Resume Help! 185 Action Verbs

Phenomenal job whoever put this together. I found this here:

185 Action Verbs That'll Make Your Resume Shine | The Muse

Here's the list so that I can refer others to this... How often are you asked for help? Here's a great way to spruce up the old resume. Express yourself well. Tell the story. Don't bore me. There's a balance of too little and too much. Grammar-check and spell-check everything. Check your spacing, fonts, and use of bolding/italics/color to make sure you are consistent everywhere.

Your resume has to stand by itself without you there to explain away easy to fix mistakes. The last position we had for our team had 450 resumes submitted within days. I'm ruthless with reviews. You have time to work on your resume. It should be awesome. You can tell a difference between someone who cares and someone who doesn't.

Action Verbs 1-12: You Led a Project

If you were in charge of a project or initiative from start to finish, skip “led” and instead try:

1. Chaired

2. Controlled

3. Coordinated

4. Executed

5. Headed

6. Operated

7. Orchestrated

8. Organized

9. Oversaw

10. Planned

11. Produced

12. Programmed

Action Verbs 13-33: You Envisioned and Brought a Project to Life

And if you actually developed, created, or introduced that project into your company? Try:

13. Administered

14. Built

15. Charted

16. Created

17. Designed

18. Developed

19. Devised

20. Founded

21. Engineered

22. Established

23. Formalized

24. Formed

25. Formulated

26. Implemented

27. Incorporated

28. Initiated

29. Instituted

30. Introduced

31. Launched

32. Pioneered

33. Spearheaded

Action Verbs 34-42: You Saved the Company Time or Money

Hiring managers love candidates who’ve helped a team operate more efficiently or cost-effectively. To show just how much you saved, try:

34. Conserved

35. Consolidated

36. Decreased

37. Deducted

38. Diagnosed

39. Lessened

40. Reconciled

41. Reduced

42. Yielded

Action Verbs 43-61: You Increased Efficiency, Sales, Revenue, or Customer Satisfaction

Along similar lines, if you can show that your work boosted the company’s numbers in some way, you’re bound to impress. In these cases, consider:

43. Accelerated

44. Achieved

45. Advanced

46. Amplified

47. Boosted

48. Capitalized

49. Delivered

50. Enhanced

51. Expanded

52. Expedited

53. Furthered

54. Gained

55. Generated

56. Improved

57. Lifted

58. Maximized

59. Outpaced

60. Stimulated

61. Sustained

Action Verbs 62-87: You Changed or Improved Something

So, you brought your department’s invoicing system out of the Stone Age and onto the interwebs? Talk about the amazing changes you made at your office with these words:

62. Centralized

63. Clarified

64. Converted

65. Customized

66. Influenced

67. Integrated

68. Merged

69. Modified

70. Overhauled

71. Redesigned

72. Refined

73. Refocused

74. Rehabilitated

75. Remodeled

76. Reorganized

77. Replaced

78. Restructured

79. Revamped

80. Revitalized

81. Simplified

82. Standardized

83. Streamlined

84. Strengthened

85. Updated

86. Upgraded

87. Transformed

Action Verbs 88-107: You Managed a Team

Instead of reciting your management duties, like “Led a team…” or “Managed employees…” show what an inspirational leader you were with terms like:

88. Aligned

89. Cultivated

90. Directed

91. Enabled

92. Facilitated

93. Fostered

94. Guided

95. Hired

96. Inspired

97. Mentored

98. Mobilized

99. Motivated

100. Recruited

101. Regulated

102. Shaped

103. Supervised

104. Taught

105. Trained

106. Unified

107. United

Action Verbs 108-113: You Brought in Partners, Funding, or Resources

Were you “responsible for” a great new partner, sponsor, or source of funding? Try:

108. Acquired

109. Forged

110. Navigated

111. Negotiated

112. Partnered

113. Secured

Action Verbs 114-122: You Supported Customers

Because manning the phones or answering questions really means you’re advising customers and meeting their needs, use:

114. Advised

115. Advocated

116. Arbitrated

117. Coached

118. Consulted

119. Educated

120. Fielded

121. Informed

122. Resolved

Action Verbs 123-142: You Were a Research Machine

Did your job include research, analysis, or fact-finding? Mix up your verbiage with these words:

123. Analyzed

124. Assembled

125. Assessed

126. Audited

127. Calculated

128. Discovered

129. Evaluated

130. Examined

131. Explored

132. Forecasted

133. Identified

134. Interpreted

135. Investigated

136. Mapped

137. Measured

138. Qualified

139. Quantified

140. Surveyed

141. Tested

142. Tracked

Action Verbs 143-161: You Wrote or Communicated

Was writing, speaking, lobbying, or otherwise communicating part of your gig? You can explain just how compelling you were with words like:

143. Authored

144. Briefed

145. Campaigned

146. Co-authored

147. Composed

148. Conveyed

149. Convinced

150. Corresponded

151. Counseled

152. Critiqued

153. Defined

154. Documented

155. Edited

156. Illustrated

157. Lobbied

158. Persuaded

159. Promoted

160. Publicized

161. Reviewed

Action Verbs 162-173: You Oversaw or Regulated

Whether you enforced protocol or managed your department’s requests, describe what you really did, better, with these words:

162. Authorized

163. Blocked

164. Delegated

165. Dispatched

166. Enforced

167. Ensured

168. Inspected

169. Itemized

170. Monitored

171. Screened

172. Scrutinized

173. Verified

Action Verbs 174-185: You Achieved Something

Did you hit your goals? Win a coveted department award? Don’t forget to include that on your resume, with words like:

174. Attained

175. Awarded

176. Completed

177. Demonstrated

178. Earned

179. Exceeded

180. Outperformed

181. Reached

182. Showcased

183. Succeeded

184. Surpassed

185. Targeted

[Comment Period] Draft SP 800-53A Revision 5

 Tags: NIST, Draft SP 800-53A Revision 5, Comment Period, assessment objectives, determination statements, assessment methods, assessment objects

Source: SP 800-53A Rev. 5 (Draft), Assessing Security and Privacy Controls in Info Sys and Orgs | CSRC (nist.gov)

Control assessments are not about checklists, simple pass/fail results, or generating paperwork to pass inspections or audits. The testing and evaluation of controls in a system or organization to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome are critical to managing and measuring risk. Additionally, control assessment results serve as an indication of the quality of the risk management processes, help identify security and privacy strengths and weaknesses within systems, and provide a road map to identifying, prioritizing, and correcting identified deficiencies. 

 

Draft NIST Special Publication (SP) 800-53A Revision 5, Assessing Security and Privacy Controls in Information Systems and Organizations, provides organizations with a flexible, scalable, and repeatable assessment methodology and assessment procedures that correspond with the controls in NIST SP 800-53, Revision 5. Like previous revisions of SP 800-53A, the generalized assessment procedures provide a framework and starting point to assess the enhanced security requirements and can be tailored to the needs of organizations and assessors. The assessment procedures can be employed in self-assessments or independent third-party assessments.

In addition to the update of the assessment procedures to correspond with the controls in SP 800-53, Revision 5, a new format for assessment procedures in this revision to SP 800-53A is introduced to:

• Improve the efficiency of conducting control assessments,
• Provide better traceability between assessment procedures and controls, and
• Better support the use of automated tools, continuous monitoring, and ongoing authorization programs.

NIST is seeking feedback on the assessment procedures in this publication and in electronic versions (OSCAL, CSV, and plain text), including the assessment objectives, determination statements, and potential assessment methods and objects. We are also interested in the approach taken to incorporate organization-defined parameters into the determination statements for the assessment objectives. To facilitate their review and use by a broad range of stakeholders, the assessment procedures are available for comment and use in PDF format, as well as comma-separated value (CSV), plain text, and Open Security Controls Assessment Language (OSCAL) formats.

 

The comment period is open through October 1, 2021. See the publication details for a copy of the draft and associated files, and instructions for submitting comments. We encourage you to submit comments using the comment template provided.

 

Please submit inquiries and comments to sec-cert@nist.gov.

 

NOTE: A call for patent claims is included on page vii of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

 

Publication details:

https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/draft  

ITL Patent Policy:

https://www.nist.gov/itl/publications-0/itl-patent-policy-inclusion-patents-itl-publications

 

Creating Professional Velocity

The Simple Formula

1. Increase your professional education.
2. Increase your social education.
3. Increases your value.
4. Increases your desirability.
5. Increases your opportunities. 
6. Increases your earning potential.
7. Increases your velocity towards financial goals.
8. Establishes financial freedom to focus on other goals. 

Trade-Offs

1. Time.
2. Energy.
3. Sacrifice.

Considerations

1. Timing of when to invest where. Invest early for greater dividends later.
2. Take care of your physical self to be your best mental self. A strong body reduces mental fatigue and enables a strong mind. 
3. You get to balance your investments. Keeping all of them healthy is work that requires intentionality. Family. Friends. Personal. Professional.
4. Avoid instant gratification. Exercise your patience. Grow that muscle.
5. Coaching, Mentoring, and Counseling. Surround yourself with advocates. 

June 3-4: Register for Security Connect 2021, VMware's annual cybersecurity conference!

Tags: VMware, cybersecurity, conference

Here’s a compiled list of all 59 sessions for VMware’s own annual cybersecurity conference:

Link: Signup Here for VMware’s Security Connect (vmware.com)

Compiled List of all 59 Sessions:

• Achieving Zero Trust on Your Internal Networks [1144]
• Automate Threat Hunting and Incident Response Use Cases with Carbon Black Cloud and SIEM [1147]
• Avoiding Common Public Cloud Misconfigurations [1126]
• Blocking Malware on Encrypted East-West Traffic [1125]
• Build Trust with Anywhere Workspace [1133]
• Choosing Your Developer Toolkit [1146]
• Cloud Native Security in VMware Tanzu [1143]
• Cloud Reputation Approvals: Security Perspective [1139]
• Cloud Workload Protection, Simplified [1131]
• Common Mistakes Seen During Incident Response Engagements [1168]
• CVE Hyperinflation & What It Means For Security Teams [1149]
• Cyber-Physical Security [1105]
• Delivering Intrinsic Security [1108]
• Detection to Proactive Remediation: Operationalizing Cloud Security Posture Management [1130]
• Do I Really Need That Expensive SIEM? [1127]
• eCrime Industrialization: Modern Evolution of Cybercrime [1166]
• Enemy Inside the Gates - 2020 Threat Landscape Key Findings [1170]
• Exposing Vulnerabilities in Kubernetes [1169]
• Global Security Insight 2021 Fireside Chat [1104]
• How to Evolve Your SOC with the MITRE ATT&CK Framework [1115]
• How to Leverage NSX To Detect Advanced Threats Evading the Perimeter [1137]
• How to Prevent Ransomware Attacks​ [1120]
• Implementing Query Packs Via Audit and Remediation APIs [1150]
• Improving Endpoint Security Efficacy with VMware Carbon Black [1129]
• Insider Threats: Dealing with the Attacks That Can Cause the Greatest Harm [1167]
• Kubernetes Security Posture Management [1132]
• Mapping NSX Security Controls to MITRE ATT&CK [1123]
• Modern Bank Heist: From Heist to Hostage Situation [1165]
• Multi-cloud Application Security with WAF​ [1122]
• Network Security for the Modern Datacenter [1138]
• Network Security Vision and Strategy [1111]
• One-Click to Intrusion Detection and Prevention [1140]
• Operationalizing Carbon Black Cloud for the Modern SOC [1148]
• Operationalizing East-West Security: Customer Voices [1112]
• #PervasiveIntegrity: Maturing Security into Resiliency [1179]
• SASE: Accelerating & Simplifying Network Security in Times of Change [1117]
• Secure Connectivity for Modern Apps [1109]
• Securing a Remote Workforce using VDI Segmentation [1142]
• Securing Remote Workers with VMware Carbon Black Cloud [1135]
• Securing the Unsecurable [1114]
• Securing Your Environment with On-Prem Security Environment [1136]
• Security Hygiene for DevOps [1102]
• Security Within The Application Lifecycle [1110]
• Seeing Is Believing: Visualize Your Network Security Policy in Action [1145]
• Shift Security Left and Accelerate Application Deployments [1118]
• Simplifying Security for a Remote Workforce [1141]
• Simplifying Your Endpoint Security With VMware Carbon Black [1128]
• Simplify Security Complexity [1180]
• Simplify Your Security - A Practical Example [1124]
• The Evolution of the CISO: What It Means for All of Us [1101]
• The Latest Attacks and How to Spot Them [1171]
• The Mach 2 Mindset [1178]
• Threat Detecting to Threat Hunting [1107]
• Threat Hunting and Incident Response, Two Sides of the Same Coin [1116]
• Trusting Zero Trust: How VMware IT Reimagined Security and Resiliency [1113]
• VMware Security Innovation [1181]
• Vulnerability Management for vSphere Admins [1119]
• Women in Security: Encouraging Inclusivity and Representation [1103]
• Zero Trust, Zero Pain: A Practical Implementation with VMware Security [1106]

Summary Statistics for NIST SP 800-53r5

Very interesting statistics, particularly around the related and cross-referenced controls. These counts are related to the Top Level controls. While certainly not an absolute flag, these counts are an interesting indicator of the importance of each of the controls. 

Also, note the count of controls in the baselines, including the incremental jumps from LOW to MOD and MOD to HIGH. Note that these totals include controls and enhancements. 

VMware OCTO is Hiring!!!

Interested in joining VMware OCTO? GREAT people. GREAT mission. Join us! I really do love it here. 

Visit https://rolp.co/4babk and type JoinOCTO in the search.

OCTO’s mission is to create a future of disruptive technologies for VMware and enable a culture of perpetual innovation. We are thought leaders and trusted advisors who collaborate with our entire VMware ecosystem—co-innovating cross-company and with technologists from academia, our customer and partner communities. We invest in people, nurture their ideas, and embrace acceptable risk. Obstacles don’t stop us. We run past them because shifts in direction can lead to new insights and innovations, and to places we never would have otherwise gone.

We are actively seeking inclusive people who bring diverse skills, backgrounds, perspectives, and ideas to the table; people who can transcend limits and always have their eyes on the future. This is how great advances are made, how contributions are valued, and how innovation thrives.

Hope to see you here!!

Corrected and Compiled NIST SP800-53r5

Congratulations to the collaborators on the updated NIST SP800-53 Revision 5. There are many improvements in this version which seeds several standards efforts around the globe. 

Please find on the www.compliancequickstart.com downloads page a compiled and slightly corrected version of the downloadable excel files from NIST located here. 

The corrected version is titled NIST sp800-53r5.ver.01a and found here. I've also added a few details that I find helpful. 

Updates/Corrections

1. Corrected withdrawn column which had one control mismarked and another not marked.
2. Added 2-digit Control ID which enables proper sorting on control identifiers. Current published version is incorrectly sorted.
3. Added column named PK (Primary Key) for proper sorting
4. AU-5(4) references AU-15 which is withdrawn into AU-5. Updated to reflect AU-5.
5. AU-9 references AU-15 which is withdrawn into AU-5. Updated to reflect AU-5.

The State of Compliance – and the Cloud – in the Financial Services Industry

Ghost written after an interview with me as the source. Heck of a job by Dennis McCafferty.

If there is one unifying and indisputable fact about the hackers of the world, it’s this: They go where the money goes.

This makes the financial services industry one of their favorite targets. Once they compromise an organization in the sector, they can make thousands – or tens of thousands or much, much more – by stealing credit card account numbers, committing wire fraud, emptying savings accounts, etc. Or they can profit off of ill-gotten intelligence, selling or buying stock shares based upon non-publicly disclosed insider information contained “within the vault.”

That’s why financial services organizations should view regulatory compliance not as an onerous, “check the boxes” effort, but one that can ensure the continued integrity of their operations and reputation.

In seeking to reduce the risk of debit and credit card loss and limit identity theft, the Payment Card Industry Data Security Standard (PCI DSS) sets 12 security requirements for all companies (including banks and other financial institutions) that process, store, transmit or accept credit card information, regardless of size or number of transactions. The requirements cover firewall configuration, cardholder data encryption, secure systems/applications development, physical access to data and regular testing. Unfortunately, global PCI DSS compliance among firms has fallen for two straight years and now stands at 36.7 percent, down from 55.4 percent in 2016, according to the 2019 Payment Security Report from Verizon. Fines for PCI DSS violations range from $5,000 to $100,000 per month.

It’s worth noting that, in prior annual Payment Security reports, Verizon has revealed that no organizations were found to be fully compliant at the time of a breach, demonstrating lower compliance with ten out of the 12 PCI DSS key requirements. In addition, only 29 percent of companies are still fully compliant with PCI DSS less than a year after being validated. This speaks to a governance problem, as these firms are failing to commit to a sufficient level of continuous monitoring which will effectively manage both risk and compliance over time.

It’s clear that an ever-elevating threat landscape is creating formidable compliance and risk-management barriers: Based upon its analysis of nearly 41,700 security incidents and more than 2,010 breaches, the 2019 Verizon Data Breach Investigations Report (DBIR) indicates that the finance industry accounted for 927 of those incidents (ranked #4 among all sectors) and 207 of the breaches (third overall, behind only the public sector and healthcare). These organizations also suffered the second-highest average cost of a data breach at $5.86 million – 49 percent greater than the $3.92 million global average for all industries, according to the 2019 Cost of a Data Breach Report from the Ponemon Institute and IBM.

What’s more, increasing activity in the cloud is adding to the complexities of data protection and compliance: Financial services organizations are allocating 41 percent of their IT budgets to the public cloud, up from 34 percent in 2018, according to research from Refinitiv. Sixty-seven percent of the industry’s firms either are already invested in Infrastructure as a Service (IaaS)/public cloud offerings or are planning to, compared to 59 percent of companies in general, according to 451 Research. Fifty-five percent of these firms are either already invested in Platform as a Service (Paas) or are planning to, compared to 46 percent of companies in general.

However, despite the abundant activity in the cloud, there is much trepidation: Technologies supporting cloud migrations are considered the top contributor to cybersecurity risk for financial services organizations, as cited by three-fifths of the industry’s security practitioners, according to research from Ponemon. (Blockchain tools ranked #2, as cited by 52 percent of these professionals.)

At Caveonix, we have dedicated ourselves to helping financial services organizations readily comply, thus enabling them to better defend their data and systems – whether on-premise or in the cloud. Our Caveonix RiskForesight platform implements continuous compliance to ensure our customers are meeting regulatory standards across their infrastructure and applications. The solution tracks and reports adherence to compliance requirements, and determines the impact of configuration and vulnerability changes on compliance. RiskForesight detects compliance drift and how to bring it back into compliance.

RiskForesight distinguishes itself because it delivers an ongoing, continuous evaluation of where our customers stand, identifying and assessing compliance and risk wherever their data exists. The Caveonix team firmly believes that, if you can see it, you can quantify it. And if you can quantify it, you can apply the governance required to incorporate effective controls. We understand that satisfying regulations are about more than “checking boxes” – they’re about successfully managing risk and protecting information in the interest of operational integrity and brand reputation. If you’d like to talk about how we can work together to help solve your compliance/cybersecurity problems, then please contact us.

CRITICALSTART CEO Rob Davis selected as EY Entrepreneur of the Year® 2020 Southwest Finalist

I'm so incredibly proud of Rob!! Congratulations!!! He's the best brother, mentor, and friend you could have. I still learn from him constantly. He's exacting and demanding of the best you can give, but selfless and giving to help you get there. 

https://www.criticalstart.com/rob-davis-selected-as-ey-entrepreneur-of-the-year-finalist/

"Congratulations to CRITICALSTART CEO, Rob Davis, who has been selected by an independent panel of judges as an EY Entrepreneur Of The Year® 2020 Southwest Finalist. Rob was selected as a finalist for his vision, leadership, and determination in our ever-changing world.

Widely considered as one of the most prestigious business award programs in the U.S., this program recognizes entrepreneurs and leaders of high-growth companies who are excelling in areas such as innovation, financial performance, and personal commitment to their businesses and communities- while also transforming our world.

Regional award winners will be virtually announced on Friday, October 2, 2020."

AWS, Accenture, Palo Alto: State of the Cloud

3000 people consulted from AWS, Accenture, Palo Alto Networks across

• Financial Services and Insurance,
• Consumer and Industrial Products,
• Energy and Resources,
• Technology and Telecommunications, and
• Life Sciences And Healthcare

Download here: 
https://www.paloaltonetworks.com/state-of-cloud-native-security

Selected Highlights 

Compute spread: VMs 30%, containers 24%, CaaS 21%, PaaS 22%

We are in a multicloud, multi-compute world

• 94% of organizations use more than 1 cloud platform
• 60% use between 2 and 5 platforms
• AWS is the most popular public cloud service provider

The top three challenges for moving workloads to the cloud

• Technical complexity (42%)
• Maintaining comprehensive security (39%)
• Ensuring compliance (32%)

More security tools doesn’t necessarily mean better security

• Companies investing more than $100 million in cloud are trimming the number of tools they use. 53% of this high-spending group use just 5 or fewer cloud security tools
• Acquiring more tools and vendors can create inefficiencies and make employee tool training more difficult
• Companies start to see overlaps between tools and vendor offerings, so they consolidate and rationalize tools and tool providers
• 71% of companies use third-party vendor tools, 65% use CSP-provided security tools and 62% use open source tools

Cloud security spend is rapidly catching up with cloud spend

• Cloud security spend is highest for companies with an annual cloud budget of $100 million or more
• 34% of these high spenders allocate 16% or more of their cloud budget to security

Greatest challenge to providing comprehensive cloud security.

1. Lack of visibility 15%
2. Tool training 14%
3. Safe practice training 11%
4. Evaluating current state 11%
5. Integration of security tools 10%
6. Securing budget 10%
7. Security reporting tools 8%
8. Automation 6%
9. Executive buy-in 4%
10. Other 1%

More Numbers

• 65% of survey organization’s invested more than 10% of their 2019 cloud budget in securing their cloud estates.
• 58% use 6 or more cloud security vendors.
• 57% use 6 or more cloud security tools.
• 77% of companies have cloud security teams bigger than 20 people.