Careers and certifications

Security admins, pen testers and CISOs are a few of many potential cybersecurity careers. Get advice on making a career choice and finding the trainings and certifications -- such as Security+, CISSP and CCSK -- needed to land an infosec job, along with guidance on succeeding in a security profession.

Top Stories

Tip 23 Jul 2025
Top DevSecOps certifications and trainings for 2025

DevOps Institute, Practical DevSecOps, EXIN and EC-Council are among the organizations that offer DevSecOps certifications and trainings for cybersecurity professionals. Continue Reading
By
- Colin Domoney
Tip 01 Jul 2025
Cybersecurity career path: A strategic guide for professionals

There's no single path for everyone, but knowing what employers look for and following these best practices can help you move up the cybersecurity career ladder. Continue Reading
By
- Chris Tozzi

Tip 19 Feb 2018
Use software forensics to uncover the identity of attackers

By analyzing the proverbial fingerprints of malicious software -- its program code -- infosec pros can gain meaningful insights into an attacker's intent and identity. Continue Reading
By
- (ISC) 2
Security School 13 Feb 2018

CISSP Domain 7: Security operations

Learn about important cybersecurity techniques and technologies that serve as the foundation of both day-to-day security operations and incident response. Continue Reading
Quiz 13 Feb 2018
Get ready for CISSP Domain 7: Cyberattack prevention quiz

Do you know what it takes to stop bad guys in their tracks? Find out with this practice quiz on cybersecurity methods and tools used to thwart or recover from an attack. Continue Reading
By
- (ISC) 2
Answer 06 Feb 2018
What are the root causes of the cybersecurity skills shortage?

SearchSecurity talks with David Shearer, CEO of (ISC)2, about what is -- and isn't -- contributing to the cybersecurity skills shortage in the U.S., as well as how to fix the problem. Continue Reading
By
- Rob Wright, Senior News Director
Tip 06 Feb 2018
Information security certification guide: Specialized certifications

This information security certification guide looks at vendor-neutral certifications in specialized areas such as risk management, security auditing and secure programming. Continue Reading
By
- Ed Tittel
Tip 05 Feb 2018
Fight a targeted cyberattack with network segmentation, monitoring

It takes a variety of tactics, including network segmenting and monitoring, to safeguard the network. Learn the latest defenses to keep your network safe. Continue Reading
By
- Michael Cobb
Opinion 01 Feb 2018
Fred Cohen on strategic security: 'Start with the assumptions'

Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance. Continue Reading
By
- Marcus J. Ranum
Feature 01 Feb 2018
David Neuman: The CISO position and keeping the cloud safe

The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector. Continue Reading
By
- Alan R. Earls
31 Jan 2018

David Neuman: The CISO position and keeping the cloud safe

Continue Reading
Tip 30 Jan 2018
Information security certification guide: Forensics

This information security certificate guide looks at vendor-neutral computer forensics certifications for IT professionals interested in cyber attribution and investigations. Continue Reading
By
- Ed Tittel
26 Jan 2018

Fred Cohen on strategic security: 'Start with the assumptions'

Continue Reading
Tip 26 Jan 2018
Information security certification guide: Advanced level

Part three of this information security certification guide looks at vendor-neutral advanced security certifications for more experienced IT professionals. Continue Reading
By
- Ed Tittel
Tip 29 Dec 2017
Information security certification guide: Intermediate level

Part two of this information security certificate guide looks at vendor-neutral intermediate certifications for IT professionals interested in midlevel positions. Continue Reading
By
- Ed Tittel
Security School 19 Dec 2017

CISSP Domain 6: The importance of security assessments and testing

Security assessment and testing should be baked into your regular IT workflows so that you’re able to spot software vulnerabilities before they turn into full-blown attacks. Continue Reading
Quiz 18 Dec 2017
CISSP Domain 6 quiz: Vulnerabilities in software

Domain 6 of the CISSP exam tests how well you understand the security assessment and testing strategies needed to recognize, prevent and remedy vulnerabilities in software. Continue Reading
By
- (ISC) 2
Security School 11 Dec 2017

CISSP Domain 5: Cloud identity management and access control

From cloud identity and access management to physical access control, this study guide will help you review key concepts from Domain 5 of the CISSP exam. Continue Reading
Quiz 08 Dec 2017
CISSP Domain 5 quiz: Types of access control systems

Get ready for the CISSP exam with this 10-question practice quiz covering key concepts in Domain 5, including access control, identity, authentication and more. Continue Reading
By
- (ISC) 2
Feature 01 Dec 2017
John Germain lands the new CISO position at Duck Creek

Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats. Continue Reading
By
- Alan R. Earls
29 Nov 2017

What's with cybersecurity education? We ask Blaine Burnham

Continue Reading
28 Nov 2017

John Germain lands the new CISO position at Duck Creek

Continue Reading
Tip 20 Nov 2017
How to prevent password attacks and other exploits

Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses. Continue Reading
By
- (ISC) 2
30 Oct 2017

Transitioning to the role of CISO: Dr. Alissa Johnson

Continue Reading
30 Oct 2017

From the White House to IBM Watson technology with Phyllis Schneck

Continue Reading
Quiz 09 Oct 2017
CISSP Domain 4 quiz: Network security basics

Think you know network security basics inside and out? Take this 10-question quiz to find out how well you’ve prepared for Domain 4 of the CISSP exam. Continue Reading
By
- (ISC) 2
Security School 09 Oct 2017

CISSP Domain 4: Communications and network security

Brush up on network security fundamentals like segmentation and secure routing in this CISSP exam study guide for Domain 4, Communication and Network Security. Continue Reading
E-Zine 04 Oct 2017

What does a CISO do now? It's a changing, increasingly vital role

What does a CISO do in this day and age? The responsibilities of a chief information security officer, the senior executive responsible for an organization's information security program, are growing dramatically. Once relegated to the IT department -- if there was a designated corporate role at all -- the CISO is now often a member of the C-suite team, working alongside the CIO and others, formulating information security strategy and policy with an eye on both security and the business bottom line.
As the volume and sophistication of cyberattacks expand and corporate liability grows -- threatening profits and displeasing shareholders -- CISOs are now tasked with making tough decisions on how tools, systems and training are best used to manage risk. This quarterly supplement to Information Security magazine looks at the state of the CISO role -- how it's changed, where it's heading and what it takes to become an effective CISO in terms of cybersecurity skills, staff support and education.
Continue Reading
04 Oct 2017

Challenging role of CISO presents many opportunities for change

Continue Reading
03 Oct 2017

The CISO job seems to be finally getting the credit it's due

Continue Reading
Feature 02 Oct 2017
Agnes Kirk on the role of CISO, Washington's state of mind

A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security. Continue Reading
By
- Alan R. Earls
28 Sep 2017

Agnes Kirk on the role of CISO, Washington's state of mind

Continue Reading
Quiz 12 Sep 2017
CISSP Domain 3 quiz: Security engineering

In preparing for Domain 3, Security Engineering, CISSP candidates should review a wide range of concepts, from security models to cryptography systems. Continue Reading
By
- (ISC) 2
Security School 12 Sep 2017

CISSP Domain 3: Security systems engineering

Planning to take the CISSP exam? Brush up on essential concepts and vocabulary in security systems engineering, covered in Domain 3, in this Security School. Continue Reading
Tip 24 Aug 2017
Cryptography attacks: The ABCs of ciphertext exploits

Encryption is used to protect data from peeping eyes, making cryptographic systems an attractive target for attackers. Here are 18 types of cryptography attacks to watch out for. Continue Reading
By
- (ISC) 2
Quiz 17 Aug 2017
CISSP Domain 2 quiz: Data security control, asset protection

Domain 2 of the CISSP exam, known as asset security, covers data security control, classification, ownership and more. Test your knowledge with this 10-question practice quiz. Continue Reading
By
- (ISC) 2
Opinion 01 Aug 2017
Interfacing with an information technology entrepreneur

E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works. Continue Reading
By
- Marcus J. Ranum
Feature 01 Aug 2017
Deborah Wheeler lands role of CISO at Delta Air Lines

The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role. Continue Reading
By
- Alan R. Earls
Security School 26 Jul 2017

CISSP Domain 1: Cybersecurity and risk management

Partner with business leaders and apply information security management principles to best address enterprise governance, risk management and compliance needs. Continue Reading
26 Jul 2017

Deborah Wheeler lands role of CISO at Delta Air Lines

Continue Reading
26 Jul 2017

Interfacing with an information technology entrepreneur

Continue Reading
Quiz 20 Jul 2017
CISSP Domain 1 quiz: Security and risk management

Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz. Continue Reading
By
- (ISC) 2
Video 17 Jul 2017
As privacy requirements evolve, CISSPs must stay informed

Just as technology constantly changes, so too do the laws and regulations that govern data privacy. CISSPs must remain aware of their organization's individual requirements. Continue Reading
By
- (ISC) 2
News 12 Jul 2017
IT diversity and the cyberskills gap Q&A with Jules Okafor

Jules Okafor discusses the skills gap in the cybersecurity industry, how better IT diversity could help, and what is needed to bring in more women and minorities. Continue Reading
By
- Michael Heller, TechTarget
News 07 Jul 2017
Cybersecurity skills gap fixes must support minorities

A new survey shows a majority of organizations are facing a cybersecurity skills gap and experts say more focus on women and minorities could be key to finding talent. Continue Reading
By
- Michael Heller, TechTarget
Tip 28 Jun 2017
IT security governance fosters a culture of shared responsibility

Effective information security governance programs require a partnership between executive leadership and IT. All parties work toward a common goal of protecting the enterprise. Continue Reading
By
- (ISC) 2
Tip 09 Jun 2017
Guide to vendor-specific IT security certifications

The abundance of vendor-specific information technology security certifications can overwhelm any infosec professional. Expert Ed Tittel helps navigate the crowded field. Continue Reading
By
- Ed Tittel
Opinion 01 Jun 2017
Wendy Nather: 'We're on a trajectory for profound change'

This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more. Continue Reading
By
- Marcus J. Ranum
Report 01 Jun 2017
Report: Threat hunting is more SOC than intel

Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements. Continue Reading
By
- Kathleen Richards
Feature 01 Jun 2017
Experian's Tom King tackles role of CISO from the ground up

An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says. Continue Reading
By
- Alan R. Earls
26 May 2017

Report: Threat hunting is more SOC than intel

Continue Reading
26 May 2017

Experian's Tom King tackles role of CISO from the ground up

Continue Reading
26 May 2017

Wendy Nather: 'We're on a trajectory for profound change'

Continue Reading
E-Zine 01 May 2017

Cybersecurity careers soar with security leadership skills

Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex environments. Whether they report into the CIO or outside of the IT organization, CISOs handle growing levels of responsibilities as evolving threats and infrastructures mean higher risk and no room for staff shortages. In this Information Security issue on cybersecurity careers, we look at the path to CISO. What are the measures of success or failure in this positon? Is it worth it?
As more Fortune 5000 companies seek CISOs to handle cybersecurity concerns, larger organizations in financial services and defense industries have piqued everyone's interest with their continued investment in the human factor -- the je ne sais quoi that results in successful threat hunting. While many definitions of hunting can be found, threat hunters essentially search for the traces attackers leave behind in an IT environment, usually before any alerts of their activities are generated by security devices.

"I used to think that only the best security operations center people could be threat hunters, but that's not always true," said Anton Chuvakin, a Gartner research vice president. "The best SOC analyst may be good at responding to alerts, but they don't always have the creativity that's needed."

As automation and machine learning gain hold, technology is still no substitute for security leadership abilities and cybersecurity talent. In this issue of Information Security magazine, we look at cybersecurity careers and the best ways to build top-notch security organizations.
Continue Reading
Feature 01 May 2017
Is threat hunting the next step for modern SOCs?

The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats. Continue Reading
By
- Steve Zurier, ZFeatures
Feature 01 May 2017
Polycom CISO focused on ISO 27001 certification, data privacy

Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company. Continue Reading
By
- Alan R. Earls
Feature 01 May 2017
Challenging role of CISO presents many opportunities for change

With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited. Continue Reading
By
- Kathleen Richards
Opinion 01 May 2017
CISO job requires proven track record in business and security

In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater. Continue Reading
By
- Kathleen Richards
Tip 01 May 2017
Improving the cybersecurity workforce with full spectrum development

Eric Patterson, executive director of the SANS Technology Institute, explains why it's time to rethink educational development to strengthen the cybersecurity workforce. Continue Reading
By
- Eric Patterson
26 Apr 2017

Challenging role of CISO presents many opportunities for change

Continue Reading
26 Apr 2017

CISO job requires proven track record in business and security

Continue Reading
26 Apr 2017

Polycom CISO focused on ISO 27001 certification, data privacy

Continue Reading
26 Apr 2017

Is threat hunting the next step for modern SOCs?

Continue Reading
Quiz 05 Apr 2017

CISSP Practice Exam and Study Guides

Studying for, obtaining and maintaining your CISSP® certification has now become more convenient with SearchSecurity.com. Continue Reading
Opinion 03 Apr 2017
Chenxi Wang discusses DEF CON hacking conference, 'Equal Respect'

Grassroots efforts to shift cultural thinking in information security have had a positive effect, the former professor of computer engineering says. Continue Reading
By
- Marcus J. Ranum
Feature 03 Apr 2017
In her new role of CISO, Annalea Ilg is curious, driven and paranoid

The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure. Continue Reading
By
- Alan R. Earls
30 Mar 2017

Chenxi Wang discusses DEF CON hacking conference, 'Equal Respect'

Continue Reading
30 Mar 2017

In her new role of CISO, Annalea Ilg is curious, driven and paranoid

Continue Reading
Opinion 01 Mar 2017
Q&A: IBM's Diana Kelley got an early start in IT, security came later

How did an editor become a security architect? A fascination with computers sparked a lifelong journey for IBM's executive security advisor. Continue Reading
By
- Marcus J. Ranum
Feature 01 Mar 2017
MIAX Options CSO on security's role in business continuity

Faced with the demands of derivatives trading, CSO John Masserini understands the value of aligning controls with business risk. We ask him how he does it. Continue Reading
By
- Alan R. Earls
24 Feb 2017

MIAX Options CSO on security's role in business continuity

Continue Reading
24 Feb 2017

Q&A: IBM's Diana Kelley got an early start in IT, security came later

Continue Reading
Feature 01 Feb 2017
Role of CISO: FICO enlists CISO in security product management

As head of FICO's information security program, Vickie Miller's role is wide-ranging. Continue Reading
By
- Alan R. Earls
Opinion 01 Feb 2017
Uncharted path to IT and compliance with Digital River's Dyann Bradbury

Bradbury chats with Marcus J. Ranum about her early interest in computers and her unexpected career path to head of global compliance for an e-commerce provider. Continue Reading
By
- Marcus J. Ranum
30 Jan 2017

Role of CISO: FICO enlists CISO in security product management

Continue Reading
30 Jan 2017

Uncharted path to IT and compliance with Digital River's Dyann Bradbury

Continue Reading
Tip 28 Jul 2016
How infosec professionals can improve their careers through writing

Writing can be one of the best ways to establish your reputation as an infosec professional. Expert Joshua Wright of the SANS Institute explains the best ways to do it. Continue Reading
By
- Joshua Wright, SANS Institute
Feature 29 Jun 2016
CISSP online training: Software Development Security domain

Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats. Continue Reading
By
- Shon Harris , Logical Security
Answer 06 May 2015
How should we hire for specialized information security roles?

A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Tip 02 Feb 2015
Getting to know the new GIAC certification: GCCC

The new GIAC certification, GCCC, is not a very specific certification, but it could prove useful in organizations. Expert Joseph Granneman explains why. Continue Reading
By
- Joseph Granneman, Illumination.io
Quiz 17 Oct 2014
CISSP quiz: System architecture, security models, system evaluation

Test your knowledge of the CISSP exam's Security Architecture and Design domain by taking this practice quiz that covers topics including system architecture, security models and more. Continue Reading
By
- Shon Harris , Logical Security
Feature 16 Oct 2014
CISSP Essentials Security School

SearchSecurity's CISSP Essentials Security School offers free training for CISSP certification, featuring videos, tutorials and sample exam questions. Continue Reading
By
- Shon Harris , Logical Security
Feature 03 Oct 2014
CISSP cryptography training: Components, protocols and authentication

Spotlight article: Shon Harris outlines the main topics in the CISSP domain on cryptography -- background information, cryptography components, digital authentication, protocols and more. Continue Reading
By
- Shon Harris , Logical Security
Quiz 02 Oct 2014
CISSP quiz: Cryptography CISSP certification practice test

Test your knowledge of the CISSP exam's Cryptography Domain by taking this practice quiz, which covers topics including public and private keys, encryption algorithms, digital certificates and more. Continue Reading
By
- Shon Harris , Logical Security
Feature 19 Sep 2014
CISSP online training: Inside the access control domain

Spotlight article: Shon Harris discusses the main topics covered in the CISSP domain on access control, including authorization, authentication, identity management and more. Continue Reading
By
- Shon Harris , Logical Security
Quiz 17 Sep 2014
CISSP quiz: Access control models and components

Test your knowledge of the CISSP exam's Access Control Domain by taking this practice quiz, which covers topics including access control models, one-time passwords, IPS/IDS and more. Continue Reading
By
- Shon Harris , Logical Security
Quiz 04 Sep 2014
CISSP quiz: Information security governance and risk management

Test your knowledge of the Information Security Governance and Risk Management domain of the CISSP exam by taking this practice quiz. Continue Reading
By
- Shon Harris , Logical Security
Feature 11 Sep 2008

Spotlight article: Domain 8, Laws, Investigations and Ethics

Get a detailed introduction to the concepts of CISSP exam Domain 8, Laws, Investigations and Ethics. Continue Reading
Answer 24 Sep 2004

How much time does it take to prepare for the CISSP?

Continue Reading

1
2
3

Search Networking

How platform-based networking enables network management
Platform-based networking tweaks the platformization model to become a comprehensive tool set for network administrators.
An introduction to satellite network architecture
Satellite network architecture consists of three segments: space, ground and control. Satellite networks enhance networking ...
Network pros need Ansible network automation skills
Network administrators must develop Ansible skills to learn how to automate and manage system resources across an infrastructure,...

Search CIO

4 examples of IT department goals
An important consideration for setting IT goals specifically is aligning them with the overall goals of the larger organization. ...
ISO 31000 vs. COSO: Comparing risk management standards
ISO 31000 and the COSO ERM framework are the two most popular risk management standards. Here's what they include and some of ...
Federal research funding cuts could slow tech innovation
With massive funding cuts proposed at both federal research agencies and U.S. universities, U.S. R&D investment is poised to fall...

Search Enterprise Desktop

How to use Windows Update for Business with Group Policy
When organizations need to manage Windows updates, Windows Update for Business can provide all the control they need. And IT ...
How to reset Windows 11 PC from BIOS
There are many ways to reset a desktop, and resetting from BIOS is perhaps the most drastic of these options. Learn how this ...
Comparing MSI vs. MSIX
While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

Search Cloud Computing

Demystify the cloud and edge computing relationship
Edge computing remains primarily on-prem, but evolving technologies like 5G might enable some workloads to migrate to shared ...
Beyond replacement: How AI is enhancing PaaS offerings
AI is transforming PaaS with automation and cost-efficient features, but will it eventually replace cloud platforms? Industry ...
The cloud's role in PQC migration
Even though Q-Day might be several years away, enterprises should develop a strategic plan to prepare for the future. Experts ...

ComputerWeekly.com

US seeks ‘unquestioned’ AI dominance
US AI Action Plan sets out plans to expand American dominance in the world of artificial intelligence
SharePoint users hit by Warlock ransomware, says Microsoft
Microsoft’s security analysts confirm a number of cyber attacks on on-premise SharePoint Server users involve ransomware
Scattered Spider victim Clorox sues helpdesk provider
Cleaning products manufacturer Clorox fell victim to a Scattered Spider social engineering attack two years ago – it blames its ...

Close