Winquest Cybersecurity is proud to be included in CIOReview Magazine’s annual listing of 10 companies at the forefront of providing Cybersecuirty consulting services and transforming businesses. There are many companies out there offering cybersecurity services and the rate of security breaches is rising rapidly. Companies need a reputable benchmark like CIOReview to identify companies like Winquest that exhibit competence in delivering robust and efficient cybersecurity services with their advanced capabilities. CIOReview bridges the gap between enterprise IT vendors & buyers, serving the professionals who are most charged with ensuring cybersecurity for their organizations: CIOs, CTOs, SVP-IT and CMOs. Click to read the full article about Winquest published by CIOReview. For more on the magazine, go to CIOReview.com.
Winquest Cybersecurity President & CEO, John Leitch, recently proposed a national-level cybersecurity incentive at the Congressional Roundup, held by the Maryland Chamber of Commerce, in Washington, D.C.
Leitch shared insights about the current state of cybersecurity for small businesses and presented his cybersecurity tax incentive proposal at meetings attended by congressional leaders. While sharing his insights, Leitch revealed that many small businesses avoid the issue of being vulnerable to a cyber incident and refuse to talk about cybersecurity risk.
As a business owner, Leitch understands the important impact that small businesses have on the economy. He works to encourage elected officials to support this incentive because he feels it would be the best motivator for small businesses to protect both their data and their customers’ data.
Visit this link to learn more about the incentive programs proposed by Leitch, and to read the full article by prnewswire.
(April 22, 2019 — Hanover, Md.) Winquest Cybersecurity President & CEO John Leitch took home the Cybersecurity Champion of the Year Award at the 2019 MD Cybersecurity Awards presented by the Cybersecurity Association of Maryland, Inc. (CAMI) at the LIVE! Casino & Hotel on April 11, 2019. In partnership with EZShield, Maryland Department of Commerce and Point3 Security, the 3rd annual awards celebration was enjoyed by a sold-out crowd of 350 attendees.
Described as an unsung hero of Maryland’s cybersecurity ecosystem, Leitch has done a tremendous amount not only in the field of cybersecurity, but for CAMI. Leitch’s nominee credited him with successfully influencing legislators to include cybersecurity services in Maryland’s 2018 Cybersecurity Incentives Tax Credit Bill. Previous to his involvement, the bill only included incentives for cybersecurity products. Leitch recognized that Maryland’s cybersecurity community is a strong partnership of both products and services and “not only ensured a vital piece of Maryland’s cybersecurity community could benefit from the tax incentives, it also benefits Maryland businesses by encouraging them to take actions to better protect their, and their customers, information from cybercriminals.”
In addition to accepting the Cybersecurity Champion of the Year Award, Leitch presented the Cybersecurity Industry Resource Award to Mid-Atlantic Gigabit Innovation Collaboratory (MAGIC), with Winquest sponsoring the award.
Leitch was also elected to the CAMI board of directors in November and is excited to help bring the organization to the next level. Winquest has greatly benefited from its relationship with CAMI, and together they will continue to elevate the cybersecurity industry in Maryland. Known as the “cyber capital of America,” Maryland is poised as the epicenter of cybersecurity in the United States. Winquest, CAMI and the other incredible cyber organizations present at the awards are all doing their part to secure businesses of all sizes.
Winquest Cybersecurity offers military-grade solutions specializing in small and midsize companies, including vulnerability assessments, penetration testing, incident response, security awareness training, and their exclusive Cybersecurity Abbreviated Vulnerability Assessment (CAVA™).
Continue reading about the suite of services offered by Winquest.
Winquest Cybersecurity is thrilled that President & CEO John Leitch is nominated for the Cybersecurity Champion of the Year Award at the Maryland Cybersecurity Awards on April 11th. Leitch will also be presenting the Cybersecurity Industry Resource Award.
All finalists are entered into the People’s Choice Award category…don’t forget to vote!
The Cybersecurity Association of Maryland, Inc. and presenting sponsors EZShield and Point3 Security are proud to announce the finalists for the third annual Awards Celebration which will highlight the best and brightest of Maryland’s cybersecurity industry. Finalists were selected by an independent panel of judges represented by leaders in a variety of fields. One winner from each category will be announced at the Maryland Cybersecurity Awards Celebration on April 11, 2019.
All finalists are automatically entered into the People’s Choice Award category, the public is invited to vote online to determine who will receive the coveted Cybersecurity People’s Choice Award. The winner will be announced by category sponsor BB&T at the April 11 Awards Celebration. Vote for your choice for the People’s Choice Award here.
Below are the top three finalists across each of the seven Signature Award categories:
Cybersecurity Innovator of the Year Award – Presented by COPT
This award is presented to a Maryland company that has demonstrated exceptional innovation in the cybersecurity field with a technology designed to protect businesses and/or government entities from cyber threats, attack and/or damages. Our Cybersecurity Innovators are the champions of the cyber world and represent the crème de la crème of Maryland cybersecurity technology providers.
- Light Point Security
- Quantum Xchange
- Sepio Systems
Cybersecurity Defender of the Year Award – Presented by PNC Bank
This award is given to an exceptional Maryland cybersecurity services company that has succeeded in protecting businesses or government entities from cyber threats, attack and/or damages. Our Cybersecurity Defenders are the protectors of the digital realm and represent the gold standard of Maryland cybersecurity service providers.
- Patriot Technologies
Cybersecurity Company to Watch Award – Presented by Edwards Performance Solutions
This award spotlights an emerging Maryland company that provides a cybersecurity product or service, has displayed exceptional vision and demonstrated plans for exponential future growth. We anticipate great things from our Company to Watch in the future.
- IronNet Cybersecurity
Cybersecurity Champion of the Year Award – Presented by Port Covington
This award honors an individual that has had a profoundly positive impact on Maryland’s cybersecurity community and gone above and beyond to support it. Winners of this award could be individuals who have: donated significant resources (time, expertise, technology and/ or funds) to support Maryland’s cybersecurity industry; been staunch advocates for the Maryland cybersecurity community; or created exceptional educational or internship programs to support cybersecurity career development. Our Cybersecurity Community Champions are the unsung heroes of Maryland’s cybersecurity ecosystem.
- John Leitch, President & CEO, Winquest Cybersecurity
- Dr. Loyce Pailen, Collegiate Professor, Cybersecurity Technology, University Maryland University College
- Tina Williams, President & CEO, Tcecure
Cybersecurity Diversity Award – Presented by Exelon
This award recognizes a company or organization that has worked to make careers in the Maryland cybersecurity industry more accessible to underrepresented groups or underserved markets. This award could honor a trailblazing minority or woman-owned cybersecurity company in Maryland; an organization that supports underrepresented groups working to gain employment in the state’s cybersecurity industry; an academic institution that provides cybersecurity-related training or internships targeting underserved populations; a business that has demonstrated a commitment to a diverse workforce; or others.
- The Certified Cyber Apprenticeship Program (Registered DLLR apprenticeship) & Fort Meade Cyber Career Skills Programs
- Lockheed Martin
Cyber Warrior Woman Award – Presented by Saul Ewing Arnstein & Lehr Saul
This award honors a woman doing extraordinary or exemplary work in Maryland’s cybersecurity industry. Winners of this award could be individuals who have: mentored and inspired women in the cybersecurity industry or young women considering careers in the industry, donated significant resources (time, expertise, technology and/ or funds) to support Maryland’s cybersecurity industry; been staunch advocates for the Maryland cybersecurity community; or created exceptional educational or internship programs to support cybersecurity career development.
- Diane M Janosek, Commandant, National Cryptologic School, National Security Agency
- Marie Weber, Systems Engineer, Lockheed Martin
- Tina Williams, President & CEO, Tcecure
Cybersecurity Industry Resource Award – Presented by Winquest Engineering
This award celebrates a non-cybersecurity business, organization, academic institution or government agency that has significantly contributed to Maryland’s cybersecurity industry through its products, services or mission. This award is ideal for: organizations that provide access to funding for Maryland cybersecurity companies; government agencies that support the cybersecurity industry; legal firms with a cybersecurity practice; insurance companies offering cyber insurance; media entities that tell the stories of Maryland’s cybersecurity community or serve as a resource for businesses to understand how to be cyber secure; academic institutions with unique and/or state-of-the-art cybersecurity programs; non-profit organizations that support youth engagement in the cyber industry; and others.
- Carroll Tech Council
- The CyberWire
- Mid-Atlantic Gigabit Innovation Collaboratory (MAGIC)
All nominees for Signature Awards categories are automatically be entered into the judging for the Regional Award for their respective participating county. The sponsor for each Regional award will create its own judging team, establish its own judging process and select its category winner to be announced at the Awards Celebration. Winners will be announced at the Maryland Cybersecurity Awards Celebration on April 11, 2019.
Year Up’s Professional Training Corps (PTC) is a national program, with one that has been offered at Baltimore City Community College since 2010. It is a one-year, intensive for college students age 18-24 that prepares urban young adults to reach their potential through career experiences and higher education. Year Up provides students with the skills, experience and support necessary to thrive professionally.
The goal of Year Up is to address the opportunity divide. “Five million young adults are disconnected from stable career pathways [while] 12 million jobs requiring post-secondary education will go unfilled in the next decade.” Access to higher education resulting from social and economic injustice are preventing millions of young adults from achieving stable careers, despite talent and knowledge.
Earlier this month, Winquest President & CEO John Leitch and Vice President & COO Nate Corry visited Year Up Baltimore to meet Clif Morgan, Site Director and John Carberry, Director of Corporate Engagement and learn more about the Year Up program. Winquest was also interested in meeting some of the students to help determine if Year Up could provide Winquest with cybersecurity interns to help with an expected boost in summer business. While many companies are looking for interns with more advanced cybersecurity skills, Winquest is looking for interns who are eager to learn and hungry for an opportunity. As John Leitch said, “If the intern has the right attitude, they can learn anything.”
Winquest was able to meet two Year Up students, both of whom were very impressive. The students had as many questions as Winquest and everyone was engaged in the dialog. Nate remarked, “If we have enough business, both of them would be an asset to our team.” The visit concluded with a follow-up invitation to talk with students about the cybersecurity services industry and John and Nate look forward to a return trip.
Thank you Year Up Baltimore for the hospitality and introducing the team to some of your outstanding students. Interested in learning more about Year Up Baltimore? Click here.
Winquest is excited for the possibility of adding interns to the team this year to learn more about the suite of services offered.
The landscape of cyber threats is constantly evolving and critical cyber infrastructure, programs, operations and policy is increasingly important. In response, the Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security (DHS), was created through legislation in November 2018.
Legislation on both the federal and state levels is imperative in order to ensure data privacy and thwart cyber war. In light of the most recent presidential election and subsequent cyber threats, cybersecurity has become an increasing focus for lawmakers. Coupled with an expected rise in data breaches, leaks and exposures in 2019, cybersecurity is top of mind for the 116th Congress and policymakers across the nation. As legislative sessions are in full swing, an increase in cyber laws are expected to be introduced.
During the 115th Congress, 2017 – 2018, thirty-one cybersecurity related bills were given committee consideration or passed one or both chambers. Out of those, five became public law.
1. Department of Energy Research and Innovation Act: the law establishes a Department of Energy (DOE) policy for science and energy research and development programs, and reforms National Laboratory management and technology transfer programs, as well as directing DOE to report to Congress on integrated research programs in cybersecurity and national security, among others.
2. John S. McCain National Defense Authorization Act for Fiscal Year 2019: the bill authorizes appropriations and sets forth policies regarding military activities of the Department of Defense, including cybersecurity matters.
3. National Defense Authorization Act for Fiscal Year 2018: establishes several cybersecurity efforts and new rules and programs related to information security; allows the President to define what “cyberwar” means; the Pentagon will reexamine the department’s internal organizational structure surrounding its cybersecurity related missions (SEC. 1641, SEC. 1644, and others); the National Science Foundation and Office of Personnel Management will launch a joint pilot scholarship program aimed at educating and recruiting talent directly out of universities.
4. FITARA Enhancement Act of 2017: requires the Chief Information Officer of each covered agency to conduct a risk management review of those investments that have received a high-risk rating for four consecutive quarters, among other things.
5. Strengthening State and Local Cyber Crime Fighting Act of 2017: authorizes a National Computer Forensics Institute within the U.S. Secret Service, which will disseminate information related to the investigation and prevention of cyber and electronic crime and related threats.
In addition to federal legislation, in 2018, at least 35 states, D.C. and Puerto Rico introduced more than 265 bills or resolutions pertaining to cybersecurity. More than 52 of those bills were enacted. Legislation addresses:
• improving government security practices
• providing funding for cybersecurity programs and initiatives
• restricting public disclosure of sensitive government cybersecurity information and
• promoting workforce, training and economic development.
With legislative session in full swing across the county, additional cyber laws on the state level will be more apparent in the coming months.
Keeping up with new and ever changing cybersecurity legislation is challenging. Make Winquest your trusted advisor to keep you up-to-date so you don’t get blindsided by new laws and regulations. For more information contact us at firstname.lastname@example.org.
Security is only as strong as your weakest link, which is usually an employee. In fact, “91% of cyber attacks and the resulting data breach begin with a spear phishing email,” according to a 2016 report from PhishMe. Simply put, a majority of attacks are the result of an employee clicking on an email that contains malware.
Cyber-attacks are becoming more prevalent and employees at all levels need to be aware of how to protect their information. Below are a few quick tips on what to focus on when it comes to cybersecurity training:
1. Concentrate on phishing scams and social engineering
2. Standardize password policies
3. Include training during onboarding
4. Make an incident response plan
Recently, a local company called on Winquest to help after two phishing attempts, the second being successful.
The company’s bookkeeper received an email that looked like it came from a legitimate email address within the organization. The email asked that this employee’s next paycheck be moved to a different account than it normally deposited to. It wasn’t until the bookkeeper approached the employee in person to verify the account change that they realized it was a phishing email. First phishing attempt thwarted because the bookkeeper verified the authenticity of the request before taking any action.
Second (successful) attempt
The second phishing attempt on the same company was unfortunately successful. An employee received an email from who she thought was the company president, who was on vacation at the time. The exchange was as follows (names changed for privacy purposes).
Email from the “president”: How quickly can you get to the store? I need you to purchase some gifts for some specific clients. I would provide you with details on what product of gift cards and the exact quantity and amount needed. I can’t take calls, because I am in a meeting. I have my iPad next to me so I can quickly respond to your message”
Response from employee: “I have a meeting at 1, but should be done by 1:30ish so I can go after if that’s helpful. Just let me know what you need!”
“President”: “What I need is Google Play cards of $100 face value. I need 6 of each card. That’s $100 X 6 = 600. Scratch the back out and email me the codes or pictures of the scratched codes. Let me know. Thanks.”
Employee: “OK, I can buy them online and send the code directly to your email. You should get them in a moment.”
“President”: “E-Gift Cards takes 24hrs to activate, get the physical cards and email them to me.”
Employee: “Just tried to buy them and was denied because of a few things:
1. Store policy only allows $400 of gift cards at a time
2. The name on the card has to be the name of the purchaser
So, how urgently do we need these? I could ask either Amy or Jessica to go out and get $400 worth, or I could get them online if we are good with waiting 24 hours.”
“President”: “You can ask Amy or Jessica to get them.”
Employee: “Ok, I am sending Amy the details, she is in a meeting but said she will go when she gets out.”
“President”: “Have you purchased the cards?”
Employee: “Just sent them all your way, please let me know if you have any issues with them!”
“President”: “Thank you. Cards received and sent out accordingly. Sadly, I would need you to get 10 more cards. Let me know when you can get that ASAP. Thanks.”
Employee: “10 more meaning $500 worth or 10 more meaning $1000?”
“President”: “Have you been able to purchase the cards?”
It was after this message that the employee realized they had fallen for a scam. However, it wasn’t a sophisticated approach at all. One look at the email address it was sent from would have tipped the employee that the emails weren’t in fact coming from the company president.
The company employee is not alone and attacks like this happen frequently due to lack of awareness training. The lack of employee-level cybersecurity training is concerning, seeing how prevalent these attacks are and how expensive they can be. In fact, the average cost of a phishing attack for mid-size companies is $1.6 million, according to PhishMe.
Since this attack, the company has agreed to be a pilot for a new Winquest employee-level cybersecurity awareness training program. This training program is effective, convenient and inexpensive and follows our goal of making cybersecurity services affordable for all businesses.
For information on Winquest cybersecurity training for your employees, contact us at email@example.com or visit https://winquestcyber.com/ to see our other offerings.
If you own a small or medium-sized business (SMB) and are looking to keep your information safe, the cloud may be right for you. Cloud computing is the off-site access and storage of data and applications with a provider that also provides infrastructure, redundancy and security. It is gaining popularity for SMBs who need to keep information secure but don’t have the resources that large corporations do. The cloud is still an unfamiliar concept to some, however, so it poses the question, what are the advantages of using the cloud?
Cloud security is more attainable for SMBs that don’t have the budget for in-house, traditional IT security teams. It can dramatically cut IT costs and requires low upfront infrastructure investments compared to high costs to set up and manage physical servers or storage devices. Using the cloud eliminates that need to maintain facilities and hardware.
Cloud security is not only cheaper to set up, but also more cost effective in the long-run. Cost is tied to usage. You can scale storage up or down depending on the needs of your business. The more storage, the more expensive, but you can adjust based on your changing needs. Cloud providers don’t charge for unused infrastructure.
As cloud storage increases in popularity, it is becoming more secure. Data in the cloud is usually encrypted, meaning the information is only accessible if you have the password or key to the encryption. This encryption would have to be cracked before an intruder could gain access to your businesses’ information.
While moving data to the cloud is a great business practice, especially for SMBs, remember that people are key to any technology’s security. Encrypted files will only remain so if your employees are security-conscious and don’t make it easy for cybercriminals to gain access to their cloud credentials.
If your business chooses to move its data to the cloud, make sure you get help to make your transition smooth. Here are a few simple tips to make the move an easy one:
1. Choose the right provider for you. Do your research. With a rise in the use and amount of cloud computing platforms, determine which is best for your business size and amount of data storage you need. Evaluate the strengths and weaknesses of each platform and know the database size you’ll need and the capacity demands of your business.
2. Prepare and plan. Inform your employees of the upcoming migration so everyone can prepare which documents and information will need to be moved over. Be sure that your current systems are compatible with your cloud provider before you begin the transition process.
3. Migrate your data. Keep in mind that migration will entail giving some control over your files to your cloud provider during the transfer. In addition, have an IT professional work with you and your cloud provider to help ensure all of your data is transferred properly and securely.
4. Check. Make sure everything is working post-transition. Check that your applications are running smoothly and all of your data moved over to the cloud.
Making the move to the cloud is a big decision for any business. Weigh the pros and cons of different cloud providers and take into account the size and demands of your business.
(BALTIMORE, Md. — November 30, 2018) The Cybersecurity Association of Maryland Inc. (CAMI) elected its 2019 Board of Directors and Winquest Engineering Corporation President & CEO John Leitch is excited to have been selected to join the board. “Being elected to the CAMI Board of Directors is a great honor and I look forward to helping my fellow board members propel CAMI to the next level. Winquest has greatly benefited from our relationship with CAMI and this is my opportunity to give back and help others get the benefits we received, and more.”
CAMI is entering into its third year in operation and is led by President & CEO Stacey Smith. She notes, “CAMI continues to be a nationally unique organization with a mission of connecting Maryland’s cybersecurity companies with entities (commercial, government, academic and non-profit) everywhere that need cybersecurity solutions. In just three years, we have over 400 cybersecurity technology and services companies and almost 50 general service providers associated with our organization as members. I look forward to growing the organization and creating a more cyber secure business environment in Maryland and beyond with the help of our Board leadership, committees and many volunteers.”
Being part of CAMI will connect Winquest to other cybersecurity experts in Maryland and will enable everyone to work together to increase cybersecurity amongst businesses of all sizes.
For the full press release and to learn more about what CAMI has to offer click here.
(BALTIMORE, Md. — November 1, 2018) We partied with the Maryland Chamber of Commerce like it was their birthday…because it was!
Earlier this month Winquest Cybersecurity’s President & CEO, John Leitch attended the Maryland Chamber’s 50-Fest, a celebration of their big anniversary. But it wasn’t all for fun, Leitch was there for business. Winquest was proud to partner with the Maryland Chamber as a sponsor for one of their glow bars, providing beverages all night long and making ourselves known while we were at it.
“Winquest Cybersecurity sponsored the Maryland Chamber’s 50-Fest to provide exposure not only for Winquest, but for the Chamber as well. Winquest sponsorship demonstrated how Winquest and the Chamber are working together to help Maryland businesses meet their cybersecurity challenges,” said Leitch.
Since cyber-attacks don’t discriminate, businesses ranging from a one-man shop to global in scale are all vulnerable. Winquest provides services to all those in need. The Maryland Chamber represents businesses all over the state and there’s no better organization to support than one whose members run the gamut.
“The Maryland Chamber’s 50-Fest was a great event for Winquest sponsorship because the attendees represented Maryland businesses of all sizes and industries. The attendee diversity was representative of Winquest Clients who range from small Investment Advisor firms to multi-billion-dollar manufacturer/retailers,” continued Leitch.
Thank you to the Maryland Chamber for an incredible evening and for having us as a sponsor!
Winquest looks forward to sponsoring the Maryland Chamber’s upcoming event, the third in their cyber series, Cybersecurity for SMBs Part III: The Cloud as a Security Solution.
We hope to see you all there!