by jdpoteet | Feb 17, 2025 | News, Case Studies, Blogs
DOWNLOAD PDF OF DR. SAYLOR’S STUDY
OVERVIEW
The rising risk of cybersecurity threats in U.S. organizations is worsened by a global shortage of qualified professionals. The results of Dr. Mike Saylor’s study detail how hiring practices and qualification requirements contribute to the workforce gap using the National Initiative for Cybersecurity Education (NICE) framework.
Through interviews and questionnaires with hiring organizations and job applicants, Dr. Saylor identified two key issues: (1) the need for standardized job role definitions aligned with higher education, and (2) the importance of mentorships, internships, and career pathway planning. Addressing these gaps is essential to strengthening the cybersecurity workforce.
FINDINGS
- Absence of a standard for defining cybersecurity job role descriptions and KSA criteria found in 100% of the responses from participants.
- Lack of a standard for defining job roles is also complicit in the misalignment of job-related qualifications, specifically years of job-related experience -80% of participants.
- 100% of participating hiring organizations’ entry-level job postings required at least two years of experience, reportedly because they thought it was standard not because it was an accurate qualification.
- 0% of participants were familiar with a cybersecurity workforce standard or framework.
- 80% of hiring organization felt their education and experience requirements were inaccurate or misaligned due to improper role definition.
- 80% of hiring organizations felt that cybersecurity job experience was more valuable and qualifying than education and certification. (ISC2 study found that < 30% found value in Cyber degrees).
- 90% of all participants felt that cybersecurity degree programs are inconsistent in design and lack a standard for ensuring consistent requirements for fundamentals that apply to cybersecurity in general.
- 0% of hiring organizations used an alternate method for screening applicants that do not match posted qualifications.
- 100% of hiring organizations felt the screening process for cybersecurity jobs in their organization was ineffective at finding the right resource for the job.
- 80% of hiring organizations felt their cybersecurity job postings contained inaccurate and or misaligned job role descriptions and qualifications, resulting in overlooking an otherwise qualified candidate.
- 100% of hiring organizations stated that they primarily rely on automated filters to screen applicants.
- 0% of hiring organizations used an alternate method for screening applicants that do not match posted qualifications.
- 100% of hiring organizations felt the screening process for cybersecurity jobs in their organization was ineffective at finding the right resource for the job.
- 80% of hiring organizations felt their cybersecurity job postings contained inaccurate and or misaligned job role descriptions and qualifications, resulting in overlooking an otherwise qualified candidate.
- 100% of hiring organizations stated that they primarily rely on automated filters to screen applicants.
- 100% of job applicants stated they did not receive feedback from hiring organizations with regard totheir application to a cybersecurity position.
- 100% of job seeker participants did not feel confident in the hiring process, specifically the screening process where their credentials are scanned for alignment with what is commonly a misaligned job description and minimum qualifications.
- 80% of participants’ hiring process did not include a formal analysis of internal need and or the process did not seek to align the role objectives submitted by hiring managers with a standard cybersecurity job role definition.
IMPLICATIONS
- The relationship between the level of experience required by hiring organizations and the level of experience reported by job applicants was found to be both inconsistent and misaligned, as well as overwhelmingly viewed as an inaccurate attribute of an ineffective hiring process.
- Cybersecurity-related job experience was valued significantly higher than cybersecurity-related education, yet both were typically defined as minimum requirements for entry-level cybersecurity jobs.
- Hiring organizations did not have an alternative screening process to further evaluate job applicants that did not meet the posted minimum qualifications for cybersecurity jobs.
- There is a lack of confidence in the hiring process for cybersecurity jobs, beginning with a hiring organization’s understanding and definition of the needed role and associated qualifications and extending to the screening and interviewing of job seeker candidates.
RECOMMENDATIONS
1. Implement a standard for defining the cybersecurity workforce, using a common language to define job roles and Knowledge-Skills-Abilities (KSAs), and establishing continuity between hiring organizations and job candidates in how they describe their respective expectations and qualifications.
A. Hiring organizations must first implement the standard within their hiring procedures to define the job role, objectives, and KSAs (the demand), resulting in:
i. Alignment of job needs with standard role definitions and KSAs.
ii. Improved applicant screening process
iii. Support for internal career development programs
iv. Demand-based influence on higher education to implement a standards-based curriculum
B. Job seekers must become familiar with the standard
i. Raising awareness of cybersecurity job roles and specialties and related KSAs
ii. Aids in career path planning and progression
iii. Aligns applicant KSAs with job postings
2. Establish an alignment of the standard among hiring organizations, education and training programs, and opportunities for internships or apprenticeships.
A. Higher-education degree objectives and outcomes must align with the standard for roles and KSAs that translate directly to the jobs at hiring organizations .
i. Creating clarity for job seekers and students regarding cybersecurity jobs and careers.
B. Higher-education degree programs must create opportunities for students to apply their knowledge through internships and apprenticeship programs established with community organizations.
i. Obtaining referenceable experience towards entry-level employment.
ii. Opportunities to demonstrate the application of knowledge and skills obtained.
C. Establish mentorship programs through cybersecurity industry associations, based on the NICE framework,
i. Aid job seekers in career path awareness and design, goal setting, and professional development
CONCLUSIONS
The primary, root cause, and most impactful factor contributing to the cybersecurity workforce deficiency was the absence of a standard from which the workforce can be consistently defined, qualified, and measured across all stakeholders.
Gaps in the literature
Most of the literature presented pointed solutions without recommendations or reference to an integrated approach. Studies focused on training & education, diversity staff development, competency, and hiring requirements with little observation to their interconnectedness or the application of a more holistic solution.
The takeaway message from this study is that the widely publicized message of a lack of cybersecurity talent cannot be verified because of the known and significantly misaligned, inconsistent, and inaccurate definition of job roles and qualifications that discount otherwise qualified workers.
by jdpoteet | Feb 5, 2025 | News
Building a Cyber-Resilient Organization: Key Strategies for 2025
Presented by Blackswan & MRE Consulting
Thursday, February 27th | 11:30 AM – 1:00 PM
Join us for a Lunch & Learn
Enjoy complimentary lunch and a panel discussion on Cyber Resiliency, featuring insights from leading IT professionals.
Thursday, February 27th | 11:30 AM – 1:00 PM
Perry’s Steakhouse Memorial City
9827 Katy Fwy, Houston, TX 77024
Over lunch, we will explore key strategies for strengthening your cybersecurity posture, including lessons learned from real-world experiences. Plus, we will delve into how to build a robust and sustainable cybersecurity culture within your organization, while also discussing best practices for avoiding common pitfalls that can leave your systems vulnerable.
by jdpoteet | Jan 30, 2025 | Flyers
DOWNLOAD PDF
Providing 24/7 protection to prevent major operational disruptions caused by ransomware, business email compromise, system exploitation, and insider threats.
The healthcare sector has become a prime target for cyberattacks due to its heavy reliance on cloud services and electronic health records across clinics, hospitals, and business associates.
Factors such as third-party exposure, flexible patient access, human error, outdated systems, and the growing use of internet-connected medical devices have significantly expanded the attack surface.
Cybercriminals are increasingly targeting healthcare organizations for access to sensitive electronic protected health information (ePHI). Given the rising severity and speed of these attacks, security teams must focus on minimizing attacker dwell time and responding rapidly to contain threats, reducing both operational disruption and data exposure.
Blackswan Protects Healthcare Delivery Organizations
- Providing secure services to support patient care with continuous threat detection, investigation, and comprehensive incident response.
- Preventing operational disruptions in healthcare organizations caused by ransomware groups and state-backed cyber threats.
- Safeguarding patients’ electronic protected health information (ePHI) from unauthorized access and breaches.
- Reducing risks associated with third-party vendors and supply chain vulnerabilities.
- Helping healthcare providers and business associates maintain compliance with HIPAA Security requirements.
Why is Healthcare Sector a Growing Target?
- Electronic protected health information (ePHI) is more valuable than other types of information and often fetch top dollar on the Dark Web
- Healthcare institutions are likely to pay the extortion or ransomware demands in the wake of massive operational disruptions
- HDOs struggle with prioritizing investments in security tools and digital transformation to migrate off of outdated systems while also prioritizing patient care
- Third-party risk exposure stemming from a lack of due diligence to ensure third-party vendors and service providers are taking the proper steps to protect sensitive information
- Insufficient investment in hiring enough skilled cybersecurity practitioners
- Insufficient investment in security tools and technology to mitigate a data breach
- Difficulty identifying malicious insiders
| KEY HEALTHCARE INDUSTRY CHALLENGES |
HOW BLACKSWAN MDR & OPEN XDR HELPS |
| Protecting Patient Healthcare Information |
We are adept at securing all forms of sensitive data, such as electronic protected healthcare information (ePHI), HIPAA protected data, along with financial information (PII) and credit card or payment transfer services (PCI).
Our 24/7 Cyber Fusion Center Cyber Analysts actively hunt for threats across your environment. We detect intrusions and contain attacks before attackers can establish a foothold to steal patient data or disrupt your critical operations.
|
| Operational Disruption |
We detect malicious administrative activity through remote access tools and stop intrusions before malware payloaders and multiple ransomware attacks can be deployed throughout your environment. |
| Avoiding Regulatory and Compliance Violations |
Our MDR and Managed Risk services are designed to help you navigate the complexity of HIPAA Security Standards and put corrective controls in place.
Our Cyber Fusion Center (SOC) leverages proven runbooks which include detectors mapped to requirements and reporting measures for PCI, PII, SOX, GDPR, CCPA as well as state-level regulations.
|
| Third-Party Risk: Securing Business Associates and Technology |
We can assist with creating a third-party risk management program for your business and support securing M&A and digital transformation activities.
We identify core services, including electronic medical records (EMR), drug management, time tracking, file share and document signing, and prioritize these services for monitoring.
Our MDR services have repeatedly caught and stopped vendor compromises before the vendor reported the vulnerability.
|
| Becoming a Victim of Ransomware Attacks |
We monitor your attack surface 24/7 to discover intrusion attempts and prevent the pervasive deployment of malware and ransomware.
• We support multi-signal coverage, ensuring visibility across endpoint, network, log, cloud, and other data sources for deep investigation and response capabilities.
• We offer endpoint protection to prevent your defenses from being disabled.
|
by jdpoteet | Jan 16, 2025 | News, Flyers
Why Auto Dealerships are prime targets for cyberattacks (15% of all Dealers have been breached):
- Aging technologies and infrastructure that are no longer supported by the manufacturer
- Technology staff that can’t keep pace with staying focused on cybersecurity objectives or skillsets
- Employees who do not maintain awareness of current cyber threats
- 85% of dealership breaches came from email phishing attacks
Similar to other customer-focused businesses, hackers target the Dealership’s personal and financial systems and data, which is often all stored in the same place.
Hacking and cybercrime has become the third largest economy in the world behind the U.S. and China, estimated to total $9.5 trillion in 2024:
- Many hackers are from broken economies (Third world countries)
- Foreign governments have state-backed Cyber-Terrorists
- Multinational organized crime syndicates want a piece of the pie
Damages from a cyber attack extend beyond the Ransom payment or the cost of new equipment and have averaged over $1 million:
- FTC fines (up to $45K per infraction)
- Liability lawsuits against the owner(s) focused on negligence or diligence
- Losing the ability to accept credit cards or complete financing for vehicle sales
- Reputational damage (84% — customers who would not purchase from a Dealership who’s been hacked)
Blackswan Cybersecurity provides a low-cost, one-stop cybersecurity solution:
- FTC Compliance for ~$20 a month per employee
- Your Trusted Advisor – we work as an extension of your team
Let us help enhance your cybersecurity posture, reduce your risk and liability, and comply with FTC and manufacturer requirements.
by jdpoteet | Jan 8, 2025 | Flyers
DOWNLOAD PDF OF BATTLECARD
Blackswan’s OpenXDR vs. LogRhythm
Blackswan’s OpenXDR platform (Stellar Cyber) delivers critical advantages over the suite of LogRhythm products, such as physical and virtual sensors to collect telemetry across the entire IT and OT environments, embedded UEBA capabilities, and automated correlations. The platform’s single license for everything makes it a proven choice for enterprises of all sizes.
How Blackswan Beats LogRhythm
- Physical and Virtual Sensors – Stellar Cyber enables organizations to push their security capabilities to the edge of their networks, decreasing MTTD and MTTR via physical and virtual sensors to collect and process data wherever it
- Embedded UEBA Capabilities: Organizations get critical user and entity behavior visibility across their environment at no extra
- Automated Correlations – Using purpose-built deep learning (ML) models and curated correlation rules, Stellar Cyber automatically correlates related alerts and logs to generate investigation-ready incidents driving a significant increase in security analyst
- Single Licensing – The platform includes all features and functionality under a single license with no hidden fees or surprise upgrade-charges making budgeting easy for security decision-makers.
- Modern Detections – Stellar Cyber is committed to solving the alert fatigue problem by delivering automated correlations, purpose-built machine learning, and curated threat detection rules all in one
- All-In Partnership – Blackswan is committed to working with every customer to get the security outcomes they need from day one.
Comparison
| Positioning Point |
Stellar Cyber |
LogRhythm |
| Architecture |
| Multi-Level, Multi-Tenancy with RBAC |
✓ |
X No multi-tenancy |
| Tenant Onboarding |
✓ Immediate, self-service |
X Months before full deployment achieved |
| Sensors & NDR |
✓ NDR, IDS, Sandbox, DPI |
✓ NDR capabilities via acquisition |
|
Automated Response |
✓ Bi-directional integrations with SOAR functionality |
✓ Included |
| Integration Suite |
✓ Hundreds of integrations |
✓ Hundreds of integrations |
| API |
✓ Fully featured public API |
✓ |
| Detections & Security |
| Modern Slate of Detection Capabilities |
✓ ML and Rule based detections |
✓ Some ML but heavily reliant on human created correlation rules |
| Automated Correlation |
✓ |
✓ |
|
Analyst Experience |
✓ Case Management, Reporting, Threat Hunting |
✓ |
| Partnership |
|
Single License |
✓ NDR, Open XDR, NG-SIEM, TIP, UEBA,
SOAR under single license |
X Some capabilities, such as UEBA, requires add-in licenses |
| Feature Development |
✓ Highly responsive, included in license |
X Slower moving development |
|
Technical Enablement |
✓ 4 week enablement at NO cost to expedite deployment |
X Deployment and training not included |
| Customer Support |
✓ Global, in house team, strict SLAs |
✓ |
| Sales Enablement |
✓ Dedicated program for MSSPs |
✓ |
Challenges
- No multi-tenancy
- No modern detection techniques, customers complain of manual analysis and painful maintenance of rules
- Cloud is new and lacking capabilities, in some cases, with different consoles
- Lack of partnership and good support
- Slow innovation
The Blackswan and Stellar Advantage
- Native NDR & Sensors – Stellar Cyber enables organizations to push their security capabilities to the edge of their networks, decreasing MTTD and MTTR via physical and virtual sensors and its native NDR
- Multi-Tier Architecture – For Enterprises with segmented environments, the Stellar Cyber architecture ensures individual customers/entity data
- Automated Correlation – Using purpose-built deep learning (ML) models and curated correlation rules, Stellar Cyber automatically correlates related alerts and logs to generate investigation-ready incidents driving a significant increase in security analyst
- Simple No Surprises Licensing – Stellar Cyber sells all features and functionality under a single license with no hidden fees or surprise upgrade charges making budgeting easy for security decision-makers.
- All-In Partnership – Blackswan is committed to working with every customer to get the security outcomes they need throughout the relationship.
- Rapid Deployment Capabilities – Blackswan can deploy the Stellar Cyber platform in as quickly as one day. If your technology teams are available to support the deployment of on-premise virtual machines, firewall changes, and API authentications – Blackswan could be monitoring and protecting your environment before the end of day one.
DOWNLOAD PDF OF DR. SAYLOR’S STUDY 
