Diversity, Equity, & Inclusion Training for Modern Teams: Creating a culture of belonging
Our webinar on “Diversity, Equity, & Inclusion Training for Modern Teams: Creating a culture of belonging” aimed to equip organizations, both in the private and public sectors, with strategies and insights to foster a culture of diversity, equity, and inclusion. This webinar provided actionable tips for building diverse and inclusive teams, promoting equitable practices, and creating a sense of belonging within the workplace. Industry experts, Dr. Maritsa Barros, Author of E-Guide 8 Key Factors to Thrive at a PWI, DEIJ Lecturer and Consultant, Tufts University and Kayland Arrington, HCH Enterprises provided valuable insights to drive positive change.
Agenda
- Introduction: Importance of Diversity, Equity, & Inclusion (DEI) in Modern Teams
- Keynote Address: Creating a Culture of Belonging
- Panel Discussion: Best Practices for DEI Implementation
- Case Studies: Successful DEI Initiatives and Experiences in the Public and Private Sectors
- Q&A Session: Addressing Challenges
- Closing Remarks: Committing to Lasting Change
Key Takeaways
- Explore successful DEI initiatives in the public and private sectors
- Get expert advice for overcoming challenges in DEI implementation
- Participate in an interactive Q&A sessions with industry professionals
Next Webinar Details
Diversity, Equity, & Inclusion Training for Modern Teams, Series II: Actionable Strategies for your Municipality
- Date: November 7th, 2023
- Time: 11:00 AM EDT
- Duration: 1 hour
We look forward to your participation in our webinar and helping you create a culture of diversity, equity, and inclusion within your organization. Register now to reserve your spot!
SecureWorld Boston — Closing Thoughts
By Donald Borsay, Director of Security Solutions, HCH Enterprises
After a prolonged absence due to COVID-19 lockdowns and contract assignments, I was finally able to return to Boston’s Hynes Convention Center for SecureWorld Boston in late March. It was a great opportunity to reconnect with my New England peers, catch up on the latest products and best practices, and even share my thoughts on the next steps of threat intelligence.
I was reassured to see many of my long-lost friends on the speaker list and on the Advisory Council. One of my colleagues pointed out that I had spent two straight hours on the exhibit floor without moving, — as one longtime colleague departed another came. Each of us is busy working hard to tackle cyber risk.
I spent a significant amount of time on the exhibit floor or in special roundtable discussions within the Advisory Council. I learned a lot about the impact of artificial intelligence on cybersecurity and about the recent SEC rulings that may give the Board greater access to the chief information security officer (CISO). I also discovered new products and vendors that are ready to help in the battle for network security.
I had the privilege of leading a threat intelligence panel discussion on “The State of InfoSec Today.” The main takeaway: that with a clear vision, fewer false positives, and continued effort, we can eliminate threats. I offer special thanks to Katherine Chipdey and Jason Albuquerque for the answers and a packed, lively crowd that built upon the seed questions I offered. It takes a village!
When refining your InfoSec program, it’s important to consider how threat intelligence reveals your critical assets’ exposure. Also, be sure that asset vulnerability and remediation are equally prioritized within threat intelligence. If what you have lacks this clarity, seek the capability to add intelligence.
In the threat intelligence arena, it is important to derive both high-level strategic and operational information, as well as low-level technical and tactical information. The devil is in the evolving technical details, so it’s essential to integrate and transform other domains instead of creating threat management silos.
Spending ARPA funds. Does your city have a plan?
It’s been nearly two years since the passage of the American Rescue Plan Act (ARPA) — a $1.9 trillion economic stimulus bill including an allocation of $350 billion to help state, local, and tribal governments to address economic and health impacts of the COVID-19 pandemic. While ARPA’s State and Local Fiscal Recovery Fund (SLFRF) dollars offer flexibility, it is important for all municipalities to have a plan in place, and the time to act is now — as cities and towns must obligate their funding by December 31, 2024.
How can municipalities spend SLFRF funds?
Cities and towns have many options for using their ARPA dollars. According to the U.S. Department of the Treasury, there are four separate eligible use categories. Local governments may use SLFRF funds to:
- Replace lost public sector revenue, using this funding to provide government services up to the amount of revenue lost due to the pandemic.
- Respond to the far-reaching public health and negative economic impacts of the pandemic, by supporting the health of communities, and helping households, small businesses, impacted industries, nonprofits, and the public sector recover from economic impacts.
- Provide premium pay for essential workers, offering additional support to those who have and will bear the greatest health risks because of their service in critical sectors.
- Invest in water, sewer, and broadband infrastructure, making necessary investments to improve access to clean drinking water, to support vital wastewater and stormwater infrastructure, and to expand affordable access to broadband internet.
More on SLFRF Rules and Regulations
As a municipality, it’s important to understand how you can use ARPA funding — but that’s only part of the equation. The more challenging element is determining how you should apply these dollars.
The goal for any municipality should be to capitalize on this tremendous opportunity for recovery in ways that meet the most prevalent needs of the community. The challenges many cities and towns face is — identifying those needs, and assessing the most effective pathways to meet those needs. Many communities are developing recovery and growth plans that involve:

- Constituent Communications — engaging with the people in their communities to assess needs and priorities.
- Data Analysis — Collecting, organizing, and analyzing data points to gain insights to accelerate community recovery and equity.
- Peer Evaluation — Reviewing what other similar communities have done and are doing with their ARPA funds, learning from their successes and challenges.
- Compliance and Reporting — Ensuring projects meet the Treasury’s requirements for suitability and that quarterly reporting requirements are met and timely filed.
- Project Management — Defining a plan and developing the roadmap to deliver the intended outcomes.
How are cities and towns using their ARPA money?
As it’s been nearly two years since ARPA’s passing, there is more and more data on how these funds — specifically those of the State and Local Fiscal Recovery Fund — are being allocated. The Council of State Governments published a database of all state-level allocations of SLFRF funding. Additionally, there is a Local Government ARPA Investment Tracker project developed through a partnership between the National League of Cities, Brookings Metro, and the National Association of Counties pulling in data from ARPA projects from cities and counties with populations of at least 250,000.
According to data from the Local Government ARPA Investment Tracker, as of August 31, 2021, 150 local governments submitted 2,577 projects involving $18.5 billion in SLFRF funds. Specifically, these projects involve a number of spending categories:
- Government Operations (37.6%)
- Infrastructure (12.5%)
- Housing (12.5%)
- Community Aid (12.3%)
- Public Health (12.2%)
- Economic and Workforce Development (11.1%)
- Public Safety (2.3%)
While information on how state governments and large cities are deploying their recovery funds is easily accessible, there is very little reporting on how small towns and medium-sized cities are making use of ARPA dollars. That’s why it may be beneficial for small-to-medium cities and towns to work with consultants and project managers to help ensure they are using these SLFRF funds in the most meaningful and efficient ways.
SecurityBeat: Culture Driven Cybersecurity
By Donald Borsay, Director of Security Solutions, HCH Enterprises
At HCH Enterprises, there is no one-size-fits-all approach to cybersecurity. While we all recognize the customs, arts, social institutions, and achievements framed within the culture of a particular country, we likely lack a perspective on cybersecurity. As digital transformation takes over every aspect of our lives, the core enabler remains people. HCH knows how to bring cybersecurity into the culture of your business.

According to ISACA’s The Business Model for Information Security, culture is the first factor that makes cybersecurity part of everything we do. Culture improves through a steady emergence of process. Management recognizes the culture gap and supports incremental advancement. According to the Security Cultures Report from Tessian, the proper security culture directly impacts employee behavior.
The people also use technology directly and must have the skills to support their access and instincts to know when something is wrong. These human factors of technology must be part of the plan. As a result, our People embrace the use of technology and operate it securely by applying their newfound awareness and skills and by following policy and procedure where appropriate.
Sounds good, right? Unfortunately, 45% of users don’t know who to report a security incident to and only 30% of employees believe they play a personal role in cybersecurity. We have so much work ahead of us!
Delivering on the promise of cybersecurity can be a daunting task for high-risk startups, small businesses, and local government when faced with the typical one-size-fits-all toolbox persisted by other providers. HCH’s approach is purposefully tailored to fit your culture. We will partner in your journey to a more mature cybersecurity posture.
SecurityBeat: China 10x U.S. in Cyber Command Staffing
DOJ Prosecutes Individuals Scamming Federal Funding
Ten people have been charged by the U.S. Department of Justice (DOJ) for their alleged roles in business email compromise (BEC) scams. These scams were aimed at a wide range of victims, including federal funding programs like Medicare and Medicaid.
More than $11.1 million was lost as a result of these attacks, with the money stolen by fooling victims into diverting bank transfers to the scammers’ accounts.

Daixin Team Behind Ransomware Attack on AirAsia
A cybercrime group known as Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The threat actors claim that they have access to the personal information of all of the company’s employees and five million passengers. The samples uploaded to the leak site include employee personal information, passenger information, and booking IDs.
The U.S. cybersecurity and intelligence agencies recently issued an advisory about Daixin Team, warning of attacks primarily targeted at the healthcare industry.
Increasing Cyber Risk in the Transportation Industry
Ransomware activity continues to increase globally despite efforts by businesses to boost their cybersecurity. While some industries have doubled or tripled their protection, others are still vulnerable and are finding themselves being targeted by cybercriminals.
According to The Threat Report: Fall 2022 from Trellix, the third quarter of 2022 saw ransomware activity double in the transportation and shipping industry. The report includes evidence of malicious activity linked to ransomware and nation-state-backed advanced persistent threat (APT) actors. It examines malicious cyber activity including threats to email.

China 10x U.S. in Cyber Command Staffing
China’s focus on enhancing its cyber capabilities over the past decade “poses a formidable threat to the United States in cyberspace today,” according to a report released by a congressional advisory commission. The U.S.-China Economic and Security Review Commission’s 2022 Annual Report to Congress assessed a range of threats to the U.S. economy and national security, including Beijing’s cyber warfare and espionage capabilities.
Rackspace’s Hosted Exchange Environment Held Ransom
Four days passed from the time Rackspace disclosed that its customers were experiencing difficulties with the company’s hosted exchange environments until advising that the incident was in fact a ransomware attack. The impairment was promoted to a security incident on day 2 with in-place recovery being so difficult that the company reluctantly notified customers that their email services were migrating to Microsoft 365 on day 4.

Who is Monitoring Your DNS Communications?
For nearly forty years, we stopped manually sharing host information and began relying on the Domain Name Service (DNS) to get the address of the system we need to communicate with. DNS is one of the few protocols we allow to communicate freely without restriction. Why would we need to protect our systems query of the network’s address book?
In a recent report published by Pentera, we find that attackers can use DNS tunneling to communicate with air-gapped networks. Organizations often use air-gapped networks to isolate their sensitive assets.
The takeaway is twofold.
- First, completely air-gap your sensitive assets by disabling DNS and using hostname tables.
- Second, consider using special monitoring solutions to inspect and prevent suspicious DNS traffic from traversing your network.