Careers and certifications
Security admins, pen testers and CISOs are a few of many potential cybersecurity careers. Get advice on making a career choice and finding the trainings and certifications -- such as Security+, CISSP and CCSK -- needed to land an infosec job, along with guidance on succeeding in a security profession.
Top Stories
-
Feature
13 May 2025
5 top mobile security courses and certifications for IT
To stay on top of new threats, IT pros can test their skills with mobile security training. Explore the top programs to learn about mobile attacks, penetration testing and more. Continue Reading
-
Feature
12 Feb 2025
7 cybersecurity conferences to attend in 2025
Cybercriminals create new ways to steal information regularly, creating cybersecurity challenges. Attending conferences is one way to learn about these trends for the best defense. Continue Reading
-
Feature
29 Nov 2021
The components and objectives of privacy engineering
Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives. Continue Reading
-
Feature
29 Nov 2021
The intersection of privacy by design and privacy engineering
Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how. Continue Reading
-
Guest Post
16 Nov 2021
How to create security metrics business leaders care about
Security metrics must be clear, actionable and resonate with business leadership. Learn how to create metrics that business leaders care about and will act upon. Continue Reading
-
Feature
26 Oct 2021
5 cybersecurity personality traits for a successful career
In this excerpt of 'Confident Cyber Security,' author Jessica Barker outlines five cybersecurity personality traits employers look for in job candidates. Continue Reading
-
Feature
26 Oct 2021
How to start a career in cybersecurity from the human side
Discover how the co-founder of an infosec consultancy and author of 'Confident Cyber Security' started her career and became a leader in the human nature side of security. Continue Reading
-
Definition
05 Oct 2021
What is a Certified Information Systems Auditor (CISA)?
Certified Information Systems Auditor (CISA) is a certification and globally recognized standard for appraising an IT auditor's knowledge, expertise and skill in assessing vulnerabilities and instituting IT controls in an enterprise environment. Continue Reading
-
Quiz
30 Sep 2021
10 CIPP/US practice questions to test your privacy knowledge
Advance your privacy career by becoming a Certified Information Privacy Professional. Use these 10 practice questions from Wiley's IAPP CIPP/US study guide to prepare for the exam. Continue Reading
-
Feature
30 Sep 2021
How to prepare for the CIPP/US exam
The co-authors of a CIPP/US study guide offer advice on the IAPP certification, including career benefits, how to prepare and how the U.S. exam differs from other regions' exams. Continue Reading
-
Guest Post
15 Sep 2021
CompTIA SYO-601 exam pivots to secure bigger attack surface
The latest CompTIA Security+ exam, SYO-601, tests skills and knowledge for dealing with an expanded attack surface and the latest forms of assault on cybersecurity defenses. Continue Reading
-
News
25 Aug 2021
HackerOne launches AWS certification paths, pen testing service
A select group of penetration testers in HackerOne's community will be able to obtain three AWS certifications, including the Security - Specialty certification. Continue Reading
-
Feature
12 Aug 2021
How privacy engineers promote innovation and trust
Forward-thinking companies are hiring privacy engineers. Could your organization benefit? Uncover how these experts promote innovation and fortify customer trust. Continue Reading
-
Feature
04 Aug 2021
How to prepare for the CompTIA CySA+ exam
The author of the CompTIA CySA+ certification guide offers advice on how to prepare for the exam, discusses the benefits of the cert and more. Continue Reading
-
Quiz
04 Aug 2021
Sample CompTIA CySA+ test questions with answers
Going for your CompTIA CySA+ certification? Test what you know before taking the exam with these sample test questions on vulnerability assessment output. Continue Reading
-
Feature
30 Jun 2021
What is the BISO role and is it necessary?
Relatively new and somewhat controversial, the business information security officer, or BISO, acts as the CISO's tactical and operations-level ambassador to the business units. Continue Reading
-
Guest Post
15 Apr 2021
5 cybersecurity testing areas CISOs need to address
With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
-
Quiz
14 Apr 2021
Sample CCISO exam questions on security project management
This excerpt of 'CCISO Certified Chief Information Security Officer All-In-One Exam Guide' explains security project management fundamentals and provides practice CCISO exam questions. Continue Reading
-
Feature
14 Apr 2021
CCISO exam guide authors discuss the changing CISO role
Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape. Continue Reading
-
Feature
12 Apr 2021
Advice on how to prepare for the CompTIA Security+ exam
The CompTIA Security+ certification is a smart starting point for cybersecurity career hopefuls. Learn how to prepare for the exam, what to expect post-certification and more. Continue Reading
-
Quiz
12 Apr 2021
Sample CompTIA Security+ exam questions and answers
The CompTIA Security+ exam covers a wide swath of topics, from threats to compliance to architecture. Test what you know about malware with these sample test questions. Continue Reading
-
Guest Post
26 Feb 2021
6 ways to prevent cybersecurity burnout
Consider investing in training for new employees, offering mentoring and setting goals, automating where possible and more to help prevent cybersecurity burnout. Continue Reading
-
Feature
29 Jan 2021
The case for applying psychology in cybersecurity training
Chartered psychologist Rebecca McKeown describes how psychology in cybersecurity can improve incident response and makes the case for a research-based approach to training. Continue Reading
-
Quiz
30 Dec 2020
Review 6 phases of incident response for GCIH exam prep
'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' takes a deep dive into the six phases of incident response to help security pros with GCIH exam prep and certification. Continue Reading
-
Feature
30 Dec 2020
Preparing for GIAC Certified Incident Handler certification
The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding. Continue Reading
-
Guest Post
18 Dec 2020
How to address the skills gap of security and IT personnel
In part two of Jonathan Meyers' look at the skills gap challenge companies face in cybersecurity, he offers recommendations to consider when ensuring your teams have the skills needed. Continue Reading
-
Feature
24 Nov 2020
Compare 5 SecOps certifications and training courses
Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response. Continue Reading
-
Tip
24 Sep 2020
Cybersecurity team structure stronger with 3 new roles
Having the right cybersecurity team in place can help reduce how long it takes to control threats. Consider adding cloud security, third-party risk and digital ethics specialists. Continue Reading
-
Feature
22 Sep 2020
Inclusive job descriptions key for infosec hiring
When seeking candidates for infosec job roles, it helps to think outside the box. Inclusive job descriptions and cutting back on unnecessary requirements are good places to start. Continue Reading
-
Guest Post
09 Sep 2020
Best practices for ethically teaching cybersecurity skills
Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry. Continue Reading
-
Quiz
20 Aug 2020
CISSP practice exam questions and answers
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill. Continue Reading
-
Feature
03 Aug 2020
Which type of CISO are you? Company fit matters
Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you. Continue Reading
-
Opinion
03 Aug 2020
Develop internal cybersecurity talent to build your dream team
Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development. Continue Reading
- 03 Aug 2020
-
Feature
22 Jul 2020
Minorities in cybersecurity face unique and lasting barriers
IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them. Continue Reading
-
Tip
07 Jul 2020
Navigate the DOD's Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them. Continue Reading
-
Feature
07 Jul 2020
Why COVID-19 won't stop cybersecurity jobs and recruitment
The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe. Continue Reading
-
Feature
16 Jun 2020
Invest in new security talent with cybersecurity mentorships
Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must. Continue Reading
-
Feature
01 May 2020
CISO stress and burnout cause high churn rate
The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work. Continue Reading
-
Feature
07 Apr 2020
Skill building is key to furthering gender diversity in tech
Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent. Continue Reading
-
Feature
26 Mar 2020
CISA exam preparation requires learning ethics, standards, new vocab
The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary. Continue Reading
-
Quiz
26 Mar 2020
CISA practice questions to prep for the exam
Ready to take the Certified Information Systems Auditor exam? Use these CISA practice questions to test your knowledge of the audit process job practice domain. Continue Reading
-
Feature
12 Mar 2020
ITOps security requires attention to training
Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security. Continue Reading
-
Answer
26 Feb 2020
Good cybersecurity thesis topics for a master's degree
Writing a master's thesis? A strong topic positions you for academic and professional success, while a weak one promises to make an already intensive process arduous at best. Continue Reading
-
Feature
07 Jan 2020
The who, what, why -- and challenges -- of CISM certification
Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you. Continue Reading
-
Answer
26 Nov 2019
What is the role of CISO in network security?
The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees. Continue Reading
-
Feature
06 Nov 2019
4 innovative ways to remedy the cybersecurity skills gap
Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading
-
Feature
01 Nov 2019
A cybersecurity skills gap demands thinking outside the box
Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe. Continue Reading
- 01 Nov 2019
-
Infographic
01 Nov 2019
Enterprises feel the pain of cybersecurity staff shortages
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount. Continue Reading
-
News
16 Sep 2019
DerbyCon attendees and co-founder reflect on the end
DerbyCon attendees and co-founder Dave Kennedy reflect on the legacy and future of the conference following its final event, which took place in Louisville, Ky. Continue Reading
-
Quiz
16 Sep 2019
Test your infosec smarts about IAM and other key subjects
Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more. Continue Reading
-
Feature
29 Aug 2019
Varied options to solving the cybersecurity skills shortage
There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik. Continue Reading
-
Tip
29 Aug 2019
How to navigate the often challenging CISO career path
There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey. Continue Reading
-
News
28 Aug 2019
Breaking into cybersecurity careers through nontraditional paths
Some DEF CON attendees discussed their nontraditional paths into cybersecurity and how networking and being eager to learn can bridge the gap between experience and job requirements. Continue Reading
-
Feature
01 Aug 2019
For board of directors, cybersecurity literacy is essential
For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way. Continue Reading
- 01 Aug 2019
-
Feature
30 Jul 2019
Digital transformation redefines cybersecurity skills, careers
The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think. Continue Reading
-
Feature
30 Jul 2019
How to pass the CISSP exam on your first try: Tips to get a good score
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more. Continue Reading
-
Feature
23 Jul 2019
Portrait of a CISO: Roles and responsibilities
Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading
-
News
18 Jun 2019
Gartner: Cybersecurity skills shortage requires a new approach
At the Gartner Security and Risk Management Summit, analysts discuss the challenge of finding skilled cybersecurity professionals and how it can be solved. Continue Reading
-
News
10 May 2019
Effects of cybersecurity skills shortage worsening, new study says
The cybersecurity skills shortage is putting businesses at risk in a variety of ways, according to a new study. Experts suggest ways to combat the problem. Continue Reading
-
News
29 Mar 2019
Study: Cybersecurity professionals taking on more data privacy duties
At the SecureWorld Boston conference, ISSA unveils data that shows cybersecurity professionals are taking on more data privacy duties. Experts sound off on what it signifies. Continue Reading
-
Feature
01 Feb 2019
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
- 01 Feb 2019
-
News
19 Oct 2018
(ISC)2: Cybersecurity workforce shortage nears 3 million worldwide
With a workforce in short supply, the skills gap has affected the professional growth of security pros worldwide, an (ISC)2 Cybersecurity Workforce Study found. Continue Reading
-
News
09 Oct 2018
At (ISC)² Security Congress 2018, a congressman calls for action
Rep. Cedric Richmond (D-La.) outlined three key strategies for addressing cybersecurity policy and workforce gaps. Continue Reading
-
News
08 Oct 2018
(ISC)² Security Congress 2018 tackles industry challenges
Professional development will take center stage this week at the eighth annual (ISC)² Security Congress. Continue Reading
-
Opinion
02 Oct 2018
Kurt Huhn discusses the role of CISO in the Ocean State
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO. Continue Reading
- 02 Oct 2018
-
News
14 Aug 2018
Amanda Rousseau on becoming a cybersecurity researcher
Cybersecurity researcher Amanda Rousseau discusses the relationship between the infosec community and law enforcement and how to create the next generation of white hat hackers. Continue Reading
-
Opinion
01 Aug 2018
Fannie Mae CISO calls for more data on security incidents
Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender. Continue Reading
-
Survey
01 Aug 2018
Not enough information security analysts, despite higher wages
Survey data on global skills shortages does not show significant changes, even as companies turn to strategies such as security automation to make security teams more efficient. Continue Reading
- 27 Jul 2018
- 27 Jul 2018
-
Feature
19 Jul 2018
Endgame's Devon Kerr on what it takes to be a threat hunter
Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading
-
Opinion
01 Jun 2018
Walmart's Jerry Geisler on the CISO position, retail challenges
A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation. Continue Reading
-
News
31 May 2018
New Walmart CISO discusses protecting the world's largest retailer
Walmart CISO Jerry Geisler talks about the retail giant's evolving cloud strategy, vulnerability management and risks the company is focused on across its environments. Continue Reading
-
Feature
30 May 2018
McAfee CISO explains why diversity in cybersecurity matters
Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas. Continue Reading
- 29 May 2018
-
News
23 Apr 2018
Women in cybersecurity discuss hiring, advice and being mentors
A panel of women cybersecurity professionals at the RSA Conference discussed ways to find the best job candidates, the best advice they've received and how to be better mentors. Continue Reading
-
Opinion
03 Apr 2018
Healthcare CISO: 'Hygiene and patching take you a long way'
Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details. Continue Reading
-
Report
03 Apr 2018
CISO survey paints a grim picture: Weak staff, breach fears
Roughly 60% of CISOs expect phishing scams, malware disruptions and cyberattacks that cause 'significant downtime' to affect their company in 2018. Continue Reading
- 30 Mar 2018
- 30 Mar 2018
-
Answer
30 Mar 2018
Do CISOs need computer science degrees?
Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have. Continue Reading
-
Feature
29 Mar 2018
CPE for CISSP: Top 10 ways to master continuing education
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements. Continue Reading
-
News
23 Mar 2018
CSO Stamos leaving Facebook, according to reports
News roundup: Is Alex Stamos leaving Facebook? The CSO hasn't confirmed, but reports say yes. Plus, an Orbitz breach exposed the payment card data of 880,000 people, and more. Continue Reading
-
Tip
22 Mar 2018
Becoming a cybersecurity professional: What are the options?
A cybersecurity professional has several options for their career path. Expert Ernie Hayden reviews the cybersecurity career track options and what skills are required for each one. Continue Reading
-
News
09 Mar 2018
OURSA takes on RSA Conference to highlight diversity
News roundup: Our Security Advocates emerges amid criticism of RSA Conference's lack of female keynote speakers. Plus, a kill switch is discovered for the Memcrashed DDoS exploit, and more. Continue Reading
-
Security School
21 Feb 2018
CISSP Domain 8: Software development security explained
If you're studying for the CISSP exam, don't miss this special Security School on Domain 8. Review important concepts in software development security and sharpen your skills. Continue Reading
-
Quiz
21 Feb 2018
Domain 8: Security in software development lifecycle quiz
Understanding the ins and outs of the software development lifecycle is pivotal to passing Domain 8 of the CISSP exam. Are you ready? Find out with this practice quiz. Continue Reading
-
Tip
19 Feb 2018
Use software forensics to uncover the identity of attackers
By analyzing the proverbial fingerprints of malicious software -- its program code -- infosec pros can gain meaningful insights into an attacker's intent and identity. Continue Reading
-
Security School
13 Feb 2018
CISSP Domain 7: Security operations
Learn about important cybersecurity techniques and technologies that serve as the foundation of both day-to-day security operations and incident response. Continue Reading
-
Quiz
13 Feb 2018
Get ready for CISSP Domain 7: Cyberattack prevention quiz
Do you know what it takes to stop bad guys in their tracks? Find out with this practice quiz on cybersecurity methods and tools used to thwart or recover from an attack. Continue Reading
-
Answer
06 Feb 2018
What are the root causes of the cybersecurity skills shortage?
SearchSecurity talks with David Shearer, CEO of (ISC)2, about what is -- and isn't -- contributing to the cybersecurity skills shortage in the U.S., as well as how to fix the problem. Continue Reading
-
Tip
06 Feb 2018
Information security certification guide: Specialized certifications
This information security certification guide looks at vendor-neutral certifications in specialized areas such as risk management, security auditing and secure programming. Continue Reading
-
Tip
05 Feb 2018
Fight a targeted cyberattack with network segmentation, monitoring
It takes a variety of tactics, including network segmenting and monitoring, to safeguard the network. Learn the latest defenses to keep your network safe. Continue Reading
-
Opinion
01 Feb 2018
Fred Cohen on strategic security: 'Start with the assumptions'
Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance. Continue Reading
-
Feature
01 Feb 2018
David Neuman: The CISO position and keeping the cloud safe
The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector. Continue Reading
- 31 Jan 2018
-
Tip
30 Jan 2018
Information security certification guide: Forensics
This information security certificate guide looks at vendor-neutral computer forensics certifications for IT professionals interested in cyber attribution and investigations. Continue Reading
