Our goal as a company is to get our customers to zero... zero breaches, zero threats, zero vulnerabilities, zero inadequate cybersecurity controls. We've committed to achieve this by continually investing to outpace the adversary across our technology, people and processes. Today, I'm excited to share insights about one of our highest priority investments: advanced ransomware protection.
The Ongoing Threat of Ransomware
You don't need to look far for evidence of this problem; ransomware (and the business disruption associated with it) is a top concern for IT leaders. My colleagues have spoken previously about the evolution of both the technology and tactics surrounding ransomware as well as measures you can take to combat this growing threat. In this post, I will describe the project, including the measures our threat hunters, data scientists, and security engineers are taking in order to solve this problem. I'll elaborate on the reasons we are 'betting big' on this solution. And, I'll share how we're leveraging these investments to help our customers drive their ransomware risks toward zero.
We're making exciting investments across many facets of our service, including these three we believe will deliver the most impact for our customers in the coming months:
- Expanded Coverage for Cloud and Network Attack Vectors
We've long touted the necessity of gathering telemetry across the entire environment. This wealth of data has enabled new detections and response capabilities for network and cloud detections specifically. We have also created new anomaly detection models that improve the precision and efficiency of our threat hunting; while this is important for us as a service provider, it's even more important for our customers, who benefit from faster detections and response, especially for unknown threats. This is how most ransomware attacks start: through account takeover, phishing and misconfiguration exploits; so expanding our detection coverage to address these vectors drives down ransomware risk.
- Self-Service Security Maturity
We're constantly looking for new opportunities to help our customers stay ahead of increasingly sophisticated attacks that we're seeing target SMB organizations. To that end, we're also continuing to expand our maturity model functionality, which we now deliver through an interactive web portal. The maturity model helps our customers shift into a more proactive security posture while automating tedious compliance tasks. The portal, which serves as a vehicle for our detailed and prescriptive reporting, as well as self-directed evidence repository for customers, helps our customers reduce their attack surface further by removing and remediating vulnerabilities. Exceptional hygiene still plays a role in preventing ransomware - CSO magazine notes that 60 percent of breaches in 2019 involved vulnerabilities for which a patch was available but not applied. Following recovery of key systems after a ransomware attack, many organizations begin hardening their systems with these types of controls. You shouldn't wait until after an attack before you begin hardening your defenses. Our portal makes it easier for our customers to proactively drive down their risks.
- A New Prevention Standard
Unfortunately, proactive hardening isn't always sufficient to stop advanced attacks, so we're complementing that with our newest investment initiative: Creating a new standard for ransomware and data extortion attack prevention. We're training our machine learning models on ransomware specifically, to yield detections that extend beyond what our security engineers could think to look for, and do so faster than our threat hunters could achieve without AI-augmentation. As our Threat Research division ramps up, and as more organizations engage us to help them with ransomware, we gain more data about attacks that enables us to continually raise our own prevention standard.
Collectively, we call these initiatives our Zero Ransomware Initiative because our goal is for customers to lose zero minutes of sleep over the thought of the paralyzing disruption of a ransomware attack. We aim to eliminate cybersecurity anxiety with an application of purpose-built technology and focused human analysis.
How We Will Get There
Our approach delivers an unprecedented detection and response capability for ransomware to SMB and Mid-Market organizations. And we're deploying new capabilities to ensure we deliver, including anomaly-detection based ransomware detections that adapt with dynamic attack techniques to remain effective, as described above. Beyond the aforementioned cloud and network detections, the endpoint remains a critical part of our pursuits. We'll be announcing an exciting new partnership in the coming weeks that will complement our endpoint capabilities with additional visibility, prevention and response capabilities.
Why Ransomware? Why Now?
Why invest so much of our time and money into ransomware protection? Quite simply, it is the category of attack that results in the highest material impact to those in the market we want to serve, small and medium sized enterprises. These organizations face the same threats as larger enterprises, but often without the people, processes and technology to defend against sophisticated attackers. And these types of attacks are growing in both sophistication and reach. According to Gartner, twenty-seven percent of all malware incidents experienced in 2020 can be attributed to ransomware. That's an especially concerning proportion when you consider the average ransom payment in just the second quarter of 2020 was $178,254 according to Coveware.
Now that we've begun deploying our new Zero Ransomware Initiative advanced ransomware capabilities to improve protection for our customers, we'll continue looking for new ways to improve their security posture. Our quest for zero breaches is never done, but we're taking another big leap forward with this initiative. For more on the problem of ransomware, check out The Rise of RaaS white paper.
Yun Freund considers her background to form the “typical immigrant story” — but sitting down with the SVP of Platform and Product at Equinix, it’s clear she’s made it her own.
“I came to the United States about 30 years ago with $80 in my pocket. I earned a CS degree from a Beijing university when computer science was new. I was good at math, so that’s what I studied,” explains Yun.
Fast forward a few decades, and Yun is now running one of the largest organizations at Equinix, a Fortune 500 digital infrastructure company focused on providing an interconnected platform to its global 10k customers. While focusing on external growth — the business has grown nearly 40% since her arrival — Yun has also invested in internal progress, especially when it comes to Equinix’s Diversity, Inclusion, and Belonging (DIB) goals.
“I know first-hand how hard it is, as an Asian and a woman, to be able to survive and excel at a workplace, and I’m proud of how Equinix has grown to be an amazing workplace where employees feel that they are safe, belong, and matter,” says Yun.
That’s not just her opinion. Glassdoor confirms this, having given the company a “best place to work” distinction in 2021, and a special award for best places to work for LGBTQ+ equality list by the Human Rights Campaign Foundation.
We were excited to learn more about Yun’s strategies for empowering her team — including her belief that making room for failure is just as important as celebrating success.
The Intersection of Technological Innovation and People Management
Yun first heard about Equinix through a recruiter. Decades into her career in tech leadership, she was looking for a role where she could drive innovation in both technology and people management.
“After many rounds of discussion with our executives, I realized Equinix is a company that’s full of potential. It was doing a lot of innovation on interconnected SaaS products and networking products, and I thought I could really help drive, from a culture and process perspective, the company's digital transformation journey,” reflects Yun.
Her first order of business? Building a strategy for scaling product development. Yun had long worked at the intersection of engineering and people management, and she embraced the challenge to scale a talent strategy as well as changing the culture.
That resulted in clear growth — not just for Yun’s career, as in promotions and new responsibilities, but also in what the company was able to do.
“Helping to cultivate a DevOps culture, move products to the Cloud for high reliability and availability, and build operational excellence for our customers is contributing to us fulfilling our purpose, which is to be the platform where the world comes together, enabling the innovations that enrich our work, life and planet,” says Yun.
Diverse Ways of Measuring Impact
Yun doesn’t manage her team by the balance sheet alone.
“Improving the bottom line, or operating more efficiently, is just as important as improving the top line, or driving more revenue and more customer adoption,” she says. “Sometimes it’s not about how we get new products and services out the door, but how we run things more efficiently.”
For Equinix, says Yun, that includes committing to becoming carbon-neutral by 2030.
“We’re a company that really touches life every day, from online shopping, to sending emails and streaming movies, to smart cars,” says Yun. “We want to be doing that sustainably. For example, by using AI and machine learning to lower our power consumption and using green sources of energy.”
Yun knows that to drive the most impact, Equinix needs a diverse team. She has partnered with other senior leaders and employee connection groups and started driving a more coherent DIB strategy across the company. She is excited to see the progress and wants to continue the effort in building a diverse and safe workplace for everyone — including by leading through her own example.
3 Key Ways to Empower Your Team
When Yun says that it’s important to empower your team, she doesn’t mean that you simply transfer the responsibility to your team and call it done. Here’s what she does mean:
- Embrace failure. “It’s easy to say, ‘Ah, empowerment. Here’s the purpose, go drive impact.’ But sometimes it’s not all rosy,” she says. “The road to empowerment can sometimes be a failure. How do you support your employees along the way? When they fail, you should not blame them. You should be there, on their side, to help them do a retrospective and learn from it.”
- Show trust via delegation. “Giving your team the opportunity to make their own decisions helps give them a purpose. It shows them they can make a difference. Accountability and ownership will help drive your team to have deeper engagement and commitments, and ultimately deliver results.”
- Tie individual responsibilities to company OKRs (Objectives, Key Results). “I always communicate to my team that every engineer and individual contributor’s work will have an impact on the business, no matter how small that is,” says Yun. For example, if an engineer is working on a new digital experience component for the customers, their work will contribute to some kind of business outcome such as, hours saved from many customer support calls or customer satisfaction score improvement, and that in turn drives operational efficiency and customer experience improvement for the whole business. “When employees realize their impact on the business, it elevates their motivation as well as their state of mind.”
We all have our favorite websites– the ones we frequent, bookmark, and recommend to others. You might even enjoy some website features so much that you’ve found yourself wondering why they aren’t more popular. Or maybe you’ve experienced times where you were frustrated with a website and wished you could add features or even design your own!
If you’ve ever found yourself intrigued at the prospect of designing and developing your own websites, then a career as a web developer might be just for you!
As a web developer you would be responsible for coding, designing, optimizing, and maintaining websites. Today, there are over 1.7 billion websites in the world and, in turn, the demand for web developers is on the rise. In order to figure out what kind of web development work best suits you let’s start with an introduction to the three main roles in web development that you can choose from.
The Three Types of Web Development Jobs
Front-End Web Development: The Creative Side
In addition to programming skills, front-end developers need to be detail oriented, creative, willing to keep up with the latest trends in web development, cyber security conscious, and geared toward user-friendly designs. The median salary for a front-end developer can reach well into the $90,000 to $100,000 range.
Back-End Web Development: The Logical Counterpart
While a house can be beautifully decorated, it’s incomplete without a solid foundation and efficient infrastructure. Similarly, a well-designed website depends on logical and functional code to power the features of that website. Back-end web development is code-heavy and focused on the specifics of how a website works. If you enjoy the analytical challenge of creating the behind-the-scenes code that powers a website, then back-end development is for you.
Full-Stack Web Development: A Little Bit of Everything
A full-stack developer is essentially the Jack (or Jill)-of-all-trades in web development. Full-stack developers need to be knowledgeable about both front-end and back-end roles. This does not necessarily imply that you would need to be an expert in both roles, but you should fully understand the different applications and synergies they each imply. In order to work in this position, you will need to know the programming languages used by front-end and back-end developers. In addition to these languages, full-stack developers also specialize in databases, storage, HTTP, REST, and web architecture.
Full-stack developers are often required to act as liaisons between front-end and back-end developers. Full-stack developers need to be both problem solvers and great communicators. The end goal for a full-stack developer is to ensure that the user’s experience is seamless, both on the front-end and on the back-end. In return, you can expect to earn a median salary of $100,000 – $115,000 a year for this role.
Taking the Next Step
Web development is both in-demand and lucrative! All three roles described above contribute to specific aspects of web development and the scope of each one can be customized to the industries and positions you feel best suit you. Regardless of which role you choose, all of them need a foundation in programming.
To gain the programming skills needed in each role, you can enroll in courses or learn independently. Coding bootcamps are a great way to boost your skillset quickly and efficiently.
Click here for some of our highly rated programming bootcamp options! Make sure to check out the discounts available to PowerToFly members.
💎For a successful job search you need to be very strategic, focused, and intentional about your career. Watch the video to the end to get advice on how to achieve it!
📼Be successful in your job search by identifying the career goals you’d like to achieve over the next 12 to 18 months. LaMont Price, Senior Recruiter, and Meg Fronckowiak, Senior Talent Acquisition Recruiter at Tenable, share with you the benefits of having a short-term career development plan and understanding your unique value proposition.
📼A successful job search requires you to take a deep dive into the job description. Look at your resume and try to match the skills and the qualifications and highlight that on your resume, so it stands out. Secondly, do your research. You want to make sure that you've taken a look at the company website. You've looked at the leadership of the company, the size of the company, and the culture of the company. And to go one step further, look at the interviewer. Look them up on LinkedIn, and take a look at their background. Recruiters always look for people who have great insightful questions that show the level of research the person did.
📼You’ll be successful in a job search if you know how to face the interview process. Every interview includes some don’ts. Don't be late. There's nothing worse than showing up late for an interview. Dress Professionally. Try to be in a quiet place so that you're not distracted. Get through the interview process, show that you're engaged, and have good body language. At the end of the interview, you always want to ask if there's any question that maybe you weren't able to answer. And always ask about the interview process to get a good understanding of the timeline.
A Successful Job Search Requires Research - Learn About A Company’s Values!
Recruiters need to know if you are aligned with the company’s culture. If you want to apply to Tenable, you should know that its core values are diversity, equity, and inclusion. They work together and they win together, and this is an idea that resonates throughout the entire organization. Tenable celebrates all of its employees. This allows them to focus on the equal representation of women and minorities in technical roles, sales roles, and leadership roles. The company provides training for all of its employees in diversity, equity, and inclusion. This helps employees to understand how their behaviors can impact others. Make sure to show that you are aligned with these values during your interview!
🧑💼 Are you interested in joining Tenable? They have open positions! To learn more, click here.
Get to Know LaMont Price and Meg Fronckowiak
Over the last 25+ years, LaMont Price has researched, analyzed, and optimized services and products by exploiting the latest tools and tactics aligned with the strategic goal via Attention, Differentiation, Trust, and Memorability. Meg Fronckowiak has been working in the recruiting and talent attraction since 2003 and she spent the majority of her career working across all disciplines including, Building out GTM Teams, Accounting & Finance, Marketing, Operations, and Sales Leadership. If interested in a career at Tenable, you can connect with LaMont and Meg on LinkedIn. Don’t forget to mention this video!
More About Tenable
Tenable empowers all organizations to understand and reduce their cybersecurity risk. Over 30,000 organizations, more than 50% being fortune 500 companies worldwide, rely on Tenable to help them understand and reduce cybersecurity risk. The company has some of the greatest minds. That’s because they bring people who come from diverse backgrounds and give them the resources and support to partner together to bring new ideas to life.
Monica Arias has long been interested in the new and the next. That interest is what drove her to work in national security after 9/11, and in the cryptocurrency space after learning about modern-day crimes committed on the blockchain.
One thing she has noticed every time she’s been somewhere new: the importance of having a diverse early team to shape it.
“We need minorities to be willing to take a chance and apply to firms like ours and other tech firms,” says Monica, who is currently a Federal Business Development Lead at Chainalysis, a blockchain data platform. “As these companies grow rapidly, we need diverse candidates who can offer diverse thoughts and approaches to problems.”
Monica currently works closely with the Chainalysis federal government team to pursue opportunities to support customers that are in need of Chainalysis data to track blockchain criminals and bring them to justice. She was well-prepared for some parts of the job after holding various roles but had to come up the curve on technical skills — which is why she’s sure that other candidates like her, from non-technical, underrepresented backgrounds, will be able to do so, too.
We sat down with Monica to hear more about how marginalized people can break into crypto and best position themselves for success in the field.
Connecting to a Bigger Mission
Growing up around DC, Monica got early exposure to federal service. From a young age, she knew she wanted to help represent and advocate for people.
She went to law school, thinking that would be the best path to fulfilling her goals. But living through 9/11 inspired her to support national security missions more actively. That’s how she got her first exposure to her now-employer — she brought in Chainalysis for a demo to learn how to on leverage their blockchain analysis tools.
“I’ve always wanted to be a part of something that had a bigger mission,” says Monica. “And the crypto space had that.”
It wasn’t just any crypto company that interested Monica, though. She particularly liked the company’s innovative culture and fast growth.
“Chainalysis is a very open and encouraging place,” says Monica, who came in to interview at the startup having studied up on crypto, but never having worked in the field or with blockchain technology.
“The culture is very much about learning, and they’ve created an environment where they enable you to do so. The underlying foundation is ongoing learning, and soliciting ideas on how to evolve and expand.”
Leveraging a Non-Technical Background
Monica gets what it’s like to not want to apply to an opportunity because you feel underqualified — that’s what happened to her.
“In some conversations, the feedback I received was that I didn’t have enough of a technical background and that therefore it would be challenging to go and join a tech firm,” she says. “It’s a big deterrent for so many people. And it also compounds things. Because if you’re a minority or from an underrepresented group, you’re already less likely to apply. And if you have no technical background, you’re even less likely to do so.”
How did Monica break through that? She got creative.
“I had to take a step back and say, ‘You know, I have skills. How can I transfer those into a non-technical role supporting a tech firm?” she says.
We asked her to share more about what that process was like, and here’s what she said:
5 Tips as You Gear Up to Be Competitive in the Tech Industry
- Find firms that are in fields you find interesting. Since you’re going to have to do a lot of learning, find a tech firm that is involved in a field you are excited about. Monica found her interest - crypto! She’s excited to continuously be learning about the rapidly changing crypto landscape. She added, “the tech industry can be demanding so you need to stay motivated about the work you’re doing and believe in the company you’re with.”
- Find firms that are open-minded, too. Interviewing at Chainalysis even without technical skills on her resume didn’t pose a problem for Monica. That’s because they were willing to look at her in her entirety. “It’s not just, ‘Do you fit A, B, and C,’ but ‘Do you have the overall skills and ability to learn and grow in this type of field?’”
- Recognize your transferable skills. Monica coaches other people with non-technical backgrounds like hers to start by acknowledging their accomplishments in their own fields. “What have you done? Is it people managing? Because these firms manage people in one way or another. Those and other skills can be leveraged and transferred,” says Monica. “Literally, make a list and identify those skills, then highlight those skills throughout your resume.”
- Remember that most people are in the same boat. “You won’t come across too many candidates who have 10 years of crypto experience, because this field is new,” says Monica. “The perfect candidate who meets every single qualification listed in a job ad may not exist so instead recruiters — especially those who are good at their jobs - spend time getting to know candidates. But they can't get to know you if you are deterred from applying by thinking you don't meet all the qualifications.”
- Study up. Monica follows crypto influencers, keeps up with crypto companies on LinkedIn, follows government statements on crypto, and reads reports put out by her firm and others. “If this is your focus, you need to read, talk, and network — just be curious,” she says.