Home cybersecurity
 

Keywords :   


Tag: cybersecurity

Telefonica fires cybersecurity chief and other executives following investigation

2021-03-19 09:34:00| Telecompaper Headlines

(Telecompaper) Telefonica last month fired the head of its cybersecurity division ElevenPaths and another three directors for an alleged breach of the company's...

Tags: chief investigation executives fires

 

Cybersecurity Lead Engineer wmd

2021-03-09 14:12:16| Space-careers.com Jobs RSS

Telespazio Germany GmbH is the first choice European aerospace company for ICT and engineering solutions and services. We combine 40 years of experience in hightechnology markets, where trust and quality are essential. With more than 350 employees in Germany, we shape the future of aerospace together and beyond. Our staff play a key role in determining our success through their qualifications, motivation, enthusiasm, different cultural backgrounds and their sense of teamwork. The Position We are looking for a Cybersecurity Lead Engineer wmd to help us implement and manage cybersecurity solutions and services for our customers. This position is based at our Headquarter in Darmstadt. It is a fulltime and permanent position, and the expected starting date will be around June 2021. This is an excellent opportunity to prove yourself in a challenging environment, being the Cybersecurity Expert in a multidisciplinary team providing ICT Engineering and Secure Connectivity services to space, defence and energy sectors. We are looking forward to meeting you! ResponsibilitiesDuties Capture the specific customer needs and design a robust, fit for purpose cybersecurity solutions Articulate features and benefits of complex designs, technologies and solutions to technical and nontechnical audience through professionally written submissions and orally delivered presentations Gain and maintain a strong network of relationships across cybersecurity marketplace Gain and maintain technical qualifications as appropriate to ensure partner levels with cybersecurity vendors Follow up and deliver projects from requirement engineering to transfer to operation and provide training on the engineered cybersecurity solutions when required Technical support in proposals production QualificationsExperience A university degree in Computer Sciences or equivalent Proven experience in Security Operation Centre SOC design and implementation Strong goaloriented and planning capabilities, coupled with very good problemsolving skills and a pronounced customer focus Strong communication and collaboration skills, be able to work in a diverse team environment and accomplish goals in line with team objectives Experience operating critical IT infrastructure environments, working in mixed operating system environments, managing technical service transition, creation and maintenance of support documentation Familiar with the security strategy, roadmap, SIEMNetwork forensics solutions and security assurance to improve overall IT security Experience with design and implementation of key foundational building blocks of the security strategy Interested in learning and dealing with modern technologies Essential Skills Requirements Engineering Security Risk Analysis Deep knowledge of OfftheShelf cybersecurity products Design and implementation of Security Operation Centre SOC Infrastructure and Operational Concepts Business level proficiency in English Desirable Skills Fluency in German language ISO 27001 Certification Project Management Certification PMP, Prince2 ITIL Certification Your Benefits of joining us By joining the Telespazio family, you will enjoy all the benefits of a competitive salary in a sustainable work environment, flexible working time models, diverse advancement and training possibilities for technical, language and soft skills, a generous holiday package as well as a company pension scheme. Furthermore, we support you with your relocation. Through our wide network, we can also support your partner in finding a job at your new work location. Application Are you equally inspired by our visions and dreams? Get in touch with us today and send us your application! Your HR Contact for this position is Raphael Rossato.

Tags: lead engineer cybersecurity lead engineer

 
 

What is cybersecurity maturity model certification (CMMC) and why should you care?

2021-03-03 17:21:33| The Webmail Blog

What is cybersecurity maturity model certification (CMMC) and why should you care? nellmarie.colman Wed, 03/03/2021 - 10:21   If your organization works with the U.S. Department of Defense either as a prime contractor, subcontractor or supplier you need to prepare for major changes this year. Starting in 2021, some Department of Defense (DoD) contracts will require you to not only achieve a certain level of cybersecurity, but also have it certified by a third-party assessor. This certification program, known as Cybersecurity Maturity Model Certification (CMMC), will help ensure that everyone on a contract can keep the projects data secure. This is a shift from how the DoD has handled cybersecurity requirements in the past, when an organization often simply needed to self-attest that they were practicing essential cybersecurity hygiene. But given that cybercrime is predicted to cost $6 trillion globally in 2021, and continues to rise, these measures are not unexpected. So, how should you prepare? Although the DoD is still ironing out the details, you can start getting ready now by learning about the new requirements, getting to know the various certification levels and knowing who to reach out to for expert guidance.   Who will need to be CMMC-certified? Its estimated that more than 300,000 organizations will require assessment and certification to one of the five CMMC levels. From small businesses providing HVAC maintenance to major defense contractors working on the newest military hardware, every member of the DoD supply chain will need to address CMMC. At the same time, that doesnt mean your entire organization needs to be compliant just the systems, processes and people involved in fulfilling the specific contract at the CMMC level in question. This is important, as the jump from Level 1 to Level 3 requires formal documentation and implementation of 113 additional security controls. However, the DoD estimates that most contracts will only require Level 1 certification.   What are the CMMC levels? The level of compliance needed will vary based on the scope of work. So if you take the examples above, a business providing HVAC maintenance might just need to reach CMMC Level 1, while the company working on military hardware is probably looking at CMMC Level 5 certification. Lets take a brief look at what each level entails. Level 1: Basic cyber hygiene Safeguarding Federal Contract Information (FCI) At this level, you will be implementing basic cybersecurity best practices that every business should follow and that most suppliers have been required to follow since 2016, in accordance with FAR 52.204-21. For example, you will need to control and manage who has access to devices and data, establish strong password protections, implement firewalls, stay on top of software updates/patches and use antivirus protection. This helps protect Federal Contract Information (FCI), which is likely to be found in nearly every government contract.   Level 2: Intermediate cyber hygieneTransitioning to protecting Controlled Unclassified Information (CUI) In Level 2, you will need to demonstrate that cybersecurity is not just practiced, but that you are effectively documenting, managing, reviewing and optimizing your practices. In doing so, youre preparing your organization to move ahead to Level 3.   Level 3: Good cyber hygieneProtecting CUI Level 3 demonstrates that you are able to protect anything the government categorizes as CUI (i.e., information that is sensitive and not for public consumption, but not officially classified). It shows that you havent just implemented and documented the required cybersecurity practices, but that youre actively managing them as well.   Level 4: Proactive cybersecurity Protecting CUI and reducing the risk of advanced persistent threats At this level, youre taking a more proactive approach to protecting the governments information. You will need to demonstrate that youre able to detect and respond to advanced persistent threats and adapt to their always-changing tactics, techniques and procedures.   Level 5: Advanced/progressive cybersecurityIncreasing protection of CUI and further reducing the risk of advanced persistent threats Level 5 requires that you take a more advanced posture of proactive scanning and mitigation of advanced persistent threats standardizing and optimizing your processes, across your organization. While Level 4 can be more reactionary, Level 5 is more proactive.   How can my business get CMMC certified? One of the keys to CMMC certification is the ability to break down and review your processes at every step, identify strengths and weaknesses, and develop remediation plans. If youve never done this before, reach out to an experienced Registered Provider Organization (RPO) who can help streamline your path to CMMC certification. The key is to reach out to an RPO early in the process, so you can avoid costly mistakes from the beginning and start with a strong foundation. As an authorized RPO, Rackspace Technology can help you achieve your certification faster, so you can remain competitive for DoD contracts moving forward. Were a leader in the government compliance enablement space, powering multiple FedRAMP and FISMA ATOs built on our managed service, and providing 24x7x365 hybrid-cloud management, operational support and security services as a packaged, on-demand, audited and pay-as-you-go service. Start your CMMC journey strong. Learn more about our CMMC certification services.   What is cybersecurity maturity model certification (CMMC) and why should you care?Get to know about Cybersecurity Maturity Model Certification and how you can start getting ready now so you can remain competitive for Department of Defense contracts. Learn more about our CMMC certification services./compliance/cmmcGet started

Tags: you care why model

 

Cybersecurity threats in 2021

2021-03-01 23:10:23| The Webmail Blog

Cybersecurity threats in 2021 nellmarie.colman Mon, 03/01/2021 - 16:10   Last year, the world witnessed a significant rise in several cybersecurity threats driven by the advent of the coronavirus. Savvy cybercriminals began exploiting vulnerabilities in new ways, because of the new work-from-home culture that the pandemic created. Unsecured home devices were being hacked. New phishing schemes were being launched leveraging keywords like virus diagnosis and stimulus package. Common tech tools were being exploited, like Windows PowerShell. Zoom credentials were being stolen. One year later, where do we stand when it comes to our biggest security threats? Many of the same threats are still going strong as we move into 2021 and new vulnerabilities are emerging. Cybercriminals are doubling down on their successful schemes from 2020 and creating new ones to leverage todays leading security vulnerabilities.   Threat #1: Perimeter expansion to employees homes With the rise of a work-from-home culture in 2020, company perimeters now extend into employees homes. This makes it more challenging for security professionals to monitor their internal network through traditional perimeter monitoring and access controls, such as firewalling and network intrusion detection systems. What is more, 84% of IT leaders anticipate broader and more permanent work-from-home adoption beyond the pandemic, which means that this challenge will continue in 2021 and beyond. To combat these risks, IT teams will need to focus and improve on effective endpoint management solutions, such as mobile device management (MDM) tools and secure access service edge (SASE). These solutions enable better visibility and control over data, including on any third-party apps, like Zoom, Slack and Office 365. This will also extend to traditional endpoint security tooling by ensuring that security tools such as anti-malware are installed, patches are up-to-date, secure configurations are set, and endpoints are protected.   Threat #2: Third-party hacks gain criminals attention With the successful hack of SolarWinds and, subsequently, its 300+ client base, and many other third-party-based breaches in the past, more companies are paying attention to their third-party risk management programs. This speaks to the increased sophistication, complexity and persistence of threat actors. To prevent a similar third-party breach from impacting their networks, corporate mergers and acquisitions (M&A) and licensing management functions need to become more closely aligned with their governance, risk and compliance teams. One critical step is conducting a thorough security audit of all third-party vendors. This intra-organizational collaboration will also better prepare organizations for the future of increased compliance regulations that will force a baseline for more comprehensive and robust third-party risk management programs.   Threat #3: Ransomware attacks on the rise Ransomware was a growing area of attack in 2020, with a 300% increase by April, according to the FBI, and a seven-fold rise in attacks by mid-year. Ransomware attacks are on track to continue being a leading threat in 2021. One of the drivers is that more companies are purchasing ransomware insurance. This fact has not escaped cybercriminals attention. Because companies have insurance, they will pay off the ransoms to have their data decrypted quickly rather than try to fight it. As a result, the criminals receive a quick win. Preventing ransomware attacks is accomplished with a back-to-basics approach that includes stronger security hygiene. This includes tactics like timely patching, enforced least-privilege access policies and regular backups with safe storage.   Threat #4: New email phishing scams 2020 continued the trend of increasing the volume and complexity of email phishing attacks. Cybercriminals use phishing to distribute malware, steal credentials and scam users out of money. Studies found that users were three times more likely to click on a phishing link and give away their credentials at the start of the pandemic. A survey conducted mid-2020 reported that 38% of respondents said a coworker fell victim to a phishing attack within the last year. While 2020 did not introduce a fundamental change to phishing, cyber threat actors did adjust tactics to leverage different keywords throughout the year, as people gained interest in new topics. Keywords such as pandemic and COVID became popular in the earlier parts of the year, and as vaccines and stimulus checks became relief options, attackers added these emotionally-charged keywords to their phishing vocabulary. There is no single solution to prevent malicious email from coming through, but combinations of well-tuned tools and well-educated staff will reduce your chances of falling victim to phishing emails: Implement the technical security controls built into your email platforms. Add an external banner to emails coming from outside your organization. Apply email analytics tools that can detect emails coming from untrusted sources, or from newly created burner email accounts and domains. Establish a robust security awareness program for employees, so they can serve as a last line of defense against phishing attacks. Consider implementing mock phishing tests against your own organization, so employees know what to do when they receive something that looks phish-y.   What is your cybersecurity risk score? Understanding the maturity of your organizations cybersecurity program is critical so you can make informed decisions to defend against threat actors and their tactics, techniques, and procedures (TTPs). This Cybersecurity Risk Self-Assessment is a suitable place to start. By answering these simple questions about your cybersecurity technology, processes and people, you will receive a cybersecurity risk score against our benchmark and discover common security gaps in your environment that you may not be aware of.   Cybersecurity threats in 2021Cybercriminals evolved their tactics in 2020 to take advantage of new vulnerabilities. But these attacks do not stop with the New Year. Explore ways to protect yourself in 2021. Discover your cybersecurity risk score

Tags: threats cybersecurity

 

Telecom Cybersecurity Engineer

2021-02-17 14:12:14| Space-careers.com Jobs RSS

Telecom Cybersecurity Engineer Deadline for applications 11032021 Client and Location The European Space Agency is ATGs biggest client. They are an international organisation with 22 member states with sites in the Netherlands, Germany, Spain, France, Italy, UK and Belgium. ESA is Europes gateway to Space! Job Description On behalf of the European Space Agency ESA, we are looking for a Telecom Cybersecurity Engineer for their location in Noordwijk, the Netherlands, to join their Systems Security Engineering Section. Please note this is an external consultant position not a Staff position. Tasks and Responsibilities Provide support to projects and programs in the area of security, including System security analysis, design and associated tools covering all aspects related to the analysis and design of the security of the end to end system, including concepts, architecture, ground, space and hybrid groundspace systems and subsystems, methodologies, standards and all associated tools for simulations and analysis. System security requirements definition and implementation, vulnerability and threat assessment, security engineering process lifecycle Security technology, techniques design, and prototyping covering all technologies related to the implementation of security, InfoSEC, COMSEC, CyberSec, Appsec engineering Security accreditation and certification methodologies and processes. Security requirements derivation, design, implementation and verification from an accreditation perspective. Project Risk analysis and assessment, supporting toolsets, accreditation processes and methodologies, security standards Specific RF security technologies, e.g. telecom security techniques and technologies, secure TTC and PDT links, radio navigation security technology, RF system security etc. Provide support to projects for the implementation of security inside the systems, performsupport end to end security engineering, follow up security elements requirements derivation, design, implementation and verification Provide support to project InfosecCyber security and accreditation engineering, such as To performsupport project security risk analysis, vulnerability assessment during the life cycle of the project To define specific project security, certification and accreditation security requirements HL SSRS SISRSSecops. Provide support to projects and TEC for the implementation of the security directives policy, roles and functions PSSO, etc. such as To support and act as competent PSSOISOSOZ5 and other security roles as for the Security Regulation Support awareness and training campaign on security processpolicies and procedures Contribute to the RD strategy and research programs elaboration and implementation Support to standardisation bodies in the field of competence. Requirements University degree MSc minimum in telecommunications and signal processing or electronic engineering, as well as at least 4 years of experience in these fields Specific knowledge in the security engineering Experience as cyber security architect is a strong asset Experience with penetration testing is a strong asset Experience with RF security is a strong asset Experience with Telecom Security is a strong asset Knowledge of space and ground systems architecture Candidates must be eligible for security clearance from their national security administration For candidates with less than 10 years experience, please provide the relevant academic transcripts in order to give the TRs a more complete candidate profile at the selection stage. What do we offer? ATG offers excellent working conditions and provide you with all the other necessary means to further your career. We believe that training and education, combined with regular assessments and a personal development plan, will create the best environment for growth. If needed, we also assist you with settling in your new home or finding the right school for your children. ATG will help in any way it can, including a relocation budget that is applicable for ATG staff as well as employees working at one of our clients. About ATG Europe Today, ATG is recognized as a leading provider of specialized engineering, scientific and technical services to the European Space industry. Our headquarters is located in Noordwijk, the Netherlands and we have subsidiaries in Germany and the UK. Besides these countries, ATG also operates in Belgium, Sweden and Norway. ATG People is the key player in delivering highly educated personnel for RD environments throughout Europe. We are continually recruiting experienced Engineers for exciting, fulltime positions based at our customers sites. As an ATG Engineer, you will be working on very diverse missions and assignments. This opens up unique opportunities to be engaged in innovative projects and challenging you to perform to high standards and utilizing the full extent of your professional knowledge. Interested? Submit your CV and personal details through our website at www.jointhebrightestminds.com. For further questions, you can also contact our recruitment consultant Frank Jorritsma directly on phone number 31 0 71 579 55 46.

Tags: telecom engineer cybersecurity telecom engineer

 

Sites : [1] [2] [3] [4] [5] [6] [7] [8] [9] next »