Callback scams, ransomware, Windows attacks and phishing … here are the latest cybersecurity threats and advisories for the week of July 15, 2022. Threat Advisories and Alerts North Korea State-Sponsored Cybercriminals Target U.S. Healthcare Organizations North Korea state-sponsored cyber actors are infecting the systems of U.S. healthcare organizations with Maui ransomware. The malware encrypts the servers of healthcare services—which can freeze up their electronic health care records, diagnostic services, imaging services and other critical functions—disrupting their operations for prolonged periods. Why are healthcare organizations targets? They are more likely to pay ransoms. According to Sophos' State of Ransomware in Healthcare 2022 report, 61% of healthcare organizations agreed to pay, which is a rate 15% higher than the global average. Source:

By Joseph Montes, CISSP In 2021, I decided to pursue the CISSP. I was looking for a certification that would help me to stand out and prove to myself and my peers that I know my field. I had experience in Unix, Irix, Linux, Windows, Networks, Servers, storage, project management, virtualization, telecommunications, terrestrial and submarine networks. I had some certifications and a master’s degree in Cyber Security. CISSP seemed like the most sensible progression in my career. STARTING MY JOURNEY TO CISSP Things started simple enough. I researched what I needed to know. I started looking at Reddit, Discord and Twitter for any information on how to study for my CISSP. The results were consistent; this is not a certification

The CISSP (Certified Information Systems Security Professional) certification got a few thumbs-up in a recent Dice article about whether cybersecurity jobseekers need certifications to land a position. Several cybersecurity professionals quoted in the article named the CISSP as a valuable certification. “I always recommend the Certified Information Systems Security Professional Cert (CISSP). For years, this has been the dominating certification in the cybersecurity industry. It is still a top-tier certification, and I would recommend it to anyone serious about a career in cybersecurity,” said Steve Tcherchian, Chief Product Officer at XYPRO. Magda Chelly, a cybersecurity author and researcher, cited the CISSP as one of the industry’s most popular certifications. Certifications such as CISSP and hands-on training, she said, are outweighing requirements

Cybersecurity recruitment has long been a challenge, and companies often exacerbate the situation by setting unrealistic expectations, especially for entry- and junior-level roles. A common misstep is to require qualifications and years of experience that few junior jobseekers have. In an industry with a workforce gap of 2.7 million worldwide, cybersecurity teams remain understaffed, potentially putting their organizations at risk. So, it pays to have a more realistic view of what to expect when devising a strategy to attract candidates for all cybersecurity roles. Changing Expectations Hiring managers are starting to grasp the wisdom of moderating their expectations when seeking junior cybersecurity practitioners, according to the findings of a new (ISC)² study on entry- and junior-level cybersecurity hiring practices. The

Ian Bremmer will keynote (ISC)² Security Congress 2022 with the presentation “Why Political Risk and Cybersecurity Collide in Times of Crisis.” The accomplished author, speaker, commentator and political scientist will lead attendees on a journey through the intertwined world of politics, cybersecurity and global issues. Ian Bremmer is a political scientist who helps business leaders, policy makers and the general public make sense of the world around them. He is president and founder of Eurasia Group, the world's leading political risk research and consulting firm, and GZERO Media, a company dedicated to providing intelligent and engaging coverage of international affairs. Ian is an independent voice on critical issues around the globe, offering clearheaded insights through speeches, written commentary and even