SANS Institute this week introduced the Southeastern Cyber Workforce Alliance (SECWA), an initiative to boost cybersecurity workforce development across the Southeastern United States. The program is funded by SANS' first-ever federal grant and partnerships with NPOs, employers, academic institutions and support from the NIST NICE RAMPS program. SECWA will deliver no-cost cybersecurity training to individuals from underrepresented groups, equipping them with the skills to thrive in high-demand, high-paying careers in the cybersecurity field.
This initiative has an ecosystem of 15 stakeholder partners and aligns with the White House National Cyber Workforce and Education Strategy (NCWES) and the NICE Strategic Plan, SANS said in a statement, emphasizing outreach to Black, Indigenous, and people of color (BIPOC), women, and students or alumni from Historically Black Colleges and Universities (HBCUs) and Minority-Serving Institutions (MSIs), with the goal of fostering long-term impact on both individuals and their communities.
Now, here's today's MSSP update. Drop me a line at [email protected] if you have news to share or want to say hi!
Today's MSSP Update
1. Valence SaaS discovery for shadow IT security: Valence Security today announced its new SaaS discovery capabilities to uncover shadow IT, shadow AI and manage SaaS sprawl. On top of identifying the tools adopted by business users and highlighting the risks, the platform will also remediate risks such as non-SSO accounts, risky SaaS-to-SaaS integrations and sensitive data exposure.
2. Cavelo names new channel chief: Attack surface management firm Cavelo Inc. named Larry Meador as its new channel chief. Meador has more than 24 years of experience building programs that serve MSPs, MSSPs and VARs, and joins Cavelo after his role as channel chief at both Infima Security and DataStream Cyber Insurance. At DataStream, Meador spearheaded partner growth, adding over 800 partners during his tenure. Meador will lead Cavelo’s partner strategy, forge new relationships, and expand the company’s channel presence. Congratulations!
3. Conduent hit by major cyberattack: Major U.S. government IT contractor Conduent — which supports several states' Medicaid, food assistance, and child support programs — confirmed that one of its operating systems suffered a third-party breach, which prompted the days-long disruption of many of its operations, according to The Record, a news site by cybersecurity firm Recorded Future. Conduent's disclosure came after the outage was reported last week by the Wisconsin Department of Children and Families. The incident spread and impacted three other states before systems were restored on Sunday.
4. Rimini Street unveils hypervisor security solution: Rimini Street this week announced an advanced hypervisor security solution to defend against ransomware: the Rimini Protect Advanced Hypervisor Security (AHS). The solution is powered by Vali Cyber, and covers hypervisor technology including VMware ESXi, Nutanix, Citrix, and Linux-based KVMs. Features include AI/ML detection to identify and stop both file and in-memory malware in real-time, MFA integration and process control to safeguard entire filesystems.
5. Cybersecurity rivals fork Semgrep: Nine cybersecurity vendors – Aikido Security, Amica, Endor Labs, Jit, Kodem, Legit Security, Mobb and Orca Security – jointly announced Opengrep, a collaborative fork of Semgrep’s static source code analysis (SCA) engine. The vendor group formed to create and launch the fork after Semgrep announced a license change on December 13, 2024, that put critical features behind a commercial license. The consortium committed significant resources, including capital and specialized development expertise, to Opengrep’s development and "democratize static application security testing (SAST)."
6. Lookout launches new mobile APIs: Lookout this week announced new Lookout Mobile Intelligence Application Programming Interfaces (APIs) to increase visibility into enterprise mobile security data. Lookout Mobile Intelligence APIs integrate with popular SIEM, SOAR, and XDR solutions and help partners and customers identify cross-platform attacks, risky trends or abnormalities, and potential risks, the company said.
