Happy Fall Cleaning Month!

Happy Fall Cleaning Month!

Let’s wash our online draperies together and trim the virtual hedges, shall we?  It’s Fall Cleaning Month – October – Cybersecurity Awareness Month.

(Pumpkin Spicy Edition!)

Huh? What?

It’s a thing!  For 20 years now! Check out more at CISA - https://www.cisa.gov/cybersecurity-awareness-month

The theme is Secure Our World. You can find kitschy cringe (but still helpful) resources here – though people probably won’t consume them as is of their own volution.

https://www.cisa.gov/resources-tools/resources/secure-our-world-resources-cybersecurity-awareness-month-2024-toolkit

So that’s where we come in – my cat black posse and me. Or you can just…queue up the Bingo card…the one with no prize, not even a Cracker Jack prize.

Cybercrime Statistics…and some Why

Malwarebytes image that says "Romance scams costlier than ever: 10 percent of victims lose $10,000 or more."

You see that image and headline, right?  Romance scams are called “pig butchering” – they fatten up cyber-contacted but very real Wilbur and slaughter him at the right time with an old-fashioned long con. It’s disgusting, and no one wants to be ribs and bacon. Where’s Charlotte when you need her?  Spider cats necessary? How about that for a Halloween costume.  Oops – digression.

Um, RADIANT!

Breach City

You’ve probably noticed the myriad “we’re sorry…data breach…have some free credit monitoring” letters you get in the mail.  I’ve gotten so many in 2024 that I’m becoming complacent about them. (That’s bad).

Cybercrime is seriously underreported in the news.  We hear and see big companies being breached, but we feel unaffected unless something immediately shuts down. 2024’s biggest consumer-affected cyber event wasn’t even a data breach.  Instead, it was the failed Crowdstrike update. If you need to reminisce – here’s a song, BSOD - https://heathernoggle.com/wp-content/uploads/2024/07/BSOD.mp3

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Somehow cybercrime is deemed less important than some celebutante’s new hair color.

And yet, people are fascinated with true crime. Let’s give them more details of cybercrime!

Hint: Check out Maine's Data Breach List. Atop today’s list is an art museum, and then there are several others listed you’ve likely never heard of.

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/list.html

List from Maine's Data Breach Notifications

I recognized MEMC as a Missouri thing. Breach occurred in mid June and was discovered in mid September. Over 10,000 people affected, 5 of whom are Maine residents.

MEMC is located outside St. Louis.  It’s a real company making real things.  Lots of real things.

https://greaterstlinc.com/news/business-attraction/memc-celebrates-300-million-expansion-ofallon-missouri

“Wafers manufactured by MEMC are a critical component of computer chips used in industries ranging from telecommunications to automotive and aerospace. The improvements, which were originally announced in June of 2021, aimed to expand wafer production during an acute global chip shortage. This expansion adds capacity for 300mm silicon-on-insulator wafer manufacturing, including the creation of 100 new jobs, and brings more manufacturing capabilities back to the U.S.”

So, We Have to Make Some Changes, Right?

Right! More on that all month.

The Good News!

Small things you can do and help others do that help you start your journey…or those. Let’s prime the conversation.

1)      Recognize this – better cybersecurity is a journey.  You’re online to stay – at least as long as online is a thing.  And even if you abdicate the connected world, your data doesn’t, so you want everyone else on the journey, too.  Cybersecurity is as important as locking your doors and monitoring your windows.

2)      Start journeying, adventurer.  Let’s cover – as an overview – some of those small things. More details through this month of October, which is likely going to feature a whole lot of black cats demonstrating household chores and their cybersecurity equivalents.

3)      Each positive step matters, and the early parts of the journey help reinforce the need for later work.  If you’re not doing much now, start with cyber hygiene. If you’re working in an organization that’s not intentional about cybersecurity, understand the organization’s journey must begin, and you can help.

Moving Forward

Set that LinkedIn bell to “rung,” and you’ll see all of my content.  Several companies are releasing helpful content, too – many in the cybersecurity awareness and training space. Set your tolerance to Bingo, and go! Here are some links:

✨Wizer - https://www.wizer-training.com/cybersecurity-awareness-month-kit-2024

✨Hook Security - https://www.hooksecurity.co/security-awareness-kit

✨Ninjio - https://get.ninjio.com/stay-ai-aware-campaign-kit-banner

✨KnowBe4 - https://www.knowbe4.com/resources/free-cybersecurity-resource-kits/cybersecurity-awareness-month-kit

If I missed your company and you’ve put together a kit and you want to be listed, please DM me.

Wait, It’s All Writing?

Yes, indeed, it is. For the cybersecurity career-minded learners, many (perhaps most) are star-struck about the idea of working as a penetration tester.

In other words, they want to hack for a living – with authorization – and get paid to do so. I mean…how cool is that?

As you might have already surmised, there are many legal and ethical boundaries around such work.  What’s in scope?  How do I prove my results and actions?

And, writing.  So, so, so much writing.

Learning to write well is a skill. Tones in writing can vary from loose and full of slang to extremely formal duels between whilsts, shalls, and heretofores. You can hear the clash and air slash of such word swords.  The grunts of the swordfighters.

The good news about this flavor of technical writing is that there’s a structure to it.  The core sections of a penetration testing report won’t vary much. You’ll establish a tone to the writing and an order of presenting results that repeats even when clients change.

You’ll have to repackage the same information in a succinct form for consumption by the business minded, as they don’t want to read reams of details about how you and your team compromised a very specific endpoint and escalated into ownership of the network.  They instead need to know business impact for now and in the future. What to fix, why, and enough detail to help determine in what order.

Small businesses operate better when their processes and procedures are documented and documented well.  So, non-technical people, you’re not exempt from strong writing.

Where’s Heather?

In a couple of days, I’m invading Iowa to bring the story of the Missouri Cybersecurity Center of Excellence to CornCon. My talk is up against Joshua Copeland, so I probably have to bribe people to attend.  Or dress as a Spidercat.

Bribery it is…hmm.

Okay – looking at the whole…I’m fighting all of DirecTV, too?  AND they know I cancelled their service?

If you’re going to CornCon, please say hello.  I’m probably the only long gray-haired lady…but maybe not.

(Additionally, I am disheartened that I have to miss both of these talks).

Additional content related to my talk’s theme, here’s an article I wrote and placed at Elnion about training the next generation for advanced tech jobs

https://elnion.com/2024/09/24/training-the-next-generation-for-advanced-technology-jobs/

Professional Excitement

You probably already know that I do some on-the-side consulting and writing. Next week we announce a new Codistac service…and I’m very excited to do so.

But, alas, we must wait.  Still figuring out a few details regarding how it’ll come together.

[Enter stage, Vague Cat]

A black cat with its features in shadow

For now, if you need a writer about technology or some help on your technical company’s posture and messaging to non-technical stakeholders, please reach out. I am actively seeking more work through 2024 in these areas and can be available for working some wizardry on your software projects as well.

Thanks for Reading!

(And see you in two weeks via newsletter)

Kayla Marie Paden

Software Developer | Tech Initiatives Organizer | Lifelong Musician

2mo

Heather, you would be so proud. The cafe at our work named their entrees in honor of Cybersecurity month. We had Firewall Chicken Tenders and Encryption Soft Tacos (they had a secure shell).

John H. Upchurch [KCSP┃DUO Security Admin]

SEEKING roles where I can contribute value: Security Awareness Trainer┃Identity & Access Management┃IT Leadership┃[15+ Years of Combined EXPERIENCE: Cybersecurity • Help Desk • Desktop Support • Networks • Healthcare IT]

2mo

Happy Cybersecurity Awareness Month! 🥳

Charlie "Doc" Barton, PhD, MBA

Results Strategist: Transforming Your Company's Vision into Sustainable Profitability | Process Improvement Expert & Coach (Not Consultant) For Small to Mid-sized Organizations

2mo

First, I love the black cats. Second, I am disgusted by the need to spend my time and energy dealing with data breaches. To me, such behavior demonstrates the lack of value placed on the lives of the folks who've been compromised. Third, at this point, I've lost track of how many notices I've received...many of them months after the breach occurred. "Small businesses operate better when their processes and procedures are documented and documented well." -- We are on the same page, Heather Noggle. Have fun at the conference!

Swati Nitin Gupta

B2B Cybersecurity Content Specialist | 4X Cybersecurity Awareness Champion | Writer at Medium & HackerNoon | CySec Writer| B2B Technical Writer | Making Tech interesting for SMBs and Startups

2mo

Halloween there, Navratri (Nine nights of reverence of Goddess Durga) to some other festival somewhere else, #October marks a change in season, weather, and kick starts festivities all over the world.

Aaron Lax

Info Systems Coordinator, Technologist and Futurist, Thinkers360 Thought Leader and CSI Group Founder. Manage The Intelligence Community and The Dept of Homeland Security LinkedIn Groups. Advisor

2mo

This is an important month, to ensure the word of change comes in fall we are seeing that in nature, we must see it in the world of our digital information thanks Heather Noggle

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics