A job-hunting expedition can be a long and stressful journey. I took a glance at LinkedIn in preparation for writing this newsletter, and I saw many descriptions of entry-level cybersecurity jobs asking for several years of work experience, proficiency in multiple programming languages, and prior involvement in online cybersecurity communities, as well as a rock star personality. Companies say they want a lot from their prospective employees, and it’s hard for many people to measure up to those standards.
It's no surprise that job recruiters are having trouble filling positions for entry-level cybersecurity positions. The problem goes beyond intimidating job descriptions. As Copado vice president of security Kyle Tobender's TikTok videos about entry-level cybersecurity job postings note, many jobs require certifications or advanced degrees. These are big asks for entry-level positions.
As PCMag contributing writer Nathaniel Mott reports, Microsoft addresses a part of this industry-wide hiring problem with a new campaign. The company will offer a free cybersecurity curriculum to roughly 4,000 colleges across the US, provide training to faculty at 150 community colleges, and support some 25,000 students via the Microsoft Cybersecurity Scholarship Program.
Will this be enough to jumpstart the lagging cybersecurity workforce in the US? Or are there changes to be made within the broader corporate hiring culture regarding gatekeeping? Let us know your thoughts in the comments.
Like what you're reading? You'll love it delivered to your inbox weekly. Sign up for the SecurityWatch newsletterSign up for the SecurityWatch newsletter.
The Companies Most At Risk for a Ransomware Attack
Many of us rely on online services for communication, entertainment, and work. That's why we hear about frequent attacks on various online services, from phishing YouTube creators to a Twitch database breach. However, a recent report from Nordlocker shows ransomware attackers are more interested in a different kind of target.
Construction and manufacturing companies are the top two industries hit most often by ransomware, according to Nordlocker's data based on an analysis of 1,200 ransomware cases. However, Tech and IT businesses are just the sixth most targeted. Finance, healthcare, and education came in third, fourth, and fifth, respectively.
If a ransomware attack hits you, you probably won't know it until it's too late. Ransomware doesn't show the usual signs of malware. You're more likely to get a message demanding payment in exchange for your files once the attacker has encrypted them. However, if you find yourself on the wrong end of such an attack, we don't recommend paying the ransom. It's better to prevent ransomware in the first place by investing in ransomware protection and avoiding phishing scams.
What Else Is Happening in the Online Security World This Week?
- Google released a new version of Chrome to fix seven security flaws in the popular browser—two of which are zero-day vulnerabilities that have already been exploited by hackers.
- Mozilla made several changes to its Firefox browser after discovering that two add-ons, which were installed by approximately 455,000 people, abused one of its APIs.
- Last week, Google added an option for anybody under the age of 18 to have the search engine stop showing images of them in its results.