Latest news of Cyber Security Recruitment!

2023 - The Year Jobs Disappeared

As we near the end of the year let's take a look, at the job market trends in 2023. It seems that some prominent tech companies have been downsizing their workforce, which leaves us pondering whether they are reacting to difficulties or seizing prospects. Come along with us as we investigate into the organizations that underwent layoffs this year.

According to the Forbes layoff tracker over 305,000 employees experienced layoffs throughout the year. These job reductions began in January with tech giants. Continued through the summer and fall even as concerns about a recession decreased and unemployment rates remained relatively low.

Numerous notable layoffs occurred in companies such as Amazon, Alphabet (Googles parent company, Disney, Meta, Microsoft and Salesforce. For example, Amazon announced plans to lay off 8,000 employees in January due to the "economy." They later implemented layoffs in March and November.

Alphabet made decisions by cutting approximately 12,000 jobs in January. The CEO described these actions as measures to seize opportunities particularly, in AI investments.

In a round of layoffs conducted in January Microsoft affected 10,000 employees. Further layoffs were reported within the sales and customer service departments in July.

In times Meta, the parent company of Facebook had to make some tough decisions regarding its workforce. They implemented job cuts this year letting go of 10,000 employees in January and an additional 6,000 in May. These measures were taken as part of Meta's efforts to improve their performance during a challenging period.

Similarly, Salesforce also faced challenges and had to reduce its workforce by cutting 7,900 employees in January. However, they managed to hire 3,300 employees in September.

Other known companies like Dell Technologies, IBM and CVS Health also had to make adjustments due to market conditions or operational needs which resulted in varying degrees of layoffs.

It is important to note that despite these job cuts across different companies the overall unemployment rate in the United States remained relatively low. In November the US labor market added 199,000 jobs and the unemployment rate dropped to 3.7%. This is an improvement from the peak unemployment rate of 14.7% recorded during April 2020 amid the pandemic.

There are factors contributing to this resilience in employment levels. For instance, there has been an increase, in annual hourly wages indicating some wage growth. Additionally, non-farm employers have managed to maintain stable layoff rates compared to the chaotic period experienced back in 2020.

The Impact Extending Beyond Tech Companies

Although tech giants have received media attention other industries have also faced substantial layoffs in 2023. The Big Three automakers in Detroit. Ford, General Motors and Stellantis. Had to let go of thousands of employees primarily due to the effects caused by a strike carried out by the United Auto Workers. These automakers were forced to lay off numerous workers during the six-week strike.

A Year Defined by Economic Challenges and Adaptation

The year 2023 was characterized by challenges, job reductions and the need for adaptability. Layoffs were partially driven by concerns about a recession especially as the Federal Reserve increased interest rates to combat inflation. These rate hikes affected various sectors influencing hiring practices and employment trends.

While 2023 brought uncertainty for workers it also demonstrated the resilience of the US job market. As the year came to an end the nation continued to navigate through changing landscapes, in employment and economic stability.

Join a leading consultancy firm in Amsterdam that specializes in providing trusted solutions for evolving cybersecurity risks. As a Senior Consultant in the Cyber Risk Management team, you will play a crucial role in helping clients navigate complex cybersecurity challenges.

Responsibilities:

1. Cyber Transformation: Enhance cybersecurity measurements, monitor processes, and develop sustainable strategies.
2. Cyber Assessment: Evaluate cybersecurity programs, technologies, and information security processes.
3. Data Protection & Privacy: Advise on data privacy, GDPR programs, and confidentiality/security of sensitive data.
4. Vulnerability Management: Build and manage tailored vulnerability management programs for clients.

Requirements:

• Bachelor's or Master's degree in Business Information Technology or a technical field.
• 2–5 years of relevant work experience.
• Passion for consulting and cybersecurity.
• Knowledge of cybersecurity assessments, policies, standards, and frameworks.
• Familiarity with ISO 27001/2, NIST CSF, GDPR, and cybersecurity laws.
• Willingness to travel within The Netherlands and a valid driver’s license.
• Excellent Dutch and English communication skills.

Benefits:

• Attractive employment package including vitality sessions, flexible working options, and home office resources.
• Comprehensive birth leave coverage.

Note: Pre-employment screening will be conducted based on laws, regulations, and company standards.

APPLY NOW: HERE

Cyber Security Recruitment Joins Forces with Z-CERT to Safeguard Healthcare

Let us introduce Z-CERT. Z-CERT stands at the forefront of cybersecurity expertise in the Netherlands, specializing in safeguarding healthcare institutions from progressing digital threats. As a vital resource, Z-CERT offers tailored advice, threat intelligence, and proactive network monitoring to ensure the resilience of hospitals and healthcare entities.

Listen to the Z-CERT story in this podcast episode of the Cyber Security Talks podcast!

LISTEN NOW: HERE

In anticipation of the growing challenges in the cybersecurity landscape, Z-CERT is strategically positioned for significant expansion, with plans to double in size within the next year. This is where Cyber Security Recruitment comes in! This collaboration aims to bolster Z-CERT's expanding Operations and Relations teams, offering a unique opportunity for purpose-driven individuals to contribute meaningfully to the evolving landscape of Dutch healthcare cybersecurity.

Follow Cyber Security Recruitment for all Z-CERT opportunities!

Current opportunities:

Coordinator Testing and Cybersecurity Specialist

Full Time | Amersfoort

Responsibilities:

Coordinator Testing (50%):

- Contribute to Z-CERT's evolving testing program, focusing on Red Teaming and Resilience tests.

- Facilitate, coordinate, and guide Red Team tests for healthcare institutions.

- Analyze test results, maintain participant relationships, and provide advice.

- Develop Targeted Threat Intelligence reports for Red Teaming tests.

Cybersecurity Specialist (50%):

- Detect and translate vulnerabilities and threats for Z-CERT participants.

- Collaborate with participants to implement mitigating measures.

- Contribute to creating a continuous threat landscape for the healthcare sector.

Requirements:

- HBO+/WO level of education

- Profound knowledge of internet functionality, computer networks, and cybersecurity.

- Experience organizing and guiding tests.

- Certifications such as OSCP, OSWE, OSCE, CRTP, CRTE, GPEN, GXPN, GCPN, or equivalent.

What We Offer:

- Competitive salary: €4214 - €6227 (Scale 12), depending on experience.

- 13th-month salary, pension plan, and study opportunities.

- Various leave arrangements, flexible working hours, and commuting benefits.

- Unique chance to contribute to a socially impactful sector.

- Company laptop and phone.

- Hybrid working option with an office in Amersfoort.

If you're passionate and collaborative, apply now, and let's make a difference in healthcare cybersecurity together!

APPLY NOW: HERE

Business Consultant

Full Time | Amersfoort

Requirements:

• Work experience in cybersecurity/information security
• HBO level of education
• Enthusiasm for contributing to digital security in healthcare
• Accurate knowledge of healthcare developments
• Self-organizational and team collaboration skills
• Strong communication and social skills

Responsibilities:

• Primary contact for healthcare institutions, managing service portfolios
• Build and maintain relationships with CISOs
• Actively engage in cybersecurity discussions and knowledge sharing
• Analyze and respond to inquiries, maintaining active communication
• Facilitate the formation of a community for information exchange
• Translate needs into improvement recommendations for products and services
• Contribute to continuous service development

Benefits:

• Meaningful work in the healthcare sector
• Significant responsibility and autonomy
• Competitive salary with a 13th-month bonus
• Collective pension scheme
• Designated focus area with participating healthcare institutions.

APPLY NOW: HERE

Top 10 Exploited Vulnerabilities in 2023

As we come to the end of 2023 it is clear that just like every year our systems have encountered vulnerabilities. Let's look into the vulnerabilities of the year that malicious actors exploited for their nefarious activities ranging from ransomware attacks to cyber espionage. It is worth noting that this affected products, from Microsoft, Citrix, Fortinet and other companies underscoring the importance of patching.

1. MOVEit Vulnerability (CVE-2023-34362) Exploited by the CL0P ransomware group, this SQL injection vulnerability in Progress MOVEit Transfer allowed unauthorized access to the database. Severity: 9.8 (Critical).

2. Microsoft Outlook Privilege Escalation (CVE-2023-23397) A zero-click vulnerability affecting all Outlook versions, exploited by a Russia-based threat actor for Net-NTLMv2 hash leakage. Severity: 9.8 (Critical).

3. Fortinet FortiOS Path Traversal (CVE-2022-41328) Chinese cyberespionage groups leveraged this privilege escalation vulnerability to read and write arbitrary files. Severity: 7.1 (High).

4. ChatGPT Off-by-one Error (CVE-2023-28858) Redis-py vulnerability in ChatGPT allowed users to view others' chat history simultaneously. Severity: 3.7 (Low).

5. Windows Common Log File System Driver Privilege Escalation (CVE-2023-28252) Exploited by the Nokoyawa ransomware group, this allowed code execution with SYSTEM privileges on Windows OSes. Severity: 7.8 (High).

6. Barracuda Email Security Gateway RCE (CVE-2023-2868) UNC4841, linked to the People's Republic of China, exploited this vulnerability for system command execution. Severity: 9.8 (Critical).

7. Adobe ColdFusion Arbitrary Code Execution Affecting multiple versions, this vulnerability allowed arbitrary code execution. Severity: 9.8 (Critical).

8. Citrix Bleed Vulnerability Exploited by LockBit 3.0 Ransomware group, it exposed sensitive information on Citrix NetScaler ADC and Gateway appliances. Severity: 7.5 (High).

9. Windows SmartScreen Bypass (CVE-2023-24880) Magniber ransomware and Qakbot malware actors exploited this vulnerability, bypassing Windows SmartScreen. Severity: 4.4 (Medium).

10. SugarCRM Remote Code Execution (CVE-2023-22952) Threat actors could inject custom PHP code, exploiting this vulnerability in SugarCRM Email templates. Severity: 8.8 (High).

Users are urged to upgrade to the latest product versions to mitigate these vulnerabilities and guard against potential threats. Stay secure!

Bridging Minds in Cybersecurity - Unveiling Mental Health Realities

As we are starting 2024, join us for an insightful evening dedicated to prioritizing mental well-being in the world of cybersecurity. Prioritizing mental well-being is important, particularly in the field of cybersecurity. The high-pressure environment, coupled with the solitary nature of the work and long hours, presents various mental challenges. That's why our upcoming event is here to support you. Let's kick off 2024 on the right note by addressing the mental health aspects of the cybersecurity world.

Agenda:

1. The Momentum of Mental Health Issues in Cybersecurity: Explore why mental health is gaining prominence in cybersecurity. Beatrice will share insights into the profound impacts of incidents on professionals' well-being, fostering collective awareness.
2. Current Research Findings: Delve into the latest research on mental health in cybersecurity. Beatrice, with her dual expertise, will highlight key findings, sparking meaningful discussions about challenges faced by industry professionals.
3. Tips and Tricks: A Toolbox for Individuals and Teams: In this practical segment, Beatrice shares actionable insights to enhance mental well-being. Whether you're an individual or part of a team, learn strategies to mitigate stress, build resilience, and foster a culture of well-being.

What to Expect:

• Engaging in presentations and interactive discussions
• Networking opportunities
• Free pizza and beers!

When: Thursday, January 11th, at 5:30 PM

Where: WeWork, Weesperstraat 61, Amsterdam

Attendees: Limited spots available! Reserve your free spot on a first-come, first-served basis.

Don't miss this chance to gain valuable insights, connect with industry professionals, and kick off the new year with a focus on mental well-being in cybersecurity. See you there! 🚀🔐

RESERVE YOUR SPOT NOW: HERE

New Phishing Scam Targeting Instagram Users and Their Two-Factor Authentication Backup Codes

A recent discovery has brought to light a phishing campaign that specifically targets users of Instagram. This campaign employs tactics to trick victims into revealing their backup codes, for two-factor authentication on Instagram.

The attackers have devised a template that claims copyright infringement creating a sense of urgency and prompting users to take action.

Instagram's backup codes consist of five sets of eight-digit numbers. These codes are utilized when users wish to log in from a device while having two-factor authentication enabled. Users have the option to generate a set of codes by accessing their Instagram accounts.

As per a report, by TrustWave during this attack phase the threat actors impersonate Meta, the parent company of Instagram. Send emails to victims.

These emails falsely allege that an Instagram account has violated copyright laws and must be appealed within 12 hours. Failure to appeal within the given timeframe may result in the deletion of the Instagram account as stated by the threat actors message.

Upon clicking on the embedded button in these emails users are directed to a Meta website. However, upon analysis, it becomes evident that these emails originate from a domain called "contact helpchannelcopyrights[.]com," which is not owned by Meta. The suspicious website called Meta appears to be hosted on Bio sites, a platform that tracks user traffic. This particular site acts as a link, to the phishing website by redirecting users when they click on the "Go to Confirmation Form" button.

It cleverly disguises itself as a Meta Portal Appeal centre. Even includes a "Continue" button. Once users click this button they are prompted to enter their username and password.

After providing their credentials users are then asked to confirm if they have enabled two-factor authentication for their account. If they select "Yes" the website proceeds to ask for their backup code. Redirects them to the page. On this page, users are requested to provide their email address and phone number.

It's important to note that malicious actors have been consistently improving these websites leading to changes in the user interface. A comprehensive report has been published that delves into this phishing campaign offering insights, into how it tricks victims identifies websites and provides relevant information.

Pay attention to any alerts or messages originating from the site and stay safe in the cyber environment.

Check Out the Latest Job Positions!

We also have openings for the roles of Application Security Analyst and Senior Advisor Cyber Security. Click here to discover all our job opportunities or send an email to our team at info@csrecruitment.nl if you have any questions.