Read and Memorize these SANS-SEC504 free pdf download and forget worries

Accessibility of genuine, legitimate, refreshed, and most recent SANS-SEC504 questions and answers is a large issue on the web. We have conquered the circumstance by gathering SANS-SEC504 PDF Download and free pdf download and making a data set for our contender to download from killexams.com and remember. These SANS-SEC504 brain dumps questions and answers are adequate to finish the test at the first endeavor.

Exam Code: SANS-SEC504 Practice test 2022 by Killexams.com team
SANS-SEC504 Hacker Tools, Techniques, Exploits and Incident Handling

- How to best prepare for an eventual breach
- The step-by-step approach used by many computer attackers
- Proactive and reactive defenses for each stage of a computer attack
- How to identify active attacks and compromises
- The latest computer attack vectors and how you can stop them
- How to properly contain attacks
- How to ensure that attackers do not return
- How to recover from computer attacks and restore systems for business
- How to understand and use hacking tools and techniques
- Strategies and tools for detecting each type of attack
- Attacks and defenses for Windows, UNIX, switches, routers, and other systems
- Application-level vulnerabilities, attacks, and defenses
- How to develop an incident handling process and prepare a team for battle
- Legal issues in incident handling

Topics
- Preparation
- Building an incident response kit
- Identifying your core incident response team
- Instrumentation of the site and system
- Identification
- Signs of an incident
- First steps
- Chain of custody
- Detecting and reacting to insider threats
- Containment
- Documentation strategies: video and audio
- Containment and quarantine
- Pull the network cable, switch and site
- Identifying and isolating the trust model
- Eradication
- Evaluating whether a backup is compromised
- Total rebuild of the Operating System
- Moving to a new architecture
- Recovery
- Who makes the determination to return to production?
- Monitoring to system
- Expect an increase in attacks
- Special Actions for Responding to Different Types of Incidents
- Espionage
- Inappropriate use
- Incident Record-keeping
- Pre-built forms
- Legal acceptability
- Incident Follow-up
- Lessons learned meeting
- Changes in process for the future
- Reconnaissance
- What does your network reveal?
- Are you leaking too much information?
- Using forward and reverse Whois lookups, ARIN, RIPE, and APNIC
- Domain Name System harvesting
- Data gathering from job postings, websites, and government databases
- Recon-ing
- Pushpin
- Identifying publicly compromised accounts
- Maltego
- FOCA for metadata analysis
- Aggregate OSINT data collection with SpiderFoot
- Scanning
- Locating and attacking personal and enterprise Wi-Fi
- Identifying and exploiting proprietary wireless systems
- Rubber Duckie attacks to steal Wi-Fi profiles
- War dialing with War-VOX for renegade modems and unsecure phones
- Port scanning: Traditional, stealth, and blind scanning
- Active and passive operating system fingerprinting
- Determining firewall filtering rules
- Vulnerability scanning using Nessus and other tools
- Distributing scanning using cloud agents for blacklist evasion
- Intrusion Detection System (IDS) Evasion
- Foiling IDS at the network level
- Foiling IDS at the application level: Exploiting the rich syntax of computer languages
- Web Attack IDS evasion tactics
- Bypassing IDS/IPS with TCP obfuscation techniques
- Enumerating Windows Active Directory Targets
- Windows Active Directory domain enumeration with BloodHound, SharpView
- Windows Command and Control with PowerShell Empire
- Operating system bridging from Linux to Windows targets
- Defending against SMB attacks with sophisticated Windows networking features
- Physical-layer Attacks
- Clandestine exploitation of exposed USB ports
- Simple network impersonation for credential recovery
- Hijacking password libraries with cold boot recovery tool
- Gathering and Parsing Packets
- Active sniffing: ARP cache poisoning and DNS injection
- Bettercap
- Responder
- LLMNR poisoning
- WPAD attacks
- DNS cache poisoning: Redirecting traffic on the Internet
- Using and abusing Netcat, including backdoors and insidious relays
- IP address spoofing variations
- Encryption dodging and downgrade attacks
- Operating System and Application-level Attacks
- Buffer overflows in-depth
- The Metasploit exploitation framework
- AV and application whitelisting bypass techniques
- Netcat: The Attacker's Best Friend
- Transferring files, creating backdoors, and shoveling shell
- Netcat relays to obscure the source of an attack
- Replay attacks
- Endpoint Security Bypass
- How attackers use creative office document macro attacks
- Detection bypass with Veil, Magic Unicorn
- Putting PowerShell to work as an attack tool
- AV evasion with Ghostwriting
- Attack tool transfiguration with native binaries
- Password Cracking
- Password cracking with John the Ripper
- Hashcat mask attacks
- Modern Windows Pass-the-Hash attacks
- Rainbow Tables
- Password guessing and spraying attacks
- Web Application Attacks
- Account harvesting
- SQL Injection: Manipulating back-end databases
- Session cloning: Grabbing other users' web sessions
- Cross-site scripting
- Denial-of-Service Attacks
- Distributed Denial of Service: Pulsing zombies and reflected attacks
- Local Denial of Service
- Maintaining Access
- Backdoors: Using Poison Ivy, VNC, Ghost RAT, and other popular beasts
- Trojan horse backdoors: A nasty combo
- Rootkits: Substituting binary executables with nasty variations
- Kernel-level Rootkits: Attacking the heart of the Operating System (Rooty, Avatar, and Alureon)
- Covering the Tracks
- File and directory camouflage and hiding
- Log file editing on Windows and Unix
- Accounting entry editing: UTMP, WTMP, shell histories, etc.
- Covert channels over HTTP, ICMP, TCP, and other protocols
- Sniffing backdoors and how they can really mess up your investigations unless you are aware of them
- Steganography: Hiding data in images, music, binaries, or any other file type
- Memory analysis of an attack
- Putting It All Together
- Specific scenarios showing how attackers use a variety of tools together
- Analyzing scenarios based on real-world attacks
- Learning from the mistakes of other organizations
- Where to go for the latest attack info and trends
- Hands-on Analysis
- Nmap port scanner
- Nessus vulnerability scanner
- Network mapping
- Netcat: File transfer, backdoors, and relays
- Microsoft Windows network enumeration and attack
- More Metasploit
- Exploitation using built in OS commands
- Privilege escalation
- Advanced pivoting techniques
- How to best prepare for an eventual breach
- The step-by-step approach used by many computer attackers
- Proactive and reactive defenses for each stage of a computer attack
- How to identify active attacks and compromises
- The latest computer attack vectors and how you can stop them
- How to properly contain attacks
- How to ensure that attackers do not return
- How to recover from computer attacks and restore systems for business
- How to understand and use hacking tools and techniques
- Strategies and tools for detecting each type of attack
- Attacks and defenses for Windows, UNIX, switches, routers, and other systems
- Application-level vulnerabilities, attacks, and defenses
- How to develop an incident handling process and prepare a team for battle
- Legal issues in incident handling

Hacker Tools, Techniques, Exploits and Incident Handling
SANS Techniques, test
Killexams : SANS Techniques, test - BingNews https://killexams.com/pass4sure/exam-detail/SANS-SEC504 Search results Killexams : SANS Techniques, test - BingNews https://killexams.com/pass4sure/exam-detail/SANS-SEC504 https://killexams.com/exam_list/SANS Killexams : SANS GIAC Certification Guide: Overview and Career Paths

The SANS Institute was founded in 1989 to provide IT security and administration information and vendor-neutral training on those subjects. Since its inception, SANS has trained more than 165,000 individuals via in-class courses, training events, and technical conferences held throughout the world; self-paced online training (called SANS OnDemand); and interactive virtual training (called SANS vLive).

Course courses from the SANS Institute include security essentials, hacking techniques, intrusion detection and incident response, network defense, mobile device security, auditing, digital forensics and related security topics. The “information” component of SANS includes the SANS memorizing Room, an extensive library of downloadable security research documents; the Internet Storm Center, which monitors and reports on malicious attacks and provides weekly bulletins and alerts; free security policy templates; the CIS Critical Security Controls for cyber defense and more.

SANS formed the Global Information Assurance Certification (GIAC) program to act as the certification arm for its training courses, ensuring that individuals meet knowledge and skills standards in specific areas of IT security. More than 165,000 GIAC credentials have been issued. GIAC certifications are well known and highly respected among employers and the information security industry. Even the United States National Security Agency (NSA) recognizes GIAC certifications.

GIAC offers more than 30 security certifications across introductory, intermediate, advanced and expert levels. According to SANS, GIAC certifications are unique because “they measure specific skills and knowledge areas rather than general infosec knowledge.” That means a typical GIAC certification requires rigorous preparation and hands-on experience. That’s why SANS training comes highly recommended.

Note: Another component of SANS is the SANS Technology Institute, which offers one security-related master’s degree – the Information Security Engineering (MSISE). The SANS Technology Institute also offers five graduate certificate programs focused on Cybersecurity Engineering (CORE), Cyber Defense Operations, Incident Response, Industrial Control Systems Security, and Penetration Testing and Ethical Hacking.

SANS GIAC certification tracks

GIAC certifications fall within six specific domains, each with its own certification track:

  • Cyber Defense: Boasting 12 credentials (10 of which are advanced certs), the Cyber Defense certification family is the largest of the SANS GIAC certification domains. Cyber defense certifications are geared to professionals who identify and defend against cybersecurity threats.
  • Industrial Control Systems (ICS): SANS GIAC offers three ISC certifications, one at the intermediate and two at the advanced levels. ISC certifications are geared toward control system engineers and other security professionals charged with cyber security for control system infrastructures and technology along with automation security.
  • Penetration Testing: SANS GIAC-certified pen-test professionals possess the skills necessary to perform tasks that include evaluating attack techniques and methods, recommending security best practices to prevent security incidents, and formulating plans to defend against security incidents when they occur. With seven credentials, Penetration Testing is the second largest certification domain. Credentials are offered for a variety of scenarios, including web applications, mobile devices, Python coding, wireless networks, ethical hacking and more.
  • Digital Forensics and Incident Response: This domain targets InfoSec professionals, including IT administrators, security engineers and security analysts. Also included are law enforcement and legal professionals who respond to security incidents and related cyber breaches, conduct forensic investigations, and examine and gather incident artifacts and related evidence.
  • Developer: Developer certifications are aimed at developers and anyone else interested in building secure programs and applications. Three certs are offered – Java programming, web applications and .NET programming.
  • Management and Leadership:  The management and leadership domain is focused on professionals who may have (or lack) technical skills but provide managerial or project management support. They are also instrumental in developing and implementing security policies on an organizationwide basis. These credentials include certs for auditors, project managers, CISOs, data security law and InfoSec professionals.

Another certification “category” is the pinnacle GIAC certification – namely, the GIAC Security Expert (GSE). Some industry officials consider the GSE to be the premier security-related certification available today. Whereas most GIAC certifications can be achieved by passing a single multiple-choice exam, the GSE test includes both a multiple-choice component and a hands-on lab.

SANS GIAC certification levels

SANS offers four levels of certifications, including introductory, intermediate, advanced and expert. The table below is a modified version of the GIAC certification roadmap,  which lists each certification by level and certification tracks.

Introductory Level

Cyber Defense

Intermediate Level

Cyber Defense

ICS

Penetration Testing

Digital Forensics and Incident Handling

Management and Leadership

Advanced Level

Cyber Defense

ICS

Penetration Testing

Digital Forensics and Incident Response

Developer

Management and Leadership

Other than the GSE, GIAC certifications require passing one test and have no prerequisites. That said, GIAC highly recommends SANS training courses, especially for candidates who don’t have adequate hands-on experience and aren’t able to self-study.

Once an application has been approved, candidates have four months to attempt the associated exam. (GIAC does not administer exams immediately upon conclusion of a training event; candidates must wait at least seven days to sit for the exam.) The cost of each GIAC exam is currently $1,899, which includes two practice exams. The lab test for the GSE is $2,459, and the written test is $499. (Note: Students can purchase and take an test as part of a training course, or they may purchase and take an test by itself.)

SANS GIAC certification renewal

To remain certified, credential holders must renew their GIAC certifications every four years by earning 36 continuing professional education (CPE) credits. CPE credits may be earned by completing approved training or certifications, participating in continuing education, publishing a technical paper, completing certain graduate-level courses, getting community or work experience or participating in cyber range activities. A renewal fee of $429 is also required.

GIAC certifications cover the gamut of job roles in IT security today. GIAC-certified professionals work as security analysts or certified (two of the most common roles), information security engineers, network security admins, database administrators, developers, forensic specialists, risk managers and auditors.

Large organizations with security operations centers (SOCs) need SOC analysts, engineers and supervisors, as well as directors of cybersecurity. A bevy of companies also hire employees and consultants who perform incident response, penetration testing and the like.

With almost 314,000 security-related jobs open in the U.S. alone (and 3.5 million globally by 2021), a reasonably educated and experienced person stands a good chance of getting hired fairly quickly. Adding a security certification or two to your resume not only validates your skills, but it may get you noticed by a hiring manager or provide you more leverage during salary negotiations.

SANS training courses and events vary in format and price, but candidates can expect to pay around $5,800 to $6,610 for a training course. Although the price tag is high, many candidates recommend SANS training for its quality and depth as well as its usefulness in eventually achieving GIAC certification. SANS instructors are usually industry experts and/or full-time security practitioners, and invariably get glowing reviews from course attendees.

Candidates who attempt GIAC certification exams should consider taking practice questions beforehand. A practice test mimics an actual test and is, therefore, a terrific study aid. All GIAC certification attempts (except for the GSE) come with two free practice exams. A few practice questions are also included with training courses. Candidates who don’t take training can purchase practice questions for $159 each by clicking a link in their SANS/GIAC portal account.

Sun, 18 Sep 2022 12:00:00 -0500 en text/html https://www.businessnewsdaily.com/10786-sans-giac-certification-guide-overview-and-career-paths.html
Killexams : Most hackers need 5 hours or less to break into enterprise environments

Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.

The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organizations, with different levels of experience and specializations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.

The survey highlights the need for organizations to Improve their mean time-to-detect and mean-time-to-contain, especially when considering that ethical hackers are restricted in the techniques they're allowed to use during penetration testing or red team engagements. Using black hat techniques, like criminals do, would significantly Improve the success rate and speed of attack.

Hackers find exploitable weaknesses in only a few hours

When asked how much time they typically need to identify a weakness in an environment, 57% of the polled hackers indicated ten or fewer hours: 16% responded six to ten hours, 25% three to five hours, 11% one to two hours and 5% less than an hour. It's also worth noting that 28% responded that they didn't know, which could be because of multiple reasons and not necessarily because it would take them more than ten hours.

One possibility is that many ethical hackers don't keep track of how much time perimeter discovery and probing might take because it is not an important metric for them or a time-sensitive matter. Many factors could influence this, from the size of the environment and number of assets to their preexisting familiarity with the tested environment.

Over two-thirds of the questioned hackers indicated that they work or worked in the past as members of internal security teams and half said they served as consultants for offensive security providers. Almost 90% of respondents held an information security certification and the top specializations among them were network security, internal penetration testing, application security, red-teaming, and cloud security. Code-level security, IoT security and mobile security were less common at 30% prevalence or less.

Copyright © 2022 IDG Communications, Inc.

Thu, 29 Sep 2022 06:46:00 -0500 en text/html https://www.csoonline.com/article/3675535/most-hackers-need-5-hours-or-less-to-break-into-enterprise-environments.html
Killexams : Free training and certification available through SANS Cyber Workforce Academy

Max Shuftan, SANS director of Mission and Partnerships. (Submitted photo)

If you’ve ever considered getting into the cybersecurity field or have some experience and need continuing education, the SANS Institute has a new academy for Maryland residents.

The cybersecurity training and certifications company announced in early August the formation of the SANS Cyber Workforce Academy. Through a collaboration with the Maryland Department of Labor’s EARN MD grant, the academy is free to Maryland residents who are accepted.

The program was built on a series of different academies that SANS has hosted since 2015.

“Each of these (academies) was built with the idea that if you can find people who are passionate about cybersecurity and have the aptitude to learn it, we can help close the talent gap that the industry faces,” said Max Shuftan, SANS director of Mission and Partnerships. Their first collaboration with the state occurred in 2018 and this academy is the third iteration of the program.

“From our perspective, the academy is needed because traditional academia often requires individuals to invest four years and hundreds of thousands of dollars of money or (get a) loan to try to get degrees that often, not always, but often don’t teach practical hands-on skills that help people be job ready in the field,” he said. “The academy is a model that can be that bridge for someone looking to jump into the field but with skills that are needed by employers and that speak to the job you will be performing on day one. Having that kind of immersive approach will enable participants to gain skills quickly, prove themselves with certifications and get to work.”

Shuftan notes Maryland is a great location for the academy given its proximity to the nation’s capital and the Baltimore/Washington, D.C. corridor that is home to a bevy of government contractors, organizations and agencies as well as private sector employers.

“Maryland’s prominence in terms of both the national security space and the commercial sector requires it to have significant cyber security talent pool,” he said.

As of mid-August, there were nearly 700,000 cybersecurity jobs open across the United States. In mid-September, Tasha Cornish, executive director of the Cybersecurity Association of Maryland Inc. (CAMI) noted there were more than 23,000 open jobs in cybersecurity just in the state.

“That number just keeps growing,” she said. “It is really a great career to have especially if you want to stay, raise a family, have a good meaningful career and stay in Maryland.”

The academy, she said, is a great entry point to the field. “It really gives a nice broad but rich introduction to cybersecurity in a very practical way by giving trainees the skills that are in demand from the industry. I hope that it gets people more excited. I think there is a lot of opportunities to continue to grow and learn and I hope it gives some people the bug to pursue a career in this and get more involved in the industry.”

The online academy focuses on two areas — reskilling and upskilling. The reskilling academy is focused on educating individuals that are not currently working in cybersecurity. This track involves three training courses over a six-month period and the ability to earn three certifications. The upskilling academy provides educational opportunities for individuals with IT experience and/or limited cybersecurity skills in order to get certified to move into higher-level cyber positions. This track lasts four months and includes two industry courses with the opportunity to earn two certifications.

Only Maryland residents may apply for this academy. Applicants will take an aptitude assessment to try to gauge their potential in cybersecurity as well submitting a resume and participating in an interview. Typically there is about an 8 to 1 applicant-to-selected student ratio. A new cohort of students starts every 8 to 12 weeks. A cohort usually has 10 to 12 students. We will have eight to nine cohorts with a total of 88 students over the course of about two years.

Shuftan hopes participants take away hands-on technical skills, cyber defense and incident handling abilities. “This type of work is critical to our national and economic security and they will be ready to make a contribution,” he said.


Mon, 19 Sep 2022 07:32:00 -0500 Gina Gallucci-White en-US text/html https://thedailyrecord.com/2022/09/19/free-training-and-certification-available-through-sans-cyber-workforce-academy/
Killexams : For Cybersecurity Awareness Month (and Halloween) – Some Scary Cyber Threat Stats

A couple times a year I compile, analyze, and write about cybersecurity developments and statistics. As we begin the Cybersecurity Awareness month of October 2022, it is incumbent for all of us to be more wary than usual by the scary stats surrounding an increasingly sophisticated and lethal cyber threat landscape.

A first case in point to the precariousness of cybersecurity is the ease of beaching by criminal hackers.

Most hackers need 5 hours or less to break into enterprise environments

Most hackers need 5 hours or less to break into enterprise environments | CSO Online

“ Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.

The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organizations, with different levels of experience and specializations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.”

Chuck’s Comments: Thankfully this statistic cites ethical hackers. Many are top notch and exceptionally good at what they do. Still, exploitation of weaknesses is relatively easy even if it takes more than five hours for less experienced hackers. This call attention to the urgency of cyber hygiene including strong passwords, multifactor authentication, having good anti-malware software, and patching regularly.

Phishing remains the top threat in almost all cyber-threat statistics out there, especially driven more and more by mobile:

Phishing Attacks Crushed Records Last Quarter, Driven by Mobile

Phishing Attacks Crushed Records Last Quarter, Driven by Mobile (darkreading.com)

“Shocking phishing numbers (more than 1 million in a single quarter) are being driven by vishing, smishing, and other lures that target mobile devices.

Last quarter saw a record-shattering number of observed phishing attacks, fueled in large part by attempts to target users on their mobile devices.

The latest Anti-Phishing Working Group (APWG) "Phishing Activity Trends Report" for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history. “

The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.

"We're seeing a huge increase in mobile phone-based fraud, with smishing and vishing collectively seeing a nearly 70% increase in volume as compared to Q1 totals," Matthew Harris, senior product manager of fraud at Opsec said in reaction to the APWG findings. "We are still seeing fraud coming in via the typical OTT apps (WhatsApp, WeChat, Facebook Messenger, etc.), but the SMS-based fraud is really the kicker here."

Chuck’s Comments: Phishing is the tool of choice for many hackers. Phishing is commonly defined as a technique of hackers to exfiltrate your valuable data, or to spread malware. Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization, or a website you may frequent.

Usually, the phishing malware comes via email attachments but can also be web-based. According to an analysis by Webroot, 46,000 new phishing sites are created every day and 1.385 million new, unique phishing sites are created each month. At a more granular level, the firm Wandera says that a new phishing site launches every 20 seconds. Two cybersecurity hygiene actions to Improve your digital life in 2021 | AT&T Cybersecurity (att.com)

Phishes can be quite sophisticated nowadays. The tools are available on the Dark Web and the graphics used to mimic emails or texts from banks, companies, employers, and even friends are a far cry from the misspelled and cheesy phishing attempts from a decade ago. Moreover, they are automated and sent by the thousands with help of machine learning. I am frightful as deep fakes are on the horizon and they are a scary proposition in the wrong hands. Be alert and double check before you click!

Most organizations had a cloud-related security incident in the past year

Most organizations had a cloud-related security incident in the past year | Cybersecurity Dive

Security leaders consider the risk of cloud-based incidents higher than on-premises incidents, yet they expect to move more applications to the cloud.

  • More than 80% of organizations have experienced a cloud-related security incident over the past 12-month period, according to research from Venafi. Almost half of those organizations reported at least four incidents over the same period.
  • Companies are rapidly undergoing digital transformation to the cloud. Organizations in the study currently host 2 in 5 applications in the cloud, however that figure is expected to reach 3 in 5 over the next 18 months.
  • Despite those rapid changes, more than half of all organizations said they consider the risk of security incidents higher in the cloud, compared with on-premises environments.

Chuck’s Comments: Both the public sectors and private sectors are rapidly transitioning into a cloud and hybrid cloud world and computing is certainly moving closers to the edge. It is important to work closely with your cloud provider, know what data you need to protect and encrypt, and have an incident response plan in case you get breached .Clouds are not inherently risky, but companies need to recognize they have to evaluate provider policies and capabilities to protect their vital data. The use of the cloud and hybrid clouds enables implementation of dynamic policies, faster encryption, drives down costs, and provides more transparency for access control (reducing insider threats). When viewed from a security administrator perspective, optimized security in the cloud mitigates the risk of hackers getting key access to data.

64% of Businesses Suspect They’re Target of Nation State Attacks

64% Of Businesses Suspect They’re Targets Of Nation-State Attacks- Expert (informationsecuritybuzz.com)

New findings from Venafi 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks. Among key findings:

  • 82% believe geopolitics and cybersecurity are intrinsically linked
  • 77% believe we’re in a perpetual state of cyberwar
  • More than two-thirds (68%) have had more conversations with their board and senior management in response to the Russia/Ukraine conflict
  • 63% doubt they’d ever know if their organization was hacked by a nation-state

Chuck’s Comments: Critical Infrastructure has been increasingly targeted by nation states and evidenced by Colonial Pipeline and other high profile events. Protecting critical infrastructure Industrial Control Systems, Operational Technology, and IT systems from cybersecurity threats is a difficult endeavor. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. As DHS CISA mission has recognized, protecting the critical infrastructure supply chain in IT and OT systems need to be a public and private sector priority. The Russian/Ukraine conflict has led to a “Shields Up” response from DHS CISA and stronger threat sharing between industry and government. Unfortunately, the energy sector and especially the Grid is still at great risk with a mix of OT/IT systems and infrastructure built decades back. Fortification of critical Infrastructure need to be a top priority.

More on that OT cybersecurity Topic of Industrial Control Systems:

Industrial control systems face more cyber risks than IT, expert testifies

Industrial control systems face more cyber risks than IT, expert testifies | Cybersecurity Dive

· Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory’s Vergle Gipson said.

  • Operational technology systems in the U.S. are more vulnerable to malicious cyberattacks than information technology.
  • Most industrial control systems currently in use were designed more than two decades ago, before there was a clear understanding of how to build cyber resilience into those systems, according to Gipson. While IT systems have been more actively managed, with firmware and patches frequently upgraded, OT systems are usually not upgraded or replaced until significant failures.

90% of companies affected by ransomware in 2022

VentureBeatReport: 90% of companies affected by ransomware in 2022

An annual SpyCloud survey found that 90% of organizations were impacted by ransomware over the past twelve months, an alarming increase from last year’s 72.5%.

Despite increased investment in cybersecurity, over the past year, the relentless tide of ransomware continued to disrupt operations and put organizations’ data at risk. Moreover, organizations were more likely than last year to be impacted more than once: 50% were hit at least twice, 20.3% were hit between 6 and 10 times and 7.4% were attacked more than 10 times.

Chuck’s Comments: a statistic of 90% in ransomware attacks is more than alarming, it is spooky. Ransomware attacks are easy to initiate and criminal hackers can get paid in cryptocurrency and are difficult to find and prosecute. There are many anti-ransomware tool software tools available for companies to protect themselves. And for any company, backing up and isolating and encrypting sensitive data should be a part of their risk management strategy.

Ransomware attacks surge in education sector

Ransomware attacks surge in education sector | Cybersecurity Dive

Colleges and universities are particularly challenged as repercussions of ransomware hit them harder and longer than other organizations.

  • The education sector got hit with even more ransomware attacks in 2021, impacting almost two-thirds of higher education organizations, Sophos concluded in a new survey.
  • Ransomware attacks hit more than half of the lower-education organizations surveyed and almost two-thirds of higher education institutions.
  • This marks a jump from the 44% of respondents combined across lower and higher education that reported ransomware attacks in 2020, but it’s consistent with an upward trend in ransomware attacks across all sectors.

Chuck’s Comments: unfortunately, the education vertical is a cyber target like healthcare. Their systems are often made up of many networks and devices that can be targets of exploitation. This is a serious risk to high education, and in fact, one College (Lincoln College in Illinois) had to close after being victimized by a ransomware attack.

Half of global firms supply chains compromised by ransomware

Half of global firms supply chains compromised by ransomware | Cyber Magazine

· · Global cybersecurity company, Trend Micro, announced new research today that reveals global organizations are increasingly at risk of ransomware compromise via their extensive supply chains.

· Trend Micro commissioned Sapio Research in May and June 2022 to poll 2,958 IT decision makers across 26 countries. The research revealed that 79% of global IT leaders believe their partners and customers are making their own organization a more attractive ransomware target. The challenge is particularly acute considering that potentially less well-secured SMBs make up a 'significant' portion of the supply chain for over half (52%) of these organizations.

Chuck’s Comments: Supply chains that often are comprised of multiple vendors are a top target. Companies need to better authenticate, validate, and protect their supply chains. Supply chain cyber-attacks can be perpetrated from nation state adversaries, espionage operators, criminals, or hacktivists. Their goals are to breach contractors, systems, companies, and suppliers via the weakest links in the chain. This is often done through taking advantage of poor security practices of suppliers, embedding compromised (or counterfeit) hardware and software, or from insider threats within networks.

The remedy to fixing supply chain vulnerabilities is heightening government and industry collaboration highlighted in the policy initiatives, such as NIST, and in task forces on supply chain security established by the Executive Branch. More precisely, it requires enacting a risk management process that identifies vulnerable systems (especially legacy) and gains visibility into all the elements of the supply chain. Please see my article in GovConWire on this topic: Chuck Brooks: Government Focused on Securing the Cyber Supply Chain - GovCon Wire

Less Than Half of Large US Businesses Investing in Cybersecurity Despite Major Concern

Despite the rise in threats to businesses, companies aren't doing enough to protect themselves or their customers.

Less Than Half of Large US Businesses Investing in Cybersecurity Despite Major Concern (tech.co)

· With cyberattacks on the rise and the average cost of an attack in the millions, safeguarding against issues such as data breaches and ransomware should be a number one concern for businesses of all sizes — but especially large businesses.

· While small businesses are the least likely to be protected, large businesses are the most targeted by attackers and, surprisingly, don’t fare much better. 83% of large businesses see security as a significant threat to their business growth. Yet only 43% of large businesses consider security a top three tech budget priority to invest in.

Chuck’s Comments: there is an adage that you can lead a horse to water, but you cannot make them drink. This rings true for industry. What will it take to make them take cybersecurity as an existential threat to their business operations and reputations?

Cybersecurity Statistics are good indicators where there are gaps and what the public and private sectors need to help remedy their situations. There is a lot of great advice out there to consider, especially in risk management. Below are a couple of my own articles on paths forward to consider. They are focused on the actions of proactive cybersecurity and public private cooperation.

Why Proactive Cybersecurity Is a Must in Today’s Sophisticated Threat Environment

Prevention and preparedness begin with discovering the knowns and unknowns in the code that is the backbone of the array of applications and operating networks.

By Chuck Brooks

Why Proactive Cybersecurity Is a Must in Today’s Sophisticated Threat Environment - HS Today

(Photo by Greg Wilson/405th Army Field Support Brigade - Europe & Africa)

In recent years, the cybersecurity focus and activities by both industry and government have been reactive to whatever is the latest threat or breach. As a result, mitigating the threats was difficult because, from the outset, cyber-defenders were always at least one step behind.

The reactive mindset has been changing due to a series of wake-up calls that have included a major series of intrusions by sophisticated threat actors against many high-profile targets (including SolarWinds, Colonial Pipeline, OPM, Anthem, Yahoo, and many others) that exposed a flawed approach to defending data and operating with a passive preparedness.

As our reliance on the interconnectivity of cyber devices, enterprises, and applications on the cyber landscape has grown, so have the cyber intrusions and threats from malware and hackers. The growing and sophisticated cyber threat actors include various criminal enterprises, loosely affiliated hackers, and adversarial nation-states. The firm Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025. Cybercrime To Cost the World $10.5 Trillion Annually By 2025 (cybersecurityventures.com)

Also, a change in the cyber risk environment resulting from a transition to remote work coinciding with a heightened need for procurement of innovative technologies and services has created a new paradigm for cybersecurity.

With the growing realization of just how important IT is to our business and as a result of the dramatic increase in breaches, there is a growing recognition that protection against them should be considered more than a business cost item and a necessity to ensure business continuity and reputation. Proactive cybersecurity has been a posture that has been adopted increasingly by industry and government.

Proactive Cybersecurity = Risk Management

Being proactive in the evolving digital ecosystem is not just about procuring technologies and hiring people. It also means adopting a cybersecurity framework that would include tactical measures, encryption, authentication, biometrics, analytics, and continuous testing, diagnostics, and mitigation, as they may apply to specific circumstances. Concisely, proactive cybersecurity means helping ensure business continuity.

In a core sense, a successful cyber threat consequences strategy is really about risk mitigation and incident response to maintain business continuity. It is critical to be aware of the morphing threat landscape and plan contingencies for all potential scenarios. A risk management strategy requires stepping up assessing situational awareness, information sharing, and especially resilience planning.

Foundational to a commitment to proactive cybersecurity is a cyber vulnerability risk assessment. That action item is a critical first step in cybersecurity best practices. A risk assessment can quickly identify and prioritize cyber vulnerabilities so that you can immediately deploy solutions to protect critical assets from malicious cyber actors while immediately improving overall operational cybersecurity.

A comprehensive risk management approach should include cyber-hygiene best practices, education/training, use policies and permissions, configuring network access, testing of code, security controls, applications, device management, application controls, and regular network audits.

Three strategies are most commonly being used today to bolster risk management in cybersecurity. They include Security by Design, Defense in Depth, and Zero Trust. Security by design monitors manages and maintains the security process. Defense in depth enables layers of redundant protective security measures to help deter data breaches. And zero trust focuses on protecting resources (assets, services, workflows, network accounts) through strict identity and access management enforced by authentication and proper authorization. Combining Three Pillars of Cybersecurity (forbes.com)

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements are situational awareness combined with systematic abilities for critical communications in cases of emergency. These guidelines are represented in the U.S. government’s National Institute of Standards and Technology (NIST) mantra for industry and government: “Identify, Protect, Detect, Respond, Recover.”

First Steps: Testing of Code & Applications

Testing software code is a critical function of information technology product validation. If the process of testing is not followed, the end-use product may be defective and potentially put a business or organization at risk. Detecting and fixing bugs in software development is a way to ensure the end quality of products.

That assessment needs to begin with application security testing to identify vulnerabilities that can be exploited in code or misconfigurations, or the discovery of malware already existing in programs and applications. Prevention and preparedness begin with discovering the knowns and unknowns in the code that is the backbone of the array of applications and operating networks that will determine our digital future.

New code, especially third-party software, needs to be thoroughly identified, assessed, and validated before it is installed on the network. Third-party advisory websites such as US-CERT and BugTraq are important to monitor for new known vulnerabilities for your cybersecurity team.

While new code is a threat, many applications and programs may already be operating on legacy systems that include flaws and access points that can lead to breaches. Therefore, legacy code needs to be reviewed for patches along with any new code as part of a vulnerability assessment. Every application begins with software coding and standards are needed to optimize and discover vulnerabilities. This can be done by visibility scanning and penetration testing, which includes the verification/validation of the source code that can be exploited. The testing and validation testing process is all about finding issues before they get to production and contaminate networks and devices.

What is known can be tangible, but a big challenge for software testing, assessment, and validation is being able to anticipate the unknown threats common with cybersecurity breaches. These unknowns may include finding hidden malware undetectable by sandboxes, signature-based, and other behavioral identification products.

For most companies, software testing is used for quality assurance purposes that bring value to the users. Testing is a reputational enabler that helps ensure that quality products and any troubling issues are fixed before they are brought to the marketplace. The testing checks the alignment, user interface, and functionality of the products which translates to customer satisfaction. If you are planning to launch an application, it is necessary to check the compatibility and performance of the same in a wide array of operating systems and devices.

Testing also is a budget-related issue because it is cost-effective. It allows for planning and saves money in the software development process where bugs and misconfigurations can be caught and fixed in the initial stages of the software development lifecycle.

Security is another significant factor in the need for software testing. If security capabilities are built into the products in development, it builds trust for the users. Product security is a fundamental requirement for both industry and government, especially with the heightened sophistication of cyber threat actors.

The Need for Continuous Simulation Validation Testing

The sober reality is that cyber-breaches are not a static threat and criminal hackers are always evolving in tactics and capabilities. Cyber-criminals are now using stronger evasion techniques that can even stop running if it detects it is in a sandbox or other malware detection capabilities are detected. Software runs injection of code and manipulation of memory space as an exploit kit is injected in the target system. Often these criminals use stolen certificates that are sold underground or on the Dark Web to bypass anti-malware detection and get around machine learning code. Industry and government must do more to meet and contain cyber-threat challenges.

Because of the sophisticated and growing attack surface being exploited by hackers, testing needs to go beyond traditional vulnerability scanners and manual penetration testing. It also needs to be automated to keep up with the pace of change in the evolving cyber landscape. Anticipating what criminal hackers might do in likely scenarios and practicing how to defend against it is a prudent measure to Improve cybersecurity. That is what is done via continuous simulation validation testing.

Continuous simulation validation testing helps fill that discovery and protection gap. Through simulations, results can be immediate, can be performed frequently, and do not rely on the skill level of the tester, which can be a weak point that leads to vulnerabilities.

Continuous simulation validation testing combined with penetration testing is a good avenue to consider since new payloads and attacks show up in the wild every day. There are currently several vendors providing continuous security validation solutions with different approaches. According to one of those vendors, Cymulate, in 2021 top threats that impacted companies include LockBit, Conti and Dharma ransomware, HAFNIUM, TeamTNT, and APT29 with Log4j abuse. Cymulate’s simulation validation approach employs an Immediate Threat Intelligence module to enable companies to assess and optimize their Email Gateway, Web Gateway, and End Point security controls with out-of-the-box test scenarios that simulate potential new threats. Cymulate research reveals unique threats in the wild rose by over 35% in 2021 – Cymulate

Simulated attacks are useful because they also enable security blue teams to assess and fine-tune their detect, alert, and response capabilities through integrations with existing security programs and systems including vulnerability management, EDRs, SIEM, SOAR and GRC systems.

Cyber-Resilience and Business Continuity

Cyber-resilience and business continuity after an intrusion is an area that must be continuously developed for optimizing response protocols, training of information security personnel, and deployment of automated detection and backup technologies.

Cyber-resilience, business continuity, innovation, and collaboration between government and industry stakeholders is a proven model that makes good sense. Together, government and the private sector can identify products and align flexible product paths, evaluate technology gaps, and help design, evaluate, and simulate scalable architectures that will lead to more efficiencies, and fiscal accountability.

Information sharing is also a key cog to the resilience and business continuity equation as it helps both industry and government keep abreast of the latest viruses, malware, phishing threats, ransomware, insider threats, and especially denial of service attacks. Information sharing also establishes working protocols for lessons learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes. DHS CISA has expanded its programs in information sharing with industry in the past couple of years, especially with companies involved in operating critical infrastructure.

Cybersecurity at the leadership level requires effective communication with the board and management team. The CISO, CTO, CIO, and executive management must align strategies, collaborate, and regularly assess their information security programs, controls, and safety of networks. Reputation management is often needed if the breach interferes with a company’s operations.

Remediation is important to continuity; no matter what, breaches will happen. To be most effective for resilience, industry and governments should have an incident response plan that includes mitigation, business continuity planning, and secure backup protocols in case networks and devices are compromised. Training and tabletop exercises can Improve incident response plan implementation should an actual incident occur.

The incorporation of best practices and the lessons learned from the various and many breaches over the past few years is certainly valuable data for establishing components of prevention, recovery, and continuity in a plan. Unfortunately, many businesses are still negligent in their preparation and analyses. A recent study by Wakefield Research found that a third of mid-sized organizations still do not have a cyber-incident response plan in place! A third of mid-sized organizations don’t have a cyber-incident response plan (betanews.com)

The Challenge of Emerging Technologies

Emerging technologies are both tools for cyber-defenders and threat actors. The current cyber-threat landscape now includes artificial intelligence, machine intelligence, IoT, 5G, virtual and augmented realities, and quantum computing.

Automation, combined with artificial and machine intelligence, is an emerging and future cybersecurity pathway. Artificial intelligence (AI) is really going to be a big catalyst for cybersecurity. It will enable real-time threat detection and real-time analysis. Companies will be able to monitor what is in their system, and who may be doing things that are anomalies.

AI can also be used as a tool for nefarious purposes by criminal hackers to find vulnerabilities and automate phishing attacks, so not deploying or understanding the implications of such usage will undermine resiliency and continuity. AI and these other emerging technologies will all have a disruptive impact on security and operating models for the near future. Addressing new and more sophisticated threats will be fundamental to cyber-resilience and business continuity in the next decade.

In today’s sophisticated threat environment, cybersecurity can no longer be viewed as an afterthought if businesses are going to survive and thrive. Being proactive rather than reactive makes sense for anyone operating in the digital landscape. There are a variety of established paths to follow in cyber risk management to fill gaps and bolster defenses. Complacency in the face of growing threats is not one of them.

Government and Industry Cooperation: More Important Than Ever for Cybersecurity Awareness

By Chuck Brooks

Government and Industry Cooperation: More Important Than Ever for Cybersecurity Awareness - United States Cybersecurity Magazine (uscybersecurity.net)

With another National Cybersecurity Awareness Month upon us, few major things have changed from the past year in terms of threats. As the capabilities and connectivity of cyber devices have grown, so have the cyber intrusions from malware and hackers. The cyber- threat actor ecosystem has grown in both size and sophistication. They are also openly collaborating in sharing targets. And tools. The cyber threat actors include various criminal enterprises, loosely affiliated hackers, and adversarial nation states.

Information sharing on threats and risk is one of the most principal functions of government and industry collaboration.

Achieving a full awareness of nefarious actors who operate in the cyber realm and protecting against their capabilities is an arduous task. Clearly, industry cannot respond to growing cyber-threats alone, especially for small and medium businesses who lack the resources and expertise. Increased government and industry cooperation to meet those challenges is a viable course to help mitigate threats and challenges. It is a proven risk management model that makes good sense. In several areas.

Information sharing on threats and risk is one of the most principal functions of government and industry collaboration. Sharing such information helps allow both government and industry to keep abreast of the latest viruses, malware, phishing threats, ransomware, and insider threats. Information sharing also establishes working protocols for lessons-learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes.

Both Solar Winds and the Colonial pipeline breaches highlighted the government’s assistance in mitigating breaches and moving toward resilience. Government was directly collaborating with the companies to discover the extent of the breaches and options for amelioration.

Remediation of breaches is important to continuity; no matter what, breaches will happen. The incorporation of best practices and the lessons learned from the various and many corporate breaches over the past few years is certainly valuable data for both industry and government in terms of prevention, recovery, and continuity.

GOVERNMENT TAKES PROACTIVE ROLE WITH INDUSTRY PARTNERSHIPS

The government and industry partnership are being well coordinated via the Cybersecurity and Infrastructure Protection Agency (CISA) of the Department of Homeland Security (DHS). Over the past few years, CISA has taken on a formal and increasingly larger role as the lead civilian agency in government working with industry, and state & local and tribal stakeholders on cybersecurity threats. The proposed 2023 DHS budget has appropriated more than $2.5 billion toward cybersecurity demonstrating the importance of the agency’s role in protecting the homeland in cyberspace, including in the aforementioned areas of information sharing and resilience.

Most significant is that CISA under the leadership of Jen Esterly created the Joint Cyber Defense Collaborative (JCDC) last year to fundamentally transform how cyber risk is reduced through continuous operational collaboration between government and trusted industry partners. “The Cybersecurity and Infrastructure Security Agency established JCDC—the Joint Cyber Defense Collaborative—to unify cyber defenders from organizations worldwide. This diverse team proactively gathers, analyzes, and shares actionable cyber risk information to enable synchronized, holistic cybersecurity planning, cyber defense, and response.” The JCDC also is supported by other government agencies including the FBI, NSA, and U.S. Cyber Command to help drive down risk in partnership with industry.

In recent years, DHS along with The National Institute of Standards (NIST), has made a growing effort to bring the private sector together with the government, especially to develop information sharing protocols in risk management. In a core sense, a successful cyber threat consequences strategy is really about risk mitigation and incident response. A risk management strategy requires stepping up assessing situational awareness, information sharing, and especially resilience planning. It is critical to be aware of the morphing threat landscape and plan contingencies for all potential scenarios. NIST has been extremely helpful to industry in those areas.

The White House has also heighted government and industry cooperation in various areas including supply chain security, protecting critical infrastructure (most of which is owned by the private sector). In specific regard to critical infrastructure, the underlying goal of collaboration is to help protect against targeted cyber intrusions of the nation’s critical infrastructure, such as financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways, and buildings.

White House and industry cooperation has been primarily aimed at identifying vulnerabilities, ensuring security, and integrating resilience in the public/private cyber ecosystem. The most recent activity by the White House was an executive order formulating a Zero trust strategy for government agencies. That “trust nothing connected” perspective is also being assimilated in industry.

Congress has supported CISA’s expanded role and involvement with industry. Several bi-partisan bills have bolstered the agency’s integral role in cyber preparedness, response and resilience for both government and industry.

COOPERATIVE RESEARCH AND DEVELOPMENT

Research and development of potentially disruptive cybersecurity technologies is another benefit of government and industry cooperation. The change in the cyber risk environment coinciding with a heightened need for procurement of innovative technologies and services has created a new paradigm for a cybersecurity partnership between government and industry.

Together, government and the private sector can identify products and align flexible product paths, evaluate technology gaps, and help design scalable architectures that will lead to more efficiencies, and fiscal accountability. Bridging R&D spending between the government and private sectors should also allow for a more directed and capable cybersecurity prototype pipeline to meet modern technology requirements.

An enhanced and streamlined government and industry partnership should continue to be a priority for cybersecurity strategies in 2023, as threats can morph, especially with the emergence of technologies such as artificial intelligence, machine learning, 5G, and eventually quantum computing. The partnership needs to be both proactive and adaptive to change as the

threat matrix may become increasingly lethal to economic and strategic stability if we remain unaware and unprepared for the potential consequences.

###

About The Author:

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown University’s Graduate Cybersecurity Risk Management Program where he teaches courses on risk management, homeland security technologies, and cybersecurity. He is also IEEE Cyber Security for Next Generation Connectivity Systems for Quantum IOT Vice-Chair and serves as the Quantum Security Alliance Chair for IOT. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC, and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica "Who's Who in Cybersecurity" He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Sun, 02 Oct 2022 10:07:00 -0500 Chuck Brooks en text/html https://www.forbes.com/sites/chuckbrooks/2022/10/02/for-cybersecurity-awareness-month-and-halloween--some-scary-cyber-threat-stats/
Killexams : The 16 Best Vegan Cookbooks for 2022

It's no secret that the interest in eating a vegan diet has grown exponentially in recent years. Though only 3% of U.S. adults identify as vegan, according to the Pew Research Center, younger generations are more likely to seek out plant-based recipes. You've probably heard the term "meatless Mondays" or the "flexitarian" mode of eating — an emphasis on eating more plants while not completely restricting fish, poultry, and occasional meat consumption. Introducing a few vegan recipes into weekly meals is a great way to diversify your cooking while also learning new techniques for fresh produce in the kitchen.

If you're looking for a place to start or expand your plant-based cooking repertoire, there are plenty of cookbooks from accomplished vegan and vegetarian chefs that can help. While "classic" vegan cookbooks are still popular, recent titles tend to be more inclusive. Authors Edgar Castrejón, Joanne Lee Molinaro, Jenne Claiborne, and others stress that aspiring vegans do not have to provide up their heritage foods in their pivot to sustainable eating. Read on for a complete harvest of books for the vegan-committed or the vegan-curious.

Raw

Eight-time James Beard Award winner, cookbook author, and restauranter Trotter and chef and owner Klein asked food lovers to rethink raw foods in this 2007 vegan classic. Noteworthy recipes include broccoli flower couscous with curry oil, radish ravioli with yellow tomato sauce, and watermelon soup with melon granita, accompanied by extensive wine notes. The authors also focus on juicing — "a natural extension of the raw-food repertoire." Their refreshing concoctions include prickly pear and pomegranate juice and cucumber-lime water.

Price at time of publish: $70 hardcover, $19 paperback

  • Full Title: Raw
  • Authors: Charlie Trotter and Roxanne Klein
  • Ebook Available: No
  • Pages: 216
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Vegetable Kingdom

Terry draws on the flavors and textures of East Asia, the Southern United States, and the Caribbean and centers on real food, not powders or meat substitutes. The book's 100+ recipes offer casual, family-oriented fare: grilled spring onions with lemon-thyme oil; oven-roasted zucchini, jerk tofu wrapped in collard leaves; spinach and kale grit cakes; barbecue carrots with slow-cooked white beans. The book is categorized by ingredient type (roots, lentils, fruits, etc.), and each dish comes with a recommended soundtrack!

Price at time of publish: $17

  • Full Title: Vegetable Kingdom: The Abundant World of Vegan Recipes
  • Author: Bryant Terry
  • Ebook Available: Yes
  • Pages: 256
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

The Homemade Vegan Pantry

This guide to making unprocessed basics is expansive: Schinner covers condiments, stocks, prepared foods, and more. The book, geared towards kitchen crafters/tinkerers, offers recipes for mayonnaises, Asian sauces, non-dairy milk, egg alternatives, and a variety of "meats" (breakfast unsausage, peppy unpepperoni). Schinner is best known for her cookbook Artisan Vegan Cheese, and her artisan vegan cheese company, Miyoko's Kitchen, and she shares her trade secrets for oil-free melty "pepper jack," almond "feta," and vegan shaved "parmesan."

Price at time of publish: $18

  • Full Title: The Homemade Vegan Pantry: The Art of Making Your Own Staples
  • Author: Miyoko Schinner 
  • Ebook Available: Yes
  • Pages: 224
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Minimalist Baker's Everyday Cooking

Vegan blogger Shultz's debut cookbook features 101 vegan recipes that require ten ingredients or less, one bowl or one pot, or 30 minutes or less to prepare; the dishes are also primarily gluten-free. The book is perfect for any beginner: it provides tips for building an essential plant-based pantry and includes inspired takes on popular American fare — spiced buckwheat pancakes, three bean chili, butternut squash-garlic mac 'n' "cheese."  

Price at time of publish: $18

  • Full Title: Minimalist Baker's Everyday Cooking: 101 Entirely Plant-based, Mostly Gluten-Free, Easy and Delicious Recipe
  • Author: Dana Shultz
  • Ebook Available: Yes
  • Pages: 304
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Provecho

Chef, recipe developer, food stylist, and photographer Castrejón turns the traditional meat-centric dishes of his Mexican American childhood into plant-based creations: pozole verde, elote asado, oat milk horchata. His 100 recipes stress convenience: Many take less than 30 minutes to assemble/make and all use easily-available ingredients. This book is  organized by how meals are approached in the Castrejón family home and also includes Salvadoran and Colombian foods. 

Price at time of publish: $22

  • Full Title: Provecho: 100 Vegan Mexican Recipes to Celebrate Culture and Community
  • Author: Edgar Castrejón
  • Ebook Available: Yes
  • Pages: 256
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

The Korean Vegan Cookbook

Molinaro not only reinterprets the Korean classics she grew up with as vegan fare, such as jjajangmyeon and kkanpunggi, but also provides Korean-inspired riffs on Western dishes, such as Angry Penne Pasta (with gochujang and gochugaru) and chocolate cake (with sweet potato). The book is also deeply personal: Molinaro's headnotes include touching anecdotes about cooking with her omma, her endless inspiration, and stories from her parents' youths in Korea. 

Price at time of publish: $16

  • Full Title: The Korean Vegan Cookbook: Reflections and Recipes from Omma's Kitchen
  • Author: Joanne Lee Molinaro 
  • Ebook Available: Yes
  • Pages: 334
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Unbelievably Vegan

Private chef Morgan leans into her Puerto Rican and Creole heritage with spicy, bold dishes such as smoky jambalaya with blackened veggies, lemon-pepper "wingz," and cajun caesar salad with crispy black-eyed peas and cornbread croutons. Created with elite athletes in mind, like her husband, former Tennessee Titans linebacker Derrick Morgan, the book aims to appeal to vegans and omnivores alike.

Price at time of publish: $13

  • Full Title: Unbelievably Vegan: 100+ Life-Changing, Plant-Based Recipes
  • Author: Charity Morgan
  • Ebook Available: Yes
  • Pages: 288
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

The Modern Tiffin

Priyanka Naik, an Instagram influencer and TV personality, challenges Americans' conceptions about vegan food in 11 Indian-inspired, global-cuisine lunch menus, each portioned for two and meant to be portable — like an Indian tiffin. The Maharashtrian tiffin, a nod to her parents' heritage, includes shaboodani (made with couscous), chickpea bhelpuri, and coconut masala-stuffed okra; the Southeast Asian tiffin, a tofu banh mi, Bangkok-inspired street noodles, and toasted coconut peanuts. 

Price at time of publish: $16

  • Full Title: The Modern Tiffin: On-the-Go Vegan Dishes with a Global Flair 
  • Author: Priyanka Naik
  • Ebook Available: Yes
  • Pages: 224
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Veganomicon

Often called "The Joy of Vegan Cooking," Veganomicon eschews fake meat products and egg replacements and offers over 250 recipes featuring nearly every fruit, vegetable, legume, and grain. Notable recipes include baby bok choy with crispy shallots, roasted Eggplant and spinach muffuletta, asparagus and lemongrass risotto, and chocolate hazelnut biscotti. The breakfasts, holiday recipes, desserts, and chatty cooking notes accompanying each recipe are great for beginner vegans. Moskowitz and Romero also include soy-free, gluten-free, and low-fat options.

Price at time of publish: $19

  • Full Title: Veganomicon: The Ultimate Vegan Cookbook
  • Authors: Isa Chandra Moskowitz and Terry Hope Romero
  • Ebook Available: Yes
  • Pages: 432
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Sweet Potato Soul

Private chef Jenne Claiborne celebrates the versatility of Southern ingredients —  dandelion greens, okra, and black-eyed peas — with 100 plant-based recipes. She includes riffs on several soul food classics, such as Creole red bean "sausages," sweet potato pie, and coconut collard salad. She also shares new flavors, such as Georgia watermelon and peach salad and peach date BBQ jackfruit sliders — all deeply rooted in traditions of eating locally and seasonally.

Price at time of publish: $13

  • Full Title: Sweet Potato Soul: 100 Easy Vegan Recipes for the Southern Flavors of Smoke, Sugar, Spice, and Soul 
  • Author: Jenne Claiborne
  • Ebook Available: Yes
  • Pages: 224
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Chloe's Vegan Desserts

This compendium features 100+ recipes for baked goods made sans butter and eggs. 

Coscarelli leans on alternative milks and well-known vegan baking tricks — vinegar is an excellent leavening agent when combined with baking soda — but her recipes are decadent: tiramisu pancakes, mojito chocolate chip cookies, Bollywood cupcakes. Coscarelli, the first vegan chef ever to win a Food Network competition ("Cupcake Wars"), also provides guidance on allergy-free and gluten-free baking, making this a useful volume for many, vegan or otherwise. 

Price at time of publish: $19

  • Full Title: Chloe's Vegan Desserts: More than 100 Exciting New Recipes for Cookies and Pies, Tarts and Cobblers, Cupcakes and Cakes — and More!
  • Author: Chloe Coscarelli 
  • Ebook Available: Yes
  • Pages: 272
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Vegan

European chef and restaurateur Jean-Christian Jury collects 500 recipes from 200 countries, from Persian beet borani to South Indian potato masala, in this illustrated compendium/coffee table book. The book stresses that such recipes aren't "veganized" but naturally vegan ingredients. Organized by meal or courses (breakfast, salads and soups, desserts), the book highlights international culinary traditions and regional fruits and vegetables. 

Price at time of publish: $27

  • Full Title: Vegan: The Cookbook
  • Author: Jean-Christian Jury
  • Ebook Available: No
  • Pages: 584
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Isa Does It

The second cookbook title from Moskowitz in this roundup focuses on fast meals: She promises most of the 150 dishes will be on the dinner table in less than 30 minutes. It draws inspiration from American comfort food and several cuisines (Indian, Thai, Korean). Recipes include sweet potato and red curry soup, Korean BBQ portobello burgers, ancho-lentil tacos, and chimichurri-pumpkin bowl. Moskowitz speaks to the vegan-curious with conversational headnotes and photo tutorials on "vegan butchery."  

Price at time of publish: $27

  • Full Title: Isa Does It: Amazingly Easy, Wildly Delicious Vegan Recipes for Every Day of the Week
  • Author: Isa Chandra Moskowitz
  • Ebook Available: Yes
  • Pages: 320
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

The Vegan Cookbook for Kids

Young chefs need inspiration too, and this book provides it in spades with more than 50 plant-based recipes, including fruity sheet pan pancakes for breakfast, creamy cauliflower dip for snacks and bites, and meatless shepherd's pie for family feasts. Written with tweens in mind, blogger Barb Musick educates with helpful guides on common plant-based ingredients, essential kitchen tools and techniques, and cooking safety guidelines. 

Price at time of publish: $13

  • Full Title: The Vegan Cookbook for Kids: Easy Plant-Based Recipes for Young Chefs
  • Author: Barb Musick
  • Ebook Available: Yes
  • Pages: 142
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

East Meets Vegan

Sasha Gill's cookbook spans six countries and 90 recipes: vegan butter chicken (India), jackfruit massaman curry (Thailand), nasi lemak (Malaysia/Singapore), chee cheong fun (China), and okonomiyaki (Japan). She also provides recipes for cooking basics — kecap manis, dashi, dumpling skins, sushi rice — and encourages home chefs to mix and match elements to create their own fusion dishes.

Price at time of publish: $15

  • Full Title: East Meets Vegan: The Best of Asian Home Cooking, Plant-Based and Delicious
  • Author: Sasha Gill
  • Ebook Available: Yes
  • Pages: 224
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

hot for food all day

Toyota asks home cooks to "level up" their plant-based diet with recipes that do double duty: they can be enjoyed on their own or can be morphed into something completely new. A roasted vegetable salad is incorporated into potstickers; sloppy Joe zucchini boats are transformed into carbonara. An entire section is devoted to building custom vegan bowls, with suggestions for grains, vegetables, and substantial and nutritious add-ins. 

Price at time of publish: $13

  • Full Title: hot for food all day: easy recipes to level up your vegan meals 
  • Author: Lauren Toyota
  • Ebook Available: Yes
  • Pages: 256
View at Amazon Great Vegan Cookbooks © Provided by Food & Wine Great Vegan Cookbooks

Pooja Makhijani is a writer and editor whose work has been featured in The New York TimesThe Washington Post, NPR, Real Simple, The Atlantic, WSJ.com, The Cut, Teen Vogue, Epicurious, Publishers Weekly, ELLE, Bon Appétit, The Kitchn and others.

Fri, 14 Oct 2022 00:50:08 -0500 en-US text/html https://www.msn.com/en-us/lifestyle/shopping/the-16-best-vegan-cookbooks-for-2022/ar-AA12XvKF
Killexams : First Airspeeder EXA Series eVTOL race takes off in South Australia

After nailing a remotely piloted eVTOL drag race last year, and successfully completing its 250th test flight recently, Alauda Aeronautics has now announced the winner of its first uncrewed Airspeeder EXA race above the salt flats of South Australia.

We've been following the progress of Matt Pearson and Alauda Aeronautics since the unsuccessful Kickstarter in 2017, where an ambitious plan was hatched to not only develop a piloted racing eVTOL (electric vertical take-off and landing) aircraft but also to build a fast-paced thrill-packed sport around it.

That sporty flying race car was unveiled early last year, and the team has since clocked up more than 270 test flights and thousands of simulator hours.

The Airspeeder is constructed from carbon fiber, measures 4.1 m long (13.4 ft), tips the scales at 130 kg (286.6 lb), sans pilot, and is capable of hauling more than 80 kg (176 lb) into the air. Onboard motors can deliver some 320 kW of peak power for a 0-100-km/h (0-62-mph) sprint in 2.8 seconds, it can climb to 500 m (1,640 ft) too, if needed, and is packed with a suite of sensors to allow for close-proximity racing thrills.

The inaugural EXA Series race was completed over two circuits of a track at Lake Lochiel in South Australia, with a quick battery swap pitstop inbetween

Alauda Aeronautics

Now two Airspeeder pilots have been pitched against each other for the first in a series of remotely piloted EXA races, which recently took place around a kilometer-long circuit at Lake Lochiel near Adelaide – and involved developing and rolling out pilot control interfaces and AR (augmented reality) "sky tracks" plus engineering/team control stations and 5G networking, as well as coming up with race rules and safety protocols.

In the virtual pilot seat for the team silver racer was Zephatali Walsh, while the black team aircraft was controlled by fellow flyer Fabio Tischler. Race thrills were served up straight from get go, with the lead changing three times in the first circuit. The black Airspeeder clocked a lap time of 0.39.784 and a top speed of 102 km/h (63.3 mph) with team silver coming in a little slower at 0:44.173 for the lap and topping out at 99 km/h (61.5 mph).

A suite of onboard sensors caters for close-proximity racing thrills

Alauda Aeronautics

The teams each had to factor in a quick pitstop to swap low-charge batteries for fresh ones, which only added to the race tension, before taking to the air for the second leg, which saw Walsh nosing in front to lap in 0:39.917 and getting up to 100 km/h (62.1 mph) while Tischler managed a circuit time of 0:43.038 at a top speed of 99 km/h.

The pivotal moment in the inaugural EXA series race was when Tischler went wide during a turn, allowing Walsh slip by about a meter below and maintain the lead to secure the win.

Commentators for the race were former F1 driver and Airspeeder development pilot Bruno Senna and motorsports broadcaster Nikki Shields. The highlights video below gives a brief taste of the kind of coverage future sports fans can enjoy when the piloted Grand Prix races kick off in 2024, which will host wider grids, take place in different locations and landscapes around the globe and feature various track layouts.

RACE HIGHLIGHTS | 2022 Airspeeder EXA: Race 1 | SOUTH AUSTRALIA ⚡️

Source: Alauda Aeronautics

Tue, 11 Oct 2022 23:26:00 -0500 en-US text/html https://newatlas.com/aircraft/inaugural-airspeeder-exa-series-evtol-race/
Killexams : 62 lawyers elevated as SANs

The Legal Practitioners’ Privileges Committee has announced the elevation of 62 lawyers to the rank of Senior Advocate of Nigeria.

Among them are three lawyers engaged by the Economic and Financial Crimes Commission, although two of them – Sylvanus Tahir and Rotimi Oyedepo – are employees of the EFCC.

But the other lawyer, Wahab Shittu, is engaged by the EFCC for specific cases.

The LPPC, chaired by the Chief Justice of Nigeria, Olukayode Ariwoola, released the full list of the new SAN-designates in a statement issued on Thursday evening by the Chief Registrar of the Supreme Court and Secretary of the LPPC, Hajo Bello, after its 154th plenary session.

Among the 62 successful candidates, 53 of them belong to the advocacy category while the other nine are of the academic category.

The statement said all the 62 appointees would to be sworn in on November 21.

The inauguration of new SANs usually takes place at the Supreme Court during the ceremony marking the commencement of the court’s new legal year.

The SAN rank is awarded as a mark of excellence to members of the legal profession who have distinguished themselves as advocates and academics.

Those to be sworn in as SANs are Mohammed Abubakar, Johnson Omophe, Lawrence Oko-Jaja, Christopher Oshomegie, Sanusi Sai’d, Wahab Shittu, Emmanuel Idemudia, Diri Mohammed, Oladipo Tolani, Ayodeji Omotoso, Chijioke Erondu, Ajoku Obinna, Yakubu Maikasuwa and Henry Omu.

Others are Dagogo Iboroma, Joseph Akubo, Gozoe Obi, Inam Wilson, Abubakar Sulu-Gambari, Abioye Asanike, Sylvanus Tahiru, Bolarinwa Aidi, Tonye Krukrubo, Aderemi Bashua, Kolapo Kolade, Samuel Kargbo, Ifeanyichukwu Obiakor, Olasoji Olowolafe, Mutalubi Adebayo, Victor Ogude, Sulayman Ibrahim, Mumini Hanafi, Tanko Ashang, Damian Okoro, Andrew Malgwi and Etukwu Onah.

Other beneficiaries are Adeboro Adamson, Bankole Akomolafe, Kelechi Obi, Andrew Odum, Okoro Edwin, Godson Ugochukwu, Steven Ononye, Ikani Agabi, Mustapha Ibrahim, Muizudeen Abdullahi, Magaji Ibrahim, Sanusi Musa, Oladoyin Awoyale, Rotimi Oyedepo, Chukwudubem Anyigbo, Lukman Fagbemi and Micheal Numa.

The academics are Prof Kathleen Okafor, Prof Muhammed Abdulrazaq, Prof Amokaye Gabriel, Prof Ismail Olatunbosun, Prof Abdullahi Zuru, former Dean, Faculty of Law at the University of Nigeria, Nsukka, Prof Joy Ezeilo; Associate Prof Theodore Maiyaki, Prof Olaide Gbadamosi and Associate Prof Chimezie Okorie.

“The meeting further approved a new guideline for the conferment of the rank of Senior Advocate of Nigeria and all matters pertaining to the rank to guide future exercises,” the statement added.

Thu, 29 Sep 2022 11:52:00 -0500 en-US text/html https://punchng.com/62-lawyers-elevated-as-sans/
Killexams : Sans mustard? France gets creative amid shortage.

France is in the midst of a prolonged mustard shortage that has left supermarket shelves sapped of 21% of its stock of the beloved condiment. Mustard producers have had to put caps on in-store purchases to minimize hoarding.

Now, with mustard in high demand due to drought and war, French farmers are looking to innovate and stake a larger claim in the market for France’s gastronomical heritage.

Why We Wrote This

The French are doggedly seeking mustard anywhere they can get it as grain shortages crimp production. But the surge in demand is also opening up opportunities for mustard innovation.

French mustard fields have seen production cut by two-thirds in five years, from 12,000 tons in 2017 to 4,000 in 2021. And imports aren’t able to make up the difference due to foreign grain shortages. But the overwhelming demand has sent prices surging and has encouraged local mustard growers to increase production.

Some mustard growers are testing new seed varieties that are more resistant to climate change’s unpredictable weather patterns. And producers are looking for ways to widen the scope of what consumers want. Mustard producer Patrice Boudignat has developed sample versions of mustard oil and mustard-flavored chocolate, for example.

“If we want to reduce the costs and inconveniences of transportation and have a shorter supply circuit, then we need to make more room for our local product,” he says. “It’s our heritage that we’re trying to preserve every day.”

A half-dozen tourists huddle around a metallic counter at the Edmond Fallot mustard mill, as company employee Martine Dupin pumps various blends of Dijon mustard onto miniature wooden spoons. There are gingerbread, blackcurrant, and whole seed “old style” varieties, among others. Faces contort as the pungent zing rises to their nostrils.

“I’m definitely planning to buy some mustard today,” says Elisabeth Soulier, from Poitiers. “It’s great in a sauce for cooked rabbit, or in a vinaigrette for salad. It’s hard to find mustard anywhere anymore. And Burgundy mustard is so much better than the rest.”

Like her fellow tour group members, Ms. Soulier will be able to buy her pot of mustard in the gift shop – but just one. France is in the midst of a prolonged mustard shortage that has left supermarket shelves sapped of 21% of its stock of the beloved condiment. Edmond Fallot and its competitors have had to put caps on in-store purchases to minimize hoarding.

Why We Wrote This

The French are doggedly seeking mustard anywhere they can get it as grain shortages crimp production. But the surge in demand is also opening up opportunities for mustard innovation.

Now, with mustard in high demand due to drought and war, French farmers are looking to innovate and stake a larger claim in the market for France’s gastronomical heritage. They say they’re ready to move beyond the shortages and find opportunities for growth.

“Canadian mustard grains are very good, but mustard is emblematic of France,” says Patrice Boudignat, a mustard producer with 12 acres of land in the Ile-de-France region. “If we want to reduce the costs and inconveniences of transportation and have a shorter supply circuit, then we need to make more room for our local product. It’s our heritage that we’re trying to preserve every day.”

Martine Dupin, left, offers tastings of various mustard blends at Edmond Fallot, including its famous Moutarde de Bourgogne, which is made using a local seed, on Sept. 23, 2022.

A hard year for mustard

Mustard is the third most popular condiment in France, behind salt and pepper, and the French are the No. 1 consumers in Europe of the spicy yellow paste, at approximately 2.2 pounds annually per person.

Fri, 07 Oct 2022 15:56:00 -0500 Colette Davidson en text/html https://www.csmonitor.com/World/Europe/2022/1007/Sans-mustard-France-gets-creative-amid-shortage
Killexams : Celebrating 15 years of online training, SANS Institute announces updated OnDemand training platform

SANS Institute, the global leader in cyber security training and certifications, today announced the launch of its updated OnDemand platform. SANS utilised direct student and customer feedback to shape the all-new OnDemand experience that includes enhanced features for students to be more successful. This release follows SANS’ 15th anniversary of SANS OnDemand, which has provided online learning to more than 100 000 students worldwide.

“With an ever-changing cyber landscape, tightening budgets and rising travel costs, more and more businesses are looking to SANS OnDemand to help secure their organisation at the best return on investment,” said Andrew Williams, Director of Digital at the SANS Institute. "SANS has been a pioneer in online training, delivering exceptional learning outcomes to students and improved security posture to organisations globally."

The new OnDemand experience was designed with accessibility and usability in mind from the beginning. Students can still train on their own schedule, now within a state-of-the-art and easy-to-use OnDemand interface created to maximise their learning experience. New features include an updated video player, a refreshed sidebar with outlines, course books, notes, improved search and new bookmarking capabilities. They can also take their training on the go with easy access to course content available online or offline with the SANS OnDemand mobile app. Help and support are even easier to find, including the ability to live chat or ask questions with a GIAC-certified Subject Matter Expert.

“I was a mom to a one-year-old and working full-time as a physical therapist when I joined the SANS WiCyS (Women in Cybersecurity) Academy. The key to my success and getting through the coursework was the flexibility SANS OnDemand offered me. I would use the mobile app to play the lectures in my car and then replay them if there was something I did not understand,” said Christine Morency, a SANS graduate. “I’d listen on the go, to and from daycare, the supermarket and work – anywhere I was going, SANS OnDemand went with me. I got to use my time at home to do reading, highlighting, indexing and the labs. It’s what made SANS work for me, and I could not be happier after landing my current job as a Cloud Security Engineer!”

SANS OnDemand offers convenient and flexible online cyber security training, anytime and anywhere. With cyber attacks on the rise, there has never been a better time to develop an organisation’s workforce with courses that are created and taught by world-renowned experts and are designed to build real-world cyber security skills. Students have praised SANS OnDemand training as being top-notch, with an exceptional training experience that offers trackable progress and achievement milestones.

To learn more about the platform and see a showcase of features and benefits, visit: https://www.sans.org/u/1n9h.

Thu, 13 Oct 2022 20:58:00 -0500 en text/html https://www.itweb.co.za/content/kYbe9MXbDZWvAWpG
Killexams : All opportunists sans saviour

Pakistan is pretty much on the brink of collapse. The saviours are many, but they are also opportunists

The writer is a public policy analyst based in Lahore. She tweets @durdananajam


Pakistan is busting at its seams. One of the largest floods has washed away half of its agricultural land. The number of deaths can be in the thousands. Millions of people face food shortages, including a high percentage of children. The entire world has converged on lending Pakistan help. The UN has even appealed to the IMF to go slow on the country vying for the latter’s cash to finance its parched government. In this scenario, the only place showing partial sympathy towards the present crisis is perhaps Pakistan. Instead of conducting a detailed study on the crisis so that the chances of its reoccurrence in future are mitigated, the policymakers are busy laying blackmailing landmines to harass politicians. Our leaders want to rule this country, but none wants to own its problems. Instead, every government lays the blame for the financial and moral chaos on its previous counterpart. Moreover, where this alibi cannot work, the burden is laid on the foreign hands — usually the US or India.

The waste of political wreckage is telling this time. It was no new attempt to dress down a sitting prime minister and have him removed. Even the players staging this drama over the last 75 years have stopped feeling ashamed of being seen naked. The new joker in the deck is a hacker. Though lately, we heard he/she/it has been lifted from some unknown place and shifted to an equally unknown place. That has not, however, stopped the leakage of audio recordings of private conversations of the PTI or PML-N leaders. In fact, the hacker forewarns about the new leaks lest the victims are taken aback.

The other part of the country, if saved from the ravages of climate, is trapped in a new wave of terrorism. Swat has once again entered the radar of terrorists. Already they have ambushed a school van killing a few children. The people of Swat have thronged the streets of the valley in protest. The message is clear: “We shall not become a fodder for anybody.”

The military is already stretched. The western border is a constant headache. Though calm since August 2021, the eastern border cannot be left unattended. Balochistan is reeking of the blood of both the soldiers and the militants. If we kill two militants, they kill one soldier. Moreover, on the worst days, the equation is reversed.

Pakistan is pretty much on the brink of collapse. The saviours are many, but they are also opportunists. If the IMF pulls out or if the US or, for that matter, even Saudi Arabia or China decides to pull the rugs (read debt) off our feet, we will have to scramble for years before finding our feet to stand barely. Are we prepared to face any such situation? The answer is NO.

In the midst of all this, there are gods of little things. For 75 years, they have not gotten over the squabble with the elephant in the room. The elephant has grown much bigger over time, usurping the citizens’ rights to enjoy a stable political and economic life. If the elephant is insurmountable, the little gods are also dispassionate about the country’s future. Instead of becoming a league to multiply their force to push the elephant out, they are applying individual efforts. That is what makes the elephant happy the most. The multiplication of force is not the kind of situation they like. It is in their favour to have a system managed by unhinged, disunited and corrupt politicians.

All these characters may have been why Pakistan is in a mass, but the ignorance and indifference that Pakistan’s civil society has shown is neither forgivable nor forgettable. It is one thing to side with a politician and another to stand with the country for the enforcement of the right ideology, pragmatic policies and to struggle for the right to rule at the grassroots level. Civil society is supposed to play the role of guardians, a watchdog, and a check on the representatives they send to parliament. When we say civil society, it means the educated, relatively stable financially and a contributing hand in the growth and development of its country. When they disintegrate and support their interest rather than the larger interest of the country, it gives a highway to the robbers, where the mightiest wins the race.

It’s a classic case of a static country. According to the legal and political philosopher, HLA Hart, “the only mode of change in the rules (of obligations) will be the slow process of growth, whereby courses of conduct once thought optional become first habitual or usual, and then obligatory, and the converse process of decay, when deviations, once severely dealt with, are first tolerated and then pass unnoticed.”

Published in The Express Tribune, October 13th, 2022.

Like Opinion & Editorial on Facebook, follow @ETOpEd on Twitter to receive all updates on all our daily pieces.

Wed, 12 Oct 2022 15:58:00 -0500 text/html https://tribune.com.pk/story/2381218/all-opportunists-sans-saviour
SANS-SEC504 exam dump and training guide direct download
Training Exams List