Getting a career in cybersecurity isn’t easy, but this can help

Getting a career in cybersecurity isn’t easy, but this can help

/in

Getting a career in cybersecurity isn’t easy, but this can help

Welcome to this week’s edition of the Threat Source newsletter. 

Happy summer, friends! I hope everyone is staying cool and/or warm. 

I am fresh back from an exhaustive but great time in San Diego at Cisco Live U.S. It was so good to see colleagues, meet new friends and pet many therapy dogs in the Splunk booth. As often happens to me, I was approached by someone who was looking for mentorship and guidance in how to get into a cybersecurity career. It’s not unusual for me to be approached by folks looking to get into cybersecurity. I’m the large, bearded guy with the Talos shirt, so I stick out.  

So, I’m often asked how I got the career I have in cybersecurity and how others can do the same. For a guy who often has a quip or answer for most things, I always pause here. I can’t help but think of my entire career and the dumb luck and hard work that landed me where I’m at. Giving that summation to others wouldn’t be fair, because… well, my journey wasn’t a linear one. I think for many of my peers, the same applies. We found cybersecurity as a career through a series of events that organically landed us in this field. In my case, moreso than others, the path isn’t easy to follow because there was no clearly staked path for me to follow, either. 

I’ll explain as best I can: One today might go to school and graduate with a degree in information security and/or some security certificates, then begin the job hunt for an entry level gig. These types of degrees, certificates and even jobs simply didn’t exist in any meaningful way or numbers when I started my career. If you wanted to learn cybersecurity, there weren’t classes to take — you got a computer science degree and figured it out. I, like many in the GenX world, started as an IT professional. As the industry and cyber threats evolved, the career space over the years shifted and we found ourselves helping fight the good fight and keeping folks secure. 

Today is truly different, and I’m so happy about it and the opportunities it can give others. I’m envious of the school degrees, industry certifications and mentorship programs that exist today that did not exist for me. There is also an incredibly helpful information security community that provides hacking tutorials, or Capture the Flag competitions (CTFs) or hackathons that I would have loved to have been a part of in my formative years.  

By now, I know you’re thinking, “Cool story, grandpa, but answer the question: how do I get a job in cybersecurity?” In my estimation, the answers are as follows:  

  1. Have a good attitude. 
  2. Be easy to work with. 
  3. Be a forever student. 
  4. Be bad at giving up. 
  5. Find and join a (preferably local) security community. 
  6. Grow where you are planted. 

Notice that none of those things mention anything specifically technical. No malware reverse engineering, red teaming, threat intelligence or security analyzing. I can tell you that to work at Talos, you must exhibit strong traits of all six of those things I listed. One through five makes sense. Good hackers are tenacious, smart, work well with others and seek out fellow friends to network and hack with. 

Number six though – what’s up with that? Simply put, life deals us all a hand of cards that we must play, and those cards may not be great. For example, you want to get a job in cybersecurity, but you’re a primary care giver of a family member and you don’t have a lot of freedom. You might be financially constrained. You may have health issues or a disability that limits some options. Or you simply just have a job that you don’t like, and a career in security calls out to you, but the bills don’t pay themselves. This is all common, and you’re a bit “stuck.”  

So while you’re stuck, find ways to grow where you’re planted. Study. Network locally or online. Try a CTF or a hacking competition. Whatever you do, just keep growing yourself, your skillset and your network. You can do it. And before you know it, you’ll have that career helping to fight the good fight with the rest of us. 

I believe in you! You got this! 

The one big thing 

Cybercriminals are increasingly exploiting Large Language Models (LLMs) by using uncensored versions, developing their own malicious LLMs or “jailbreaking” legitimate ones to bypass safety protocols. These compromised or malicious LLMs are then used to generate highly convincing phishing campaigns, create harmful code and automate various cybercrime operations, making attacks more sophisticated and scalable. 

Why do I care? 

Cybercriminals’ widespread abuse of LLMs lowers the barrier to entry for sophisticated attacks, making it easier for even less skilled actors to launch effective campaigns. This means you’re more likely to run into highly convincing phishing attempts, scams and malware that are difficult to distinguish from legitimate communications, putting your personal info and company security at higher risk. 

So now what? 

Given this evolving threat landscape, it’s important to be extra vigilant and skeptical online. Treat all online communications with caution, even if they look perfectly authentic. For individuals, that means double-checking emails and messages for anything fishy, no matter how well-written they seem. For businesses, it’s time to beef up your cybersecurity defenses, invest in smart threat detection and keep your employees sharp on how to spot and report these increasingly clever social engineering tricks.

Top security headlines of the week 

New AI Jailbreak Bypasses Guardrails With Ease 
On topic with our latest blog, the new “Echo Chamber” attack bypasses advanced LLM safeguards by subtly manipulating conversational context, proving highly effective across leading AI models. (SecurityWeek)

US insurance giant Aflac says customers’ personal data stolen during cyberattack 
Aflac says hackers stole an unknown quantity of its customers’ personal information from its network during a cyberattack earlier this month. (TechCrunch

APT28 Uses Signal Chat to Deploy New Malware in Ukraine  
A new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT. (The Hacker News

UK watchdog fines 23andMe over 2023 data breach 
The U.K. data protection watchdog has fined 23andMe £2.31 million ($3.1 million) for failing to protect U.K. residents’ personal and genetic data prior to its 2023 data breach. (TechCrunch

Can’t get enough Talos? 

Decrement by one to rule them all: AsIO3.sys driver exploitation 
Learn how our researcher, Marcin Noga, found two critical vulnerabilities in ASUS’ Armory Crate and AI Suite drivers. 

Talos Takes: Teaching LLMs to spot malicious PowerShell scripts 
Hazel chats with Ryan Fetterman from the SURGe team to explore his new research on how LLMs can assist security operations centers in identifying malicious PowerShell scripts.

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos
Wednesday, July 23
11:00 a.m. to 12:00 p.m. PDT
Join us for a discussion around the latest security detections developed for the SOC and how to find and remediate threats, faster.

Upcoming events where you can find Talos 

  • REcon (June 27 – 29) Montreal, Canada 
  • NIRMA (July 28 – 30) St. Augustine, FL 
  • Black Hat USA (Aug. 2 – 7) Las Vegas, NV  

Most prevalent malware files from Talos telemetry over the past week 

SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 
MD5: 2915b3f8b703eb744fc54c81f4a9c67f 
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
Typical Filename: VID001.exe 
Claimed Product: N/A 
Detection Name: Win.Worm.Coinminer::1201 

SHA 256: 05883fccb64dd4357c229ccca669afdacbfa0bc9a1c8d857f5205aed0a81e00a 
MD5: 71b973dbdfc7b52ae10afa4d0ad2b78f 
VirusTotal: https://www.virustotal.com/gui/file/05883fccb64dd4357c229ccca669afdacbfa0bc9a1c8d857f5205aed0a81e00a/details 
Typical Filename: PCAppStore.exe 
Claimed Product: PC App Store 
Detection Name: Riskware/VeryFast 

SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91   
MD5: 7bdbd180c081fa63ca94f9c22c457376   
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details
Typical Filename: IMG001.exe  
Claimed Product: N/A 
Detection Name: Simple_Custom_Detection   

SHA 256: c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 
MD5: 8c69830a50fb85d8a794fa46643493b2  
VirusTotal: https://www.virustotal.com/gui/file/c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0/details  
Typical Filename: AAct.exe  
Claimed Product: N/A  
Detection Name: PUA.Win.Dropper.Generic::1201 

SHA 256: 2a753cdc8c5401dcb67f3be58751a32ce23c875f8720a70459533b30e5ba4f1f 
MD5: 7d5a9a41157fb0002f5234b4512e0ac2 
VirusTotal: https://www.virustotal.com/gui/file/2a753cdc8c5401dcb67f3be58751a32ce23c875f8720a70459533b30e5ba4f1f/details 
Typical Filename: pros.exe 
Claimed Product: N/A 
Detection Name: Trojan.GenericKD.76128711 

Cisco Talos Blog – ​Read More