October is Cybersecurity Awareness Month! To celebrate, we sat down with some of our security experts to chat about their careers, industry trends, and advice for organizations looking to #BeCyberSmart.
What inspired you to pursue a career in cybersecurity - and what advice would you give others looking to get into the field?
Jessica O: I started out as an IT administrator and ended up in a position where I needed to pick up security responsibilities as well. Although I loved working as an IT administrator, I found a real passion in the security space. As a natural problem solver, I enjoyed the varied nature of working with security as the landscape is always changing.
For those just starting out, I recommend getting your hands on as much tech as possible even if it’s not related to security. You will be surprised how much IT and networking knowledge translates to great understanding of security overall.
Joel A: My career is unique because it involves the regulatory and documentation side of cybersecurity. What inspired me was my fascination with digital security, hacking, and privacy law. I've always had a passion for cybersecurity and helping others understand the visuals and documentation of what takes place in a cybersecurity program. Programs are usually robust and take a team to deliver results!
My advice for others is to get into security compliance and GRC (Governance, Risk & Compliance) for cybersecurity. There aren't many of us; demand for organization, control of documents and administrative security safeguards in cybersecurity is becoming just as important as technical safeguards enabling an increase in the job market.
Marina L: My career in cybersecurity was a complete accident. Fresh out of college, I had graduated with a double major in Psychology and Business Administration and zero idea of what I wanted to do with my life. I took a job as a sales engineer at a cybersecurity company (Carbon Black). I had no knowledge of cybersecurity, but the hype of covert hackers and “pew pew maps” espoused in movies compelled me to apply for the job. At Carbon Black, I interacted with countless customers that inquired “How do we detect or block threat X?” That opened Pandora’s Box for me and the more I investigated threats, the more I became fascinated with adversarial tactics and techniques. I started writing blog posts about threats I researched, dissecting each stage of the kill chain. Some of my friends at work started noticing my work and my potential and referred me to a threat analyst role. That was the push I needed. It was a huge leap from sales engineering to threat analysis, but I left sales behind, and the rest is history.
My advice for those who want to pursue a career in cybersecurity: Don’t be scared, we all start somewhere! Ask questions, don’t be afraid to ask for help and Google is your friend! There are a ton of free resources you can tap into.
Tim M: I have always been interested in the security of technical systems, I just didn’t realize it had a name or industry growing around it when I was young. I also happened to be surrounded by people with similar interests and thirst for security knowledge.
I didn’t pursue security because of the “cool” factor, because when that fades all you’re left with is a long boring white paper about the latest threat landscape. I have always liked fixing problems in systems that were otherwise considered “working.” Security can often mean you’re having a complicated discussion over the merits of changing a system that works today, but might be compromised due to a variety of possible issues tomorrow.
What is a memorable moment from your time in cybersecurity and/or a memorable story related to an attempted cyber attack?
Joel A: I will never forget deterring a physical social engineering attack where I had someone follow me very closely to enter a secured premise (back when physical locations were more prominent in the workforce than they are today). I noticed this, of course, and stopped and asked them to give me space. Once this happened, he couldn't get in and ran off the premises.
Marina L: Hands down, it has to be the research I did on the Smominru/MyKings botnet with my friend and colleague, Greg Foss. It started with a peculiar alert from a customer and like an archaeologist, the more I dug into the threat, the more pieces and artifacts I uncovered. This attack had it all: LOLbins, packed executables, compromised infrastructure, cryptominers, keyloggers, FTP servers, EternalBlue, etc. What started off as investigating one alert for one customer quickly escalated into researching a long-running global campaign.
Lyra S: I think the Colonial Pipeline shutdown from earlier in the year neatly demonstrates just about the most important part of cybersecurity. You have to keep the foundation of your organization strong or it can all fall easily.
Tim M: I remember a time a while back in my career when we had to fix and patch a network of 200+ computers via the “sneakernet.” It wasn't always an easy fix to resolve compromises or prevent them with an update by deploying a tool like Automox. I really like that I had that experience though, because it reminds me of how awesome it is to work with a product that would have made a difference in that moment. Really the only memorable part of it was how late that work day ran in order to patch all the endpoints in comparison to how patches are distributed today.
What are the biggest changes you’ve seen in cybersecurity/cyber crime in recent years?
Jessica O: The biggest – or at least most alarming – change I’ve seen is the increased prevalence of supply chain attacks. As security matures, so does the threat landscape. We see attackers taking advantage of distributed services to quickly disseminate malware and vulnerabilities. Much like ransomware when it first made its appearance, hackers have taken advantage of something that was intended to improve security/automation and used it for their own nefarious purposes. Any SaaS provider who isn’t acutely aware and mitigating the risk of supply chain attacks is doomed to become a target.
Marina L: A couple of anecdotal trends that I’ve noticed:
- Increased LOLbin use in conjunction with malware. A lot of security researchers will post their exploits and bypasses on Github, which attackers will package in with their malware (which could also have been open source). It’s a little too easy for both a script kiddie and complex adversary alike to disseminate malware.
- Increase of shadow IT. With the sudden transition to remote work due to COVID-19, many employees are mixing business with personal and leveraging many personal applications and engaging in personal activities on their corporate laptops in the privacy of their own home.
- With the advent of Kaseya and Solarwinds, I think (on a positive note) more organizations have the justification and momentum to hire security teams and not just have the one sysadmin who is in charge of IT and security on the side.
Tim M: The biggest changes I’ve seen in cybersecurity/cyber crime today are the speed and distributed nature of the crime. An attack vector could have gone unnoticed for quite a length of time in days past, but now zero-day attack vectors are being utilized before they are well known or even patched. It’s important to a security practice to have the ability to deploy a patch as soon as it is available. Automox has Worklets that help create the flexibility needed to do these patches as soon as they become available.
The other big change I’m sure we’re all aware of is the distributed nature of the workplace. We used to be able to approach security with a “moat and castle” approach but we’ve got to move quickly to a “zero-trust” model now that an attack can come from a compromised network wherever we choose to work; it isn’t always the office anymore.
Joel A: For me, it’s the rise in lawsuits pertaining to privacy and protection of personal data.
What are some tips for people and/or organizations looking to improve their cybersecurity?
Marina L:
- Least privilege always! If there is no business case for it, chances are that the user shouldn’t have that access or permission.
- Visibility is key: you can’t secure what you can’t see. No alerts is not a good thing; it could mean that your tools are either not working, or you are not equipped to detect an ongoing threat.
- Frequently stay in the know for new types of threats. There are so many various online forums, articles, newsletters, twitter feeds, etc. Cybersecurity is constantly evolving and you can’t be complacent with being able to detect and prevent yesterday’s threats.
Jessica O: I always tell people to “go back to basics” when looking to improve security. Although there are so many cool pieces of tech and advanced security features to invest in, what we see most often when it comes to major breaches are gaps in basic security posture. Bad passwords and unpatched infrastructure are to blame for most breaches. Low hanging fruits are easy to fix, but unfortunately just as easy to exploit if not addressed!
Joel A: Companies should invest in achieving the following frameworks for improved GRC in information security such as:
- ISO 27001
- SOC 2
- Privacy By Design
- NIST Privacy Framework and ISO/IEC 27701:2019
Tim M: I would recommend that overused marketing phrase of “shifting left” your security practices. Involve your security team and developers as early in the process of your organization’s workflow as possible. This has the benefit of being secure from the start, and lessening the post launch security issues. I also can’t stress enough the importance of actually testing your security team and procedures prior to an actual security incident. It’s hard enough to react to an ongoing security incident without having to learn the process at the same time. Organizations practice for fires with fire drills for this same reason. It is always good to seek out room for improvement before it becomes a detriment to your business continuity.
Lyra S: Make sure it is hard for any given employee to have accidental access to potentially dangerous material. An intern doesn’t need access to all the financial information for your customers, nor necessarily does your principal engineer.
What is your favorite security-related Automox feature and why?
Marina L: This may seem like a cop-out answer, but the fact that Automox does automated patching, period. When I used to work with customers that were experiencing ongoing attacks, 9 times out of 10, the root cause would be some unpatched vulnerability that the IT admins had put on the back-burner because it was too much effort, or they were unaware of the vulnerability’s existence altogether. Automated patching helps address that gap and reduces the attack surface area significantly.
Lyra S: Keeping everything up to date saves a lot of security troubles, and Automox makes that easy to do.
Tim M: I love that Automox works in a distributed workplace environment. This helps improve security without major infrastructure overhead. No need to maintain or enforce VPNs in order to ensure the endpoints are being updated and patched according to company policy. I used to work in a company that had a large laptop hardware count, and those devices would only update when they were connected to the company network. It was a major pain point and eventually a device would inevitably end up in my helpdesk queue because it would get so out of date that the updates would just stop working correctly. If a tool like Automox had been available during that time I would have been able to focus my efforts on my other responsibilities and prioritize my time more efficiently.
Jessica O: I think the coolest thing about our product is the distributed nature of our platform. As a remote-first company, we understand the need for modern patching solutions that do not require a central network connection. No matter where our users connect from, I can be sure all their patching, software, and configuration needs are up to date.
About Automox Automated IT Operations
Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.
Demo Automox to see how you can immediately gain effortless command of your endpoints.