RE:🏔️ Will you join us for the 2019 Cybersecurity Career Summit?
Hi,
It brings me great joy to announce the launch of the inaugural Cybersecurity Career Summit! Registration opens tomorrow!
In addition to providing a forum for entry-level attendees to learn
about the cybersecurity job landscape, the inaugural #CyberCareerSummit
offers a means for existing security professionals to learn key skills
to increase their market value, as well as a place for business leaders
to gain unique and enlightened perspective from some of the industry's
most successful startup entrepreneurs and seasoned veterans.
Unlike other industry events, the Summit will stream online, is accessible to anyone in the world without travel costs, and is 100% FREE to attend live.
Plus, the Cybersecurity Career Summit is a #NoPitchEvent!
Here are a few of the legendary speakers we've lined up for this year's event:
Tae'lur Alexis (Founder of CodeEveryday)
Adam Anderson (Chief Strategy Officer, Hook Security, TEDx Speaker)
Kerry Anderson (Co-Founder, Whole Life Entrepreneurship)
Jon Callas (Co-Founder of PGP, Silent Circle, Fellow at the ACLU)
Marcus Carey (CEO at ThreatCare, Co-Author of Tribe of Hackers)
Asha Christian (Co-Founder STEMGuyana, HERlead Ambassador)
Brennan Dunn (Founder, Double Your Freelancing)
Tracy Z. Maleeff (Librarian, Cyber Analyst, InfoSec Researcher)
Daniel Miessler (OWASP Project Lead, Host of Unsupervised Learning)
Jennifer Minella (VP of Security, SC Mag's Top 10 Women in Security)
Richard Rushing (CISO, Motorola Mobility, Co-Founder, AirDefense)
Chris Silvers (DEFCON SECTF Black Badge holder, TEDx Speaker)
Genevieve Southwick (EFF, Formerly CEO of BSidesLV & DEN)
Richard Stiennon (Analyst, Author, Advisor, Lecturer)
John Strand (Black Hills Info Sec, Sr SANS Instructor, IANS Faculty)
Chris Sutherland (Chief Information Security Officer at ING)
Eizabeth Wharton (VP of Operations at Prevalion)
and more!
For those who can't attend the free live stream, Cybersecurity Career Summit is donating 100% of profits from Replay Access Pass sales to mission-aligned charities including Women in Security & Privacy and the Electronic Frontier Foundation.
Over $5,000 worth of privacy, security & productivity apps
🧰 Over $1,000 worth of hacking tools & gear
U.S. News & World Report ranked "information security analyst" as #2
in Best Tech Jobs, #6 in Best STEM Jobs and #32 in the 100 Best Jobs of
2019. In the US alone, cybersecurity job openings were up 74% over the previous five years, according to the US Bureau of Labor Statistics.
Yet ISACA projects the
demand for cybersecurity talent will rise to 6 million by the end of
this year, with an estimated shortfall of 2 million security
professionals, even though the BLS reports that their median annual salary is more than double the national average for all other occupations.
So, whether you're just getting started, or a recognized expert who
wants to take their career to the next level, the Cybersecurity Career
Summit can help you launch, advance or accelerate a successful and
fulfilling infosec career.
Stay tuned for another email tomorrow when we open registration and make sure to register early to get early-bird discounts on Replay Passes!
We look forward to having you join us!
Highest regards,
John ( Joao) Silva
Is
there another speaker you think we should feature at the Summit? Hit
reply to let us know and we'll do our best to get them in!
---------- Forwarded message --------- From: Taylor Banks<taylor@taylorbanks.com> Date: Mon, Aug 19, 2019 at 5:55 PM Subject: 🏔️ Will you join us for the 2019 Cybersecurity Career Summit? To: <joaoa.desilva2018@gmail.com>
Taylor Banks
To make sure you keep getting these emails, please add taylor@taylorbanks.com to your address book or whitelist us. Want out of the loop? Unsubscribe.
Our postal address: 2566 Shallowford Rd NE #104-333, Atlanta, GA US 30345-1249
Due to unforeseen events, we are pushing registration out to Sunday, September 1st.
We want to ensure that the Cybersecurity Career Summit provides you with
expert content in a format that enables you to focus on the areas and
domains you need help with, while benefiting everyone from students and
recent graduates to young professionals to seasoned cybersecurity
veterans who want to take their careers to the next level.
We will send you another email next week before registration opens to
make sure you don't miss it, and we'll be updating the schedule and
posting additional details about talks, special events, and giveaways in
the meantime.
Thanks for your patience, and we're excited about bringing you this unique and timely content from our world-class speakers.
Best,
John Silva
---------- Forwarded message ---------
From: Taylor Banks<taylor@taylorbanks.com>
Date: Wed, Aug 21, 2019 at 11:00 AM
Subject: Re: 🏔️ Announcing the Cybersecurity Career Summit!
To: <joaoa.desilva2018@gmail.com>
Taylor
To make sure you keep getting these emails, please add taylor@taylorbanks.com to your address book or whitelist us. Want out of the loop? Unsubscribe.
Our postal address: 2566 Shallowford Rd NE #104-333, Atlanta, GA US 30345-1249
Capital One Breach Casts Shadow Over Cloud Security
Massive data exposure highlights sustained risk from poor information-protection practices
Capital was an early adopter cloud computing among
Photo:
Richard Drew/Associated Press
By Robert McMillan
One of the highest-profile hacks
of consumer-banking data has sent financial institutions scrambling to
figure out how millions of records at one of the biggest proponents of
cloud-computing were exposed. Capital One Financial Corp.
COF +1.34%
, the fifth-largest U.S. credit-card issuer, said Monday that
information of roughly 106 million card customers and applicants was
exposed in one of the largest data breaches of a big bank.
The data was stored on
Amazon.com Inc.
’s cloud, according to a federal criminal complaint and people
familiar with the matter. The avenue of entry, the companies and
investigators said, was a poorly configured firewall—a mechanism
designed to wall off privately operated digital systems—that a hacker
breached.
Both companies say controls around the data, rather than use of
the cloud, were the problem. Still, the data was stored in the cloud,
raising questions about whether Capital One put insufficient safeguards
in place to lock down customer records when it adopted cloud technology.
And the accused hacker’s tenure as a former employee of Amazon’s cloud
business highlights the risk—previously little appreciated—of an insider
threat.
Cloud computing has boomed as companies have increasingly turned to providers such as Amazon and
Microsoft Corp.
to do the work of configuring computers inside their own data
centers. The processing power of those servers and storage devices is
then rented out to cloud customers, who pay depending on how much work
the computers do.
Data Downers
The Capital One breach joins a list of episodes in recent years.
Capital One was an early adopter of cloud-computing among
financial institutions as many other banks hesitated to move customer
data out of their data centers. But the global cloud business has
expanded—including among banks—as companies such as
JPMorgan Chase
& Co. and
Bank of America Corp.
became converts. That has heightened the stakes from the Capital
One breach for the broader financial-services and cloud-computing
industries.
By 2023, banks globally are forecast to spend more than $53
billion on public cloud infrastructure and data services, up from $24.3
billion this year, according to market research firm International Data
Corp.
The disclosure of the breach has caused a behind-the-scenes
scramble at several financial institutions to understand what happened
at Capital One, according to a person familiar with the discussions.
“Everyone who is migrating to the cloud is really going to look
at their controls,” said Sameer Malhotra, the chief executive of
TrueFort Inc., a company that provides cloud security services. However,
he added, “I don’t think it’s going to change their intention to move
to the cloud.”
Capital One started working with Amazon Web Services in 2014 and has since become a marquee customer.
Photo:
salvador rodriguez/Reuters
Although court documents indicate a Capital One error led to
the breach, the alleged hacker, Paige A. Thompson, is a former employee
at Amazon’s web services unit, the world’s biggest cloud-computing
business. That raises questions about whether she used knowledge
acquired while working at the cloud-computing giant to commit her
alleged crime, said Chris Vickery director of cyber-risk research at the
security firm UpGuard Inc. A lawyer representing Ms. Thompson didn’t
return messages seeking comment.
An Amazon spokesman attributed the hack to a firewall issue, not a cloud-computing problem.
WSJ Newsletter
What's News
A digest of the day's most important news to watch, delivered to your inbox.
Cloud computing caught on in part because it allowed software
engineers to sidestep cumbersome security restrictions and sluggish
development processes that made companies’ in-house technologies clunky.
But the ease and speed of opting instead to fire up a server through
Amazon Web Services has led to many cloud misconfiguration problems that can leave sensitive data exposed to unauthorized access.
“It’s easy to misconfigure things and it’s easy to have catastrophic results from those misconfigurations,” Mr. Vickery said.
As the list of companies that have inadvertently exposed data
on the cloud has grown, Amazon has taken steps to minimize that risk. In
2017, the company introduced a series of technologies to detect such configuration problems and make them easier to fix.
Capital One started working with AWS in 2014 and has since
become a marquee customer. In 2015, Capital One Chief Information
Officer Rob Alexander said “the financial services industry attracts
some of the worst cybercriminals. So we worked closely with the Amazon
team to develop a security model, which we believe enables us to operate
more securely in the public cloud than we can even in our own data
centers.”
“This type of vulnerability is not specific to the cloud,”
Capital One said of the hack. “The elements of infrastructure involved
are common to both cloud and on-premises data center environments.” The
bank added that its use of the cloud helped it respond to the breach
faster. The company learned of the incident on July 19 and notified
affected customers 10 days later.
Over the years, Capital One has developed systems to prevent
data from being inadvertently released to the wider internet, according
to a person familiar with the company’s operations.
“Any company that has or is looking to move into the cloud must
ensure that their security strategy is developed alongside of that
transformation,” said Vincent Liu, a partner with the
security-consulting firm Bishop Fox.
Mr. Liu, whose company assesses security vulnerabilities on
corporate networks, says that while configuration problems happen in
corporate data centers as well, he often finds that “basic cyber hygiene
gets thrown out the window” as companies move to new technologies such
as the cloud.
The financial stakes for companies to safeguard customer information are quickly rising. Credit-reporting company
Equifax Inc.
struck a $700 million settlement this month with state and federal
authorities concerning its 2017 data breach that exposed information on
some 150 million Americans. In Britain,
Marriott International Inc.
faces a potential £99.2 million ($102.5 million) fine over a data breach. The same U.K. regulator this month also proposed a record £183.4 million fine following a hack at
British Airways
last year.
Capital One said it expected to spend up to $150 million to
cover breach-related costs, largely for issues such as notifying
customers and paying for credit monitoring. The bank didn’t discuss
potential fines. Write to Robert McMillan at Robert.Mcmillan@wsj.com
WSJ opens select articles to reader conversation to promote thoughtful dialogue. See the 'Join the Conversation' area to the right for stories open to conversation. For more information, please reference our community guidelines. Email feedback and questions to moderator@wsj.com.
