https://bsg.tech/blog/categories/careers-and-training/Recent content in Careers and Training on BSG Blog — Cybersecurity InsightsHugoenWed, 08 Apr 2026 08:00:00 +0000https://bsg.tech/blog/building-realistic-cyber-defense-exercise-lessons/Wed, 08 Apr 2026 08:00:00 +0000https://bsg.tech/blog/building-realistic-cyber-defense-exercise-lessons/<p>Most organizations test their defenses with tabletop exercises — facilitated discussions where someone reads a scenario and teams talk through their response. Tabletops test process. They don&rsquo;t test capability.</p> <p>BSG has spent over a decade on the offensive side — <a href="https://bsg.tech/penetration-testing/">penetration testing</a>, red teaming, and running CTF competitions at security conferences across Europe. A few years ago, we <a href="https://bsg.tech/blog/bsg-won-sans-netwars-tournament/">won SANS Grid NetWars</a>, a defensive investigation tournament, and something clicked: the same skills that make a good attacker make a good exercise designer. We know how real adversaries operate because that&rsquo;s what we do every day. Building realistic exercises for blue teams was a natural next step.</p>https://bsg.tech/blog/developer-to-appsec-engineer-career-path/Thu, 05 Feb 2026 23:02:15 +0000https://bsg.tech/blog/developer-to-appsec-engineer-career-path/<p>You spend your days building software. You understand how systems are architected, how data flows between components, and how features go from a pull request to production. Now consider this: that same knowledge makes you one of the strongest candidates for a career in application security.</p>https://bsg.tech/blog/cybersecurity-professional-standards/Tue, 29 Jul 2025 13:41:52 +0000https://bsg.tech/blog/cybersecurity-professional-standards/<p>The latest <strong><a href="https://open.spotify.com/episode/6AAdwUbHx3EZBBuqoSEe0M">NCSC Cyber Series</a></strong> podcast gathers three voices who know the battlefield from different angles:</p> <p><em>Tracey Jones, Senior Analyst at the Bank of England; Gian Andrea Padovani, Senior Manager in the PRA’s Cyber-Resilience team; and Chris Ensor, Deputy Director for Cyber Growth at the NCSC</em>. Their discussion turns a spotlight on an issue that rarely makes headlines yet shapes every breach report we read: professional standards.</p>https://bsg.tech/blog/the-truth-about-phishing-training-why-its-not-as-effective-as-you-think/Mon, 25 Nov 2024 16:48:56 +0000https://bsg.tech/blog/the-truth-about-phishing-training-why-its-not-as-effective-as-you-think/<p>Phishing attacks remain the top cybersecurity threat globally, accounting for 33% of data breaches in small and medium businesses according to Verizon’s 2025 Data Breach Investigation Report. Despite investing heavily in employee training programs, organizations often find themselves repeatedly compromised. This raises a critical question: How effective are these phishing training programs in preventing real-world attacks?</p>https://bsg.tech/blog/how-to-write-a-cv-in-cybersecurity/Thu, 28 May 2020 10:11:25 +0000https://bsg.tech/blog/how-to-write-a-cv-in-cybersecurity/<p>Each time after hosting a <a href="https://nonamecon.org">Nonamecon</a> or <a href="https://owasp.org/www-chapter-kyiv/">OWASP Kyiv</a> event, my mailbox is flooded by messages from people asking if we have job openings. How can one join our company? Here is my CV! And after getting a response, they ask how they can improve it.</p>