Happy New Year. Hope everyone has recovered from the holidays and Log4J.

We had a huge turn out for our North Texas Regional Summit. Save the date for our Regional Summit in The Woodlands, February 9th.

Our annual conference is only a few months away in Galveston. We hope to see many submissions from the call for presentations. The Education Committee will review all submissions. Our strongest education sessions come from our peers.

Hope to see you all in Galveston at the annual conference.

William Pham
TAGITM President

StateScoop
Stephen King wrote in in his 2010 memoir "On Writing" that metaphors let the reader "see an old thing in a new and vivid way." He also noted, "When a simile or metaphor doesn’t work, the results are sometimes funny and sometimes embarrassing." Here is a roundup of some IT metaphors from the past year that stood out.

GovTech
Texas Chief Information Officer Amanda Crawford discusses broadband, cybersecurity, workforce challenges, and ensuring residents can connect with government.

ZDNet
Sophisticated hackers from China, Iran, North Korea and Turkey are now exploiting the so-called Log4Shell bug (CVE-2021-44228). Microsoft observed the bulk of the attacks so far have been related to mass scanning by attackers attempting to thumbprint vulnerable systems.

GovTech
It's not your imagination -- the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here is a summary of key numbers in 2021.

CSO
CISOs are planning holistic strategies that support enterprise resiliency and say their priorities reflect security needs due to recent shifts in their organization’s IT and business environments, a changing threat landscape, and emerging risks.

GovLoop
Agencies need to address the emerging requirements of wide-ranging transformation initiatives including the adoption of virtualization, cloud, containers, DevOps and other modern technologies and processes.

An Information Security Awareness program isn’t just about complying with HB3834 requirements. Our human firewalls need periodic updates just like our other layers of defense. To be effective, an awareness program should take the diversity and culture of the audience into consideration. Gamification can either support a program or prevent it from being taken seriously. The technical aptitude of the users will determine whether they are bored or overwhelmed. Including "brown bag lunches", posters and giveaways are ways to include people with visual and tactical learning styles. You may consider sending out a survey and incorporating your users feedback. Establishing a partnership with your users will go a long way towards the program’s impact and adoption. I hope you enjoy this "Remote Office"-themed security puzzle, but remember to not make your Security Awareness program puzzling to your users.

Note: The answers are on page 2 of the puzzle.