Careers and certifications
Security admins, pen testers and CISOs are a few of many potential cybersecurity careers. Get advice on making a career choice and finding the trainings and certifications -- such as Security+, CISSP and CCSK -- needed to land an infosec job, along with guidance on succeeding in a security profession.
Top Stories
-
Feature
23 May 2023
How to become a bug bounty hunter: Getting started
Finding, exploiting and reporting vulnerabilities can be both lucrative and educational. Security researcher Vickie Li explains how to become a bug bounty hunter. Continue Reading
-
News
10 May 2023
CISOs face mounting pressures, expectations post-pandemic
Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees. Continue Reading
-
Video
17 Jul 2017
As privacy requirements evolve, CISSPs must stay informed
Just as technology constantly changes, so too do the laws and regulations that govern data privacy. CISSPs must remain aware of their organization's individual requirements. Continue Reading
-
News
12 Jul 2017
IT diversity and the cyberskills gap Q&A with Jules Okafor
Jules Okafor discusses the skills gap in the cybersecurity industry, how better IT diversity could help, and what is needed to bring in more women and minorities. Continue Reading
-
News
07 Jul 2017
Cybersecurity skills gap fixes must support minorities
A new survey shows a majority of organizations are facing a cybersecurity skills gap and experts say more focus on women and minorities could be key to finding talent. Continue Reading
-
Tip
28 Jun 2017
IT security governance fosters a culture of shared responsibility
Effective information security governance programs require a partnership between executive leadership and IT. All parties work toward a common goal of protecting the enterprise. Continue Reading
-
Tip
09 Jun 2017
Guide to vendor-specific IT security certifications
The abundance of vendor-specific information technology security certifications can overwhelm any infosec professional. Expert Ed Tittel helps navigate the crowded field. Continue Reading
-
Opinion
01 Jun 2017
Wendy Nather: 'We're on a trajectory for profound change'
This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more. Continue Reading
-
Report
01 Jun 2017
Report: Threat hunting is more SOC than intel
Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements. Continue Reading
-
Feature
01 Jun 2017
Experian's Tom King tackles role of CISO from the ground up
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says. Continue Reading
- 26 May 2017
- 26 May 2017
- 26 May 2017
-
E-Zine
01 May 2017
Cybersecurity careers soar with security leadership skills
Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex environments. Whether they report into the CIO or outside of the IT organization, CISOs handle growing levels of responsibilities as evolving threats and infrastructures mean higher risk and no room for staff shortages. In this Information Security issue on cybersecurity careers, we look at the path to CISO. What are the measures of success or failure in this positon? Is it worth it?
As more Fortune 5000 companies seek CISOs to handle cybersecurity concerns, larger organizations in financial services and defense industries have piqued everyone's interest with their continued investment in the human factor -- the je ne sais quoi that results in successful threat hunting. While many definitions of hunting can be found, threat hunters essentially search for the traces attackers leave behind in an IT environment, usually before any alerts of their activities are generated by security devices.
"I used to think that only the best security operations center people could be threat hunters, but that's not always true," said Anton Chuvakin, a Gartner research vice president. "The best SOC analyst may be good at responding to alerts, but they don't always have the creativity that's needed."
As automation and machine learning gain hold, technology is still no substitute for security leadership abilities and cybersecurity talent. In this issue of Information Security magazine, we look at cybersecurity careers and the best ways to build top-notch security organizations.
Continue Reading -
Feature
01 May 2017
Is threat hunting the next step for modern SOCs?
The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats. Continue Reading
-
Feature
01 May 2017
Polycom CISO focused on ISO 27001 certification, data privacy
Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company. Continue Reading
-
Feature
01 May 2017
Challenging role of CISO presents many opportunities for change
With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited. Continue Reading
-
Opinion
01 May 2017
CISO job requires proven track record in business and security
In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater. Continue Reading
-
Tip
01 May 2017
Improving the cybersecurity workforce with full spectrum development
Eric Patterson, executive director of the SANS Technology Institute, explains why it's time to rethink educational development to strengthen the cybersecurity workforce. Continue Reading
- 26 Apr 2017
- 26 Apr 2017
- 26 Apr 2017
- 26 Apr 2017
-
Quiz
05 Apr 2017
CISSP Practice Exam and Study Guides
Studying for, obtaining and maintaining your CISSPĀ® certification has now become more convenient with SearchSecurity.com. Continue Reading
-
Opinion
03 Apr 2017
Chenxi Wang discusses DEF CON hacking conference, 'Equal Respect'
Grassroots efforts to shift cultural thinking in information security have had a positive effect, the former professor of computer engineering says. Continue Reading
-
Feature
03 Apr 2017
In her new role of CISO, Annalea Ilg is curious, driven and paranoid
The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure. Continue Reading
- 30 Mar 2017
- 30 Mar 2017
-
Opinion
01 Mar 2017
Q&A: IBM's Diana Kelley got an early start in IT, security came later
How did an editor become a security architect? A fascination with computers sparked a lifelong journey for IBM's executive security advisor. Continue Reading
-
Feature
01 Mar 2017
MIAX Options CSO on security's role in business continuity
Faced with the demands of derivatives trading, CSO John Masserini understands the value of aligning controls with business risk. We ask him how he does it. Continue Reading
- 24 Feb 2017
- 24 Feb 2017
-
Feature
01 Feb 2017
Role of CISO: FICO enlists CISO in security product management
As head of FICO's information security program, Vickie Miller's role is wide-ranging. Continue Reading
-
Opinion
01 Feb 2017
Uncharted path to IT and compliance with Digital River's Dyann Bradbury
Bradbury chats with Marcus J. Ranum about her early interest in computers and her unexpected career path to head of global compliance for an e-commerce provider. Continue Reading
- 30 Jan 2017
- 30 Jan 2017
-
Tip
28 Jul 2016
How infosec professionals can improve their careers through writing
Writing can be one of the best ways to establish your reputation as an infosec professional. Expert Joshua Wright of the SANS Institute explains the best ways to do it. Continue Reading
-
Feature
29 Jun 2016
CISSP online training: Software Development Security domain
Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats. Continue Reading
-
Answer
06 May 2015
How should we hire for specialized information security roles?
A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals. Continue Reading
-
Tip
02 Feb 2015
Getting to know the new GIAC certification: GCCC
The new GIAC certification, GCCC, is not a very specific certification, but it could prove useful in organizations. Expert Joseph Granneman explains why. Continue Reading
-
Quiz
17 Oct 2014
CISSP quiz: System architecture, security models, system evaluation
Test your knowledge of the CISSP exam's Security Architecture and Design domain by taking this practice quiz that covers topics including system architecture, security models and more. Continue Reading
-
Feature
16 Oct 2014
CISSP Essentials Security School
SearchSecurity's CISSP Essentials Security School offers free training for CISSP certification, featuring videos, tutorials and sample exam questions. Continue Reading
-
Feature
03 Oct 2014
CISSP cryptography training: Components, protocols and authentication
Spotlight article: Shon Harris outlines the main topics in the CISSP domain on cryptography -- background information, cryptography components, digital authentication, protocols and more. Continue Reading
-
Quiz
02 Oct 2014
CISSP quiz: Cryptography CISSP certification practice test
Test your knowledge of the CISSP exam's Cryptography Domain by taking this practice quiz, which covers topics including public and private keys, encryption algorithms, digital certificates and more. Continue Reading
-
Feature
19 Sep 2014
CISSP online training: Inside the access control domain
Spotlight article: Shon Harris discusses the main topics covered in the CISSP domain on access control, including authorization, authentication, identity management and more. Continue Reading
-
Quiz
17 Sep 2014
CISSP quiz: Access control models and components
Test your knowledge of the CISSP exam's Access Control Domain by taking this practice quiz, which covers topics including access control models, one-time passwords, IPS/IDS and more. Continue Reading
-
Quiz
04 Sep 2014
CISSP quiz: Information security governance and risk management
Test your knowledge of the Information Security Governance and Risk Management domain of the CISSP exam by taking this practice quiz. Continue Reading
-
Quiz
16 Sep 2008
CISSP Domain 8 quiz: Law, Investigations and Ethics
If you're planning on getting your CISSP certification, make sure to test your knowledge of Domain 8 quiz: Law, Investigations and Ethics. Continue Reading
-
Feature
11 Sep 2008
Spotlight article: Domain 8, Laws, Investigations and Ethics
Get a detailed introduction to the concepts of CISSP exam Domain 8, Laws, Investigations and Ethics. Continue Reading
- Answer 24 Sep 2004
