The uncertain future of cyber safety oversight. - CyberWire Daily

Summary9 min read

CyberWire Daily: The Uncertain Future of Cyber Safety Oversight Hosted by N2K Networks | Release Date: January 22, 2025

1. Trump Administration's Overhaul of DHS Cyber Safety Oversight

Timestamp: [02:31]

In a significant move on his first full day in office, President Donald Trump's administration terminated all advisory committee members within the Department of Homeland Security (DHS), including those serving on the Cybersafety Review Board. This board had been actively investigating the Chinese state-sponsored hacking group, Salt Typhoon, which was linked to breaches in several telecommunications networks.

"The Cybersafety Review Board, created under President Biden's 2021 cybersecurity executive order, included cybersecurity leaders from firms like Sentinel One as well as former Biden officials." – Dave Bittner [02:31]

Acting DHS Secretary Benjamin Huffman cited resource misuse as the primary reason for the terminations in a letter dated January 20. Despite the dismissals, the letter encouraged former members to reapply, emphasizing a continued focus on advancing DHS priorities. The future of the Cybersafety Review Board remains uncertain, casting doubt on the department's commitment to sustained cyber safety oversight.

2. Removal of TSA Administrator David Pokoski

Timestamp: [02:31]

Concurrently, the Trump administration ousted TSA Administrator David Pokoski on January 21. Appointed initially by Trump in 2017 and reappointed by President Biden in 2022, Pokoski was instrumental in enhancing U.S. transportation cybersecurity, especially following the 2021 Colonial Pipeline ransomware attack. His directives mandated robust incident reporting, response plans, and cybersecurity standards, leading to improved compliance across pipelines, railways, and aviation sectors.

"Pokoski emphasized collaboration and urgency in countering cyber threats, citing growing concerns about adversarial nations like China and Russia." – Dave Bittner [02:31]

His removal signals a potential shift in the administration's approach to transportation cybersecurity, raising concerns about the continuity of effective cyber defense measures in critical infrastructure sectors.

3. President Trump's Pardon of Ross Ulbricht

Timestamp: [02:31]

In a controversial decision, President Donald Trump pardoned Ross Ulbricht, the founder of the notorious dark web marketplace, Silk Road. Convicted in 2015 on charges including drug trafficking, money laundering, and computer hacking, Ulbricht had been serving two life sentences plus 40 years.

"Trump framed the pardon as a stand against government overreach, aligning with libertarians who championed Ulbricht's case." – Dave Bittner [02:31]

Silk Road, operational via Tor and Bitcoin, was a hub for illegal drugs, hacking tools, and stolen goods until its shutdown in 2013 following Ulbricht's arrest in a San Francisco library. The pardon has ignited debates over the balance between privacy rights and crime enforcement online, drawing praise from Republican allies like Representative Thomas Massie while sparking criticism from those concerned about enabling cybercriminal activities.

4. Resentencing of Conor Bryan Fitzpatrick (Pompompurin)

Timestamp: [02:31]

Conor Bryan Fitzpatrick, known on the dark web as Pompompurin, faces resentencing after a federal appeals court vacated his initial 17-day sentence. As the founder of Breach Forums, Fitzpatrick oversaw the sale of over 14 billion sensitive records, including Social Security numbers and banking details, amassing approximately $698,000.

"The fourth Circuit Court of Appeals criticized the district court for prioritizing mitigating factors over the severity of Fitzpatrick's crimes." – Dave Bittner [02:31]

Initially sentenced to time served due to his young age and autism diagnosis, prosecutors are now seeking a harsher sentence in line with federal guidelines emphasizing deterrence and public safety. This case may set a significant precedent for handling severe cybercrime cases, highlighting the judiciary's evolving stance on digital offenses.

5. Cyberattack on Government IT Contractor Conduent

Timestamp: [02:31]

Government IT contractor Conduent suffered a cyberattack that disrupted several state government programs, affecting services such as Medicaid, child support, and food assistance across four states, including Wisconsin. The spokesperson for Conduent confirmed a third-party compromise but withheld specifics on whether the breach involved ransomware or data theft.

"The disruption lasted several days, delaying payment processing for beneficiaries." – Dave Bittner [02:31]

Conduent restored its systems by Sunday and bolstered its staff to address the backlog. This incident follows Conduent's previous struggles with ransomware, notably an attack in 2020, underscoring the persistent vulnerabilities faced by critical government contractors and their impact on essential public services.

6. Emergence of Helldown Ransomware Threat

Timestamp: [02:31]

A new ransomware variant named Helldown is exploiting a critical vulnerability in Zyzyl firewall devices, particularly those utilizing IPsec VPNs. This flaw, rated with a CVSS score of 7.5, allows attackers to gain unauthorized access through crafted URLs. Helldown targets both Windows and Linux systems, with Windows-based attacks leveraging Lockbit 3.0, while Linux variants specifically target VMware ESXi servers.

"Helldown employs a double extortion strategy, having claimed at least 31 victims since August 2024." – Dave Bittner [02:31]

Despite Zyzyl's release of firmware patches in September 2024, many organizations remain vulnerable due to inadequate security practices, such as unchanged passwords and unmonitored malicious accounts. Helldown's focus on small and medium-sized businesses in the U.S. and Europe highlights the ransomware group's strategy to capitalize on weaker security postures in these sectors.

7. Murdoch: A New Mirai Botnet Variant

Timestamp: [02:31]

The Murdoch botnet, a novel variant of the Mirai botnet, targets vulnerabilities in AvTech IP cameras and Huawei HG532 routers by exploiting specific CVEs. Active since July 2024, Murdoch has infected over 1,300 systems across Malaysia, Thailand, Mexico, and Indonesia, utilizing more than 100 servers to distribute malware.

"The botnet uses command line injections to deploy payloads, leveraging compromised devices to propagate through C2 servers." – Dave Bittner [02:31]

Murdoch primarily focuses on Internet of Things (IoT) devices, highlighting the ongoing threat posed by botnets in compromising and hijacking connected infrastructure for malicious purposes.

8. Cloudflare's Insights on the Evolving DDoS Landscape

Timestamp: [02:31]

Cloudflare's 20th DDoS Threat Report reveals a significant evolution in the landscape of Distributed Denial of Service (DDoS) attacks in 2024. The company blocked a staggering 21.3 million attacks last year, marking a 53% increase from 2023, with an average of 4,870 attacks per hour.

"Hypervolumetric network layer attacks grew 1,885% quarter over quarter, with a record-breaking 5.6 terabits per second attack in Q4." – Dave Bittner [02:31]

Key findings include:

HTTP DDoS attacks constituting 51% of incidents.
73% of attacks launched by botnets, often disguising as legitimate browsers or utilizing suspicious attributes.
SYN floods and DNS floods remain prominent attack vectors.
Indonesia emerged as the largest source of attacks, while China, the Philippines, and Taiwan were the most targeted countries.
Telecommunications and Internet services sectors are the most frequently attacked industries.

Cloudflare's report underscores the escalating scale and sophistication of DDoS attacks, emphasizing the need for advanced mitigation strategies to protect critical online infrastructures.

9. North Korea's Lazarus Group Deploys Advanced Cyber Espionage Techniques

Timestamp: [02:31]

The North Korean Advanced Persistent Threat (APT) group, Lazarus, has embarked on a sophisticated campaign named Contagious Interview or Dev Popper. This campaign targets the technology, financial, and cryptocurrency sectors by conducting fake job interviews to infiltrate organizations.

"They deploy malware like Beavertail and Invisible Ferret to compromise systems and exfiltrate sensitive data." – Dave Bittner [02:31]

Invisible Ferret, a Python-based malware, is designed to steal cryptocurrency wallets, source code, credentials, and more, utilizing FTP, encrypted connections, and Telegram for data exfiltration. The campaign employs advanced social engineering and malicious coding challenges to deceive software developers, demonstrating Lazarus Group's evolving tactics in cyber espionage.

10. Abuse of Google Ads to Spread Amos Stealer Malware

Timestamp: [02:31]

Hackers are exploiting Google Ads to distribute Amos Stealer malware, targeting macOS and Linux users via a deceptive Homebrew website. Homebrew, a widely-used open-source package manager, allows users to install and manage software through the command line.

"A malicious ad displayed the correct URL brew.sh but redirected users to a fake site where they were tricked into running commands that installed malware." – Dave Bittner [02:31]

The Amos Stealer malware, sold for $1,000 a month, is proficient in stealing credentials, browser data, and cryptocurrency wallets. Homebrew's leader, Mike McQuaid, criticized Google's inadequate ad scrutiny, noting the recurring nature of such attacks. Although the malicious ad was subsequently removed, similar campaigns are expected to persist, urging users to verify URLs, avoid clicking on suspicious ads, and bookmark trusted websites to mitigate risks.

11. Trend Micro's Zero Day Initiative Launches PWN to Own Automotive 2025

Timestamp: [02:31]

Trend Micro's Zero Day initiative introduced PWN to Own Automotive 2025 in Tokyo, awarding $382,750 on its first day for 16 Zero Day exploits targeting automotive systems, including infotainment systems, EV chargers, and automotive operating systems.

"Top rewards included $50,000 each for exploits on Autel and Ubiquiti chargers, while a ChargePoint charger exploit earned $47,500." – Dave Bittner [02:31]

Participants also received $20,000 bonuses for hacking Alpine, Kenwood, and Sony infotainment systems. With nearly two dozen more attempts planned, this initiative underscores the automotive industry's growing focus on cybersecurity, particularly as vehicles become increasingly connected and reliant on digital systems.

12. CERT Byte Segment: Agile Certified Practitioner Practice Test

Timestamp: [15:40]

In the CERT Byte segment, Chris Hare and Steve Burnley engage in a discussion centered around the Project Management Institute's Agile Certified Practitioner (PMI-ACP) exam. The segment includes a scenario-based question focusing on emotional intelligence in project management.

Key Discussion Points:

Scenario Analysis: Steve evaluates a situation where a project manager allocates additional resources to assist a team member struggling with tasks, demonstrating social awareness and empathy.

"I think my instincts were correct. I'm going to go with a social awareness by the use of empathy." – Steve Burnley [19:05]
Emotional Intelligence in Leadership: Chris elaborates on the importance of empathy, aligning it with servant leadership principles essential for empowering teams in agile environments.
Exam Updates: Chris highlights significant changes in the PMI-ACP exam requirements, including an increase from 21 to 28 contact hours of formal training in agile practices, effective until March 31, 2025.

"The role of the servant leader is to empower the team in a nutshell." – Chris Hare [21:09]

The segment provides valuable insights and study tips for professionals aiming to attain the PMI-ACP certification, emphasizing the integration of agile mindset and emotional intelligence in effective project management.

13. NYC Restaurant Week Faces Bot-Driven Reservation Challenges

Timestamp: [27:20]

As New York City Restaurant Week approaches, restaurants are battling against malicious bots that exploit vulnerabilities in reservation systems. According to Datadome researchers, every tested restaurant booking site was found to be totally vulnerable.

"Bots are out there creating fake accounts, grabbing tables, and even scalping prime reservations." – Dave Bittner [27:20]

Key issues identified include:

Fake Table Bookings: Bots reserve tables far into the future or monopolize multiple reservations swiftly.
Weak Defenses: Only 20% of sites implemented CAPTCHAs or multi-factor authentication, and merely 40% used email validation.

Proposed Solutions:

Advanced Bot Protection: Implementing sophisticated bot mitigation strategies.
Enhanced User Validation: Strengthening verification processes to ensure genuine user interactions.
Behavioral Monitoring: Continuously analyzing user behavior to detect and prevent automated bot activities.

These measures are crucial to ensure that genuine patrons can secure reservations without interference from automated malicious entities, maintaining the integrity and fairness of high-demand dining experiences.

Conclusion

"The Uncertain Future of Cyber Safety Oversight" episode of CyberWire Daily delivered a comprehensive overview of the current cyber threat landscape, significant administrative changes affecting cybersecurity governance, and evolving tactics employed by cybercriminals. From high-level governmental shifts and controversial pardons to sophisticated malware campaigns and challenges in protecting critical infrastructure, the episode underscored the dynamic and multifaceted nature of cybersecurity today. Additionally, the CERT Byte segment provided practical insights for professionals pursuing agile certifications, while the closing notes highlighted emerging threats in everyday scenarios like restaurant reservations. This episode serves as an essential briefing for cybersecurity leaders and enthusiasts aiming to stay informed and ahead in an ever-evolving digital world.

For more detailed information and links to the stories discussed, visit The CyberWire Daily Briefing. Your feedback is invaluable—share your thoughts and ratings in your favorite podcast app or contact CyberWire Daily at cyberwire2k.com.

Loading summary

Transcript29 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K the latest cyber moves from the Trump White House Pompompurin faces resentencing an attack on a government IT contractor impacts Medicaid, child support and food assistance programs. Hell down ransomware targets unpatched Zyzyl firewalls Murdoch is a new mirai botnet variant. Cloudflare maps the DDoS landscape North Korea's Lazarus Group uses fake job interviews to deploy malware. Hackers are abusing Google Ads to spread Amos Stealer malware Pwn to own Automotive awards over $382,000 on its first day in our Certbite segment, Chris Hare and Steve Burnley take on a question from N2K's Agile Certified Practitioner Practice Test and NYC Restaurant Week tries to keep bots off the men.
[02:26]
Steve Burnley
Foreign.
[02:31]
Dave Bittner
It's Wednesday, January 22, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. On its first full day, the Trump administration terminated all advisory committee members within dhs, including those on the Cybersafety Review Board. This board was investigating Chinese state sponsored hacking group Salt Typhoon linked to breaches in several telecommunications Networks. In a Jan. 20 letter, acting DHS Secretary Benjamin Huffman cited resource misuse as the reason for the terminations. The Cybersafety Review Board, created under President Biden's 2021 cybersecurity executive order, included cybersecurity leaders from firms like Sentinel One as well as former Biden officials. While the board's future remains uncertain, the letter encouraged former members to reapply and emphasized a focus on advancing DHS priorities. TSA Administrator David Pokoski was ousted by the Trump administration on Monday. Appointed by Trump in 2017 and reappointed by Biden in 2022, Pokoski played a key role in strengthening US transportation cybersecurity after the 2021 Colonial Pipeline ransomware attack. His directives mandated incident reporting, response plans and cybersecurity standards, significantly improving compliance across pipelines, railways and aviation. Bukoski emphasized collaboration and urgency in countering cyber threats, citing growing concerns about adversarial nations like China and Russia. Meanwhile, President Donald Trump has issued a full pardon to Ross Ulbricht, the founder of Silk Road, a dark web marketplace for illegal drugs, hacking tools and stolen Goods. Convicted in 2015 on charges of drug trafficking, money laundering and computer hacking, Ulbricht had received two life sentences plus 40 years, prosecutors alleged. He also solicited murders for hire, though no evidence of killings emerged. Silk Road, which operated anonymously via Tor and Bitcoin, was shut down in 2013 after Ulbricht's arrest in a San Francisco library. Trump framed the pardon as a stand against government overreach, aligning with libertarians who championed Ulbricht's case. The controversial decision drew praise from Republican allies like Representative Thomas Massie, but reignited debate over the balance between privacy rights and crime enforcement online. Conor Bryan Fitzpatrick, founder of Breach Forums, a major dark web marketplace for stolen data, is set to be re sentenced after a federal appeals court vacated his initial 17 day sentence. Operating as Pompompurin, Fitzpatrick oversaw the sale of over 14 billion sensitive records, including Social Security numbers and banking details, earning approximately $698,000. Initially sentenced to time served due to his young age and autism diagnosis, the court deemed the punishment too lenient. Prosecutors argue for a harsher sentence aligned with federal guidelines emphasizing deterrence and public safety. The fourth Circuit Court of Appeals criticized the district court for prioritizing mitigating factors over the severity of Fitzpatrick's crimes. Legal experts expect a significantly longer prison time upon resentencing, potentially setting a precedent for handling severe cybercrime cases. Government IT contractor Conduent experienced a cyber attack that caused outages across several state government programs impacting services like Medicaid, child support and food assistance. A spokesperson confirmed a third party compromise but did not disclose whether ransomware or data theft was involved. The disruption lasted several days, delaying payment processing for beneficiaries in four states, including Wisconsin, where families struggled to make or receive payments. Conduent restored systems by Sunday and added staff to expedite backlogs. The company emphasized its commitment to system integrity, supporting around 100 million US residents and disbursing $100 billion in government payments annually. This incident follows Conduent's history with ransomware, notably a 2020 attack. A new ransomware threat called Helldown is exploiting a critical vulnerability in Zyzyl firewall devices, particularly those using IPsec VPNs. This flaw, with a CVSS score of 7.5, enables attackers to gain unauthorized access via crafted URLs. Helldown targets both Windows and Linux systems, with Windows attacks derived from Lockbit 3.0 and Linux variants focused on VMware ESXi servers. Employing a double extortion strategy, the group has claimed at least 31 victims since August 2024, primarily small and medium sized businesses in the US and Europe. Despite Zyzyl's release of firmware patches in September of last year, some organizations remain vulnerable due to poor security hygiene, such as unchanged passwords and unchecked malicious accounts. The Murdoch botnet, a new Mirai variant, targets vulnerabilities in AvTech IP cameras and Huawei HG532 routers, exploiting a pair of CVEs to compromise IoT devices. Active since July 2024, it has infected over 1300 systems, primarily in Malaysia, Thailand, Mexico and Indonesia, with over 100 servers distributing malware, researchers found. The botnet uses command line injections to deploy payloads, leveraging compromised devices to propagate through C2 servers. Cloudflare's 20th DDoS Threat Report highlights the evolving landscape of distributed denial of service attacks in 2024. The company blocked 21.3 million attacks last year, a 53% increase from 2023, with an average of 4870 attacks per hour. Hypervolumetric network layer attacks grew 1885% quarter over quarter, with a record breaking 5.6 terabits per second attack in the fourth quarter. HTTP DDoS attacks comprised 51% of incidents, with 73% launched by botnets, often spoofing legitimate browsers or using suspicious attributes. Key attack vectors include SYN floods and DNS floods. Indonesia was the largest attack source, while China, the Philippines and Taiwan were the most targeted countries. Industries like telecommunications and Internet services face the most attacks. The North Korean APT Lazarus Group has launched a sophisticated campaign, Contagious Interview or Dev Popper, targeting technology, financial and cryptocurrency sectors using fake job interviews. They deploy malware like Beavertail and Invisible Ferret to compromise systems and exfiltrate sensitive data. Invisible Ferret, a python based malware, steals cryptocurrency wallets, source code, credentials and more using FTP, encrypted connections and Telegram for data exfiltration. The campaign exploits social engineering and malicious coding challenges to lure software developers demonstrating advanced tactics in cyber espionage. Hackers are abusing Google Ads to spread amostealer malware targeting macOS and Linux users through a fake homebrew website. Homebrew, a popular open source package manager, allows users to install and manage software via the command line. A malicious ad displayed the correct URL brew sh, but redirected users to a fake site where they were tricked into running commands that installed malware. Amostealer sold for $1,000 a month, steals credentials, browser data and cryptocurrency wallets. Homebrews leader Mike McQuaid criticized Google's inadequate ad scrutiny, noting this is a recurring issue. Though the ad was removed, similar campaigns may resurface to minimize risks, users should verify URLs, avoid clicking on ads and bookmark trusted websites. This incident highlights the dangers of malicious ads and the importance of caution when downloading software. Trend Micro's Zero Day initiative launched PWN to own Automotive 2025 in Tokyo, awarding $382,750 on the first day for 16 Zero Day exploits targeting infotainment systems, EV chargers and automotive operating systems. Top rewards included $50,000 each for exploits on Autel and Ubiquiti chargers, while a ChargePoint charger exploit earned $47,500. Participants also received $20,000 for hacking Alpine, Kenwood and Sony infotainment systems. Nearly two dozen more attempts are planned. Coming up after the break on our CERT byte segment, Chris Hare and Steven Burnley take on a question from N2K's Agile certified practitioner Practice Test and NYC Restaurant Week tries to keep the bots off the menu. Stay with us.
[13:32]
Chris Hare
Foreign.
[13:35]
Dave Bittner
Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. On our recurring CERT Byte segment, host Chris Hare is joined by Steven Burnley to take on a question from N2K's Agile certified practitioner Practice Test.
[15:40]
Chris Hare
Hi everyone, it's Chris. I'm a content developer and Project Management specialist here at N2K Networks. I'm also your host for this week's edition of CertFight, where I share a practice test question from our suite of industry leading content and a study tip to help you achieve the professional certifications you need to fast track your career growth in it, cybersecurity and project management. Today's question targets the Project Management Institute's Agile Certified Practitioner PMI ACP exam. PMI states that it is the industry's only agnostic experience based ISO accredited exam. It was updated on November 8th of 2024. PMI states that this cert is aimed at those who want to enhance their agile mindset and skills. I have my teammate Steven here with us today as our guest host. How are you today Steven?
[16:34]
Steve Burnley
I'm doing great Chris. Thanks for having me.
[16:37]
Chris Hare
Absolutely. So Stephen, what level of project management expertise would you say you are at?
[16:43]
Steve Burnley
Well, I come from a software development background, which means I'm usually the one being project managed, but I do have quite a bit of experience with Agile so I'm in the neighborhood.
[16:54]
Chris Hare
All right, so I am very interested to see how you'll do today. So Stephen, before we get into today's question, like I always do, I'm going to share a 10 second study bit for this exam for our listeners. Given you're our ISE2 expert, this may align with how some of your exams work. So my 10 second study bit for the PMI ACP is the resource that is explicitly named as the primary study source for this exam is PMI's Agile Practice Guide. However, I recommend to cover all your bases and also study the agile concepts that are part of the PMBOK seventh edition guide as well. Okay, now on to your question. Stephen, are you ready?
[17:35]
Steve Burnley
I am ready.
[17:37]
Chris Hare
All right, here we go. So here is your question. This is scenario based and the names included here are only placeholders in this hypothetical situation. So here we go. You are the project manager and must determine how to best help Andrew complete his project tasks. For the current sprint, Andrew chose tasks that are impossible for him to finish on his own. You assign Kelly to assist Andrew in completing the tasks. Which aspect of emotional intelligence did you just portray towards your team members? So Steven, your choices are A social awareness by the use of empathy, B self management by the use of self control, C self awareness by the use of self confidence, or D social skills by the use of rapport building. So Stephen, before you answer, and while you think this over, this question is from the new content outline for the exam, updated November. As I mentioned, it falls under the leadership domain under task one, empower teams. And further, the enabler that it maps to is apply emotional intelligence techniques to support the team, increase empathy, resolve conflict and support positive influence. The leadership domain makes up 25% of the topics on the exam. All that said, would you like to talk me through your thinking of each of the options?
[19:06]
Steve Burnley
Well, I'm going to need to because this is not a simple question and answer sort of question. So we're going to go through this just like I would on the real exam and try to maybe rule out a few and then I'll make my selection here. So first one there, social awareness by the use of empathy. It does look like the project manager perspective. You can see that the work will not get done. You feel like one of your team members may have overstretched? I'm kind of leaning towards that, but let's make sure that we cover all the ones, see if there's maybe one that's more specific. The second one there is self management by the use of self control. This is not related to work that I am doing. So I'm going to take the I out of this scenario and take that out.
[19:50]
Chris Hare
Okay.
[19:51]
Steve Burnley
In terms of C self awareness by the use of self confidence. Again, not about me, more about team members. And I'm going to take the self the eye out of that one as well. Which leads me to the last one, which is a little tricky. It seems kind of plausible to me, social skills by the use of rapport building. But what I notice about the question is that there's no direct interaction between me and any of the team members, which means there really wouldn't be a chance for rapport building. So I think my instincts were correct. I'm going to go with a social awareness by the use of empathy.
[20:25]
Chris Hare
Great job, Steven. The correct answer is indeed a social awareness by the use of empathy. I think your method of working through those is great, and I also think a funnel method is also good to use to understand the nature of this question more fully. So PMI incorporates the Agile Manifesto and Mindset, which I will link to in the show notes. So they use that to set the foundational principles for which the PMI ACP is based. So part of developing an agile mindset is to leverage servant leadership as a term that most project managers have heard to benefit a team and their goals. A servant leader is typically the role of a project manager or even Scrum Master or anyone in a similar type role. So are you with me so far, Steven?
[21:10]
Steve Burnley
I am, I am. Chris.
[21:12]
Chris Hare
All right, good. So the role of the servant leader is to empower the team in a nutshell. And one way that servant leaders do this is by removing impediments, blockers, whatever you want to call them for their team. So use Steven in this scenario as project manager in an agile environment is to do just that. So in this case, Andrew's blocker was that he gave himself tasks that he couldn't possibly complete. And by you showing that you understand and care enough about Andrew's workload to enlist some help and remove the blocker of his overwhelm in getting his tasks done, you are displaying empathy towards the situation and got him help with his tasks while keeping the sprint on track with no disruption.
[21:52]
Steve Burnley
Now this makes a lot of sense. And in terms of the exam choices, the self management and self awareness though seem like they might be part of something like Agile Manifesto or a mindset that students might need to know about. Is that safe to say?
[22:07]
Chris Hare
Well, yes and no. Yes, they should know these terms. And no, not all answers are part of the Agile Manifesto and Mindset, but they have some overlapping emotional intelligence and servant leadership definitions. So let me explain. Now, self management and self awareness are terms that are well defined in the PMBOK guide 7th edition rather than in the PMI Agile Practice Guide. That's one of the reasons my study BIT recommended studying the agile aspects of the PMBOK for this test as well. So addressing these in order of our answer choices. Self management has to do with a combination of a servant leadership aspect, an agile working approach, and an aspect of emotional intelligence. It involves being able to control and redirect feelings and impulses that are disruptive. Self awareness is an aspect of emotional awareness and servant leadership where a person has a level of understanding of their own motivations, goals, strengths, weaknesses and emotions. This includes recognizing your stress triggers. Finally, social skills are an aspect of emotional awareness that also has to do with improving bonds among team members and this is considered a culmination of all the other aspects of emotional intelligence as an umbrella term for how to best manage and motivate teams and how to relationship build. So while there are factual elements present in each of these answers, empathy is the key word here that maps and tracks best to the scenario where you are showing empathy, which in a project management context has to do with understanding the needs and perspectives of the people who make up your project ecosystem.
[23:44]
Steve Burnley
All right, so Chris, you did mention that this is part of a new exam update. Did PMI change anything in terms of qualifications for the exam versus the previous version? I ask because I know in my experience sometimes this happens with other certification bodies.
[24:00]
Chris Hare
Yes, and that's a great question. But in the interest of time, I will only cover one big change, which is in the previous version of the PMI ACP, they required 21 contact hours of agile practice training, whereas now they require 28 hours of formal training in agile practices, frameworks and methodologies. But 21 hours will be accepted through March 31, 2025. I will link to the new content outline that covers all the requirements in the show Notes as well as in our upcoming blog. Well, thank you so much for being my project management test subject today, Stephen.
[24:35]
Steve Burnley
Thank you Chris. I am actually really interested in PMI certifications now. I'm going to check out the exam outlines next chance I get.
[24:44]
Chris Hare
All right, sounds good. And as a note to our listeners, the practice test for the new version of the PMI ACP is in progress and we will announce when it is ready for purchase. Also, for all of our PMI based practice tests, we've added a new Quick Quiz feature to help you do some bite sized study sessions whenever you're pressed for time. Well, thank you for joining me for this week's CertFight. If you're actively studying for this certification and have any questions about study tips or even future certification questions you'd like to see, please feel free to email me at certbite2k.com that's C E R T V Y T E n2k.com if you'd like to learn more about N2K's practice tests, visit our website at n2k.com certify for more resources, including our N2K Pro offerings. Check out thecyberwire.com pro for sources and citations. For this question, please check out our Show Notes. Happy Certifying.
[25:48]
Dave Bittner
And you can find out more about N2K's Agile certified practitioner Practice Test and all of our practice tests. We'll have a link in the Show Notes and now a message from blackcloak did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with Blackcloak. Learn more at Blackcloak IO.
[26:52]
Unknown
This episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fix the problem. So why wait to hire the people your company desperately needs? Use Indeed's sponsored jobs to hire top talent fast and even better, you only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast terms and.
[27:20]
Dave Bittner
Conditions appreciate and finally, our culinary desk warns us that it will soon be New York City Restaurant Week, where the tables are hot, the plates are hotter, and bots are on the prowl. Yes, while foodies are dreaming of Michelin stars, malicious bots are giving restaurants more scrutiny than Gordon Ramsay on Kitchen Nightmares. Researchers at Datadome are responsible for this truth bomb. Every restaurant booking site they tested was totally vulnerable. Bots are out there creating fake accounts, grabbing tables, and even scalping prime reservations. One bot booked a table for two far into the future just because it could. Another went full buffet mode, snagging multiple tables in minutes. And the defenses? Well, they're pretty bare. Only 20% of sites had CAPTCHAS multi factor authentication, a measly 20% and email validation only 40%. The recipe for fixing this? Well, platforms need to level up advanced bot protection, better user validation, and behavioral monitoring. Let's keep the bots out of the kitchen and the humans at the table where they belong. Bon appetit. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. Take care everyone. We'll see you back here tomorrow.
[30:04]
Steve Burnley
SA.
[30:32]
Dave Bittner
Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more@aidomo.com. that's AI Domo Como.