A connection-of-a-connection recently announced they had obtained the position of “Security Evangelist”. A new job is always something to celebrate so kudos to him. The news reminded of an article concerning the position of “Evangelist” that I first published in 2020.
There is a noticeable trend of people declaring themselves a “Cybersecurity Evangelist” A search of the term on LinkedIn finds about 40,000 people who claim security evangelism as part of their job title or description. However, a search of leading job boards finds a scant listing of advertised positions. In fact, a search for “Cybersecurity Evangelist” jobs on Indeed.com returns only 167 available positions, and most are a hit for the Evangelist part rather than the Cybersecurity. Remarkably, upwards of 40,000 people somehow have obtained a title that does not seem to be an in-demand position. What exactly is this role and what do those currently employed as it do? Even more importantly, what are the qualifications to be a Cybersecurity Evangelist? I set out to learn the answers to those questions since I might actually be an evangelist and just don't know it.
The Merriam-Webster dictionary defines an Evangelist as a person who tries to convince people to become a Christian or someone who talks about something with great enthusiasm. Easton's Bible Dictionary defines the term as a preacher who has neither the authority of an apostle, nor the responsibility of pastoral supervision.
So, we have an itinerant preacher who does not have divine authority or managerial responsibility, but does have the enthusiasm to deliver the good message.
Translating that into the realm of business: a person without disciplinary authority or managerial oversight, but with superior knowledge of a subject and a drive to share that knowledge with others within the organization.
This should be every person involved in the security industry, be it cyber or physical! Constantly learning, acquiring expertise in the field and then sharing it with others. Going to door to door, office to office, and cubicle to cubicle, in an effort to educate system users on best practices and procedures that need to be followed to kept the business safe. Sharing the security gospel. Praying for network health and the souls of insider threats.
Prayer is probably just as effective as the overpriced security software you’re about to purchase.
I might be a Cybersecurity Evangelist already. I have a breadth of knowledge concerning the Internet and Security. A firm grasp on how criminals use technology to commit a crime and victimize both persons and businesses. I love to share my knowledge and will do so anywhere someone will give me ten minutes of their attention. And most certainly, I have no authority or managerial responsibility.
I once heard someone humorously ask “What makes someone an expert? Because they say they are!” That is a tongue in cheek response to many so-called experts ego and bravado, but there is also a dose of truth in that assertion. What is an expert? Who gets to claim they are one? What authority has the power to say you are not?
Who can claim to be a Cybersecurity Evangelist? Who decides they cannot?
There does not seem to be any governing body to issue the title. There is no guild, board, membership committee, or even industry-recognized certification. In fact, there is not even an accepted list of job requirements. It is a title with an impressive connotation but little interpretation.
Maybe I'll spice up my LinkedIn profile. Everyone else is and it seems there is no one to tell me I can't.
Is this Irony?
Fox News reported on a Better Business Bureau press release warning students about the most prevalent scams and frauds facing young people on the college campus. They cover everything from fake credit cards to scholarship scams. They don’t, however, mention the most likely way students will be scammed while in college. Tuition. https://www.foxbusiness.com/lifestyle/back-to-school-scams-college-students-potential-scheming-swindlers
Heartbreaking
Especially since the victim is a kid. I realize financial services shouldn’t be held liable for people doing stupid things with their money. On the other had, these same financial service businesses shouldn’t be able to stymie law enforcement investigations with “privacy of our customer” bullshit. Your customer is a criminal and you are complicit. https://www.pennlive.com/nation-world/2022/08/teen-was-saving-for-a-fishing-boat-then-lost-500-in-a-zelle-scam.html
It’s never what they say
If someone admits to stealing X amount of money from their employer - triple it. It’s always WAY more than initially acknowledged. If a service company admits a security breach lead to the subsequent breach of their customers - triple the initial damage estimate. As the smoke clears from the Twilio security incident it appears that at least 125 Twilio customers were also compromised. https://techcrunch.com/2022/08/25/twilio-hackers-group-ib
Insuring the inevitable
In the last issue, I mentioned it’s getting easier, and less expensive, to insure your 16 year-old driver than to get cyber insurance for your business. The Record discusses the complications of the current cyber insurance scene with executives from Coalition and Cowbell Cyber, two of the leading insurance firms offering cyber incident coverage. https://therecord.media/cyber-insurers-weigh-in-on-latest-cybersecurity-trends-threats/
The Rest…
Securi details how compromised Wordpress sites lead to the unintended download of malware. https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
FINCEN pilot program allows domestic financial institutions to share suspicious activity reports (SAR) with international partners. https://bankingjournal.aba.com/2022/08/how-the-new-sar-pilot-may-aid-in-the-financial-crime-fight-internationally/
Cool Job
Director of Operational Risk Management - PeoplesBank https://peoplesbanknet.applicantpro.com/jobs/2528651.html
Cool Tool
Compress, convert, edit and resize your images - No uploading as the files never leave your machine. https://imagator.co/
Archive any webpage - forever. https://archive.ph/
Irrelevant
Those of us who went to school in the 80’s owe a lot to this man. Thank you for the greatest paper organizer of all time and Rest-in-Peace sir. https://www.nytimes.com/2022/08/25/us/e-bryant-crutchfield-dead.html
Thank you for opening this weeks email. I wrote some trash last week and had my highest open rate in a long time. Figures. Hopefully, everyone came back.
Matt
“You always feel like you don’t have enough time. You actually don’t have enough concentration.” - someone who’s heard me complain about not having enough time.