When a company hires a team of flaw-finding penetration testers, or ethical hackers, it’s important to confirm that “ethical” part.

The testers must be tested and vetted just like any other employee with access to sensitive data, according to IT pros who spoke with IT Brew. The investigation includes background checks and environmental controls.

“You’re basically trusting a vendor to attack you, right? That’s the premise of a pen test,” said Sue Bergamo, CIO and CISO at BTE Partners, which often looks for security gaps in a vendor’s networks and applications.

Pen-ultimate. Using tactics like social engineering, vulnerability scanning, and credential stuffing, a pen tester may look for access points via networks and applications and demonstrate exposures of sensitive data, like personally identifiable information and credentials—valuable items for an unethical hacker.

Read more here.—BH

Getting the right people the right access to the right applications? That’s a toughie in the simplest of times, and let’s face it—times aren’t so simple right now. IT leaders run a mile and back to build secure multicloud access.

Here’s the good news: Cisco experts at the forefront of multicloud architecture are hosting a webinar that’ll give you all the IT know-how. Prepare to dive into key findings from their 2023 Global Networking Trends Report on simplifying multicloud connectivity for distributed workforces.

Want a sneak peek? You’ll learn how IT teams are:

• increasing collaboration to simplify operations
• converging networking + security with a SASE architecture
• evolving to cloud-centric security for consistent operations and policy

Master the multicloud matrix. Register now.

All the world may be a stage, but the IT professional is no mere player. During a live announcement from the professional services firm of a benchmarking infrastructure “barometer,” Deloitte’s Michael Flynn emphasized that everyone, including the IT pro, has a role in building a country’s increasingly sophisticated services and facilities.

“This will only be delivered if we work together: Public and private sectors, advisers, investors, construction companies, technology, developers. You name it; there is a role,” Flynn, Deloitte’s global infrastructure, transport, and regional government leader, told the crowd during the company’s “Infrastructure for Good” presentation.

As billions of dollars are dedicated to infrastructure improvements like water delivery, sensor-embedded roads, and clean energy, IT pros are poised to be important builders of trust, who can demonstrate outcomes and that tech isn’t just being used for tech’s sake.

Read more here.—BH

Congratulations! You’ve finally convinced all of your coworkers, friends, and family to stop using “password” as their password. (No, not even passw0rd, Dad.) Now you need to teach them to stop keyboard walking.

Keyboard walking,the practice of choosing a password by typing a combination of letters that are next to each other on the keyboard, is more common than you might realize. According to new research released by password security software company Specops, millions of people are keyboard walking their way into a false sense of cybersecurity.

Specops looked at 800 million breached passwords to determine the top keyboard walks on three different standard keyboards. On the most popular QWERTY keyboard—named for those first six keys on the top row of letters—the prevailing keyboard walk was “QWERTY” (found over a million times), followed by “QWERT.” Perhaps the easiest two passwords for a slacker to choose, this side of “12345.”

But password walks happen on other keyboards too. On the French-designed Azerty keyboard, the top keyboard walk was XCVBN, which are the second through sixth keys on the bottom row of the keyboard. It was found more than 143,000 times. On the QWERTZ keyboard, used in central Europe, the most common keyboard walk was “QWERT,” found 1.4+ million times.

Until we all get passkeys and two-factor authentication, block these passwords on your network, if you’re in charge of one. And fire up that family group chat or the security tips Slack channel and let your people know about keyboard walking.

Keep reading here.—MM

Today’s top IT reads.

Stat: 82%. That’s the percentage of Norwegian adults who have Facebook accounts, and their government is threatening to fine Meta $100,000 per day for alleged privacy breaches. (Ars Technica)

Quote: “These technologies mimic and regurgitate our language, stories, style, and ideas.”—from an open letter signed by 8,500+ authors on how the makers of generative AI are using their work without permission or compensation (TechCrunch)

Read: The Biden administration added two European spyware companies to its list of organizations that US firms are forbidden to receive US technology. (the Wall Street Journal)

Sign up: Memberful is *the* software you need to build your client’s custom membership business. With best-in-class tools, including a GraphQL API, you can easily integrate Memberful with your client’s website. It’s simple to get started for free.*

^{*This is sponsored advertising content.}