As we try to get used to the new normal, InfoSec News understands many cyber and information security professionals (including myself) are looking for their new security forever homes. As I find these calls for security professionals, I’m hopeful this might be the catalyst for breaking what has been broken forever. Hiring experienced professionals and competent security-aware people that can be trained to be that unicorn that many HR departments have been looking for.
The popular Infosec R&D company Grimm (https://grimm.rip), famous for only
taking on “difficult projects” is still hiring at a time when many of their
competitors are going out of business. The lack of competitors also means tons
of work coming in, so job security is solid. If you were laid off and have a
heavy Security Engineering (& DevSecOps) Exploit Dev and/or AppSec background
and want to work with some of the objectively smartest people in Infosec, check
out their job postings here https://www.grimm-co.com/caree
“General Resume Submission” link at the bottom if you want to be considered for
Research Analyst, Cyber Policy Initiative
Cyber Policy Initiative
The Carnegie Endowment for International Peace is seeking a Research Analyst to
work with scholars in our Washington DC-based Cyber Policy Initiative. Founded
in 1910, Carnegie is a top-ranked policy think tank with a unique global network
research centers in Russia, China, Europe, the Middle East, India, and the
United States. The Cyber Policy Initiative is part of Carnegie’s Technology and
International Affairs program, which also focuses on artificial intelligence and
The Research Analyst will primarily help build a project exploring how to
leverage market incentives to improve cyber risk management. For example, it
researches and promotes ways in which commercial insurers, major asset-holding
corporations, and credit-rating agencies, can set de facto standards that
promote cybersecurity more quickly, flexibly, and internationally than
governmental regulatory processes often do.
The Research Analyst will work closely with scholars to develop and execute
original research and writing projects such as policy briefs and longer research
reports and build partnerships within the private sector. Additional activities
include: Engaging with policymakers in the U.S. Congress and administration;
preparing and delivering briefings; attending and reporting back on relevant
events in the policy community; contributing to other areas of the Initiative’s
work on cyber policy and strategy; and occasional administrative support, such
as organizing public and private events.
The ideal candidate will have deep interest in technology policy, a willingness
to dive into new research topics, and possess the ability to perform within a
challenging program environment. Up to two years of relevant post-graduate
experience is a plus, but not required. Strong writing and research skills are
Located in Dupont Circle in Washington, DC, we offer an outstanding benefits
package. When applying, please include your resume/C.V. and cover letter. Please
apply via the Carnegie Endowment website:
All qualified applicants will receive consideration for employment without
regard to race, color, religion, sex, national origin, disability, protected
veteran status, sexual orientation, gender identity, or any other protected
Principal Technician (Cyber Security)-200286
Primary Location Belgium-Mons
NATO Body NATO Communications and Information Agency (NCI Agency)
Salary (Pay Basis) : 4,449.34Euro (EUR) Monthly
NATO offers you more than a job. It gives you a mission: building peace and
security for one billion people in Europe and North America. The NATO
Communications & Information Agency is leading NATO’s Digital Endeavour.
We are NATO’s technology and cyber leaders, helping NATO Nations to communicate
and work together in smarter ways. Our work is challenging and meaningful, and
you will develop and apply your expertise as part of a dynamic international
team of civilian and military professionals.
What do we offer?
Genuinely meaningful work as part of the most successful alliance in history
3 year contract with competitive tax-free salary and household and children’s
Privileges for expatriate staff including expatriation and education allowances
(where appropriate) and additional home leave
Excellent private health insurance scheme
Generous annual leave of 30 days plus official holidays
Retirement Pension Plan
About the job
Based in Mons, Belgium you will join the Agency as we embark on a journey to
transform our IT services to support NATO’s Digital Endeavour. You will be
responsible for production and management of Security Hardening, Configuration
and Installation guidelines; providing security expert assistance and support in
analysis of security incidents and resolution; reviewing documents to be
published on NCSC Portals, or provided to NCSC customers, as part of projects
For a full list of duties, please review the job description. Here.
We’re looking for a talented and knowledgeable Principal Technician (Cyber
Security) professional with ideally a higher vocational training in a relevant
discipline with 3 years post-related experience; or, a secondary educational
qualification with 5 years post-related experience A different qualification
coupled with particularly relevant experience may also be considered.
Knowledge of English, both written and spoken, is essential.
Today’s defacement of the EC-Council (the second time this weekend) by Eugene Belford (a.k.a. The Plague) threatens the compromise of the 60,000+ security professionals who currently hold CEH certifications.
Individuals who have achieved EC-Council certifications include the US Army, the FBI, Microsoft, IBM, the United Nations, National Security Agency (NSA). Also, the United States Department of Defense has included the EC-Council Certified Ethical Hacker program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)
In the most recent defacement, Eugene Belford has stated that “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” leading the InfoSec News staff to believe considering the mail on the defacement page is from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, with a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.
Eugene Belford has potentially sixty thousand other similar statements from undercover law enforcement agents, intelligence professionals, and members of the United States Military, creating an additional quagmire and has you wondering why the EC-Council has all this personally identifiable information sitting unprotected online?
On July 4th, The New York Times reported NSA contractor Edward Snowden trained and certified as a Certified Ethical Hacker by the EC-Council, a certificate which has since been rescinded by the organization. After what could be called stall tactics with myself, the (ISC)² has now confirmed that Edward Snowden is in fact currently an (ISC)² member.
On late Wednesday evening, a Global Communications Manager for (ISC)² replied that “(ISC)² can verify that Edward Snowden is currently an (ISC)² member.” The Global Communications Manager for (ISC)² goes on to state that “the (ISC)² is in the business of validating the knowledge, skills, and abilities of such professionals, it cannot guarantee a member’s conduct or professional judgment. Mr. Snowden, like all other (ISC)² members around the world must do when they sit for an (ISC)² credential exam, signed an agreement to abide by the (ISC)² Code of Ethics as a condition of maintaining his (ISC)² certification.”
Like the EC-Council, the (ISC)² has an established ethics complaint procedure that is initiated when a member of the public, an employer, or an (ISC)² member submits a complaint to the (ISC)² Ethics Committee when one of their members violates the Canons of the Code of Ethics.
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
It should be pointed out that a member of the public can only complain about a breach of Canons I or II, principals (those with an employer/contractor relationship with the certificate holder) may complain about violations of Canons III, and only other professionals (those who are certified or licensed as a professional AND also subscribe to a code of ethics) may complain about violations of Canon IV.
Its entirely possible that while Edward Snowden sorts out his asylum requests until he’s formally charged by the U.S. Government, he will be still be allowed under (ISC)² membership regulations to continue practicing security in Iceland, Venezuela, or the SVR Headquarters in Yasenevo.
The (ISC)² Global Communications Manager concluded the mail stating “Mr. Snowden’s previous employers should be applauded for seeking out a certified professional to carry out their very important work. Unfortunately, in the end, no organization can completely ensure those individuals will exercise professional judgment at all times.”
(Screenshot / The Guardian)
By William Knowles @c4i
February 28, 2013
On February 22nd, 2014 the EC-Council website was broken into and defaced by Eugene Belford (a.k.a. The Plague). For those of you living in a cave, or a compound outside of Abbottabad for the last 13 years, The EC-Council is an Albuquerque New Mexico based organization that offers security professionals a reasonably inexpensive certificate among other security certificates. to be compliant with DoD 8570. The website was defaced, and its content was replaced with a picture of Edward Snowden, and an HTML comment that gives away the identity of the “hacker” that compromised the EC-Council website.
After EC-Council wrestled back control of their site, a known password was reused, and two days later re-defaced the website showing the mail from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.
After the hacker mentioned “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” conspiracy rumors were swirling about who may have attacked the EC-Council website. Foreign training companies, secret squirrels, the Chinese, Russians, non-state actors.
On February 25th, EC-Council website was defaced a third time.
(Screenshot credit: @JamieCaitlin)
The folks at r000t’s Blag have found done some digging and on the surface, it’s pretty damning evidence.
As we’re unable to confirm this independently, read this first article: Who Hacked EC-Council?
Then read this second article: Inside Eugene’s Gibson (EC-Council, Part II)
Its NSFW – Not Safe For Work reading, but when has that stopped you in the past in the name of security research?
Since the EC-Council has been mum on whether or not there has been a massive disclosure of passports, drivers licenses, and CAC cards, I can promise you after reading the above articles, you will be angry at the U.S. Federal Law Enforcement community as it seems they have had this hacker in custody before, but were unable to charge him/her at the time.
Maybe this will be the event that changes this mindset in the future.