Tag: regulation

Welcome New Member –  Samira Marquaille from France

Welcome New Member – Samira Marquaille from France

Please welcome our newest member from France, Samira Marquaille Samira Marquaille is an IT Project Manager with more than 20 years of experience across both public and private sectors, with a strong focus on data privacy. She is skilled at uniting teams and fostering collaboration 

Welcome Back – Michael McDonald from Australia

Welcome Back – Michael McDonald from Australia

CyAN is thrilled to welcome back Michael McDonald, an internationally respected Senior Solution Architect, startup CTO, and technical visionary whose career spans three decades, five continents, and some of the most complex, high-stakes environments in industry and government. Michael brings rare breadth and depth across 

Cyber (In)Securities – Issue 147

Cyber (In)Securities – Issue 147

Welcome New Member – Caroline Humer from US

Welcome New Member – Caroline Humer from US

Please welcome our newest member from the United States, Caroline Humer As an international digital safety advocate, Caroline Humer is dynamic and motivated, with a track record of successfully fostering cross-industry engagement. Growing up in numerous global settings has honed her ability to lead global 

CyAN Voices: Growing Careers Through Mentorship

CyAN Voices: Growing Careers Through Mentorship

In this mentorship story of 2025, Sumandeep Kaur shares her experience as a Web Developer and Cybersecurity Intern under the guidance of her CyAN mentor, Shantanu Bhattacharya.

Empowering Early-Career Web Developer & Cybersecurity Professionals: My Journey with the CyAN Mentorship Program

By Sumandeep Kaur

Acknowledging My Mentor “Shantanu Bhattacharya”: A Pillar in My Professional Growth

Throughout my participation in the CyAN Mentorship Program, I had the privilege of being guided by an exceptional mentor whose unwavering support and expertise were instrumental in my development.

From the outset, my mentor fostered an environment of learning and curiosity. Their deep knowledge provided me with a comprehensive understanding of how these fields intertwine. Whether it was navigating complex coding challenges or understanding the nuances of cybersecurity protocols, their guidance was always insightful and encouraging.

One of the most impactful aspects of our mentorship was their emphasis on best practices and real-world application. They didn’t just teach me the “how,” but also the “why,” ensuring I grasped the underlying principles that would allow me to adapt and grow beyond the program. Their patience and willingness to share personal experiences made our sessions both educational and inspiring.

Beyond technical skills, my mentor instilled in me the importance of continuous learning and ethical responsibility in the tech industry. Their mentorship extended beyond our scheduled sessions, as they were always approachable for questions and discussions, demonstrating a genuine investment in my success.

I am profoundly grateful for the time, knowledge, and encouragement my mentor provided. Their influence has not only enhanced my technical abilities but also shaped my professional ethos. As I continue to build my career, the lessons and values imparted by my mentor will remain a guiding force.

During my tenure in the CyAN Mentorship Program, I immersed myself in a comprehensive learning experience that bridged the realms of full-stack web development and cybersecurity. This dual-focused approach allowed me to understand the intricate relationship between developing robust web applications and ensuring their security against potential threats.

In the realm of full-stack development, I honed my skills in both front-end and back-end technologies. On the front-end, I worked extensively with HTML5, CSS3, and JavaScript, crafting responsive and user-friendly interfaces. I also delved into modern frameworks to build dynamic single-page applications. My experience also encompassed working with databases such as MySQL, ensuring efficient data storage and retrieval.

Parallelly, my exposure to cybersecurity principles was integral to my development process. I learned to implement security best practices, such as input validation, authentication, and authorization mechanisms, to safeguard applications against common vulnerabilities. I familiarized myself with the OWASP Top 10 security risks and integrated preventive measures during the development lifecycle. Additionally, I utilized tools like Splunk for monitoring and analyzing application logs, aiding in the early detection of potential security incidents.

By understanding the full spectrum of application development and its associated security considerations, I am better equipped to build applications that are not only functional and efficient but also resilient against cyber threats.

Key Responsibilities

  • Developed responsive web applications using HTML, CSS, JavaScript, ensuring cross-browser compatibility and optimal user experience.
  • Collaborated with the cybersecurity team to implement security measures such as input validation, authentication protocols, and secure data storage.
  • Conducted vulnerability assessments and applied OWASP Top 10 principles to mitigate common web application security risks.
  • Utilized Git and GitHub for version control and collaborative development.

Technical Skills

  • Proficient in front-end technologies: HTML5, CSS3, JavaScript.
  • Skilled in database management with MySQL.
  • Familiar with cybersecurity tools and practices, including penetration testing and secure coding standards.
  • Knowledgeable in using SIEM tools like Splunk for monitoring and analyzing security events.

Achievements

  • Successfully developed and deployed a full-stack web application with integrated security features, enhancing user data protection.
  • Identified and resolved multiple security vulnerabilities in existing web applications, improving overall system integrity.
  • Received commendation from mentors for the ability to bridge the gap between development and security, ensuring robust application performance.

Mentorship Engagement

Throughout the mentorship, I regularly engaged in:

  • One-on-one mentor sessions to discuss career pathways, technical questions, and soft skills.
  • Weekly tasks and challenges designed to simulate real SOC workflows.
  • Collaborative feedback sessions focused on improving analytical thinking and report writing.

Integrated Career Goals in Web Development & Cybersecurity

Deepen Expertise in Secure Web Development

Objective: Master secure coding practices by studying the OWASP Top 10 vulnerabilities and implementing mitigation strategies in your projects.
Action Plan: Enroll in courses focused on secure web application development and participate in code review sessions to identify and fix security flaws.

Develop Full-Stack Security Projects

Objective: Create comprehensive web applications that integrate both front-end and back-end security measures.
Action Plan: Design projects that include features like secure authentication, data encryption, and protection against common web threats, showcasing them in a professional portfolio.

Engage in Continuous Learning and Community Involvement

Objective: Stay updated with the latest trends in web development and cybersecurity.
Action Plan: Attend industry conferences, contribute to open-source projects, and participate in forums or local meetups to exchange knowledge and experiences.


About the Mentor

Shantanu Bhattacharya

LinkedIn

Shantanu Bhattacharya is a seasoned cybersecurity professional with over 25 years of experience. Known as the “Cyber Doctor,” he helps small businesses in finance, legal, and retail sectors defend against phishing and ransomware. He provides actionable, budget-conscious solutions tailored to client needs delivered within 60 days.

About the Mentee

Sumandeep Kaur

LinkedIn

Sumandeep Kaur is a Web Developer and Cybersecurity Intern who brings a dual focus in full-stack development and secure coding. She has hands-on experience with HTML, CSS, JavaScript, MySQL, and cybersecurity tools like Splunk. Passionate about building applications that are both functional and resilient, she is committed to continuous learning and ethical tech practices.

Cyber (In)Securities – Issue 143

Cyber (In)Securities – Issue 143

News Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedInThe Register – Brandon Vigliarolo Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOneCyberscoop – Greg Otto Marks & Spencer breach linked to Scattered Spider ransomware attackBleepingComputer – Lawrence 

Cyber (In)Securities – Issue 142

Cyber (In)Securities – Issue 142

News Ransomware Gangs Innovate With New Affiliate ModelsDark Reading – Alexander Culafi FBI: US lost record $16.6 billion to cybercrime in 2024BleepingComputer – Sergiu Gatlan Attackers hit security device defects hard in 2024Cyberscoop – Matt Kapko Ripple NPM supply chain attack hunts for private keysThe 

🐘 The Elephant in the Server Room: Why Nation-State Hackers Love Small Businesses

🐘 The Elephant in the Server Room: Why Nation-State Hackers Love Small Businesses

You’d think nation-state cyber attackers would be too busy targeting military secrets, critical infrastructure, or global financial systems to bother with your local optometrist, small engineering firm, or boutique consultancy.

But you’d be wrong.

As Rob Lemos in his recent Dark Reading article “Nation-State Threats Put SMBs in Their Sights” noted, small and medium businesses (SMBs) are increasingly being caught in the crosshairs of nation-state actors. And while that sounds dramatic, it’s not exactly news to those of us who’ve been waving this red flag for a while now.

If you’ve heard me talk about data privacy, sovereignty, or security-by-design, you’ll know this has been a consistent message: Small doesn’t mean safe.
And simple doesn’t mean insignificant.

🐘 The Elephant in the Server Room

Let’s get this out of the way: Most small business owners aren’t waking up thinking about advanced persistent threats. They’re thinking about invoices, customers, staff shortages, or what fresh compliance headache might land in their inbox next.

But that’s precisely what makes them attractive to cyber operatives. Nation-state actors — whether working directly for governments or as aligned proxies — know that many SMBs:

  • Don’t have dedicated security teams
  • Rely on unpatched or outdated systems
  • Lack visibility into who accesses their data
  • Are deeply embedded in complex supply chains

And it’s that last point that’s so often overlooked. Because when a hostile actor wants to breach a major government department or multinational contractor, the front door is usually locked. So they look for a side door.

🕵 The Stepping Stones in the Spy Game

Small businesses aren’t usually attacked because of the data they hold. They’re attacked despite it — or more accurately, because of who they’re connected to.

Think of SMBs as stepping stones across a river. Alone, they may seem easy to overlook. But in the hands of a strategic adversary, they form a precise, quiet path — one that leads straight to critical infrastructure, sensitive government systems, or global defence suppliers.

Nation-state actors know this. They’ll compromise a regional software vendor with government clients. Or a boutique logistics firm that supports infrastructure projects. And then they wait.

This isn’t smash-and-grab ransomware. It’s quiet infiltration. Long-game strategy. And it works.

🧩 But Here’s the Hard Truth (and the Good News)

Small businesses can’t keep outsourcing this risk to someone else. Governments and tech giants have critical roles to play, of course. But SMBs themselves need access to practical, affordable ways to take control of their data.

I know it’s a lot. Many small business owners are already overwhelmed — especially with security solutions that feel designed for enterprises with full SOC teams and million-dollar budgets.

That’s why we designed 3 Steps Data with three very specific principles in mind:

  • Simple to use — because you shouldn’t need a cybersecurity degree to protect your business.
  • Cryptographically secure — so even if someone breaks in, they can’t read your data.
  • Zero-knowledge architecture — meaning we can’t see your data. And neither can anyone else.

We believe compliance and governance shouldn’t be a scary afterthought — they should come baked in. No back doors. No silent surveillance. No compromises.

🛡 Stop Treating SMBs as Collateral Damage

For too long, small businesses have been treated as unfortunate casualties of cyber warfare — overlooked in policy and underserved by tools.

But the truth is, SMBs are the economy. They’re the innovators, the service providers, the specialists keeping everything running in the background. And they deserve security solutions that match their importance — not just their size.

SMBs need:

  • Education that speaks business, not jargon
  • Tools built for real-world constraints
  • Transparent, auditable systems that don’t require trust, because they’re designed not to know
  • Public policy and industry support that acknowledges the role SMBs play in national resilience

🧭 A Final Thought

I’ve said it before, and I’ll keep saying it: Cybersecurity isn’t just a tech issue — it’s a business continuity issue. A trust issue. A sovereignty issue.

So next time someone suggests that nation-state hackers only go after “big targets,” remind them: the path often runs straight through the smallest players.

Let’s stop leaving our smallest businesses to fight off the world’s most resourced attackers with nothing but duct tape and good intentions.

Because when the stepping stones are this exposed,
it’s only a matter of time before someone crosses them.


About the Author:

Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions.
She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.

Cyber (In)Securities – Issue 141

News Former cyber official targeted by Trump quits company over moveNBC News – Kevin Collier MITRE’s CVE program given last-minute reprieveitNews – Raphael Satter Whistle Blower: Russian Breach of US Data Through DOGENarativ – Zev Shalev Midnight Blizzard deploys GrapeLoader malwareBleepingComputer – Bill Toulas 4chan