Skip to main content

Author: Circadence

Good Bots and Bad Bots: How to Tell the Difference to Stay Cyber Safe

You may have heard or read the term “bot” in the context of cybersecurity. Normally we hear this word in the wake of a cyberattack and relate it to breaches in computer or network security. While there are certainly bad bots, there are good bots too! So what exactly is a bot, how can you differentiate, and how do they work?

What are bots?

The term bot is short for robot and is a type of software application created by a user (or hacker) that performs automated tasks on command. There are so many variations, from chatbots to spider bots to imposter bots. Good bots are able to assist in automating day to day activities, such as providing up to the minute information on weather, traffic, and news. They can also perform tasks like searching the web for plagiarized content and illegal uploads, producing progressively intelligent query results by scouring the internet content, or helping find the best purchase deals online.

While we encounter bots like these in our everyday activities without really thinking about them, being aware of bad bots is important. Bad bots, used by adversaries, perform malicious tasks and allow an attacker to remotely take control over an infected computer. From there, hackers can infiltrate the network and create “zombie computers,” which can all be controlled at once to perform large-scale malicious acts. This is known as a “botnet”.

How do bots work?

Cybercriminals often use botnets to perform DoS and DDoS attacks (denial of service and distributed denial of service, respectively). These attacks flood target URLs with more requests than they can handle, making regular traffic on a web site almost impossible. Hackers use this as a way to extort money from companies that rely on their website’s accessibility for key business functions and can send out phishing e-mails to direct customers to a fake emergency site.

Protect yourself from bad bots

Don’t let this information scare you though! Awareness is a great first step to recognizing any potential harmful activity, whether on your own computer or on a site you visit online. Preventing bad bots from causing attacks before they start is easy with these tips:

  • Ensure your antivirus software is up to date by setting it to automatically update.
  • Routinely check the security options available to you for your iOS, web hosting platform, or internet service provider.
  • Only click on links and open emails from trusted sources. Avoid accepting friend or connect requests, responding to messages, or clicking on links from unknown persons on social media.

Bots can be incredibly helpful, and we use them every day. Knowing how to differentiate the good from the bad while taking the necessary precautions to protect yourself against malicious bots will ensure that you only need to deal with bots when they are telling you about blue skies or saving you money on that great shirt you’ve been wanting!

Photo by Su San Lee  on Unsplash

Resources for starting a career in cybersecurity

Jumpstarting a new cybersecurity career path can feel like a daunting initiative, however, it may be more attainable than you think. By utilizing online cyber resources and persistent learning exercises, you can start learning everything you need to know to understand career options and land your dream job.

Virtual machines and digital libraries are great places to start on your cyber learning journey. A virtual machine is a software program or operating system that exhibits the behavior of a separate computer and is capable of performing tasks such as running applications and programs like a separate computer. This enables you to create multiple independent VMs environments on one physical machine and it aids in detecting things like malware and ransomware attacks. A digital library is an online platform that offers a diverse collection of cybersecurity learning objectives, along with an online database of digital materials like videos and reports.

Here are some resources that can help you pursue a career in cybersecurity:

  • Oracle VM VirtualBox – this powerful virtualization product is for enterprise as well as home personal use. This is the best VM for home users and can be run on a multitude of operating systems.
  • Kali Linux – this is an open source tool used in information security training and penetration testing services. Kali Linux is one tool available for use in our Project Ares platform for offensive skill building and practice.
  • Security Onion Virtual Machine – this free and open sourced Linux distribution aids in intrusion detections, enterprise security monitoring, and log management. Security Onion is also available in Project Ares.
  • Flare Virtual Machine – a freely available and open sourced Windows-based program that offers a fully configured platform with a comprehensive collection of Windows security tools.
  • Cybrary – this community based digital library gives you the ability to collaborate in an open source way and create an ever-growing catalog of online courses and experiential tools to learn all things cybersecurity from offensive, defensive and governance.
  • Clark Cybersecurity Library – a digital library that hosts a diverse collection of cybersecurity learning objectives from Intro to Cyber to Adversarial Thinking . It is a high-quality and high-availability repository for curricular resources in the cyber education community.

From entry level positions to cybersecurity professionals, digital libraries help in understanding cyber concepts and virtual machines allow learners to apply and hone cyber skills that security professionals use on the job such as risk management, information systems security, and network security.

To complete your well-rounded cyber education, pairing these tools with hands-on practice in cyber range like Project Ares is key.

Circadence’s own Project Ares uses gamified cyber range learning environments to emulate immersive and mission-specific network threats for a variety of cybersecurity work roles and job titles. The Project Ares platform is constantly evolving with foundational and specialized scenarios we call Battle Rooms and Missions to address the latest threats in the workplace. Learn tools, tactics and procedures and apply multiple skill sets in Mission scenarios hands-on to build experience. Using Project Ares is a great stepping stone to launching into a career in cybersecurity.

From concept learning to skills application, gamification paired with persistent, hands-on training in virtual environments is an ideal approach to understanding the ins and outs of complex cyber networks and how to recognize potential vulnerabilities in today’s evolving threat landscape. Pairing Project Ares with any of the aforementioned resources is a sure-fire way to kick off your cybersecurity career and prepare for security certifications!

Photo by Andras Vas  on Unsplash

Girl Scout Troop Visits Circadence to Earn cybersecurity Badges

Introducing girls to the world of cybersecurity and empowering their access to this STEM discipline is incredibly important to Circadence as we advocate for a cyber workforce with diversified thinking and problem-solving perspectives to keep pace with today’s adversaries. In mid-May, Circadence was honored to host 12 Brownies from a local Girl Scout troop at our San Diego office to help them earn their cybersecurity badges . Some of Circadence’s own family members are involved with the local troop and several co-workers facilitated a series of workshops for the girls to teach aspects of cybersecurity including cryptography, spamming, and virus detection.

Circadence’s Raeschel Reed, software engineer, taught the group about Cryptography and showed them how to use a Caesar Cypher to encrypt messages. The girls worked in groups of two to encrypt their favorite food and color. Then, they traded messages with each other and worked to decrypt the messages.

The group also learned about spotting fake emails and about using photo filters and editing pictures from Shirley Quach, Software Engineer at Circadence. Girls broke into groups and presented their comparison arguments for which photo was real and which was fake.

Yadhi Marquez-Garcia, DevOps engineer, taught a section about what a digital footprint is and how we should only share positive and not personal information. The girls wrote down all of the websites, games, and online services they interact with in order to learn about their own digital trail and “see” where they have been online. This helped them be much more conscientious and intentional about sites they visit online and the implications of their online activity.

Digital viruses and how they spread was another topic of discussion that included a hands-on activity. Domonique Lopez, office operations manager, led the girls through an exercise where they shook hands with as many people as they could in two minutes and then pulled a card out of a bucket. The girl who pulled the card out was deemed “the virus” and the other girls quickly realized they were likely “infected” because most had touched her either directly or indirectly. Domonique and the girls then discussed ways to limit exposure to viruses while online. The underlying lesson was that viruses can spread quickly if you aren’t careful about what websites you “shake hands” with.

Complementary to that topic, Kate Dionisio, software engineer, applied the concept of viruses to computer networks. She discussed about how malicious viruses are designed to disrupt computer systems and explained how ransomware attacks work. The girls gathered in a group and tried to pass a message from one to another (a game of “telephone”) while 3 disrupters shouted and tried to stop the message. Then they did the same thing but with 6 disrupters! This led into a discussion about how some viruses will overload a server with requests and stop messages from going where they need to go.

Finally, the girls formed teams of two to play inCyt , Circadence’s new cyber awareness game designed to help anybody learn basic cyber concepts similar to the ones that the troop had been learning about. Volunteers helped the girls understand how the cyber topics they’d been learning about applied to cyber attacks they were playing with on inCyt.

“When interacting with inCyt the girls were excited to get a chance to play a game. They loved picking their hackables and choosing a name. They got really excited when they were successful at sending a hack and loved the music. When talking with each other and volunteers they did a great job of connecting what they were doing with our discussions about digital trails and clicking suspicious links. I think they walked away more engaged than if we had just given them a lecture on the content,” said Domonique.

Circadence is pleased to host opportunities like this to engage the next generation and improve their cyber awareness. There is a significant cyber skills gap today and while these young girls won’t be entering the workforce soon, we hoped they learned that cybersecurity isn’t scary and is a field they could consider someday. In the meantime, we’re glad that they might be a little safer online.

What is a Cyber Range?

Users generate a lot of traffic, and the systems which you depend on are expected to be available 24/7. You need to be on top of the latest threats to your organization and limit any potential down time for your infrastructure.

Cyber ranges are virtual environments where cyber professionals can train and build cybersecurity skills in a persistent, on-demand way.

How to Launch a cybersecurity Career

Preparing for a cybersecurity career is more enjoyable than you may think! The technical challenge, problem-solving, constant change (you’re never bored!), and continuous learning opportunities are positive experiences one can have when entering the field of cybersecurity.

For any interested student or autodidactic, a cyber career path may seem a little daunting. But with the right cybersecurity tools and teachings in place, coupled with the latest proficiencies, any person can learn cyber and garner the skills necessary to enter the workforce with confidence and competency.

The earning potential for an individual pursuing a career in cyber is significant. The national average frontline cybersecurity career salary is $94,000-119,000 (on the low end) for security-related positions in the U.S. according to the Robert Half Technology’s 2020 Salary Guide

The industry offers high paying jobs, yet many positions continue to be unfilled with an estimated 145% workforce needed to fill the talent gap .

This begs the question: what is the best way to fill the cybersecurity skills gap with motivated and budding professionals? The answer is multi-faceted but at its core is a fundamental shift in how we prepare and train them with the skills needed to thrive.

Pro Tips for Building a Cybersecurity Career Path

Just like many other career paths , cybersecurity needs people who possess a mix of academic, theoretical-based knowledge, practical skill sets, and a lot of creative thinking. An aspiring cybersecurity professional can learn the knowledge, skills, and abilities needed in the industry, seek out internships and/or apprenticeships, and learn of careers in cyber without actually being on the defensive frontlines of cyber attacks. Details of each approach are below.

Step 1: Identify individual strengths, knowledge, skills, abilities

The first suggestion for an individual who wants to learns on their own is to match their unique strengths (technical and non-technical) to the kinds of knowledge, skills, and abilities needed to do certain cyber jobs in the workplace. Understand what kinds of jobs are available too. For students, they will likely learn these details in traditional classes and in their coursework assignments. With Google at our fingertips, however, it’s easy to find a variety of online resources to learn cybersecurity KSA’s including ISACA, ISC(2), ISSA, and The SANS Institute—all of which provide information about the profession and detail certification and training options. Understanding the kinds of tasks performed in certain work roles and the kinds of behaviors needed to perform certain jobs, an aspiring cyber professional will be better prepared during the interview and job search process. He/she won’t be surprised to learn about what is required to start a job in cybersecurity.

Step 2: Consider internships, apprenticeships, and alternative pathways to cyber learning

As a self-guided learner, you likely have the go-getting attitude needed to find a cybersecurity internship, apprenticeship, or alternative trade school to start building your knowledge, skills, and abilities more.

Internships are available through many community colleges, technical colleges, and universities, each of which has well-oiled practices of connecting students with local companies. In fact, it’s not uncommon for most students, both undergraduate and graduate, to be required to complete an internship in their field of study before graduation.

Apprenticeships are a “learn while you earn” kind of model and are incredibly beneficial for both the company offering the apprenticeship and the student.

“This is absolutely fundamental, and a key plan in meeting the workforce needs. Our solution to the gap will be about skills and technical ability,” says Eric Iversen, VP of Learning & Communications, Start Engineering . “And the most successful of apprenticeship programs offer student benefits (e.g., real-world job skills, active income, mentorship, industry-recognized credentials, an inside track to full-time employment, etc.) and employer benefits (i.e., developed talent that matches specific needs and skill sets, reduced hiring costs and a high return on investment, low turnover rates and employee retention, etc.)”

The Department of Homeland security created a Cyber Corp Scholarship program to fund undergraduate and graduate degrees in Cybersecurity. Students in this program agree to work for the Federal Government after graduating (with a one year service for every year of scholarship).

These types of opportunities are especially advantageous for recruiting individuals who may be switching careers, may not have advanced degrees, or are looking to re-enter the field.

Alternative pathways are also quite accessible for the college graduate or self-driven learner seeking a career in cybersecurity. One cyber career pathway is via “stackable” courses, credits, and certifications that allow learners to quickly build their knowledge base and get industry-relevant experience. These kinds of courses are available in high school (taking collegiate-level courses) and at the college level. Another type of alternative pathway is via cyber competitions and hackathons. Learners can gain practical skills in a game-like event while meeting fellow ambitious professionals. Participating in these events also makes for great “extracurricular activities” on one’s resumé too.

Circadence is proud to lend its platform Project Ares® for many local and national cyber competitions including the Wicked6 Cyber Games, cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge so students can engage in healthy competition and skill-building among peers. For more information on cyber competitions and hackathons, check out the Air Force Association’s CyberPatriotCarnegie Mellon’s picoCTF Major League Hacking , and the National Cyber League .

Cyberseek.org also has a detailed and interactive roadmap for hopeful professionals to learn more about how to start and advance their careers in cybersecurity. This interactive cybersecurity career pathway map breaks it all down. For example, if you’re interested in a software development role, you’ll want to build skills in Java or Python, databases, code testing, and software engineering, as well as, build cyber skills in cryptography, information assurance, security operations, risk management, and vulnerability assessment. You may also consider certifications in Certified Ethical Hacking (CEH), Security+, Network+, Linux+, Offensive Security Certified Professional (OSCP), CISSP, and GIAC in addition to having real-world experience and training. In addition, check out Cyber-Security Degree, a free service that helps individuals looking to enter into the field find the right path to getting an online degree.

Step 3: Understand Cybersecurity Career Requirements

We recommend three types of experience when considering a career in cybersecurity:

  • Degree experience for basic understandings of cyber theory and practice
  • Technical experience to demonstrate learned knowledge translates to skill sets acquired
  • Real-world training experience, either via an internship/on-the-job opportunity or via realistic cyber range training

Many entry-level cybersecurity job descriptions will require at least a bachelor’s degree or 4 years’ experience in lieu of a degree. Higher-level positions will require the academic degree plus some technical experience and/or real-world training.

It’s important to note that there are two types of cyber training available: A traditional classroom-based setting and an on-demand, persistent training option. Both are great in their own ways and can complement each other for holistic cyber learning. The classroom-based learning presents information to learners via PowerPoints, lectures, and/or video tutorials. Learners can take that knowledge and apply it in a hands-on virtual cyber range environment to see how such concepts play out in real-life cyber scenarios.

Since cybersecurity is an interdisciplinary field, it requires knowledge in technology, human behavior/thinking, risk, law, and regulation—to name a few. While many enter the field with the technical aptitude, many forget the “soft skills” to cybersecurity. To communicate effectively with a cyber team, problem-solve, analyze data, identify vulnerabilities, and understand the “security story” of the employer, a young professional needs to possess and demonstrate those social skills to thrive in their job.

The Variety of Cybersecurity Fields are Endless!

There’s more to cybersecurity than being a network analyst or incident response manager. Interested, aspirant professionals can work in cybersecurity through other departments beyond security and IT. Cyber careers in human resources, marketing, finance, and business operations are all available sectors that allow a learner to “be in cyber” without doing the actual day-to-day frontline security defense tactics. It is important to know about the other careers individuals can pursue in cybersecurity because it is not just for the IT department to “manage” within a business. Furthermore, cybersecurity roles don’t have to be pursued at technology companies – there are many healthcare, banking, energy, and enterprise companies seeking cybersecurity professionals in their organizations. So, if a certain industry is of interest to you, you can explore cyber in that specific industry. In the age of digital transformation, practically every sector has a security need that needs to be hardened.

For young graduates entering the cybersecurity field, a multi-faceted approach to learning cybersecurity skills is recommended. The good news is that motivated learners have lots of avenues and resources available to them to pave a career path that best fits their needs and interests. Check out this article next for options to kickstart a cyber career.

The Future of cybersecurity in the Wake of Standardized Workforce Development

The implications of the Executive Order on America’s Cybersecurity Workforce and what it means for cyber workforce development going forward.

The White House issued the Executive Order on America’s Cybersecurity Workforce. This forward-looking executive order aims to close the cybersecurity skills gap and increase the number of cybersecurity professionals working in the field. This is a huge need for our critical infrastructure, national defense and modern economy. We are bound to see some changes across the industry with the passing of this bill. Although we don’t have a crystal ball to see the future, there are some implications we anticipate for the cybersecurity industry overall. 

Improved Global Security from Nationally Recognized Standards

The executive order encourages widespread adoption of the cybersecurity workforce framework created by the National Initiative for Cybersecurity Education (NICE). The use of the NICE framework will create some national standards in the industry and allow for more qualifying leverage. This will provide evaluation requirements used in contracts for IT and cybersecurity services.

Prioritizing Cyber Workforce Diversity

According to Cybersecurity Ventures, there will be up to 3.5 million job openings by 2021 and currently, females represent less than 12% of the global cybersecurity workforce. This stat is crazy! To keep pace with sophisticated adversaries and develop technology that supports human cyber operator decision making, diversity of thinking and skill and approach should be a hyper-focus for the security industry. Women are well suited for, and extremely talented at, technical fields such as information security, security engineering, and AI engineering; however, recruiting and retaining women in these fields is not where it needs to be. There is a long-standing stereotype that cybersecurity is too technical for women and that’s not the case. There are many critical skills that women bring to the table including an incredible attention to detail, problem-solving, and communication skills that are as important in cyber work as the technical know-how. Groups like Cyber Patriot, Girls Who Code, and more recently Women’s Cyberjutsu are wonderful organizations that inspire young girls and women to pursue careers in cyber and technology.

The aptitude for cybersecurity lies not only in the technical fields, but can also be found in many unexpected disciplines. Some of the best cyber defenders started their career out doing something completely different. We need this type of diversity and people with different backgrounds to join the industry. We need to improve thinking and skill, both technical and critical thinking skills to combat today’s adversaries.

New Methods of Cybersecurity Training

In developing the workforce, we need to be cognizant of the need for new methods of training that inspire the next-gen learner. The traditional ways of learning in a classroom have worked in the past, but there are a lot of statistics that show traditional classroom settings alone aren’t the most effective in terms of applied skill preparedness and learning retention. Studies on the effectiveness of traditional classroom settings show that students lose 40% of what they’ve learned after 20 minutes and between 50 – 80% of what they’ve learned after one day, and 90% of what they’ve learned after six days.

Gamified learning approaches are currently being adopted federal agencies, banks, oil and gas and other infrastructure organizations as well as academic institutions such as the University of Colorado, Divergence Academy , and Loudoun Public Schools. This form of active learning generally includes on-keyboard activities along with team collaboration and applying concepts to real-world scenarios, which has shown to improve retention to 75% compared to 5% through more passive learning methods like lectures with PowerPoints. Recently, a graduate student at the University of Colorado shared his experience after he played one of the cyber games in Project Ares, Circadence’s flagship learning platform. He mentioned that he liked the feeling the game created of a sense of impending danger from the robots and that made him think better and learn more as he worked to defeat them 

Pursuing ‘Cyber as a Sport’ to Capture Talent

We embrace the idea of “cyber as a sport” believing cybersecurity skill building can and should be fun, like sports. Cyber competitions are a great way to encourage skill-building plus they bring attention to the industry. These kinds of competitions should be happening from early school age (Girls Who Code), through high school (Cyber Patriot), and university (NCCDC), and then throughout the professional career. Competition categories can include individual and team-based events, software reverse engineering and exploitation, network operations, forensics, big data analysis, cyber analysis, cyber defense, cyber exploitation, secure programming, obfuscated coding and more.

Wicked6 Cyber Games , cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge are several examples of events where students can engage in healthy competition and skill-building among peers in an active, living lab setting. Circadence ’s gamified training platform, Project Ares is used as the platform to deliver the competitive exercises though its immersive, gamified cyber range. Realistic scenarios challenge players in mission-specific virtual environments using real-world tools, network activity and a large library of authentic threat scenarios.

Without continued effort to increase the cybersecurity workforce, our critical infrastructure, national defense and modern economy will be jeopardized.

The publication of this Executive Order is an indication that government is ready to proactively address our very serious cybersecurity challenges and is looking to new ways of training and skill building to meet the demands of today’s workforce.

To keep organizations better protected in the wake of digital transformation, legislative progress like this is a significant stepping stone to alleviating the industry’s largest challenges.

Photo by freestocks.org  on Unsplash

Photo by David Everett Strickler  on Unsplash

Diversity in cybersecurity: Why It’s Important and How To Integrate It

You may have heard that the cybersecurity skills gap is widening, and that there is a massive shortage of cyber professionals today. In fact, Cybersecurity Ventures predicts that there will be up to 3.5 million job openings in the field by 2021. In spite of the growing need for people in cyber, women continue to be underrepresented in the field.

According to major findings from the 2017 Global Information Security Workforce Study :

  • Women are globally underrepresented in the cybersecurity profession at 11%, much lower than the representation of women in the overall global workforce.
  • Globally, men are 4 times more likely to hold C-suite and executive-level positions, and 9 times more likely to hold managerial positions than women.
  • In 2016 women in cybersecurity earned less than men at every level.

It’s no surprise that women are the underdog across plenty of male-dominated industries. So why is it so important for women to close the gender gap in cyber?

We need diverse perspectives in cybersecurity

Firstly, cyber is an area that benefits greatly from utilizing people with diverse perspectives and histories to solve problems. As threat actors and black hat hackers often come from disparate backgrounds, the wider variety of people and experience that are defending our networks, the better the chances of success at protecting them.

Combat the stereotype that cyber is only for men

Secondly, as there are so many empty jobs in the field, it is ultimately detrimental for a factor like a gender to narrow the pool of people pursuing it. Unfortunately, the message is ingrained in women from a young age that tech and security are “masculine” professions, which results in a self-perpetuating cycle of unconscious bias against women in the field. These problems are difficult to fix because they are subtle and pervasive and often come back to issues in culture and education. In fact, an online survey, Beyond 11% , found that most women have ruled out cybersecurity as a potential job by the age of 15. This is unacceptable!

Introducing more women to cybersecurity

Programs and Events

Since many of these problems start for women from a young age and through somewhat unconscious societal and cultural constructs, it can feel like a daunting task to get women more involved in cyber. In order to combat these misconceptions, many programs and events have been put into place to provide young women with female role models in the cybersecurity field. Events such as the Women in Cybersecurity Seminar, Women in Cybersecurity Conference, and Cyber Day for Girls are just a small number of direct-action groups that companies like IBM have put in place to address the gender gap. Further cyber competitions like the Wicked6 Cyber Games , and organizations like the Women’s Society of Cyberjutsu and Girls Who Code are dedicated to introducing young women to cyber at that earlier age before they are told “it is not for them.”

Cybersecurity Mentorships and Internships

Mentorships and internships are another great way to introduce girls to other women in cybersecurity fields they may think are beyond their reach. Volunteers from tech companies have been going to summer camps specifically designed to encourage young girls to consider careers in STEM, such as the Tech Trek summer camp. Additionally, the Girl Scouts have introduced cybersecurity badges, which can be earned by completing curriculum and gamified learning around internet safety.

Persistent cyber career development

Another way we can support and retain women who choose cybersecurity roles is for companies have policies in place that ensure women do not miss out on opportunities to further their careers after having children. Things like flexible hours and the option to work from home can be key in maintaining a diverse and productive workforce. Hiring managers can also work to ensure equal employment opportunities when looking to hire for a new position. People from all backgrounds should feel welcome to apply for roles in this highly trainable and accessible field.

We need all hands-on deck now more than ever in cybersecurity, tech and STEM fields. Communicating to girls at a young age that technology isn’t just for their male counterparts, and that it can offer them a long and rewarding career, is essential in closing the gender and skills gap in cyber.

To learn more how to diversify the cybersecurity workforce from a strategic standpoint, read our other blog “Diversifying the Cybersecurity Workforce. “A call to diversify the cybersecurity workforce”