Get Job Alerts

Be first to hear of our new jobs. Save your searches for exact matches.

Upload Your CV

Send us your CV and we'll help you plan your career move.

Our Disciplines

we recruit experts in Threat & Vulnerability Management and Cloud Security.

Create an Account

Apply for jobs anywhere, anytime by logging into your jobseeker account.

Featured Jobs

Blackthorn Trace is one of the UK's first niche Cloud & Cyber Security recruiters,
dedicated to the fields of Threat & Vulnerability Management and Cloud Computing & Security.

Latest News

We do things differently company providing key digital services.
Focused on helping our clients to build a successful business on web and mobile.

The 5 Cs: challenges facing cloud computing in the coming year

March 04, 2019

Believe it or not, cloud computing is set to get more complicated. With new legislation coming into force and increasing numbers of organisations adopting multi-cloud environments, the challenges facing IT teams will be varied and considerable. Here are some of the major cloud computing challenges organisations will encounter in the coming year, along with a few solutions:

Crossing over

Moving the bulky contents of massive on-premises databases such as Oracle, Azure and Microsoft SQL into the cloud can be a difficult task. Imagine moving house with nothing but a wheelbarrow to transport all your worldly belongings.

By adopting data integration software such as MuleSoft, Dell Boomi and SAP Data Services, you can move this data a lot more efficiently. Your IT team will need to carefully map out which data sets to sync across the on-premises and cloud environments, and decide how often this process needs to take place.

Crime

One of the perennial concerns about cloud technology is security. According to Logic Monitor’s Cloud 2020: The Future of the Cloud Study, 66% of IT professionals say security is their biggest concern in adopting an enterprise cloud computing strategy. From an uninitiated organisation’s point of view, they’re moving their much-valued data from a safe place under a nearby rug to an intangible location in the ether, where any savvy cyber criminal might care to get at it.

The report also claims that 83% of enterprise workloads will be in the cloud by 2020, 41% running on public cloud platforms and another 22% on hybrid cloud platforms. That’s an awful lot of potential for security breaches. It’s therefore even more important that you put basic governance in place, keeping track of who has access to what, ensuring all users have the right permissions and preventing unauthorised access to sensitive data. In particular, make sure you check a user’s permissions when they change roles, or shut them off when someone leaves the company.

Compliance

In 2019, companies will have to ensure that their data practices fully comply with the requirements of GDPR. With more and more organisations likely to move to the cloud this year, cyber threats are also likely to increase. Cloud compliance under GDPR won’t be easy, so make sure you understand how the legislation will affect your cloud services and give yourself the best possible chance of riding the storm.

With GDPR, the answer may well lie in the challenge: the law requires many organisations to appoint a data protection officer to oversee data privacy and security. Rather than looking at this as another cost or an enforced hiring burden, view it as an opportunity to place this considerable challenge into the hands of an expert. Hiring the right person can ensure you meet any legal or statutory obligations – and besides, the cost of a breach may well dwarf the cost of the hire.

Cost management

Moving workloads from on-premises to the cloud is often much more expensive than organisations expect, usually because they didn’t consider things like data transfer, networking and storage costs. Then there’s the possibility of application overruns in the case of those using serverless platforms. It can also be harder for organisations to keep track of costs when they use a mix of public cloud platforms.

Cloud management tools such as Apptio, OneOps, CloudController, Cloud Cruiser or VMware's CloudHealth can help you monitor your usage and track your spending. Provider discounts like AWS Reserved Instances and Google Committed Use Discounts are particularly useful in keeping your costs down. AWS, Azure and Google also offer their own cost management tools and pricing calculators.

Complexity

When organisations use a combination of on-premises and multiple cloud platforms, or adopt hybrid and multi-cloud models, managing IT processes can get seriously complicated. Errors can lead to service outages, security breaches and seriously disgruntled users. Imagine cooking a complex meal: the more elements you have on the go at once, the harder it is to keep track of them all and integrate them at the right times.

Sometimes, you can’t stop the chaos – but you can control it. By developing effective processes and investing in the right tools and technology – such as cloud management platforms and cloud service brokers – you can place that complexity into a configurable domain.

If you’d like to talk to us about finding the right people to overcome cloud computing challenges in the coming year, or you’re a professional looking for cloud computing jobs, please contact us.

Author: Ellie O’Shea.

 

+

Essential cyber crime movies for cyber security professionals

February 04, 2019

With the nights long and dark, what better way to spend an evening than huddled up in the warm with a good cyber crime movie, maybe wondering what the world would be like if it were real? Thriller, sci-fi, action, horror, espionage: the cyber threat has touched seemingly every cinematic genre, just as it’s become an increasingly big fact of life. Here’s our selection of cyber crime movies to get you through the next week.

Wargames

While searching for video games, an adolescent Matthew Broderick inadvertently hacks into a military supercomputer, activating the US’s nuclear arsenal…and bringing the world to within a whisker of World War 3. Over three decades on, the message remains just as relevant: watch out what the kids are doing online.

Year: 1983

Quote: David Lightman: Is it a game...or is it real?

             Joshua: What's the difference?

Likelihood rating: You never know (remember Stuxnet, anyone?)

Die Hard 4.0

When high-tech terrorists take control of America’s technological infrastructure and hold the country to ransom, it’s up to everyone’s favourite rogue cop, John McClane, to team up with an ace hacker to save the day. Cue the barrage of one-liners and increasingly insane set-pieces (a juggernaut racing a Harrier Jump Jet on a collapsing flyover) and you’ve got yourself an old-fashioned action flick with a contemporary flavour.

Year: 2007

Quote: Matt Farrell: You just killed a helicopter with a car!

             John McClane: I was out of bullets.

Likelihood rating: More than you think.

Unfriended

When a group of chatroom buddies start receiving mysterious messages from a dead friend’s account, they write it off first as a simple glitch, then as a hacker. But when they start being gruesomely murdered, the group are forced to confront the part they each played in her untimely demise.

Year: 2014

Quote: Blaire Lily: Please, Laura we are not bad people...we are good people.

             Laura Barns: Really? Are you sure about that?

Likelihood rating: While cyber bullying is very much an unwelcome reality, you don’t often encounter the vengeful supernatural manifestations of former victims online.

The Matrix

Cyber criminal Keanu Reeves discovers that the reality we know is actually a computer simulation used by a race of super-advanced robots to enslave mankind. With a handful of other escapees, a load of guns and an unnecessary amount of leather, he sets about releasing humanity from its sleepy shackles.

Year: 1999

Quote: Morpheus: What is real? How do you define ‘real?’ If you’re talking about what you can feel, what you can smell, what you can taste and see, then ‘real’ is simply electrical signals interpreted by the brain.

Likelihood rating: Low (not that you’d be able to tell the difference.)

Skyfall

After a hard drive containing the details of undercover agents is stolen, MI6 comes under full-blown cyber attack – shortly before its headquarters are blown up. Bearing the weight of an alarmingly brooding backstory, James Bond duly sets out to track down the perpetrator, facing off against a creepy former MI6 agent-turned-cyber terrorist with a personal agenda.

Year: 2012

Quote: Raoul Silva: Destabilise a multinational by manipulating stocks. Easy. Interrupt transmissions from a spy satellite over Kabul. Done. Rig an election in Uganda. All to the highest bidder.

             James Bond: Or a gas explosion in London.

Likelihood rating: It’s hard to imagine a betrayed former employee putting so much effort into their revenge when they can just post a negative comment on Glassdoor.

Enemy of the State

Mild-mannered father Will Smith stumbles across video footage of a congressman being assassinated, at the order of a corrupt National Security Agency official who wants to pass controversial surveillance legislation. Subsequently framed for murder, Will forms his most crucial collaboration since Jazzy Jeff – in the form of an ex-intelligence agent – and sets about proving his innocence.

Year: 1998

Quote: Edward Lyle: The government's been in bed with the entire telecommunications industry since the forties. They've infected everything. They get into your bank statements, computer files, email, listen to your phone calls... Every wire, every airwave. The more technology used, the easier it is for them to keep tabs on you. It's a brave new world out there. At least it'd better be.

Likelihood rating: Pretty high (News of the World, WikiLeaks.)

Untraceable

A sadistic cyber serial killer posts live feeds of his murders online – and the more hits he gets, the faster they die. It’s up to an elite cybercrime division of the FBI to track him down before the entire country starts watching, sending his site stats – and victim count – through the roof.

Year: 2008

Quote: Owen Reilly: [Watching his victim in a tub filling up with acid] You know if no one was watching right now, you'd just be sitting in water. But the whole world wants to watch you die, and they don't even know you.

Likelihood rating: Very

If you’re looking to hire the right cyber security professionals to avoid these scenarios or you’re looking for a cyber security job where you can save the day on a regular basis, contact us now.

 

Author: Josh Keeley

 

+

Seven cyber threats to watch out for in 2019

January 07, 2019

With cyber security systems constantly shifting and cyber attackers shifting with them, threats come from new directions all the time – whether they’re variations on perennial cyber nuisances such as phishing, malware and ransomware, or plucked from a deep, dark corner of cyberspace. Here are a few of the major cyber threats we’re expecting to see in 2019.

Whaling

Phishermen are increasingly realising that there’s little point casting out a huge net in the hope of catching anything and everything. Or in other words, sending the same email to hundreds of employees of all levels, for limited reward. So instead, they’re increasingly trying their hand at whaling: high-value phishing attacks targeting CEOs, CSOs, CFOs and anyone else with a company credit card. After all, it’s easy enough to find out a CEO’s contact details from Google – and the rewards are so much greater. Watch out for harpoons.

The smash and grab

By targeting websites with high-value, high-volume transactions, hackers will only need to pull off a handful of e-heists in order to make huge gains. Exploiting a loophole in an organisation’s web infrastructure, hackers inject a sneaky bit of code that allows them to snatch data while transactions are in progress. These attacks are the epitome of opportunism: silent, swift, on-the-fly. They’re the cyber equivalent of performing a train robbery between stops. In September 2018, hackers used such an attack to steal the credit card details of 380,000 BA customers.

Organisations don’t just need to think about protecting their web infrastructure, but also testing the security of their live transactions through transaction stack security.

The perilous plug-in

There’s talk of a rise in USB-based attacks, with hackers infiltrating organisations’ endpoints using USB mechanisms that bypass blocking and security systems. One of the more famously disruptive examples of recent years came in the form of Stuxnet. A malicious computer worm which targets SCADA systems, Stuxnet is believed to have harmed Iran’s nuclear programme after someone found a random USB lying suspiciously around the carpark...and made the mistake of plugging it in.

Abuse of privileged access

With a lack of privileged access management (PAM) in many organisations, particularly SMEs, there’s almost an open invitation for cyber criminals to target an entire market. If administrative rights in a firm have been configured so that the user can access the whole network, and the firm doesn’t have the security in place to prevent code executing itself at that level, hackers will have free reign to cause some serious damage.

The weakest link

Many organisations are affiliated to dozens or even hundreds of third party suppliers. That’s a lot of bases to cover. So cyber attackers will increasingly probe organisations’ networks, hoping to gain access to their data via a supplier who’s connected to their corporate systems.

Organisations need to ensure not only that they’re protected, but that their partners and supply chain are protected too – along with any information that passes between them. Automated testing can reveal what data’s available to the public and identify holes in the infrastructure, so organisations can see where their suppliers need to improve.

Cloudy permissions

Too many organisations do not control who and what has access to the cloud service. It’s easy enough to set up a new user in a number of different cloud services, but it can become difficult to keep track of things when someone changes roles or leaves the company. Without the right restrictions or basic governance in place, users can often access sensitive data through their username and password. Organisations will need to keep a close eye on their users’ individual access and permissions to ensure the right user is accessing the right data with the right device.

The hidden door

Connection brings convenience. But it can also bring chaos. Hackers are increasingly getting into corporate networks by targeting unprotected “internet of things” devices such as air conditioning systems, CCTV and…fish tanks.

Nicola Eagan, CEO of cyber security firm Darktrace, recently revealed that hackers had stolen thousands of data entries from a casino’s high-roller database after gaining access to the network via the thermometer of a fish tank in the lobby. With this kind of access now a growing problem, there are calls for new laws outlining minimum security standards for internet of things devices. These days, you almost need eyes in the back of your head.

It’s all very well having the right security software in place. But as we move through 2019, the key for organisations will be to arm their users with effective cyber security training. As cyber criminals look for new angles, as cyber threats continue to come from every conceivable direction – and a few that aren’t so conceivable – an educated workforce will be far more equipped to meet the cyber security challenges of the future.

If you’re an employer looking for the right cyber security talent or you need advice on how to protect your business from cyber threats, we’d be happy to talk to you. If you’re a job seeker looking for your next great cyber security job, we’ve got access to the best opportunities on the market. Speak to one of our experts now.

+

What People Say About Us