Uncle Sam wants YOU in cybersecurity. No, really. Can you start now?

More than one-third of US government security employees surveyed believe their agencies’ security teams will never be fully staffed, according to a new report from security automation platform Swimlane, which included input from more than 100 cybersecurity staffers at the federal level.

The hyper-specific requirements for cybersecurity jobs are contributing to the pessimism: The study found that 83% of federal agencies have openings on their security teams, and 64% say they could fill a position faster two years ago. (Some 67% percent of public sector respondents across all industries said the same.)

The report highlights the vacancies as agencies are gearing up to comply with the Biden administration’s Zero Trust mandates, which generally call for the federal government to harden cybersecurity in compliance with stricter standards by the end of next year.

“Security teams within the federal government are expected to investigate and remediate thousands of alerts daily while keeping up with evolving mandates,” the report said. “Many are navigating these challenges with chronically understaffed teams, as finding candidates with the right mix of technical expertise, relevant experience, and industry-specific knowledge has become increasingly difficult.”

Read more here.—KG

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Cyberattacks can really hurt your business. And not just by halting business ops. They also demolish customer trust and can leave you and your customers open to serious invasion.

The good news? You can prevent many of these cyberattacks with effective password management from the team behind NordVPN.

NordPass is an intuitive password manager that keeps your company secure and guards every digital entry point to your business. It’s the only password manager in the market that uses the XChaCha20 encryption algorithm (trust us, that’s the good stuff).

But don’t let the tech trick ya. NordPass is super easy to use. In fact, it’s so easy, your entire team can adopt NordPass—which is ideal, since password managers work best when everyone uses them. But no sweat if your team needs some help, because NordPass offers 24/7 tech support.

Get free NordVPN accounts for your team when you purchase NordPass Business.

Programmer and CEO Sage Wohns says there’s no need to fear a future of hostile AI, because hostile AI is already here. And it’s in your inbox.

Wohns told IT Brew that malicious hackers and cybercriminals are using ChatGPT and other generative AI to create sophisticated phishing attempts that can fool almost anyone, even him. That’s why he created Jericho Security, a new tool that fights generative AI with generative AI, creating highly personalized white-hat hacking attempts to help companies test their employees and train them to avoid even the most sophisticated scams.

Why it matters. Realistic malicious email campaigns are on the rise, especially those that are personalized and harder to detect. Security firm Darktrace told IT Brew in April that it had detected a 135% increase in phishing attempts with fewer spelling and grammar mistakes, more complex sentences, and more elaborate ways to trick people into doing something that would expose their network.

Why AI? Jericho Security is betting on the “it takes one to know one” principle. “These are Turing-based machines,” said Wohns. “They’re designed to attack us and sound like they’re human. It’s trying to confuse us, trying to convince [us].” That, in a nutshell, is makes a good phishing scam. And the theory is that the more familiar people are with what they sound and look like as they evolve, the more likely they are to avoid them. “We’ve got to be able to be better at spotting those things moving forward,” said Wohns.

Read more here.—MM

In cybersecurity, you’ll get questions like:

Do we have Microsoft Outlook vulnerabilities?

Which credentials in my company have been compromised?

Who the heck is Lapsus$?

Many software firms—including SentinelOne, Cybersixgill, eSentire, and CrowdStrike—are offering AI-powered assistants, based on language-learning models, to provide the answers. Firms releasing the promptable features believe that their standout quality will be the unique, often company-specific data used to train the predictive tools.

“The technology for these models is available to everyone, right? And so the differentiator is really going to become, what data do you have?” said Dustin Hillard, CTO at eSentire.

The data being fed to the language-learning models is embedded expertise, including threat reports and findings from a given vendor.

“Your ability to take that and return it back to your customers in a way that they can use for real-time answers is the exciting capability,” Hillard told IT Brew.

Meet the new AI paper clips. CrowdStrike’s “Charlotte,” SentinelOne’s “Purple AI,” eSentire’s “Investigator,” and Cybersixgill’s “IQ”—all announced in the spring of 2023—use their own brand of threat-response alerts and details as their training input. Charlotte pulls from thousands of messages from CrowdStrike’s “OverWatch” threat team; Purple AI can contextualize seemingly unrelated events to provide a more comprehensive analysis; Investigator uses the company’s telemetry from its hundreds of inputs; IQ has knowledge of dark-web data sets.

Keep reading here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: 218,000. That’s the number of Zoom enterprise customers who might be surprised to hear Zoom CEO Eric Yuan say it’s too difficult to collaborate via video chat. (The Register)

Quote: “Customers [using accounts for crypto mining] frequently consume thousands of times more storage than our genuine business customers, which risks creating an unreliable experience for all of our customers.”—Dropbox, in a blog post on why it’s cutting its unlimited storage plan for Advanced members (Dropbox)

Read: Here are the AI skills that are most likely to score the big bucks. (Computerworld)

Security savior: Hacks are costly and dangerous. Luckily for you, NordPass can help safeguard accounts + protect important data. Purchase NordPass Business and get free NordVPN accounts for your team.*

^{*A message from our sponsor.}