Careers and certifications

Skill building is key to furthering gender diversity in tech

Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent. Continue Reading

CISA exam preparation requires learning ethics, standards, new vocab

The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary. Continue Reading

CISA practice questions to prep for the exam

Ready to take the Certified Information Systems Auditor exam? Use these CISA practice questions to test your knowledge of the audit process job practice domain. Continue Reading

ITOps security requires attention to training

Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security. Continue Reading

Good cybersecurity thesis topics for a master's degree

Writing a master's thesis? A strong topic positions you for academic and professional success, while a weak one promises to make an already intensive process arduous at best. Continue Reading

The who, what, why -- and challenges -- of CISM certification

Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you. Continue Reading

What is the role of CISO in network security?

The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees. Continue Reading

4 innovative ways to remedy the cybersecurity skills gap

Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading

A cybersecurity skills gap demands thinking outside the box

Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe. Continue Reading

A cybersecurity skills gap demands thinking outside the box

 Continue Reading

Enterprises feel the pain of cybersecurity staff shortages

It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount. Continue Reading

DerbyCon attendees and co-founder reflect on the end

DerbyCon attendees and co-founder Dave Kennedy reflect on the legacy and future of the conference following its final event, which took place in Louisville, Ky. Continue Reading

Test your infosec smarts about IAM and other key subjects

Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more. Continue Reading

Varied options to solving the cybersecurity skills shortage

There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik. Continue Reading

How to navigate the often challenging CISO career path

There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey. Continue Reading

Breaking into cybersecurity careers through nontraditional paths

Some DEF CON attendees discussed their nontraditional paths into cybersecurity and how networking and being eager to learn can bridge the gap between experience and job requirements. Continue Reading

For board of directors, cybersecurity literacy is essential

For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way. Continue Reading

For board of directors, cybersecurity literacy is essential

 Continue Reading

Digital transformation redefines cybersecurity skills, careers

The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think. Continue Reading

How to pass the CISSP exam on your first try: Tips to get a good score

Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more. Continue Reading

Portrait of a CISO: Roles and responsibilities

Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading

Gartner: Cybersecurity skills shortage requires a new approach

At the Gartner Security and Risk Management Summit, analysts discuss the challenge of finding skilled cybersecurity professionals and how it can be solved. Continue Reading

Effects of cybersecurity skills shortage worsening, new study says

The cybersecurity skills shortage is putting businesses at risk in a variety of ways, according to a new study. Experts suggest ways to combat the problem. Continue Reading

Study: Cybersecurity professionals taking on more data privacy duties

At the SecureWorld Boston conference, ISSA unveils data that shows cybersecurity professionals are taking on more data privacy duties. Experts sound off on what it signifies. Continue Reading

CISO tackles banking cybersecurity and changing roles

Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading

CISO tackles banking cybersecurity and changing roles

 Continue Reading

(ISC)2: Cybersecurity workforce shortage nears 3 million worldwide

With a workforce in short supply, the skills gap has affected the professional growth of security pros worldwide, an (ISC)2 Cybersecurity Workforce Study found. Continue Reading

At (ISC)² Security Congress 2018, a congressman calls for action

Rep. Cedric Richmond (D-La.) outlined three key strategies for addressing cybersecurity policy and workforce gaps. Continue Reading

(ISC)² Security Congress 2018 tackles industry challenges

Professional development will take center stage this week at the eighth annual (ISC)² Security Congress. Continue Reading

Kurt Huhn discusses the role of CISO in the Ocean State

A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO. Continue Reading

Kurt Huhn discusses the role of CISO in the Ocean State

 Continue Reading

Amanda Rousseau on becoming a cybersecurity researcher

Cybersecurity researcher Amanda Rousseau discusses the relationship between the infosec community and law enforcement and how to create the next generation of white hat hackers. Continue Reading

Fannie Mae CISO calls for more data on security incidents

Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender. Continue Reading

Not enough information security analysts, despite higher wages

Survey data on global skills shortages does not show significant changes, even as companies turn to strategies such as security automation to make security teams more efficient. Continue Reading

Fannie Mae CISO calls for more data on security incidents

 Continue Reading

Not enough information security analysts, despite higher wages

 Continue Reading

Endgame's Devon Kerr on what it takes to be a threat hunter

Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading

Walmart's Jerry Geisler on the CISO position, retail challenges

A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation. Continue Reading

New Walmart CISO discusses protecting the world's largest retailer

Walmart CISO Jerry Geisler talks about the retail giant's evolving cloud strategy, vulnerability management and risks the company is focused on across its environments. Continue Reading

McAfee CISO explains why diversity in cybersecurity matters

Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas. Continue Reading

Walmart's Jerry Geisler on the CISO position, retail challenges

 Continue Reading

Women in cybersecurity discuss hiring, advice and being mentors

A panel of women cybersecurity professionals at the RSA Conference discussed ways to find the best job candidates, the best advice they've received and how to be better mentors. Continue Reading

Healthcare CISO: 'Hygiene and patching take you a long way'

Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details. Continue Reading

CISO survey paints a grim picture: Weak staff, breach fears

Roughly 60% of CISOs expect phishing scams, malware disruptions and cyberattacks that cause 'significant downtime' to affect their company in 2018. Continue Reading

CISO survey paints a grim picture: Weak staff, breach fears

 Continue Reading

Healthcare CISO: 'Hygiene and patching take you a long way'

 Continue Reading

Do CISOs need computer science degrees?

Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have. Continue Reading

CPE for CISSP: Top 10 ways to master continuing education

Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements. Continue Reading

CSO Stamos leaving Facebook, according to reports

News roundup: Is Alex Stamos leaving Facebook? The CSO hasn't confirmed, but reports say yes. Plus, an Orbitz breach exposed the payment card data of 880,000 people, and more. Continue Reading

Becoming a cybersecurity professional: What are the options?

A cybersecurity professional has several options for their career path. Expert Ernie Hayden reviews the cybersecurity career track options and what skills are required for each one. Continue Reading

OURSA takes on RSA Conference to highlight diversity

News roundup: Our Security Advocates emerges amid criticism of RSA Conference's lack of female keynote speakers. Plus, a kill switch is discovered for the Memcrashed DDoS exploit, and more. Continue Reading

CISSP Domain 8: Software development security explained

If you're studying for the CISSP exam, don't miss this special Security School on Domain 8. Review important concepts in software development security and sharpen your skills. Continue Reading

Domain 8: Security in software development lifecycle quiz

Understanding the ins and outs of the software development lifecycle is pivotal to passing Domain 8 of the CISSP exam. Are you ready? Find out with this practice quiz. Continue Reading

Use software forensics to uncover the identity of attackers

By analyzing the proverbial fingerprints of malicious software -- its program code -- infosec pros can gain meaningful insights into an attacker's intent and identity. Continue Reading

CISSP Domain 7: Security operations

Learn about important cybersecurity techniques and technologies that serve as the foundation of both day-to-day security operations and incident response. Continue Reading

Get ready for CISSP Domain 7: Cyberattack prevention quiz

Do you know what it takes to stop bad guys in their tracks? Find out with this practice quiz on cybersecurity methods and tools used to thwart or recover from an attack. Continue Reading

What are the root causes of the cybersecurity skills shortage?

SearchSecurity talks with David Shearer, CEO of (ISC)2, about what is -- and isn't -- contributing to the cybersecurity skills shortage in the U.S., as well as how to fix the problem. Continue Reading

Information security certification guide: Specialized certifications

This information security certification guide looks at vendor-neutral certifications in specialized areas such as risk management, security auditing and secure programming. Continue Reading

Fight a targeted cyberattack with network segmentation, monitoring

It takes a variety of tactics, including network segmenting and monitoring, to safeguard the network. Learn the latest defenses to keep your network safe. Continue Reading

Fred Cohen on strategic security: 'Start with the assumptions'

Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance. Continue Reading

David Neuman: The CISO position and keeping the cloud safe

The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector. Continue Reading

David Neuman: The CISO position and keeping the cloud safe

 Continue Reading

Information security certification guide: Forensics

This information security certificate guide looks at vendor-neutral computer forensics certifications for IT professionals interested in cyber attribution and investigations. Continue Reading

Fred Cohen on strategic security: 'Start with the assumptions'

 Continue Reading

Information security certification guide: Advanced level

Part three of this information security certification guide looks at vendor-neutral advanced security certifications for more experienced IT professionals. Continue Reading

Information security certification guide: Intermediate level

Part two of this information security certificate guide looks at vendor-neutral intermediate certifications for IT professionals interested in midlevel positions. Continue Reading

CISSP Domain 6: The importance of security assessments and testing

Security assessment and testing should be baked into your regular IT workflows so that you’re able to spot software vulnerabilities before they turn into full-blown attacks. Continue Reading

CISSP Domain 6 quiz: Vulnerabilities in software

Domain 6 of the CISSP exam tests how well you understand the security assessment and testing strategies needed to recognize, prevent and remedy vulnerabilities in software. Continue Reading

Prevent attacks with these security testing techniques

Software bugs are more than a nuisance. Errors can expose vulnerabilities. Here’s the good news: These security testing tools and techniques can help you avoid them. Continue Reading

Information security certifications: Introductory level

This series looks at the top information security certifications for IT professionals. Part one reviews basic, vendor-neutral certifications for entry-level positions. Continue Reading

CISSP Domain 5: Cloud identity management and access control

From cloud identity and access management to physical access control, this study guide will help you review key concepts from Domain 5 of the CISSP exam. Continue Reading

CISSP Domain 5 quiz: Types of access control systems

Get ready for the CISSP exam with this 10-question practice quiz covering key concepts in Domain 5, including access control, identity, authentication and more. Continue Reading

John Germain lands the new CISO position at Duck Creek

Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats. Continue Reading

What's with cybersecurity education? We ask Blaine Burnham

When he left the NSA, Burnham helped build the security education and research programs at the Georgia Institute of Technology and other universities. What did he learn? Continue Reading

What's with cybersecurity education? We ask Blaine Burnham

 Continue Reading

John Germain lands the new CISO position at Duck Creek

 Continue Reading

How to prevent password attacks and other exploits

Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses. Continue Reading

From the White House to IBM Watson technology with Phyllis Schneck

The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science. Continue Reading

Transitioning to the role of CISO: Dr. Alissa Johnson

Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem." Continue Reading

Transitioning to the role of CISO: Dr. Alissa Johnson

 Continue Reading

From the White House to IBM Watson technology with Phyllis Schneck

 Continue Reading

What's the best career path to get CISSP certified?

The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified. Continue Reading

CISSP Domain 4 quiz: Network security basics

Think you know network security basics inside and out? Take this 10-question quiz to find out how well you’ve prepared for Domain 4 of the CISSP exam. Continue Reading

CISSP Domain 4: Communications and network security

Brush up on network security fundamentals like segmentation and secure routing in this CISSP exam study guide for Domain 4, Communication and Network Security. Continue Reading

The CISO job seems to be finally getting the credit it's due

The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities. Continue Reading

What does a CISO do now? It's a changing, increasingly vital role

What does a CISO do in this day and age? The responsibilities of a chief information security officer, the senior executive responsible for an organization's information security program, are growing dramatically. Once relegated to the IT department -- if there was a designated corporate role at all -- the CISO is now often a member of the C-suite team, working alongside the CIO and others, formulating information security strategy and policy with an eye on both security and the business bottom line.

As the volume and sophistication of cyberattacks expand and corporate liability grows -- threatening profits and displeasing shareholders -- CISOs are now tasked with making tough decisions on how tools, systems and training are best used to manage risk. This quarterly supplement to Information Security magazine looks at the state of the CISO role -- how it's changed, where it's heading and what it takes to become an effective CISO in terms of cybersecurity skills, staff support and education.

 Continue Reading

Challenging role of CISO presents many opportunities for change

 Continue Reading

The CISO job seems to be finally getting the credit it's due

 Continue Reading

Agnes Kirk on the role of CISO, Washington's state of mind

A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security. Continue Reading

Agnes Kirk on the role of CISO, Washington's state of mind

 Continue Reading

CISSP Domain 3 quiz: Security engineering

In preparing for Domain 3, Security Engineering, CISSP candidates should review a wide range of concepts, from security models to cryptography systems. Continue Reading

CISSP Domain 3: Security systems engineering

Planning to take the CISSP exam? Brush up on essential concepts and vocabulary in security systems engineering, covered in Domain 3, in this Security School. Continue Reading

Cryptography attacks: The ABCs of ciphertext exploits

Encryption is used to protect data from peeping eyes, making cryptographic systems an attractive target for attackers. Here are 18 types of cryptography attacks to watch out for. Continue Reading

CISSP Domain 2 quiz: Data security control, asset protection

Domain 2 of the CISSP exam, known as asset security, covers data security control, classification, ownership and more. Test your knowledge with this 10-question practice quiz. Continue Reading

Interfacing with an information technology entrepreneur

E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works. Continue Reading

Deborah Wheeler lands role of CISO at Delta Air Lines

The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role. Continue Reading

CISSP Domain 1: Cybersecurity and risk management

Partner with business leaders and apply information security management principles to best address enterprise governance, risk management and compliance needs. Continue Reading

Deborah Wheeler lands role of CISO at Delta Air Lines

 Continue Reading

Interfacing with an information technology entrepreneur

 Continue Reading

CISSP Domain 1 quiz: Security and risk management

Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz. Continue Reading