
part of our lives. They are becoming smarter, more
capable devices in many cases that do not have a
strong history of security in mind.
There are certainly reasons for the reduced security
focus, these devices need to be small and have
minimal power capabilities. Meaning designers
normally focus on the functionality that they want
them to achieve and don’t want to give up precious
bandwidth for non-essential functionality. Before you
argue with me that security is essential I agree but
they usually don’t, this is just a blocker for them
achieving what they need the devices to be capable of
doing. This will need to be resolved moving forward
or it will be a major security vulnerability that will
leave a lot of organisations roasting over the hot coals
in 2022 or beyond that is sure.
What about OT environments? These networks run
trains, mining, manufacturing, critical infrastructure
but they are normally very custom environments with
very minimal protection. They are generally separate
networks to the primary IT infrastructure of the
organisations but they will have many points of
access that have been put in over the years to allow
for suppliers or support staff to maintain and help get
things back up and running when things screw up.
They likely have full admin control and no monitoring
of this access. Not a very safe or controllable situation
for either of these systems, we need to go back to
basics with these platforms and work on taking back
the control before a malicious actor does it for us. We
have already seen some activity in this space in the
second half of 2021 and it is going to be a big
problem for all of us in the next 12 months.
Craig FORD is a wizard of the dark arts, a conjurer of
the cyber world, he delves into ethical hacking,
security engineering and user awareness. He is not
one of those hackers who hides in the dark, hunched
over his keyboard wearing gloves just doing his
thing. No, Craig stands tall in the light, no hoodies
here (Unless its really cold then he might just buckle
on that stance).
He is a wielder of words, with works talking about all
things cyber for CSO online, Women in Security
magazine, Cyber Australia magazine and so many
more we don’t have the space to mention. He has
written some books (A Hacker I Am Series) that will
pull you down the cyber security rabbit hole and
leave you wanting so much more. He has a new
hacker novel series dropping in 2022 (keep a watch
out for this).
Unlike many hackers, he isn’t too hard to find, look
him up, you will not need to search long. When you
do find him, you can find all the usual acronyms and
what not. He is a defender of cyber space, here to
stand with you on the war that is coming between
good (your friendly neighbourhood hacker, cyber
professionals and what not) and evil (Malicious
actors, cyber thugs, criminals). What side are you on?
24
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
“What’s For Dinner?”
– “Cybersecurity”…
by Jurgita LAPIENYTE, LITHUANIA
Jurgita LAPIENYTE is a Senior Journalist at
CyberNews. Jurgita works as a reporter covering the
most important tech-related news, with a strong focus
on how technologies and digitalization affect our
quality of life.
It’s my job to bring the most complicated
cybersecurity topics to a broader audience. By
simplifying them, providing interesting examples, and
making it less scary, I hope people will start to care at
least a little bit. It’s unreasonable to think that all of a
sudden, everybody will start chatting about
ransomware and cryptography over dinner. Until you
fall victim to a cyber-attack or data breach, it’s hard to
care that much.
And that is not unique to cybersecurity. It’s only
natural that people care more about the crime rate
and car accidents in their neighbourhood than about
crime statistics in another city. And I wish that those
people would not fall victim to cyber-attack, be safe
from data breaches and avoid the losses they can
cause. But to keep the intruders out of your digital
world, you’ve got to care at least a little bit.
Imagine a world without pet names as passwords.
Maybe SolarWinds would have never happened in the
first place, as Top executives of SolarWinds believe
that the root cause of the supply chain attack was an
intern who has used a weak password for several
years. If you haven’t guessed it yet, the password was
“solarwinds123.“ I hear and read people say they
don’t care about being hacked, and anyways, who
would hack them? They don’t have much in their bank
account. But that’s how malicious hackers get into
organizations, hurting businesses and governments.
Jurgita has a Bachelor’s degree in journalism, and a
Master’s in politics and media. Throughout her
academic years, Jurgita has explored the subjects of
humor in media and the coverage of armed conflicts,
and wrote a paper on how ideology manifests itself in
popular culture artefacts like internet memes.
I constantly talk to cybersecurity experts, and I know
they are overtired. Not only because there’s a massive
skills shortage and there aren’t enough people to
stand guard. They also sound tired of repeating
simple mantras like using good passwords because
many still do not listen.
Jurgita attended multiple training programs with the
US State Department, European Journalism Centre,
and Transparency International. She is also part of the
international Digital Communication Network, belongs
to the Lithuanian Business News Journalists Club,
and the US-LT Alumni Association.
“Being a journalist, I consider it my mission
to deliver cybersecurity news to people in a
way that they would start caring, and at the
same time, wouldn’t get too scared of all
the monsters that are out there. “
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
25
Massive Prioritization
Of Cybersecurity Initiatives
by Ali KHAN, the UAE
As we continue to innovate and progress on the
digital front, cyberattacks continue to grow in
sophistication. Here are my predictions on areas
where we will see organizations taking major
initiatives in cybersecurity in 2022.
Safeguard and protection from malwares. as the race
to adopt cloud computing infrastructure and collect
more data and build alternate realities such as the
metaverse continues to grow within organizations,
attackers would continue to target such data.
Cybersecurity leaders will have to perform broadlevel scrutiny within their organizations to ensure data
collection practices are well protected. This will
include initiatives to review mesh architectures, with
increased focus on connectivity from outside the
premises of organizations to support cloud and
remote infrastructure, including remote worker
access. A major consolidation, review and
enhancement of organization security infrastructure is
expected in 2022. This will include adoption of
emerging cyber technologies for Cloud, Zero Trust
Network Access (ZTNA) and Machine Learning
(ML)/Artificial Intelligence (AI). Cyber’s shift as a
profit center. Traditionally, cybersecurity has been
seen as more of a cost center (CAPEX/OPEX) type of
expenditure within most organizations. With the build
of secure infrastructures, the shift to view cyber as a
business enabler can be realized.
When organizations are stronger at the cybersecurity
forefront, it will help them with employee, customer
and citizen trust. This would be a major mindset shift
at the boardroom ensuring organizations are
leveraging their human resource and marketing arms
to justify their profit center strategies with the help of
cybersecurity. Improved process execution and
decision-making using ML technology. As
organization’s continue to invest in cyber
technologies, ML will provide organizations with
significant competitive advantage. ML will play a
considerable role in decision making and automating
tasks such as use case detection and response.
workflows in Security Orchestration and Automation
Response (SOAR) tools within Security Operations
Centers (SOCs), Threat Vulnerability Management
(TVM), Robotic Process Automation (RPA), SoftwareDefined (SD) security, Connected and Autonomous
Vehicles and DevSecOps to name a few.
The year 2022 will be interesting year for cyber as we
continue to innovate and progress on the digital front.
I am excited as we started 2022 and continue to work
within our organizations, with our clients and our
networks to execute large-scale, transformational
cyber initiatives; are you?
Having been brought up in over three continents as
part of his childhood, Ali KHAN, CCISO, CISM,
CISSP, CDPSE, CISA also known as #thecyberAli, is
an executive cybersecurity professional, father, author,
thought leader, mentor, angel investor, and a
humanitarian.
Ali serves the cybersecurity industry globally with his
Ali serves the cybersecurity industry globally with his
innovative approach to executing and delivering on
cybersecurity initiatives. As a mentor and educator, Ali
continues to work closely with educational institutions
to develop the next generation of cybersecurity
professionals and also provides mentorship, guidance
and career coaching to upcoming and aspiring cyber
professionals and startups and is also the author of a
cyber career handbook, Because You Can: Your
Cybersecurity Career. Ali also volunteers his time and
efforts at not-for-profit organizations providing his
subject matter expertise.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
26
Cybersecurity
Starts With People
by Thomas MARR, the USA
A proud veteran of the United States Army, where he
served his country as a military intelligence analyst,
Thomas MARR grew up within the diverse and evergrowing metroplex that is the Dallas-Fort Worth area,
Texas, USA.
Four Cybersecurity Predictions for 2022
When the coronavirus pandemic started roughly two
years ago, millions discovered how much we take for
granted. Most store shelves became empty,
employees lost their jobs, and businesses that relied
heavily on personal transactions lost both business
and staff. Today, the convenient technology that has
evolved up to this point has also increased our attack
surface.
Business reliance on fragile supply chains also
became exposed. Cybercriminals are aware of this
too. As the number of employers that let employees
access company applications from personal devices
at home has risen largely due to the current job
market conditions, so has the risk of ransomware
attacks. And as the use of Ransomware-as-a-Service
(RaaS) will continue to increase, businesses will need
to place greater focus on executing the fundamentals
of ransomware mitigation.
Thomas, now a senior security engineer at L3Harris,
has been consulted to build security programs and
contributed to multiple open-source projects.
Thomas holds a Bachelor of Science in Information
and Computer Science from Park University and
several professional certifications, including the
industry respected CISSP.
He pays forward his career success by mentoring
industry newcomers in his free time.
“Thomas is a driven individual with strong technical
and business acumen. He has a natural ability to
analyze and identity threats to organizations and is
passionate about his career and technical growth.
Thomas does not hesitate to mentor newer
individuals in the industry and has proven to be a
valuable resource time and time again. It is without
reservation that I recommend him for leadership,
threat analyst, and threat intel roles. He’s a valuable
asset to any organization.” Ken Underhill
Supply chain issues have also plagued the modern
world, as software attacks are projected to quadruple
2020’s total by the end of the 2021. Both customers
and suppliers need to focus on mitigating potential
attacks against assets as supply chain cybercrime
shows no signs of slowing down.
As the adoption rate of Internet of Things (IoT)
devices has increased, so have the related
vulnerabilities. Since IoT devices continue to make
many of their non-internet connected counterparts
obsolete, businesses will be forced to budget for IoT
security as IoT attacks will continue to increase since
many are built and utilized without security in mind.
Staffing issues will continue to exacerbate opportunity
for cybercrime. As employers continue to set the bar
for entry ridiculously high and force entry-level
workers to work irregular and odd hours, teams will
continue to be overwhelmed and there are not
enough experienced professionals to go around.
Cybersecurity starts with the people; if you
take care of them, they will take care of you.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
27
CISO
Changing The Strategy
by Yohann BAUZIL, FR ANCE
Yohann BAUZIL joined Airbus OneWeb Satellites
(AOS) at 33 years old in early 2017 and currently
holds the role of Chief Information Security Officer
(CISO) for the French entity. AOS is a startup of the
New Space, created as a joint venture between Airbus
and OneWeb. Located in Toulouse, Yohann is also
Head of “Cybersecurity, Industrial Security & Data
Protection” for France.
Throughout our life and in our education, from
kindergarten to engineering school, we are taught to
strive for the best grades across all subjects. We have
the societal goal to be good at everything. When you
start working, you instinctively try to become an
expert in your field. Then, one day, you become Chief
Information Security Officer (CISO), and you realize
that you will have to change strategy…
The scope a CISO has to cover is extensive:
management, IT expertise, leadership, governance,
DRP/BCP, offensiveness, budget management,
showing pedagogy and persuasiveness with the
board of directors, IAM, risk analysis, crisis
management, and many others. We can often be
experts in two or three of these aspects. However, the
real challenge of the job is to have an opinion,
knowledge, and know-how in all the topics we have to
address.
“Considering the level of sophistication of
today’s security threats and the diversity of
the missions we have to manage, the
CISO’s job is becoming increasingly
complex. “
Since 2008, he has worked for Airbus Defence &
Space (ADS) as IT Project Leader and Expert in
Network and Security dedicated for all the ADS
spacecraft launch campaigns. Working directly within
the business during all these years, he has always
maintained the same approach:
And thus, when you eventually assess the true scope
of your duties, you begin to understand that you will
have to excel at your job without being excellent at
everything. Being an expert in all areas is not a viable
approach, so you need to find a new and acceptable
personal strategy.
“Security has to be a business enabler and has to
work for the business”.
Looking at the new challenges ahead – such as
quantum computing, the formidable efficiency of AI,
or the dramatic rise in technology – excellence in the
modern CISO profession is about stepping back and
being humble enough to disregard the conditioning
of our education and learning to accept to be just
“average” in many aspects.
The question becomes simple: Are we sufficiently
prepared to accept being just “an average”? The
answer, not so obvious…
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
28
2022: Time To Define
Your Cloud-Native Strategy
by Lesly MERINE, FR ANCE
Lesly MERINE is a cybersecurity professional since
2010, he started his career within the Luxe industry,
then joined Wavestone as a cybersecurity consultant
in Paris and Hong Kong, working on strategic
engagements within Fortune 500 transformation
programs in finance and public sectors.
As per the Cloud-Native Computing Foundation
(CNCF), a cloud-native application is leveraging
modern cloud platforms capabilities to build and run
scalable applications through containers, microservices or immutable infrastructure.
Understand the Ecosystem
Before embedding cloud-native into a cloud security
strategy, it is key to have a clear vision about what is
the cloud strategy and ambition within the
organisation. Designing a cloud-native security
strategy when the organisation builds only monolith
applications on a private datacenter won’t seem
obvious unless there is a strong move-to-cloud
strategy with a refactoring approach.
Assess the Risks
Cybersecurity within a cloud environment is slightly
different from having its own datacenter where the
organisation is accountable for most of the chain
(from physical datacenter premises to the data
processed within the applications).
In 2018, Lesly joined L’Oréal as Chief Information
Security Officer for L’Oréal’s Digital business to lead
the security of the Beauty Tech acceleration. As a
Digital CISO, he also led the DevSecOps program
across L’Oréal entities to increase the application
security maturity of the company towards its digital
transformation.
Lesly is a reserve military officer for the French
Ministry of Defense’s cyber command.
Recently, he started a new adventure within Google
Cloud cybersecurity team, working with strategic
customers in Europe.
For cybersecurity priorities in 2022, Lesly believes
cloud adoption will continue to grow with an
acceleration of cloud natives adoption, thus, security
teams will have to anticipate how their will include
those services into their cybersecurity strategy.
With the shared responsibility model, the Cloud
Service Provider (CSP) is responsible for the security
OF the cloud platform where the client/organisation is
responsible for the security IN the cloud. My
recommendation with assessing cloud security risk is
to leverage existing materials such as Enisa Cloud
security risk assessment, CISA cloud risk assessment
where most of the common risks are present
(misconfiguration, account takeover, service
disruption, …) but need to be refined for your
organisation.
Define the Policy
As for the risk analysis, my recommendation is to
spend time on organisation-specific topics like your
very own high-level cloud architecture, network
strategy (this is where tough perimeter security
discussions appear…), identity or zero-trust maturity
target to support cloud-native applications.
Link to full article here
What is a cloud-native application?
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
29
Cyber Warfare:
Threats And Opportunities
by Dr. Maurice DAWSON, the USA
Dr. Maurice DAWSON is Assistant Professor and
Director and Distinguished Member of the Center for
Cyber Security and Forensics Education (C2SAFE) at
the Illinois Institute of Technology.
It is time for nations to securely integrate Artificial
Intelligence (AI), cybersecurity, data science, and
more into national infrastructure.
It is necessary that even developing countries
embrace the culture of cybersecurity to protect
themselves from the ever-growing global cyber
threats.
The Cybersecurity and Infrastructure Security Agency
(CISA) states there are 16 critical infrastructure
sectors whose networks, assets, and systems are
considered vital to the United States (U.S.), and their
incapacitation or destruction would have a debilitating
effect (Presidential Policy Directive, 2013).
These are the same critical infrastructure sectors that
developing countries that to protect.
A world-renowned cybersecurity expert, Dr. Maurice
Dawson consulted by government and industry
across the globe.
He is a four-time Fulbright Scholar Recipient,
cybersecurity expert in the U.S. Speaker Program for
the U.S. Department of State. Dawson has a Ph.D. in
Cybersecurity from London Metropolitan University
and a Doctor of Computer Science from Colorado
Technical University.
Last year he was named among the 50 Most
Important African-Americans in Technology by the
Journal of Black Innovation.
Moreover, as cybersecurity has become the fifth
domain of warfare, countries must protect
themselves. These domains are not just for the
military but the civilian sector as well. Understanding
the role of cyber and how it can be used to take
advantage or secure the remaining domains will give
entities the upper hand in strategy (Dawson Jr.,
2021).
“This is the future of cybersecurity and
protecting critical infrastructure as more
devices come online and connected is vital to
a nation’s security and perhaps democracy.”
References:
Dawson Jr, M. E. (2021). Cyber warfare: threats and
opportunities.
Presidential Policy Directive. (2013). Presidential
policy directive — critical infrastructure security and
resilience. National Archives and Records
Administration. Retrieved December 24, 2021, from
https://obamawhitehouse.archives.gov/the-pressoffice/2013/02/12/presidential-policy-directivecritical-infrastructure-security-and-resil
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
30
2022:
Having a Fighting Chance
by Roger SELS, the UAE
Vice President (Cyber) Solutions at BlackBerry, Roger
SELS leads BlackBerry Solutions. He serves as a
trusted advisor to clients’ C-Suite to maximize their
cyber program value and impact.
Roger is an accomplished CISO and CxO advisor with
20+ years of experience in developing and maturing
new cyber capabilities. Roger has led large cyber
security transformation programmes to manage
business risks in Fortune-50 organizations across
financial services, insurance, telecom, technology,
government, defence and IC organizations. He is an
international speaker, member of ENISA’s Ad Hoc
Working Group on SOC and AHWG on CyberMarket
and a member of the CyberTheory CISO Advisory
Board and Faculty Advisory Board of CyberEd.
Before joining BlackBerry Cylance, Roger was the
founding CISO at DarkMatter LLC, a cybersecurity
consulting firm serving mainly government, defense
and intelligence agencies. Roger holds a B.A.D.G.E in
Reverse Engineering from ESIEA, Paris.
To the casual observer the acceleration of the barrage
of breach and ransomware headlines paints a bleak
picture of our cyber future. Cyber warfare is being
waged against our organizations, institutions and
citizens with mounting losses and no end in sight –
defeat all but assured. Do these cyber folks even
know what they are doing?
Crime syndicates have diversified into cyber with
tremendous success. One could argue, driven by
similar profit motives to VCs diversifying into cyber
start-ups. The influx of well-capitalized players on
both attacking and defending sides spurs on
innovation, with both sides trading blows in a
seemingly ever-escalating cyber arms race.
Those of us who come from an offensive security
background (for defensive purposes, ie the red ream)
know all too well that cyber warfare is asymmetrical in
nature and skewed to favor the offensive team.
Adversaries are more agile in developing, adopting
and rolling out innovations. It is a matter of survival or failure. Contrast that to our businesses, for whom
digital and cyber can be an enabler, but is far from the
core business and often seen as a cost center still.
Failing to prevent attacks comes at a cost, but so
does preventing or detecting them. Adopting
unproven innovation comes at a risk of potential
business disruption. There are now so many peddlers
of innovation that making sense of the noise is
difficult. Meanwhile our adversaries test, research and
deploy innovation continuously.
Cyber defense has had many blind spots over the
past years. we secured data from leaving our
organizations but ignored business partnerships
which require data to be shared. We reviewed
changes made by privileged users but allowed trusted
third parties to deploy black boxes on our networks,
servers and applications. We assumed we could keep
parts of our environments disconnected from the
internet. We shall see organizations adopt
innovations such as Zero Trust and SBOMs,
continuous threat hunting, automated controls
deployment and testing to remove blind spots
faster with the same rigor as our adversaries – or
we shall keep bemoaning the inexplicable
victories of the adversaries.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
31
Only Those
Who Will Risk Going Too Far…
by Iryna REINHARDTSEN, NORWAY
“Only those who will risk going too far can
possibly find out how far one can go.”
~ T. S. Eliot
Being inspired of the event “Diversity & Security”
organized by Microsoft Norway and Oda Network
(Norwegian leading network for women in tech) I
want to share some ideas about this topic.
Why diversity is so important nowadays?
“Diversity is not just about the color of our
skin, gender, religious or ethnic
background, it is also about being
surrounded by people whose varied
experiences contribute new ideas to
problem solving.” ~ Ann Johnson Corporate Vice
President, Cybersecurity Solutions Group
Studies have shown the importance of diversity and
inclusion in generating more creative solutions to
business problems and enhancing performance and
competitiveness. It’s particularly important in tech
because it serves as a catalyst for success and a
foundation for innovation in so many industries.
While many organizations working on implementation
of “diversity measures” to encourage more women
and other underrepresented groups to explore
careers in tech, it’s still remains a deficiency of
women and minorities, especially in cybersecurity.
It’s easy to calculate the gender gap in cybersecurity.
Women – who make up 11-20% of the industry –
hold few leadership roles in security. As recently
predicted that by 2022, 3.5 million plus cybersecurity
positions will go unfilled, therefore…
“… to gain the advantage in fighting
cybercrime we are dependent on diverse
talents and consciousness about this
subject!
Only those who will risk breaking the barriers,
crossing the borders and transforming dreams into
actions can possibly understand how a young lady
from far East can change the cybersecurity landscape
of Norway.
Iryna REINHARDTSEN is a gifted young woman in the
Cyber Security world, with Master’s degree in
Computer Systems & Networks from the National
Technical University in Ukraine and more than 15
years of work experience within IT.
Working in Oslo, Norway, for basefarm, devoting her
skills and her true passion is information security
management. Her truly international experience
allows her to assist companies in improving their
security by providing guidance and raising
awareness. All in the effort to reduce the risks and
impacts of a cyberattack.
As a business security officer, iryna is being trusted
to 180 degrees change the customers’s views at
security and risk. Strategy, implementation and
processes are her strengths. A few to mention. An
Information Security Engineer with diverse
background, Iryna became pivotal player in assisting
customers with ongoing security incident response.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
32
Familiar Problems
Meet Improved CyberTech
by Devin PRICE, the USA
2022 will feel both similar and different from 2021.
The same cybersecurity issues that the industry dealt
with in 2021, such as ransomware and a lack of
software supply chain security, will still be major
issues that organizations will need to tackle in 2022.
“With better technology to anticipate risk,
cybersecurity will be viewed as a critical
business enabler, instead of merely a cost
drain on operations.”
The primary difference between both years
will be the scale that these issues will reach.
Ransomware attacks will continue to hit large-scale
businesses but will also begin to be targeted toward
individuals who are not as versed with the experience
as a business.
Software supply chain attacks will ramp up as
attackers move away from targeting first-parties and
go after low-hanging security vulnerabilities within
the software of their third-party vendors.
Unfortunately, there will be more targeted supply
chain incidents, similar in scale to the SolarWinds
hack.
The bright side is that these incidents will lead to
greater scrutiny of the security process of the
software supply chain as well as collaboration
between private and public sector entities to ensure
the impact of these attacks are increasingly mitigated
as time goes on.
December 2022 will be different because there will be
more Artificial Intelligence (AI) and machine learning
(ML) tools used in cybersecurity operations.
Organizations trying to keep up with the rate of
cyberattacks will use 2022 to upgrade their defenses
with AI/ML so that they can begin to better prioritize
security risk to their business operations and
customers.
AI/ML will shift cybersecurity from simply detecting
attacks in a timely fashion to beginning to proactively
bolster against anticipated risks before they are
apparent to attackers. This year, AI/ML will pave the
way for cybersecurity professionals to do more in less
time.
Devin PRICE is a passionate information security
analyst with six years of professional IT experience
straddling the worlds of both agile systems
development and cybersecurity.
His areas of interest include e application security,
secure development, and penetration testing. In his
off hours, he enjoys listening to information security
industry podcasts, working through online hands-on
labs to build his cybersecurity skillset, and
connecting with other like-minded security
professionals.
Devin was recently published within the United States
Cybersecurity Magazine’s Winter 2022 edition for his
article on the future of DevSecOps
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
33
Future Threats
To Cybersecurity
by Salman QADIR, the UAE
It is now indisputable, that digital technologies are
embedded into our DNA. Thus, the importance of
Cybersecurity is growing exponentially. Cybersecurity
in business is a fundamental component for the
continued success and transformation of our digital
world. Cyber criminals are using more advanced tools
to penetrate digital systems which can seriously harm
the global economy. Hackers continue to find
sophisticated ways to steal people’s identities and
information through various phishing and other
attacks. Cyber criminals most commonly hack to
access confidential information. And eCommerce
fraudsters are everywhere in cyberspace. Steps
required:
The future of cybersecurity is not welldefined today.
Professionals speak about the need of a mass shift
away from the currently encrypted data model to new
models. This is because hackers target encrypted
data, store it until the time they themselves can use a
quantum processor to break any and every
encryption. As truly global thinker and practitioner, I
believe that a serious cyber-attack can destroy not
only a single company’s financial health, but also have
systemic effects causing harm to the entire economy
and even security of nations. In essence, it is time to
act and start working jointly to secure our cyberworld.
1.Obviously, in the face of these challenges, Tech
giants must invest more in AI-based security systems
to support cyber professionals and to protect
organizations’ digital infrastructures.
2. In addition, educational institutions need to design
better degree qualifications for cyber security
courses, including Quantum computing and advanced
AI.
3. Organizations should employ top cybersecurity
talent to work against the ever-increasing cyber
threats. For example, some work is already being
done to create encryption using Quantum
entanglement, called Temporal Method.
4. Personal cybersecurity must address the needs of
individual users at work and at home as well as the
individual privacy of population. Perhaps we should
consider providing children with globally recognized
digital IDs to prepare them for the Future of Internet
and Cyber-world.
5. Thinking about the smart cities and the Internet of
Things. How to ensure cybersecurity? What is needed
is a universal methodology. How to differentiate
fundamental patterns? How to protect elements of a
chain: from security of a device that creates, captures
your data.. to the data storage.. to the back-end
storage?..
Respected amongst his peers, a passionate tech
business professional with a wide range and depth of
knowledge in technology startups, sustainability and
business strategy, Founder & CEO SALQ iNov8 Tech,
Salman QADIR has an ambitious plan to build a
Cybersecurity and Technology Research Center in
Pakistan.
Technology and Cybersecurity influencer, Salman
manages a global Tech Community (SALQ iNov8),
where numerous top Cybersecurity experts are part
of this community. Salman’s practical knowledge and
vast research cover various industries and emerging
technologies. As a young corporate leader, Salman
eagerly supports the Digital Pakistan, Silk Road (Belt
Road), emerging technologies and start-up initiatives
in Pakistan, Middle East and internationally.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
34
IBM and IBMers
In 2022
Jennifer WENNEKERS, NETHERLANDS
At IBM, work is more than a job – it’s a calling: To
build. To design. To code. To consult. To think along
with clients and sell. To make markets. To invent. To
collaborate. Not just to do something better, but to
attempt things you’ve never thought possible. To lead
in this new era of technology and solve some of the
world’s most challenging problems.
IBM is a leading cloud platform and cognitive
solutions company. Restlessly reinventing since 1911,
we are the largest technology and consulting
employer in the world, with more than 350,000
employees serving clients in 170 countries.
Managing Consultant @ IBM Security | “OutOfBand”
Podcast Co-Host | Woman in cybersecurity who
believes that she contributes with her actions to the
greater good and a safer cyberspace.
In our modern world, data has become a commodity
and often a target in cyberattacks. Jennifer
Wennekers, an IBM Managing Consultant specialised
in Threat Management, helps organisations to prepare
for potential cyberattacks and to improve themselves
in the aftermath of a cyberattack. By doing this, she
ensures that the data entrusted with them stays safely
secured.
With Watson, the AI platform for business, powered
by data, we are building industry-based solutions to
real-world problems.
For more than seven decades, IBM Research has
defined the future of information technology with
more than 3,000 researchers in 12 labs located
across six continents. For more information, visit
www.ibm.com.
Website: http://www.ibm.com
Company size: 10,001+ employees
Having been in the IT industry for over 10 years, and
in the Cybersecurity industry for over 6 years,
Jennifer has fulfilled roles such as SOC Analyst,
Cybersecurity Incident Manager and Cyber Defence
Consultant. She is a firm believer in an integrated
security approach, where threat intelligence is
combined with business context, vulnerability
insights, monitoring and detection capabilities, as well
as insights obtained from attack simulations.
Based in the Netherlands, she has worked for
multinational clients based in Europe, Asia, and the
US. As a fierce supporter of diversity in the infosec
world, Jennifer is the co-creator and co-host of the
“Out-of-Band” video podcast, an initiative by
European female cybersecurity professionals who
have honest conversations about working in the
infosec world.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
35
Protect Your Privacy
Anonymity and Security
by Zaid SABIH AL QUR AISHI, IRELAND
How to access the Dark Web and protect your Privacy,
Anonymity and Security
Do you want to Protect your privacy and security?
How about accessing the dark web? If so, then you
found the right course!
With no prior knowledge required this course will take
you from a beginner to advanced in all of these
topics; teaching you how to properly and securely
discover data and websites on both the dark web and
clear web, access hidden (onion) services,
communicate privately and anonymously using
instant messages and email, manually use end-to-end
encryption to protect your privacy and make it
impossible to read even if it gets intercepted, sign
and verify files, share files anonymously, transfer
funds anonymously using crypto currencies such as
Bitcoin and Monero and much more!
You’ll also learn how to do all of the above in a secure
manner making it very difficult for hackers or other
entities to hack you or de-anonymise you. Even if you
get hacked these entities won’t be able to easily
control your system or de-anonymise you.
More from / About Zaid SABIH AL
QURAISHI, Founder and CTO of zSecurity:
visit: https://zsecurity.org/
Zaid SABIH is an ethical hacker, a computer scientist,
and the founder and CTO of zSecurity.
He has good experience in ethical hacking; he started
working as a pentester with iSecurity.
In 2013, he started teaching his first network hacking
course; this course received amazing feedback,
leading him to publish a number of online ethical
hacking courses, each focusing on a specific topic, all
of which are dominating the ethical hacking topic on
Udemy.
Now Zaid has more than 300,000 students on Udemy
and other teaching platforms, such as StackSocial,
StackSkills, and zSecurity.
zSecurity is a leading provider of ethical hacking and
cyber security training, we teach hacking and security
to help people become ethical hackers so they can
test and secure systems from black-hat hackers. Our
goal is to educate people and increase awareness by
exposing methods used by real black-hat hackers and
show how to secure systems from these hackers.
Becoming an ethical hacker is simple but not easy,
there are many resources online but lots of them are
wrong and outdated, not only that but it is hard to
stay up to date even if you already have a background
in cyber security. At zSecurity we aim to put
everything you need in one place, weather you need
full training (online courses), hacking equipment or if
you just want to stay up to date with the latest in
ethical hacking world, you have it all in here.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
36
The Space Arms Race
Global Trends and State Interests
by Dr. Gil Baram, the USA
Dr. Gil BARAM combines strategic thinking and databased analysis to identify patterns in decision-making
processes during cyber conflict. She defines practical
strategies and provides organizations with a
customized cyber policy toolbox.
Today space is an arena with a significant
impact on the security, military, economy,
and daily routines of many countries
around the world and has attracted many
stakeholders.
As a result, global interest in the development of
weapons for use in space—a process known as the
“space arms race”—has increased.
The weaponization of space poses two major threats.
Firstly, it poses a security threat as unilateral actions
by countries to weaponize space increase uncertainty
within the international system. For example, space
researchers recently warned that the propose
establishment of the US Space Force increases the
risk of conflict and escalates tensions with its rivals.
Dr. Baram served as the Head of research at Yuval
Nee’man Workshop for Science, Technology, and
Security – a multidisciplinary think tank at Tel Aviv
University. In this position, she managed a team of
researchers who conduct research for the government
and private companies on national cyber policies,
cyber threats to space systems, space warfare, and
more.
Gil wrote her Ph.D. on decision-making during cyber
conflict at Tel Aviv University, and she is currently a
Fulbright cybersecurity post-doctoral fellow at CISAC
(Center for International Security and Cooperation),
Stanford University.
In her lectures and courses, Dr. Gil Baram helps
audiences understand how the international cyber
security landscape is changing, what the new trends
are, and the diverse threats the world faces in
cyberspace.
Secondly, it poses an environmental threat as
experiments with anti-satellite weapons have led to
the creation of large amounts of space debris and
have increased the difficulty of conducting operations
close to Earth. If the process of the weaponization of
space is accelerated, space could become dangerous
and inaccessible to the various players.
Today there are two different processes taking place
in space: The militarization of space refers to the use
of space-based technology (communication, remote
sensing and navigation) to support military
operations, and the weaponization of space refers to
the introduction of weapons into space, such as antisatellite weapons, satellites capable of damaging
other satellites, and weapons operating from space
aimed at Earth. Nowadays, the militarization of space
is seen as a fait accompli, but that space has yet to
become weaponized and therefore the process is
reversible. Indeed, in recent years, the superpowers
have intensified the process of weaponizing space.
Direct link:
https://www.researchgate.net/publication/338165794
_The_Space_Arms_Race_Global_Trends_and_State_
Interests
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
37
Impact Of Mentorship
and Cybersecurity Community
Bishakha JAIN, INDIA
Deliver meaningful impact faster with IBM Consulting
Transformation is being transformed — from one-off
initiatives to an urgent, purpose-driven imperative.
Modern businesses must move ever faster, but also
with more empathy and more openness.
IBM Consulting is a new partner for the new rules of
modern business. We embrace an open way of
working by bringing a diverse set of voices and
technologies together. We collaborate closely, ideate
freely and swiftly apply breakthrough innovations that
drive exponential impact to change how business
gets done.
We believe open ecosystems, open technologies,
open innovation and open cultures are the key to
opening opportunities and the way forward for
modern business and for our world.
“We want to work together, create together, grow
together and rethink what’s possible together.”
Website: http://www.ibm.com
Company size: 10,001+ employees
Bishakha JAIN is currently working as a Senior
Cybersecurity Consultant at IBM. She is a seasoned
IT practitioner with a demonstrated history across
telecommunication, marketing, cyber risk advisory,
application security, identity access management,
governance risk and compliance, strategy, education,
and consulting domains.
Bishakha is an active Cybersecurity Evangelist and is
appointed as the Associate Lead for Education and
Awareness for IBM’s community for women in
security called WISE (Women in Security Excelling)
for IBM India Chapter.
She is an IBM Recognized Speaker/Presenter, IBM
Recognised Teacher/Educator, IBM’s Mental Health
Ally and IBM‘s Be Equal Ambassador.
She has a rich history of working with various
communities across the globe and is passionate
about increasing diversity participation in
Cybersecurity and has trained over 25K plus
candidates. She is appointed as the Executive
Director for the Cyber Security Global Alliance. She is
the Brand Ambassador and Advisor for the Women in
Cloud Network. She also serves as the Council
Representative of the Public Safety and Security
Council, West Bengal. She is the Global Ambassador
of the WomenTech Network.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
38
Cyber Security
Beyond the Breaches
by Osaid R A ZA, PAKISTAN
Osaid RAZA (CRISC, CISM, CDPSE, CEH, ITIL,
COBIT5) is a qualified and highly professional
information technologist with impressive experience
in the field of information security and spent 12 years
of his life in different domains of Information
Technology (IT), innovation, cyber security, and
emerging technologies.
He holds Cisco, Microsoft Cloud, ISACA, IBM & ECCouncil certifications and has worked seamlessly for
the past 12 years. Currently, he delivers his services
as a Senior Consultant with passion and in-depth
knowledge in Governance, Risks, and Compliance
(GRC).
Osaid has worked dedicatedly and excelled in the field
academically too. He is also working with educational
institutions as the industry advisory & course
evaluation committee member at different universities
of Pakistan and the Board of Technical Education.
Cybersecurity challenges found in today’s digital
landscape and how modern backup best practices can
effectively prevent, detect, and restore from a
ransomware attack without ever having to give in to a
ransom we will talk about the upcoming instance in
the cyber domain. As we know, rapid digitalization
and penetration of Information and Communication
Technologies (ICTs) in all walks of life have exposed
states to new and evolving cybersecurity threats. The
classification and protection of data and infrastructure
have become essential for states. At the same time, all
responsible states have developed holistic policies
and approaches to counter impending cyber threats.
Cyber security means protecting data, networks,
programs, and other information from unauthorized
or unattended access, destruction, or change. Cyber
security is a significant concern in this era where
computers have become common. The swift
development of technology and the availability of the
internet to the most public has become frequent;
cyber security is a vital concern. The meteoric
development of technology and the availability of the
internet to the most public has broadened the
pathway of cybercrime. There is different form of
C\cyber-attacks like viruses, malware, spyware,
phishing, ransomware, fraud, etc. Clicking infected
web pages, malicious websites, links, or
unintentionally downloading a dangerous program
allows hackers to gain illegal access to other
computer systems. An increase in scams related to
cryptocurrency, the growing use of deep fake
technology, and more targeting of gullible online
users are just some of the top cybersecurity
predictions for 2022. There is a greater need to ramp
up online security in the future.
Have a look at top cybersecurity predictions:
Criminals will use Artificial Intelligence (AI) &
Machine Learning (ML); Further deepfake videos;
Scammers will exploit natural disasters to con users;
Extra online protest, vigilantism; Electronic identity
stealing; Cryptocurrency scams
We must be more vigilant in the coming future as
“Think like a hacker to beat hacking attempts,” and
organizations or national level security should be
beyond the breaches.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
39
Forever Forward
Ambu A/S, Denmark
by Dennis PERSSON, DENMARK
CISO & Head of IT Compliance at Ambu A/S, Dennis
PERSSON is an Experienced CISO focusing on
business enablement, digital risk, fraud/crime,
Information & Cyber Security and raising awareness
on Security. Deep knowledge and understanding in
Information Security, IT Security and how process,
people and technology fits together in a global
business context.
Ambu – Forever Forward
“Ambu (listed on the NASDAQ OMX Copenhagen) has
been bringing the solutions of the future to life since
1937. Today, millions of patients and healthcare
professionals worldwide depend on the efficiency,
safety and performance of our single-use endoscopy,
anaesthesia, and patient monitoring & diagnostics
solutions. The manifestations of our efforts have
ranged from early innovations like the Ambu® Bag™
resuscitator and the Ambu® BlueSensor™
electrodes to our newest landmark solutions like
Ambu® aScope™ – the world’s first single-use
flexible endoscope. Moreover, we continuously look
to the future with a commitment to deliver innovative
quality products that have a positive impact on your
work. Headquartered near Copenhagen in Denmark,
Ambu employs approximately 4,000+ people in
Europe, North America and the Asia Pacific.”
“Ambu’s company philosophy has always been the
desire to make life easier for doctors and to find
innovative products that can save lives. Innovation
and entrepreneurship are key for Ambu. Always have
been. Always will be.”
Dennis has broad understanding in many different
areas that enables him to look at both business
concerns and goals mapped to risk management and
security challenges from different angles and always
in the companies’ best interest in mind. He also has
extensive knowledge in managing risk for both onpremise and cloud services and protecting intellectual
property, company assets and personal data.
Dennis helps to fight cybercrime, aiding in various
communities and threat intelligence networks. All to
be able to shut down as many of the adversaries and
threat actors as possible.
Making life easier. Ambu’s company philosophy has
always been the desire to make life easier for doctors
and to find innovative products that can save lives.
Innovation and entrepreneurship are key for Ambu.
Always have been. Always will be.
The history: In 1937, the engineer, Holger Hesse,
founds Testa laboratory, which later becomes Ambu.
Hesse develops products that make a difference to
patients and doctors. The Sicca Haemometer is the
first product that enables private practitioners to
measure the amount of haemoglobin in the blood
without having to send a blood sample to an external
laboratory.
For more information, please visit:
www.ambu.com
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
40
Advice to women who
are considering a job in cyber!
by Michelle NGUYEN, the USA
Michelle NGUYEN, a graduate of Virginia Tech, has
spent 15 years implementing software and providing
technology services to Fortune 100 companies. She
is currently a Regional Director at Axis Security, a
Security Service Edge vendor that secures seamless
access to business resources.
Her specialty is working with early-stage
cybersecurity startups to bring disruptive solutions to
the market and partnering with customers to adopt
new technology to enable and secure their business.
In her spare time, Michelle mentors at-risk youth in
New York City and advocates for Women in
Technology and Cybersecurity through speaking
panels at various conferences and the Women’s
Society of Cyberjutsu.
She is passionate about bridging the gender gap in
tech at an early age, and volunteers with the
Cyberjutsu Girl’s Academy, an interactive STEM
program for middle school aged girls. She was
recognized as a 2019 Top 25 Women in
Cybersecurity by Cyber Defense Magazine.
There have been some improvements in the industry
when it comes to addressing the talent gap. Women
bring a different set of skills, particularly soft skills, to
bridge the gap in a male-dominated field.
Being involved with the Women Society of Cyberjutsu
and Cyberjutsu Girls Academy has been extremely
rewarding. I found the non-profit through a mutual
friend and have been volunteering for the last few
years now. They organize meetups and mixers, host
job boards, and connect women in the cybersecurity
industry. One of my favorite parts of the program is
the Cyberjutsu Girls Academy where the STEM
program meets once a month for girls, mostly but not
limited to middle-school age girls, for an interactive
learning workshop where they do everything from
building web pages, programming robotics, creating
mobile apps and more. The best part is seeing the
excitement from the girls and their reaction to the
reality of cybersecurity. They’re always amazed that
women like me with long silver hair, who wear
makeup and like fashion, work in cybersecurity. I love
being able to reinforce the message to these young
girls that they really can be anything and do anything
they put their minds to.
My advice to women who are considering a
job in cyber!
First and foremost, just go for it. As I mentioned,
women can be intimidated by a false sense of being
underqualified or lacking certain education and
certification requirements, but a lot of times, those
things can be learned on the job. What is most
needed are the soft skills that many women can bring
to the job: excellent communication skills, ambition,
drive, and other natural-born talents.
I’d also encourage women to network with everyone!
Given that there are new threats and technology
solutions coming out every day, it’s imperative for
practitioners to always be learning and networking
with industry peers. The really cool thing about
cybersecurity and technology is that it is a vast area
and there is something out there for everyone.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
41
Security
by Reassurance
by Youssef ELMALTY, SINGAPORE
Principal Security Consultant Global Financial
Services at Amazon Web Services, Youssef ELMALTY
is an industry-renowned cybersecurity expert
specializing in defense-in-depth strategies and
cybercrime investigation tactics.
With the current wide access to information, many of
us are able to acquire and analyze information that
can be used in identifying and diagnosing problems,
however humans are always seeking re-assurance
(human nature).
Reassurance helps us confirm the relevance of the
information and analysis we worked on, this
reassurance phenomena is actually resulting in a
hormone being released in our bodies called
Oxytocin, this is normally released in response to
pleasant mental experiences (such as trust and
reassurance). Reassurance help us decreasing stress
and focus on things that matter the most such as
feeling comfortable and secure.
Good example of this experience happen when you
feel symptoms of an illness and you start researching
it online. You will eventually manage to identify the
possible causes and treatments. The majority of us
will still want to go and see a doctor for “reassurance”.
Why? because its a human nature.
Reassurance works on the positive and negative
experiences:
On the Positive Side: The doctor might say you don’t
have this illness, it’s something mild and will go away
in few days, this will make you relieved and destressed, then you will start to feel good.
Based out of Singapore, Youssef provides thought
leadership across multiple security consulting &
delivery domains. This includes security strategy, risk,
compliance, assessments, incident response, threat
hunting and zero trust architectures. Youssef helps
customers from various industries such as
government,
defense,
banking,
and
telecommunications build and improve their
cybersecurity programs. Youssef holds numerous
professional, industry-recognized certifications.
Youssef is also a Board Member at HITRUST Asia
Advisory Council, he work directly with HITRUST to
facilitate continuous improvement of the programs,
services, and initiatives to ensure the HITRUST
Approach sets the bar for organizations seeking the
most comprehensive yet tailorable privacy and
security risk management and compliance framework
available in the region.
On the Negative Side: The doctor might say it’s more
serious illness than you think but the good news now
that we have identified it earlier and we can start the
treatments right away. This in itself will make you feel
good because you were not qualified to diagnose
yourself in the first place and in return you were
underestimating the illness. It is always a good idea to
acknowledge that a little insecurity is still a good
thing because there is no 100% security, this will
help us to continue improve and do our work better.
However, insecurity is only good in moderation and
constantly feeling insecure will bring more negativity.
The same story goes for cybersecurity: we might
work on architecture designs, threat modeling,
security assessments and incident readiness but we
still want to get external consultants to help us
validate our work. This will make us feel re-assured
which will in return help us “feel” secure.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
42
The Future
of Cybersecurity
by Vandana VERMA, INDIA
Recipient of Indian Achievers Award 2021 and one of
the top Indian Women in the field of Cyber Security,
Vandana VERMA is a multi-award winning
Cybersecurity leader, a Hands-on Senior Solution
Architect at Snyk, Podcast host with ITSP, Diversity
and Inclusion Advocate and an International speaker
and influencer on a range of themes in Information
Security, including Application Security, DevSecOps,
Cloud Security and Security Careers.
2022 is here with all hopes and new beginnings.
Organisations have started to remodel the new way of
working and adapting to the current solutions. We are
seeing a huge shift in adapting to new technologies
and frameworks. The few technologies which are
taking precedence over the workforce ecosystems are:
Cloud-ready: Organizations are making sure they
have resources setup in the cloud and be ready for
any such situations in future which means resources
ready for remote working conditions considering the
ever-changing scenarios.
Artificial Intelligence and Machine Learning (AI/ML)
:AI/ML is the next big thing, organisations have been
talking about it and implementing it. However, the
need for it justifies it and showcases the importance
in finding the frauds early to avoid the kind of
breaches we have seen.
DevOps with security with automation and chaos
engineering: failures with the systems due to any
reason can be troublesome for an organization.
Automating the tasks and performing the Chaos
Engineering can help organisations resolve the
issues.
Data privacy: Data Privacy is a concern and has
become a necessity after seeing all the breaches,
leaks and data sharing.
Threat Intelligence for a safer ecosystem: Gathering
the right threat intelligence and applying in the
ecosystem is the need of the hour.
Supply Chain management: while 2021 was coming
to an end, the year introduced supply chain attack
trojanizing SolarWinds Orion business software
updates in order to distribute malware. A minor
change going unnoticed can create a huge loss and
concern.
From being the Chair of the OWASP Global Board of
Directors to running various groups promoting
security to organising conferences to even delivering
keynote addresses at several of them, she is engaged
continuously and proactively in making the global
application security community a better place for
individuals, organizations and societies.
“In a nutshell, the most crucial aspect that I can
think of are “Identities” which are becoming the
new perimeter with AI and ML has become a
silver lining to the cloudy ecosystem which can
potentially help in identifying and finding the
frauds before they happen”
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
43
Build Your
Cybersecurity Sandcastle in 2022
by Ken UNDERHILL, the USA
The sun was beating down on my face, surely leading
to another evening of rubbing aloe vera on my
lobster-red skin. I didn’t care, the pain would be worth
it. “No” I yelled as the wave came crashing in and
destroyed the masterpiece, I had spent the last hour
building. My childhood dreams were crushed. After
crying uncontrollably and thinking my life was over, I
began thinking about what went wrong.
You see, I had spent that hour building my sandcastle
masterpiece at the beach. That day, I had my first life
lesson in how messing up the foundation can lead to
all sorts of problems. I built my sandcastle off a weak
foundation and focused most of my efforts on making
the top part the most beautiful masterpiece. The
“water threat actor group” didn’t care about the beauty
of my sandcastle or how good my tools were. It only
cared about exploiting weaknesses in my foundation.
In a similar fashion, threat actors don’t care about the
new office chairs you purchased or the paintings on
the wall. They care about attacking your foundation
and finding weaknesses to exploit. As we wraped up
an exciting year in 2021 of threat actors causing
chaos in our lives and giving us job security, below
are my thoughts for what we can expect in 2022.
More organizations will adopt a zero-trust mindset
that there is no perimeter. Sorry for all of the die hard
on-premise people reading this, but the perimeter is
dead especially with the cloud. Companies will
continue to assess the security posture of partners
and vendors and award contracts based on your
security posture. We have already seen this
happening in a number of companies and some
larger companies will not pay on your contracts if you
have a risky security posture. Much like your personal
credit score, your company’s external security score
can impact your ability to get financial assistance and
close deals. Companies can get their score for free
on websites like SecurityScorecard.
The threat of cyber attacks will affect global policy
making and economic sanctions against Nation
States. As a Nation State, I no longer have to threaten
with traditional weapons or poison your tea,
I can simply flex my cyber muscle against your critical
infrastructure and push my agenda. I expect we will
see an increase in the number of deaths attributed to
attacks on critical infrastructure. And while some
threat actors try to make us feel warm and fuzzy that
they wouldn’t dare touch hospitals, the realty is that
they are criminals, and they will continue to attack
infrastructure around the world.
Ransomware attacks will increase and hit at much
larger scale. This can be attributed to how lucrative
these attacks can be and policies in the U.S. on
paying ransoms. We will see increased friction among
threat actor group members, and I suspect this will
lead to data leakage, even if your company pays the
ransom.
I think we will also see an increase in the number of
attacks by script kiddies on critical infrastructure
globally. Here in the U.S., we had a number of
instances where script kiddies shut down emergency
call centers and other organizations.
Deepfakes will be used in more cybercrimes, like
business email compromise (BEC) and I also think we
will start to see an increase in the Deepfake-as-aservice operators.
Much like legal outsourcing websites for the gig
economy, like Upwork and Fiverr, we will see an
increase in the number of underground sites for
outsourcing cyber criminals and affiliate programs
being offered, especially for ransomware.
My final prediction is we will continue seeing attacks
in cloud environments as more organizations move
their stacks from fully on-prem to public cloud
providers.
Cybersecurity threats are not going away but if we
build a strong cybersecurity foundation in our
organizations, we can help reduce our risk.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
44
by Ken UNDERHILL, the USA
It’s similar to your house and your neighbor’s house.
If you have a fence, large dogs, security alarms,
security cameras, physical security guards, and locks
on everything and you neighbor has none of that,
which house do you think the burglar will come to for
the big screen television? Possibly yours, but more
than likely it will be your neighbor’s house since they
have poor security protection practices.
“We must work together to push back on nation
states with regulatory and policy regimes that
threaten these freedoms and human rights so that
everyone can enjoy the benefits our cyber space
has to offer”
“The best gift you can give yourself and your
company in 2022 is improved security by
implementing a zero-trust mindset, implementing
secure coding and architecture best practices,
building detection engineering, and investing in
your team”
Technology is a beautiful thing. It’s also scary. The
internet as we know it and advancements in
technology have enabled economic and social
progress around the world and helped us all remain
connected. At the same time, increased threats from
organized crime syndicates and state threat actors
have dramatically increased in size, sophistication,
and volume. We also see policy threats to the
structure and governance of the internet and attempts
by oppressive regimes to control online discourse
and undermine freedom of their citizens. Threats in
cyberspace usually have an international impact and
as such, we have a need for diplomacy among nation
states to combat these threats and drive further the
social and economic opportunities that technology
offers. We must couple not only security and
economics, but also the human rights element to be
successful because all of these are interdependent.
So, what is cybersecurity diplomacy? Cybersecurity
diplomacy is simply the collective action and
cooperation against cyber threats. Think of it like a
police department and citizens in a neighborhood
working together to stop burglars. A combination of
building strategic partnerships among nation states,
information sharing, and developing coalitions on
policy issues are critical to combating today’s threat
actors.
By leveraging cybersecurity diplomacy, we can help
protect core values of internet freedom for all, multistakeholder governance, and openness.
Ken UNDERHILL is the Executive Producer & Host of
the Cyber Life television show which reaches millions
of viewers each month around the world on the Binge
Networks app, Amazon, Roku, and more. Ken has
worked a number of security roles in his career
including as a pen tester.
He has won multiple industry awards for his work to
improve diversity in the industry and is an advocate
for women’s rights. Ken educates around 2.6 million
people each year through his online cybersecurity
courses and is a cybersecurity executive at an Ed
Tech startup, RapidAscent, and vCISO.
He holds a graduate degree in cybersecurity from
Western Governors University, mentors thousands of
young women in cyber each year and sits on the
advisory board for several startups in the U.S.
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
45
Editor-In-Chief
TOP CYBER
NEWS
MAGAZINE
and
RAISE THE
CYBERSECURITY
CURTAIN!
Ludmila Morozova-Buss
Doctoral Student at
Capitol Technology University
TOP CYBER NEWS MAGAZINE – Special Edition – ALL RIGHTS RESERVED
46
TOP CYBER NEWS
MAGAZINE
PUT TECHNOLOGY AT THE FOREFRONT OF THE BUSINESS
Human Centered Communication Of
Technology, Innovation, and Cybersecurity
«You need not weather the storm alone. You need to bring cyber risk
expertise onto your team.»
Dawn KRISTY, JD
Chief Ececutive Officer and Founder – The Cyber Dawn, LLC
«Cybersecurity (including data security and network security) is not only
an enterprise-wide requirement, but a worldwide requirement.
Cybersecurity never should have been only one department’s
responsibility. It must also be a corporate culture, a way of thinking, a part
of all training, and top of mind for everyone. Only with multiple diverse
perspectives on the cybersecurity challenge will we see our way forward in
addressing it.»
Dr. Kirk BORNE
Chief Science Officer – DataPrime, Inc.
«The field of cybersecurity needs talent to address complex and
increasingly sophisticated threats. That talent must come from all genders.
Together we must embrace this opportunity to not only make a difference
to this much-valued field of data protection, privacy, and information
security, we must encourage women to go into the field and to stay in the
field. Women in cybersecurity must now seize the moment – our moment!»
Diane M JANOSEK
Deputy Director of Compliance – National Security Agency (NSA, the USA)