Feb. 27 Lunch n’ Learn — Key Strategies for Building a Cyber-Resilient Org — Presented by Blackswan & MRE Consulting

Feb. 27 Lunch n’ Learn — Key Strategies for Building a Cyber-Resilient Org — Presented by Blackswan & MRE Consulting

by | Feb 28, 2025 | News

Thanks to everyone who joined our Feb. 27 Lunch at Perry’s Steakhouse as Dr. Mike Saylor led an engaging conversation on strengthening cybersecurity posture. We explored real-world lessons, best practices for building a sustainable cybersecurity culture, and key strategies to avoid common pitfalls.

This event was another step in the ongoing 4-year collaboration between Blackswan Cybersecurity and MRE Consulting, reinforcing our commitment to delivering top-tier cybersecurity solutions. We look forward to continuing to strengthen this partnership and driving meaningful impact together!

Check out some highlights from the event below!

5th Edition Release: “Cyber Crime & Cyber Terrorism” – Co-Authored by Dr. Mike Saylor

5th Edition Release: “Cyber Crime & Cyber Terrorism” – Co-Authored by Dr. Mike Saylor

by | Feb 28, 2025 | News

 

CYBER CRIME AND CYBER TERRRORISM

PURCHASE ON AMAZON  

Blackswan CEO and co-founder, Dr. Mike Saylor, has been a strong force in combating cyber crime for decades, contributing heavily to the de facto cyber crime text book. This new 5th edition has been updated to reflect the material changes in cyber since 2018, when 4th Ed. was published.

Synopsis from Amazon:

Cyber Crime and Cyber Terrorism provides a beginner’s introduction to computer crime. It bridges the gap between criminal justice and the technical side of cybercrime, cyber terrorism and information warfare.

Unique in its non-technical coverage of these issues, this text summarizes the types of crimes and terrorist acts committed using computer technology, assesses digital criminals and their motivations, and weighs legal strategies and tactics targeting these types of crime.

The 5th Edition has been heavily revised, both in content and organization. New pedagogical features have been added to each chapter, including chapter objectives, summaries, boxes, review questions and critical-thinking exercises.

Top Cybersecurity Threats for 2025 and How to Mitigate Them

Top Cybersecurity Threats for 2025 and How to Mitigate Them

by | Feb 25, 2025 | News, Blogs

Cybersecurity threats are evolving rapidly, and 2025 is shaping up to be a year where cybercriminals up their game with more advanced tactics. However, businesses don’t have to be caught off guard. By staying informed and proactive, you can protect your organization from emerging cyber risks. This article explores the top cybersecurity threats for 2025 and provides actionable steps to mitigate them.Top Cybersecurity Threats for 2025 and How to Mitigate Them.

Why Staying Ahead of Cybersecurity Threats Matters

Many business owners mistakenly believe that cyberattacks only target large corporations. The reality? Hackers look for vulnerabilities wherever they can find them. Even a single security misstep can lead to devastating financial and reputational damage. Here’s what’s at stake:

  • Financial Loss: Data breaches can cost millions, and for smaller businesses, even a fraction of that can be crippling.
  • Customer Trust: Consumers expect companies to safeguard their data. A breach can severely damage your brand reputation.
  • Productivity Disruptions: Cyberattacks, especially ransomware, can halt operations and impact your bottom line.

Being proactive is not just an option—it’s a necessity.

The Biggest Cybersecurity Threats for 2025

1. Ransomware 3.0: The AI-Enhanced Threat

Ransomware attacks are becoming more sophisticated, leveraging AI to target businesses with precision. These attacks don’t just rely on tricking employees; they now use automation to infiltrate systems stealthily.

What It Looks Like: Hackers encrypt your critical data and demand a ransom for its release. If you refuse, they may leak or sell your data.

How to Defend Against It:

  • Maintain offline backups of critical data.
  • Implement multi-factor authentication (MFA) to prevent unauthorized access.
  • Use advanced threat detection software to identify attacks early.

2. Advanced Persistent Threats (APTs): The Silent Intruders

APTs involve long-term, stealthy cyber intrusions where hackers gain access and remain undetected for extended periods, gathering sensitive data or waiting for the right moment to strike.

What It Looks Like: Your business operations appear normal, but behind the scenes, cybercriminals are stealing sensitive data or planting malware.

How to Defend Against It:

  • Implement a zero-trust security model—never assume any device or user is safe by default.
  • Utilize network monitoring tools to detect unusual activity.
  • Train employees to recognize early warning signs of an attack.

3. Supply Chain Attacks: The Backdoor Breach

Cybercriminals are exploiting third-party vendors as weak links to access businesses.

What It Looks Like: A compromised software update from a trusted vendor introduces malware into your systems.

How to Defend Against It:

  • Vet vendors thoroughly and ensure they adhere to strict cybersecurity practices.
  • Monitor third-party access to your network.
  • Regularly update and patch all software.

4. IoT Vulnerabilities: The Growing Risk of Smart Devices

The rapid expansion of the Internet of Things (IoT) introduces new security risks. Many IoT devices lack proper security measures, making them easy targets for hackers.

What It Looks Like: An unsecured smart thermostat or camera becomes an entry point for cybercriminals to infiltrate your network.

How to Defend Against It:

  • Implement strict security policies for IoT devices.
  • Regularly update firmware to patch security vulnerabilities.
  • Use segmented networks to isolate IoT devices from critical business systems.

5. AI-Powered Phishing: More Convincing and Dangerous

Phishing attacks have evolved beyond generic scam emails. With AI, cybercriminals can craft highly personalized, convincing messages that fool even the most security-conscious employees.

What It Looks Like: You receive an email that appears to be from your CEO, requesting urgent financial information. It includes internal details that make it seem legitimate—but it’s a scam.

How to Defend Against It:

  • Conduct regular phishing simulations to train employees.
  • Implement email security tools that detect and block suspicious messages.
  • Encourage employees to double-check unusual requests via a second form of communication.

How to Stay Ahead of Cyber Threats

1. Be Proactive, Not Reactive

Invest in real-time threat detection tools, such as Security Information and Event Management (SIEM) systems, to identify attacks before they escalate.

2. Make Cybersecurity a Company-Wide Priority

Cybersecurity isn’t just an IT issue—it’s a company-wide responsibility. Conduct regular training sessions to keep employees aware of evolving threats.

3. Adopt a Zero-Trust Security Approach

The traditional “trust but verify” model is outdated. Instead, implement a zero-trust framework, requiring continuous verification for all users and devices.

Future-Proof Your Cybersecurity Strategy

Cyber threats will continue to evolve, so staying ahead requires ongoing vigilance. Regularly update security protocols, audit systems, and adapt to emerging threats to keep your business secure.

Got Questions? We’ve Got Answers

What are the top cybersecurity threats for 2025?

Ransomware, APTs, supply chain attacks, IoT vulnerabilities, and AI-powered phishing top the list.

How can businesses reduce risk?

Proactive monitoring, regular employee training, and adopting MFA and zero-trust security models are key.

What’s one quick win to improve cybersecurity today?

Enable multi-factor authentication (MFA) across all accounts—it’s simple and highly effective.

Wrap-Up: Don’t Let 2025 Catch You Off Guard

Cybersecurity threats are advancing, but with the right strategies, businesses can stay ahead. Investing in the right tools, training employees, and staying informed can mean the difference between security and disaster.

Want expert guidance on strengthening your cybersecurity defenses? Schedule a free consultation with Blackswan today and take the first step toward a secure future.

Cyber Workforce Development/Alignment: Results of a Qualitative Study — by Dr. Michael Saylor

Cyber Workforce Development/Alignment: Results of a Qualitative Study — by Dr. Michael Saylor

by | Feb 17, 2025 | News, Case Studies, Blogs

CYBER WORKFORCE DEVELOPMENT QUANTITATIVE STUDY_THUMBNAILDOWNLOAD PDF OF DR. SAYLOR’S STUDY

OVERVIEW

The rising risk of cybersecurity threats in U.S. organizations is worsened by a global shortage of qualified professionals. The results of Dr. Mike Saylor’s study detail how hiring practices and qualification requirements contribute to the workforce gap using the National Initiative for Cybersecurity Education (NICE) framework.

Through interviews and questionnaires with hiring organizations and job applicants, Dr. Saylor identified two key issues: (1) the need for standardized job role definitions aligned with higher education, and (2) the importance of mentorships, internships, and career pathway planning. Addressing these gaps is essential to strengthening the cybersecurity workforce.

FINDINGS

  1. Absence of a standard for defining cybersecurity job role descriptions and KSA criteria found in 100% of the responses from participants.
  2. Lack of a standard for defining job roles is also complicit in the misalignment of job-related qualifications, specifically years of job-related experience -80% of participants.
  3. 100% of participating hiring organizations’ entry-level job postings required at least two years of experience, reportedly because they thought it was standard not because it was an accurate qualification.
  4. 0% of participants were familiar with a cybersecurity workforce standard or framework.
  5. 80% of hiring organization felt their education and experience requirements were inaccurate or misaligned due to improper role definition.
  6. 80% of hiring organizations felt that cybersecurity job experience was more valuable and qualifying than education and certification. (ISC2 study found that < 30% found value in Cyber degrees).
  7. 90% of all participants felt that cybersecurity degree programs are inconsistent in design and lack a standard for ensuring consistent requirements for fundamentals that apply to cybersecurity in general.
  8. 0% of hiring organizations used an alternate method for screening applicants that do not match posted qualifications.
  9. 100% of hiring organizations felt the screening process for cybersecurity jobs in their organization was ineffective at finding the right resource for the job.
  10. 80% of hiring organizations felt their cybersecurity job postings contained inaccurate and or misaligned job role descriptions and qualifications, resulting in overlooking an otherwise qualified candidate.
  11. 100% of hiring organizations stated that they primarily rely on automated filters to screen applicants.
  12. 0% of hiring organizations used an alternate method for screening applicants that do not match posted qualifications.
  13. 100% of hiring organizations felt the screening process for cybersecurity jobs in their organization was ineffective at finding the right resource for the job.
  14. 80% of hiring organizations felt their cybersecurity job postings contained inaccurate and or misaligned job role descriptions and qualifications, resulting in overlooking an otherwise qualified candidate.
  15. 100% of hiring organizations stated that they primarily rely on automated filters to screen applicants.
  16. 100% of job applicants stated they did not receive feedback from hiring organizations with regard totheir application to a cybersecurity position.
  17. 100% of job seeker participants did not feel confident in the hiring process, specifically the screening process where their credentials are scanned for alignment with what is commonly a misaligned job description and minimum qualifications.
  18. 80% of participants’ hiring process did not include a formal analysis of internal need and or the process did not seek to align the role objectives submitted by hiring managers with a standard cybersecurity job role definition.

IMPLICATIONS

  1. The relationship between the level of experience required by hiring organizations and the level of experience reported by job applicants was found to be both inconsistent and misaligned, as well as overwhelmingly viewed as an inaccurate attribute of an ineffective hiring process.
  2. Cybersecurity-related job experience was valued significantly higher than cybersecurity-related education, yet both were typically defined as minimum requirements for entry-level cybersecurity jobs.
  3. Hiring organizations did not have an alternative screening process to further evaluate job applicants that did not meet the posted minimum qualifications for cybersecurity jobs.
  4. There is a lack of confidence in the hiring process for cybersecurity jobs, beginning with a hiring organization’s understanding and definition of the needed role and associated qualifications and extending to the screening and interviewing of job seeker candidates.

RECOMMENDATIONS

1. Implement a standard for defining the cybersecurity workforce, using a common language to define job roles and Knowledge-Skills-Abilities (KSAs), and establishing continuity between hiring organizations and job candidates in how they describe their respective expectations and qualifications.

A. Hiring organizations must first implement the standard within their hiring procedures to define the job role, objectives, and KSAs (the demand), resulting in:
i. Alignment of job needs with standard role definitions and KSAs.
ii. Improved applicant screening process
iii. Support for internal career development programs
iv. Demand-based influence on higher education to implement a standards-based curriculum

B. Job seekers must become familiar with the standard
i. Raising awareness of cybersecurity job roles and specialties and related KSAs
ii. Aids in career path planning and progression
iii. Aligns applicant KSAs with job postings

2. Establish an alignment of the standard among hiring organizations, education and training programs, and opportunities for internships or apprenticeships.

A. Higher-education degree objectives and outcomes must align with the standard for roles and KSAs that translate directly to the jobs at hiring organizations .
i. Creating clarity for job seekers and students regarding cybersecurity jobs and careers.

B. Higher-education degree programs must create opportunities for students to apply their knowledge through internships and apprenticeship programs established with community organizations.
i. Obtaining referenceable experience towards entry-level employment.
ii. Opportunities to demonstrate the application of knowledge and skills obtained.

C. Establish mentorship programs through cybersecurity industry associations, based on the NICE framework,
i. Aid job seekers in career path awareness and design, goal setting, and professional development

CONCLUSIONS

The primary, root cause, and most impactful factor contributing to the cybersecurity workforce deficiency was the absence of a standard from which the workforce can be consistently defined, qualified, and measured across all stakeholders.

Gaps in the literature
Most of the literature presented pointed solutions without recommendations or reference to an integrated approach. Studies focused on training & education, diversity staff development, competency, and hiring requirements with little observation to their interconnectedness or the application of a more holistic solution.

The takeaway message from this study is that the widely publicized message of a lack of cybersecurity talent cannot be verified because of the known and significantly misaligned, inconsistent, and inaccurate definition of job roles and qualifications that discount otherwise qualified workers.