Skip to main content


How Cybercriminals Weaponize Social Media

In the era of social media, cybercriminals and state actors use these networks to monitor various social events such as protests, elections, and natural disasters.  These bad actors commonly employ crowdsourcing techniques to obtain critical intelligence into ongoing cyber attacks. It is one of their primary real-time monitoring dashboards to gauge the effectiveness of their attacks such as data breaches, account hijacking, cyber propaganda and a host of other attacks.
These attacks are well coordinated and overwhelming that bear the hallmarks state actors are behind most of the malicious activities.  For example, attacks against the social media networks that have a large user base such as LinkedIn, Facebook, Twitter, and Instagram are common. 

Researchers have described social media as a modern-day electronic lynch mob. For instance, any insignificant local story suddenly becomes viral where millions of people distort the facts drumming it up with the virtues or evils of partisan poli…

Filling the Cybersecurity Skills Gap With Freelance Security Professionals

In my 22 years as an independent contractor in the security industry, I have seen hiring strategies to evolve from traditional methods to the heavily outsourced model of today. In fact, I foresaw this shift back in 1996 when I witnessed the emergence of specialized demands within the industry. Today, many organizations are turning to freelance and temporary workers to address the growing cybersecurity skills gap.

The gig economy is not for everyone. It demands an entrepreneurial mindset, thick skin, a Rolodex of contacts, perseverance and, above all, family support. Like any other business, freelancers are responsible for acquiring their projects as well as back-office administrative work such as legal, accounting, procurement of office facilities and computer equipment, transportation, insurance and more. This is how an independent worker operates.

Freelancing is not ideal for those seeking a steady income, but many professionals are forced to freelance due to widespread furloughs and outsourcing of work to third parties. Others who have extensive experience in the industry may think of it as a grand opportunity to provide and deliver sorely needed wisdom and experience to organizations that lack these insights. The gig economy can also benefit millennials seeking to gain a foothold within an organization as well as mid-career professionals seeking job flexibility.

A Paradigm Shift for Hiring Managers

The gig economy grew out of the combination of digital platforms that leveraged underutilized assets. For example, key players in various industries, such as Uber and Airbnb, are tapping into underutilized human assets by using cloud technology. Companies from around the world, along with their consumers, have jumped into this phenomenon head-first, embracing the easy access and variety of choices available from their mobile devices. As a result, the gig economy has evolved from a business-to-consumer (B2C) to a business-to-business (B2B) industry.

Today, employers are in the midst of a paradigm shift from the traditional employee career path to a temporary on-demand model, which lowers costs and generates more competition for talent. This includes executive-level positions such as virtual chief information security officer (vCISO). These opportunities are often available in organizations that lack the internal expertise to augment the executive staffing requirements on a temporary or interim basis. They typically involve delivering a security program, developing and assessing the security posture, producing a roadmap to achieve maturity goals and conducting other CISO-related responsibilities.

The gig economy mentality also exists internally within many organizations. A CISO might offer freelance opportunities to current employees working in other areas of the business. For example, a network or application engineer may want to gain additional experience by participating in a security project. Likewise, a security application engineer may want to learn more about enterprise resource planning (ERP) systems by diving into mainframe applications such as common business-oriented language (COBOL).

According to Upwork’s “Freelancing in America 2017” report, 57.3 million people freelanced this year and contributed roughly $1.4 trillion to the U.S. economy, an increase of 30 percent since 2016. Security leaders must tap into this growing workforce to fill the expanding cybersecurity skills gap.

Advantages of Hiring Freelancers

There are many advantages to hiring freelance workers. Perhaps the most obvious is that employers are not required to pay taxes or insurance. Most independent contractors carry their own insurance and provide their own equipment. Other freelancers operate under an umbrella organization or staffing agency that provides such assurances.

Furthermore, freelancers are experienced and able to hit the ground running to deliver the skills necessary to complete the project at hand. Some temporary workers are even versatile enough to help with other projects within the enterprise.

One of the most appealing benefits of hiring freelancers is reduced overhead, which vastly improves the contractor’s experience and, in turn, the quality of the work. It also minimizes the need to screen employees for cultural fit.

Finally, freelancers are independent and thus more likely to dazzle with their experience and work ethic. These employees are the masters of their own destiny, so they are typically highly motivated to meet clients’ expectations and needs.

Closing the Cybersecurity Skills Gap

Despite the benefits described above, the transient nature of the gig economy could potentially create security risks. Freelancers often use their own equipment and mobile devices, which could introduce threats into the corporate environment. However, this also holds true for full-time employees working remotely or from personal devices, and security consultants who are responsible for protecting their own data are more likely to advocate and follow security best practices.

Today, the gig economy represents one of the best opportunities for security leaders to close the cybersecurity skills gap. Many seasoned freelance consultants see themselves as part of the businesses with which they work and identify with the values of those organizations. They are valuable resources capable of blending seamlessly into a wide variety of workplace cultures and working in tandem with full-time employees to best serve the organization’s security needs.