Cybersecurity needs unconventional talent, says Penny Horwood

The kids aren’t alright, and cybersecurity needs to admit it. Brilliant piece out this week on computer.co.uk from Penny Harwood on the need for unconventional talent in cyber. The data is clear - the average cybercriminal is now just 19 years old. They're curious, creative, fast...and often completely overlooked by traditional recruitment. Chris Wysopal says it best - the next generation of security leaders won’t all come from computer science. Some will come from gaming, others from psychology, some from criminal paths they almost didn’t escape. We see this daily. Talented Gen Z hackers who don’t tick HR’s boxes, but who can think like attackers because they’ve been in the forums, played with exploits, or seen how systems really get broken. Industry needs to stop hiring the same CVs and start building bridges to the next wave of defenders before someone else recruits them first. Let’s stop gatekeeping and start talent-spotting. The Hacking Games You can read the article here: https://lnkd.in/ebYVuzjA

You’ve probably figured it out, but here’s confirmation: That random job opportunity, packed with attractive pay and benefits, that you received via text message from a “recruiter” isn’t legitimate. UVA cybersecurity expert Chris Maurer offers tips on how to handle the latest scamming trend. https://lnkd.in/eXPS35zt

Applauding the effort to expedite the hiring of distinct cyber talent is essential. This initiative should extend across the federal and DOW workforce, particularly in SIGINT. Practical application often outweighs theory, especially when individuals we hire have been trained internally. From the 90s to today, NSA has leaned too heavily on academic credentials, resulting in a loss of talent developed internally. I witnessed a ready-made workforce eager to continue the mission walk away because we struggled to transition personnel we had trusted for years. One significant challenge at NSA was the hiring process for transitioning service members wanting to continue serving the country out of uniform. It was perplexing that, once the uniform was removed, the trustworthiness we had previously recognized seemed to vanish. Cyber talent is desperately needed today, but so are SIGNALS experts to sustain it, that often make it possible for Cyber to occur. SIGNALS are one of the pillars this all relies upon, and those transitioning from uniform represent a fast track for us to close gaps and sustain our mission. For more insights, check out the article here: https://lnkd.in/eS3TZx-c

The Department of Defense is facing a shortfall of nearly 20,000 cyber professionals—and it’s not waiting around. At FedTalks, DoD’s Mark Gorak announced a bold goal: slash cybersecurity hiring time from 70 days to just 25. The strategy? Skills-based hiring—a departure from traditional requirements such as advanced degrees, certifications, or lengthy experience. Instead, candidates will be evaluated on their ability to perform job-specific tasks, often through the use of cyber ranges — simulated environments designed to assess technical proficiency. The department is developing 30-minute assessment ranges to quickly determine whether applicants can meet the demands of the role. And with AI reshaping the threat landscape, DoD is updating cyber roles and KSATs every 90 days to stay ahead. The message is clear: agility will define the future of federal cyber talent. #CyberWorkforce #SkillsBasedHiring #DefenseInnovation #AIinCyber #FederalTech #CybersecurityJobs #DigitalTalent #WorkforceTransformation https://vist.ly/4ad4w

Reality Defender shared an experiment: they generated a fake candidate named “Gary” using publicly available AI tools and ran a Zoom interview with him. The resume looked strong and the persona was convincing (a young professional with cybersecurity experience). The human recruiter didn’t suspect anything, “Gary” passed both the visual and voice checks. The takeaway: “phantom” employees are now a reality. And this isn’t an outlier - a CrowdStrike report cites 320+ cases in a single year of North Korean hackers being hired remotely under false identities. Gartner even forecasts that by 2028 up to 25% of applicants globally could be synthetic. #Cybersecurity #Deepfakes #Antispoofing #SyntheticIdentity #KYC

Day 15: #CyberSecurityAwarenessMonth 𝗧𝗵𝗲 𝗣𝘀𝘆𝗰𝗵𝗼𝗹𝗼𝗴𝘆 𝗼𝗳 𝗖𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲 Let’s be honest most cybercriminals don’t “hack systems.”  𝙏𝙝𝙚𝙮 𝙝𝙖𝙘𝙠 𝙥𝙚𝙤𝙥𝙡𝙚. They don’t start by attacking your computer… they start by playing with your emotions. Here’s how they do it and how you can stay one step ahead: 𝟭. 𝗙𝗲𝗮𝗿 “Your account will be deleted in 30 minutes unless you verify now!” They rush you so you panic and click before thinking. Take a breath. Real organizations don’t threaten you to take action. 𝟮. 𝗖𝘂𝗿𝗶𝗼𝘀𝗶𝘁𝘆 “See who viewed your profile” or “Your package couldn’t be delivered.” They know we all get curious. Hover before you click. Curiosity shouldn’t cost your data. 𝟯. 𝙏𝙧𝙪𝙨𝙩 “This is HR, please confirm your password.” They sound familiar like your boss, a colleague, or your bank. Double-check. Call or message the real person before replying. 𝟰. 𝙊𝙥𝙥𝙤𝙧𝙩𝙪𝙣𝙞𝙩𝙮 “You’ve won a prize!” or “We’re hiring for a high-paying remote job.” They know we love good news. Pause. If it feels too good to be true, it usually is. Cybersecurity isn’t just about firewalls and passwords, it’s about understanding how your mind works. Once you learn to spot these tricks, you’re no longer the weakest link, you become the strongest defense. #CyberSecurityAwarenessMonth #SocialEngineering #HumanFactor #CyberSmart HerGRC Circle-ICDFA International Cybersecurity and Digital Forensics Academy

Cybersecurity Myth #3: Everyone Earns Six Figures One of the biggest misconceptions in cybersecurity is that every role pays six figures right away. The truth? ·        Entry-level SOC/IR jobs average $55k–$75k ·        Specialists may reach six figures after 3–5 years ·        Senior/lead/consulting roles can exceed $150k+ Cybersecurity can be lucrative, but it’s not instant. Setting realistic expectations helps newcomers stay motivated and avoid burnout. Focus on skills + experience → the money follows. Now, to start holding accountable all those who spew this unrealistic drivel for monetary and personal gain. Find the article here--> https://lnkd.in/e9K23gbf

🚨 Apple Just Raised the Stakes — Up to $2M for Critical Bug Finds Apple has drastically increased its maximum reward for top-tier vulnerabilities — putting multi-million dollar incentives on the table for exploit chains that reach spyware-level impact. This is a clear signal: platform security is now a competitive, well-funded discipline. Why this matters • 💸 Money follows talent. Eye-watering rewards will pull elite researchers into responsible disclosure rather than underground markets. • 🛡️ Risk → Reward. High payouts encourage disclosure of the most dangerous bugs before they can be weaponized. • 🔁 Industry ripple effects. When a major platform raises bounties, others must respond — and users win with stronger security. • 🎯 Focus areas shift. Expect intense attention on browser engines, remote execution chains, and privilege-bypass vectors. For defenders and leaders If you run product or security teams, this is your cue to: • Sharpen incident response playbooks • Invest in threat hunting and adversary simulation • Revisit bug-report incentives for internal researchers 💬 Discussion: If you were a bug hunter tomorrow, which exploit class would you go after — remote one-click chains, persistence/bypass, or supply-chain issues — and why? Drop your pick below. 👇 #CyberSecurity #BugBounty #VulnerabilityResearch #ZeroDay #AppSec #InfoSec #SecurityLeadership #SarithaValthati

Wait! That “innocent” IT job application might not be as safe as it looks. Imagine this: a candidate applies for a role with a polished résumé and completes a coding test on a trusted platform. Everything looks routine. No malware attached, no strange links, no red flags. But behind this “normal” process hides a strategy: Goal: gain legitimate access to internal systems, then quietly explore and extract valuable information.    Why this method works: -Strengthen checks and verify identity continuously. -Monitor new account behavior. -Limit access and use behavioral analytics.   What you can do to reduce this risk: - Strengthen background checks - Verify identity continuously - Monitor new account behavior - Limit access from day one    The key takeaway: cyber threats don’t always arrive as suspicious emails or infected files. Sometimes, they walk right through the front door, disguised as a new hire. Staying alert during recruitment isn’t just HR’s job; it’s a critical layer of cybersecurity. https://lnkd.in/eSpdjad4   #Emvenci #CyberSecurity #InfoSec