MGM's Cybersecurity Breach, Goldman Sachs' Office Return Policy, and Evolving AI Job Search Strategies

All right, so boom. Last week, mgm resorts suffered a major cybersecurity breach, and we're also going to talk about why companies are forcing everyone to go back to work. Are you interested in starting your career in the cloud? Well, if that's you, then I got some for you. Level Up and Tech is a comprehensive 24 week program guaranteed to help you land a high pain role in the cloud. Some of the skills that they teach you in Level Up and Tech are server config and troubleshooting, aws Infrastructure as Code, cicd, scripting, containerization and more. Level Up and Tech has helped over 800 people start their career in the cloud. So if you're interested in the program, click the link in my bio, click on the tech resources and click on Start your Cloud Career. What's going on there, everybody? It's your boy HD and I'm back with a solo episode of the Textual Top Podcast. It's episode 101. And I just want to thank everybody for rocking with me. You really been supporting the last episode. Yeah, I've been supporting the in person episode, so I really appreciate that I got more to come and yeah, so episode 101 is starting season four, and I didn't let me kiss myself. When I first started the podcast years ago, I never knew how many episodes I was going to do or how long it was going to run. I just knew I want to do it and, due to support in the various different guests that I've gotten on here, is letting me know that it's something that's actually helping people and impacting their lives, and that's what helps me keep on doing it. That's what helps me even do solo episodes. I'm not so dependent on guests to where I won't talk to you guys, like you'd like to hear from me, from just myself sometimes, and that's what I like to do. But before we get into everything we're going to talk about today, y'all know what to do Hit the thumbs up button, hit the like button and I'm just going to talk to you guys a little bit today. So last week I got to see Drake and concert. I've been listening to Drake since 2007 2008. So to go see my favorite artist that I've been listening to pretty much my whole life is crazy. It's like every album he came out with was like a different point of my life and it was cool. So it's the tour name was it's all a blur yeah, it's all a blur tour, and I thought it was pretty good. I thought it was a great concert. The concept of just it seemed like a blur to a younger him and he's coming up and out of the stage or sitting on the couch or in the bed or acting like he's like a teenager and just experiencing different things and all the different songs that he did on the set. It's like crazy. It remind me a little bit of like usher's performance, how usher goes through these different songs throughout his what usher been in with 30 years now I think so 30 plus years. So I think it's similar to that, like all the different songs Drake has, and it was really cool. The crowd was really rocking him and 21 came out. I might even put some footage like right here as I'm talking, but that's pretty cool. Got to stay in a dope hotel. Matter of fact, we got a suite for like no extra charge because we had a plumbing issue in our room and yeah. So, all in all, guys, since the last thing you guys, I have my god tell you on tech on here, and that was episode 100. And I gotta say that was one of my favorite episodes to edit myself. If you don't, if you guys don't know, I pretty much shoot, edit, market everything myself. Hopefully that is soon to change, either by the end of this year or next year, because it's a lot to do. I like to do it, but I can use that that time to do better, so like spend time with my family or do other things, but just want to let you guys know what that is and also to continue to support the text without podcasts. Like I said, join the patreon. The patreon gets all these episodes at free, but it's also a way for you to help invest in this company to where I can keep on doing a person episodes. Or eventually, when I want to get to guys is I want to travel to different people. Sometimes they can't come to Dallas and do the podcast out there so they can talk with me. So you invest in the patreon, helps me invest back into the podcast or helps me continue to give you great content from those that you want to hear from. But enough about that. One thing I want to touch on before we get into the major parts of this episode is we've been hearing a lot of talks about September search. Now, I don't know necessarily if it's like a search, but I will say my LinkedIn inbox has been buzzing with some great offers. Well, I want to say offers with some great salaries. So I tell people all the time you have to make sure that you always have never take your open to work thing off. Leave it just open to recruiters, always constantly updated, flick it on and off, edit your skills always reevaluate what you put on your job titles or re edit those and just make sure you have relative skills that are high paying in the market, because once you get your experience, the numbers come around like now the jobs that send hope 10 years experience. I have that. They're offering six figures that don't start with a one. And that's not me saying the flex, is not me saying that you can or can't do it as this, like how the progression goes as you get your experience and based on where you work. That that's why I tell people hey, where you work does matter in a sense. If you have bigger names or it's in a certain industry and you work different places, companies will look at that and say, oh, they worked here, they worked here, they worked here. Hmm, let's see if they want to come back with us, We'll, we'll offer them something Um, prosperous. Now I will say they're probably aren't many remote offering so far as they haven't seen. It's been real ambiguous and vague, but I know for a fact a lot of these jobs are hybrid, where you want to do one, two or three days into the office and you know how that goes. But just, I was gonna say, like, check out your LinkedIn always, make sure it's up to date, stay on it, be active, network. You know what you gotta do. And also, if you're watching right now or listening, let me know if your inbox has been blowing up. But now, guys, I want to touch on one of the bigger events last week and that was the MGM resorts breach. Alright, so if y'all not aware, in short, mgm, in short, mgm resorts pretty much experienced a cybersecurity incident last week, or a breach. At first, they were classified in it as a cybersecurity issue and from what research has shown me briefly, is that it happened via social engineering, more specifically, vishing where they use social engineering or someone on the help desk to, I believe, get like some admin credentials and Get access to files that they shouldn't have access to. But we're going to read a little bit about this article and we're going to talk about some things in depth. So, mgm's casinos exx I servers allegedly encrypted in ransomware attack. An Affiliate of the black cat ransomware group, also known as APL HV, is behind the attack that disrupted MGM resorts operations, forcing the company to shut down IT systems. In a statement today, the black cat ransomware group claims that they had infiltrated MGM's infrastructure since Friday in the cryptid more than a hundred hypervisors after the company took down the internal infrastructure. The gang says that they exfiltrated data from the network and maintained access to some of MGM's infrastructure, threatening to deploy new attacks unless an agreement to pay a ransom is breach. So let's talk about that a lot briefly. Not only was this a security issue, this is also an operations-based thing as well. When you talk about Help, this People talk about help. There's so bad, but how pivotal it can be and something like this is serious. You shouldn't be able to easily reset those type of credentials via the help desk. There should be a different process for that, because those are elevated privileges on that account and they need to make sure the person that's asking for their credentials to be reset is that person. Also, I saw rumblings on Twitter that it's bad documentation in the environment, that a lot of people don't know how the network works, how a segmented same thing Security teams. So if that's the case, ask another reason why they were in a lose-lose situation. Everyone's gonna look at this and blame the either the networking teams, it teams or the security teams. But actually this is on the stakeholders. They are supposed to be the ones that are overseeing everything and saying, hey, we need this document and we need these assets updated, we need this, this and this and this and this and done. Everyone else is just the people that are working or they're implementing what's being told for them to do. So if that's not happening, that's why you start seeing these things. Let's keep on going down, all right. Cybersecurity researcher VX underground first broke the news that threat actors affiliated with ALPHV ransomware operation allegedly breached MGM through a social engineering attack. While bleeping computer could not confirm if this was true, the black cat admin did confirm with bleeping computer yesterday that one of their adverts Carried out the MGM attack, saying that it wasn't the same actor that had Western Digital in March, citing sources familiar with the matter. Reports later said that the threat actor that briefs MGM resources being tracked by cybersecurity companies that scatter spider. Other companies call it octopus, unc 3944 scatter swine. According to Bloomberg reporters, scatter spiders also breach the network of Seas entertainment, who is a US Securities and Exchange Commission on Thursday Provide a strong hit at paying the attackers to avoid a leak of customer data stolen in attack. The ransom demand was allegedly 30 million dollars. Now, this was a shocker as well. We didn't really hear anything about the seizures breach, but if that is the case, then let's see when they say this actually happened. So that's another. We don't know when the seizures breach happened, but I know that I stayed at seizures last year, so that's the case. Then they got a that some people know hey, we were breached and this is what we're gonna do. Better give me some free rooms or something you know I'm saying. But listen, I always tell people IT Networking, all this other job security. They're gonna probably get some people in that could fix this thing, but it's gonna be tough because they're gonna have a lot of work to do and they're gonna have to go through a lot of. One of the hardest things about going into a new company is implementing change. Especially if it's a big company, people are resistant to change, but you ought to know hey, if you don't want this to happen again, let me do it. So let's keep going. In their statement today, blackcast says that MGM resorts remain solid on the provided communication channel, indicating that the company has no intentions to negotiate a ransom payment. The hacker stressed that only action they saw from MGM was, in response to the breach, disconnecting each and every one of their Octosync servers. At the learning that we have been looking on their Octo agent servers, the attacker claims that they were trying to sniff any password that they could not recover from. The domain controller has done so, alright, also. So this is one of the things, too. You want to answer different questions when we're interviewing for these roles Sometimes. One of the things you got to assume sometimes is the attackers are already in your environment, but one of the things that attackers have that you don't is time Nine. So let's visualize this. You know you watch the different movies where someone's thinking about breaking into a physical building and what do they do all the time? They clock when the security comes in and out. Alright, prime example the movie that Ice Cube Sun did with the guys where they robbed the bank, the big bank. I forget what the name of it is, but you know how they were so detailed in knowing exactly who is going to be where and when. And then that's what people do on the network side and even specifically what they deal with the help desk. Or it could have been some insider threat stuff too, to where, hey, somebody said, hmm, they got, we got lax controls here. You guys, let me in, I'll get this information for you. I want my cut. There are a lot of different things at play here that more will be released and do time let's see. Despite showdown, the synchronization after service, the hackers continue to be present on a network, black cat says in a statement. They claim to still have super admin privileges on MGM's after environment and global administrative permissions to the company's Azure tenant. After seeing MGM taking this action, with no intention from the company to engage in negotiations over the provided chat, the threat actor says they deployed the wrestler attack. And also what's interesting is typically admin accounts. It's weird, but most of the time admin accounts don't necessarily have. You can put multi factor on them, but most of the time you associate like different accounts with like mailboxes, and so a lot of times you're already on the network and so you just need your password to authenticate. So I wonder who passwords are or how are they already in the environment, and then they also got these admin credentials. So that's something I'm wondering as well as I'm reading this. After waiting a day, we successfully launched ransomware attacks against more than 100 exxi hypervisors in their environment on September 11th, after trying to get into it but failing. This was after they brought in external funds for assistance and contained the incident. Okay, so they brought in some external firms. I wonder who they were. At this moment, the hackers say they do not know what type of data they stole from MGM, but promise to extract relevant information and share it online. Unless they reach an agreement with MGM to pressure the company even more to be able to use the MGM, to pressure the company even more to paying black hat, they're going to use their current access to MGM infrastructure to carry out additional attacks. All right, let's see if I can find anything else interesting for you guys. Because you can, I'll link this and you can read this later. So you see they are going to break this down to you. What I just read are write ups that eventually happen after they get the lessons learned and all the different reports. So their report is going to be very extensive on this once they get all the information is going to take some weeks to get down. But how to understand how attackers can come in and maintain persistence and get into an environment is by reading news like that. Read those different articles. That's how. That's how you can answer these questions when they actually interview. So if you stay up to date with security news and read up on them and read how or what these straight actors are and go research what they've been implementing on how they got into an environment, you could be a step ahead of the game and even though you may not be an expert, you still can sound knowledgeable on what you see happening in today's landscape. Now the next article I want to get into is Goldman Sachs is one of people to come back into the office five days a week, and if you're familiar with my channel, you know I had my stint there and how they were pushing for before I left. So I think five days is crazy, and so we're actually going to read that article and you know I'm going to give. I'm going to give it up, I give it up. So let's check it out. All right, no more work from home. Goldman Sachs asked employees to return to office five days a week. Let's see. Working from home serves the popularity because of COVID-19 pandemic and subsequent lockdowns. Although the crisis is largely in a rearview mirror, remote work continues to be popular because it offers flexibility and alleviates commuting to stress community stress but that convenience is no longer available at Wall Street Juggernaut Goldman Sachs. According to a recent report from Bloomberg, goldman is urging his employees to return to office full time following senior manager's frustration over some staff not being present five days a week. While there's flexibility when needed, we are simply reminding our employees of our assisting policy. Jacqueline Arthur, goldman's global head of human capital management, said in a statement we have continued to encourage employees to work in office five days a week. Now here's the thing, and it depends on, like I said I've talked about when I worked there, and every office may be different, but they have you crammed up right next to people All day. People have a meeting, you don't have any personal space and you know, in my opinion, and they're also now in the news talking about another strand of COVID being out. So it's pretty much forget your health, forget your kids, just come in to work anyway, not to mention like we're out. I'm in a D of W area. It's spaced out here so Things aren't always as affordable everywhere. So people have to move out into the suburbs so they can afford places for them, their family, to stay and they are not Making any. What's the what I'm looking for? They're not helping anybody With salary for one to come into office, so they're just telling you but not up in the pay because things have gone up. That's another thing too. It's like hey, if inflation is rising? I think last year they didn't have such a good year with bonuses. So what incentives do people have to come into the office, especially and I'm not gonna talk about everybody, because I believe maybe the investment bakers or the other type of jobs Well, you do need to meet clients face to face and show them what you guys working on. That's a different type of lane, you know. But when, when it comes to working in, like in some type of tech focus roll, five days a week is a bit much, especially if there is no incentive for them to come. And sure they may say oh, you're incentive is keeping your job, but there are companies that don't make you come back in in five days a week. So let's keep reading to see what else they're gonna say In April, jpmorgan Chase and company and strut to this managing directors to be in office five days per week. Additionally, a memo from the bank stated that employees not mean their in office attendance expectations Must change or face appropriate performance management steps, which could include corrective action. The way for returning office isn't limited to Wall Street. That's cool. Okay, let's read. This says is remote work morally wrong? Employers have cited various reasons for bringing people back to the office, such as productivity, collaboration, training and networking. For must, though, there's more to the story, and an interview with CNBC earlier this year, mux noted that workers who make things People consume can't work remotely, and to assume that these workers have to work on site while you don't, it's morally wrong. It's like, really, you're going from work from home. You're going to make everyone else who made your car come work in the factory. You're going to make the people who make your food, that can't work from home. He said the people that come to fix your house. They can't work from home, but you can. Does that seem morally right? That's messed up. Must went so far to say as the laptop class is living in La La Land. That's funny, because you are a freaking billionaire. So you don't have to come into work, you can do your deals from wherever you want to. Number two, you making that false, equivocal false I'm gonna see if I'm a butcher. It false equivalent equivalency is like me Talking about basketball players getting paid million dollars, like millions of dollars a year, compared to whatever I do. Based on how much money you make, people determines on what type of flexibility you would have in their workplace. There's there's not much correlation. People know what job they chose. Please believe me, if there was a way for people to control robots or some from home and make cars or whatever they got to do, they would do it. So don't be like that. We know for a fact that working from home Is better most of the time for people Then going to the office, especially if you, like I said, if you stay farther out, you got kids. Sometimes your commute is like over an hour and a half a day by the time you get home, sometimes late. You missed up from your kids, you're so drained. So let's not act like you know. That isn't a valid reason of why people prefer to work remotely. Where they can go to their kids, they can get their work done. Come on, let's keep it real, and this is why I think it's crazy with the whole RTO thing. The landscape of everything has changed in the last three years. It just has Some companies need to get with it or you'll see the fall of a lot of prolific companies, because some of these companies feel like, hey, because I'm GS, you should just want to come in here five days a week, and there are always going to be new companies coming around. That'll take that talent and how they've helped Goldman Sachs be successful for years and give them the flexibility they're looking for. And that's what a lot of these companies are being ran by. Older people are not understanding. People want flexibility in their life. Just like you have flexibility, you get to call the shots, you get to make all the money, but I keep my salary the same, yet I have to go in, spend more on gas and also groceries and everything else, but not really get it up to. I got a hope that I get a good enough bonus next year for me and my family. I'm not giving equity. There are a whole bunch of different things that they need to correct. If they want people to abide by these rules, they're going to have to up the ante. They're going to have to do it. If not, people are going to be walking out and going to better companies. That's going to treat them better for their lifestyle, and that's how I feel about that. Now, actually, one more article I came across. It was about artificial intelligence in the job search process and I want to talk about that briefly. We want to dissect this article simply because so many people are going the way of trying to use AI to find jobs, but some of you may be doing it the wrong way and it still may not be leading to you having success in your career journey. So let's talk about it. So, five AI job search mistakes you need to sidestep. Let's talk about this. So I'm going to read a little bit of this and then I'm going to go into the titles of it. I'm not going to read the whole thing. From creating resumes to sending automated networking emails, there are plenty of ways that AI is transforming the job search and streamlining the recruitment process. While this could be great news for both job seekers and employers, it's not without its challenges. It might feel easier and more efficient to let AI tools and platforms take control, especially when you're a business professional without much free time to dedicate to the search. However, it's crucial that you remember that these are just tools. They still require human input and therefore they can't manage your entire job search. If you leave the entire search and application process to AI, you might just cause yourself your dream job. Here are five AI job search mistakes you need to sidestep this year If you want to get hired soon. Confusing man and machine. It is so important when writing an application that you are writing for a real person and not a machine. After all, the final review of your application before you invite it for an interview is likely to come down to a recruiter or potential employer. Thank you, thank you. So many people have been sold on the lie about ATS that they're saying oh, ats, I mean AI is going to put all the keywords on your resume and ATS is going to get you selected to get an interview. It's not how it works. A person is reviewing your resume and they're going to say yeah, your name, I'm just just being honest. So, that being said, with 75% of resumes never being seen by the human eye, it's imperative you can get your resume passed on ATS so it could be seen by a real person, so you need the help of machine to process your application. This could feel like a catch 22. To combat this, you need to make sure that you write your profile and all detailed descriptions for a real person. We'll also ensuring that you populate your content with relevant keywords to get past the algorithm in the first place. So, to sum that up, it's something that I've always said only then, when I do your resume, I intend to make it viewable for a human to decipher your skill set based on a job description. That's it Simple case input. So let's see why it's important. According to 2023 survey, over 98% of Fortune 500 companies use ATS when hiring, as do a further 66% of large companies and 35% of small organizations. So, while it may feel like a lot of extra work, it is both work and is necessary. You want to increase your chances to be invited for an interview. Let's see what this is talking about. Given AI full control, there are loads of great tools out there that allow you to simply enter basic information and career background and a generated resume for you. While this can be very helpful and it's certainly useful you don't have the time to be messing around with formatting. You shouldn't rely on those tools alone. Once your resume or cover letter has been created for you, make sure that you go through and carefully proofread and check every aspect. You might find you need to make a few changes to remove any repetition or make it more engaging. So by all means, utilize these tools, but always check the finished product before submitting your application. Yes, I've used chat GPT before and I have to fine tune some things that it says because sometimes it's pulling from all these different places. But it's not always the best outcome when you use AI and of course, there are other AI tools. Shout out to Teal, teal, y'all need to get back with me so we can go ahead and work on something. But there are better tools out there that can help suit your job process. That takes some manual effort, but not all manual effort that makes anything. So let's keep going Choosing complicated resume formats. Let's get into this one. If you choose to build your resume yourself or you already have one ready to go, it is crucial that you're using a standardized resume format. Unfortunately, if you try to get too creative and stand out, you might confuse a our tools, which could lead to your resume ending up on a rejection Pal, for example, it's usually best to avoid adding pictures, custom created floods and hyperlinks. It's also important that you are consistent with titles, bullet points and other format, as these tools can recognize patterns. Now, I agree, keep it simple. Stupid. The kiss method works on your resume. I've seen where people are trying to be too cute with their resumes and it doesn't really work for them in the long run. We want to let them know what they need to see in a concise, most concise way as possible, without Doing the most with crazy funds and crazy color schemes. Now I disagree with him. Well, whoever wrote this article or not having hyperlinks on there. I disagree because, hey, some of your projects, you don't want to just riddle your resume or projects or your LinkedIn. So you have a section that says like get hub or LinkedIn with a hyperlink to it and they click on it. The human can click on it. I Disagree with that stance. Not checking through auto pop, play the content. There's nothing more tedious and time consuming than having to go through different job sites or career portals and enter the information over and over again from your name and address your skills. Yeah, yeah, yeah, let's see if it's the meaning potatoes, let's see. All right, this is the last one, leaving your search up to algorithms and machines. Last but not least, you need to avoid relying too heavily on machines, algorithms and job alerts. That's not to say these aren't helpful, and you shouldn't sign up to job alerts and other tools. However, if you're relying only on job alerts that are based on the requirements you enter into a job matching platform, you can miss out on great opportunities. So, as well as using a I to recommend related roles, be sure that you dedicate some time each week to actually search for positions, network and reach out To like-minded professionals, as you never know where your next opportunity will come from. By avoiding these five a I mistakes, you can make the most of the job searching tools. Wow, also increasing your chance to find the perfect role. Yes, I, I agree. I, ho, holly, agree. While AI could be beneficial, it takes human effort To make sure you're doing your job search properly. The things that AI can't do, sure, I can give you a script, but AI isn't not at the point where, like, for example, I teach my students how, okay, you want a job, or maybe you want to stay in the same industry. Let's go find some people that work there. Let's go actually comment on their posts. Let's go react to them. Let's go reach out to them and talk to them a little bit back and forth, but also be upfront about what you're looking for, what you may need help with. Ai is not doing that part for you and that could be a critical step in why you're not getting. That could be a critical step and why you won't get in callbacks for your, your resume, and also most jobs are not even posted. So networking is always going to be better than relying on AI, because it's not about who you know, but who knows you, like we always say. So use AI tools to help you, maybe, like I, like I like to. So till can do different resumes for you based on what you already have constructed and help you pick out Keywords with. Then you can apply with different jobs or different resumes. You can send out things to recruiters after you already talked to them and have some type of warm opening with them. But other than that, do not rely on them the whole time, because Sometimes the people that create these tools have never worked in HR or anything like that, so relying on them could be a big blind spot on you, but that's been an episode. Today has been pretty much Current events and just short on. Like the things that were going on, I still have some other stuff got some big gaps coming in the future. Also. Guys Sponsored this video day was level up in tech. So you are interested in starting your cloud career? Check out level up a tech. Look at the link in the description and start to get your call with them today so they can get you on your way to get into a cloud career. Also, like I said, check out the patreon. If you need coaching advice for me, book a consultation. Check out my free webinar, my free ebook and trying to get into cybersecurity. Yeah, but it's everything. I appreciate job for rocking with me. I got the heat coming. Like I said, I'm gonna get a team and we're gonna be smoking, but until next time, like your boy always say, should raise D, I'm out. Peace.