Information security certifications, training and jobs
The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.
Top Stories
-
Feature
17 Apr 2023
Top 8 in-demand cybersecurity jobs for 2023 and beyond
Cybersecurity is a challenging career path, filled with professional opportunities. Learn about the top cybersecurity jobs and the training and background they require. Continue Reading
-
Tip
21 Dec 2022
10 must-have cybersecurity skills for career success in 2023
Looking to advance your cybersecurity career? Here are the skills you'll need to win that CISO job, land a gig as a threat hunter and snag other security positions in high demand. Continue Reading
-
Feature
15 May 2019
Women in cybersecurity work to grow voice in US lawmaking
To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress. Continue Reading
-
News
10 May 2019
Effects of cybersecurity skills shortage worsening, new study says
The cybersecurity skills shortage is putting businesses at risk in a variety of ways, according to a new study. Experts suggest ways to combat the problem. Continue Reading
-
News
29 Mar 2019
Study: Cybersecurity professionals taking on more data privacy duties
At the SecureWorld Boston conference, ISSA unveils data that shows cybersecurity professionals are taking on more data privacy duties. Experts sound off on what it signifies. Continue Reading
-
Conference Coverage
07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering
Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
-
Feature
01 Feb 2019
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
- 01 Feb 2019
-
News
19 Oct 2018
(ISC)2: Cybersecurity workforce shortage nears 3 million worldwide
With a workforce in short supply, the skills gap has affected the professional growth of security pros worldwide, an (ISC)2 Cybersecurity Workforce Study found. Continue Reading
-
News
09 Oct 2018
At (ISC)² Security Congress 2018, a congressman calls for action
Rep. Cedric Richmond (D-La.) outlined three key strategies for addressing cybersecurity policy and workforce gaps. Continue Reading
-
News
08 Oct 2018
(ISC)² Security Congress 2018 tackles industry challenges
Professional development will take center stage this week at the eighth annual (ISC)² Security Congress. Continue Reading
-
Opinion
02 Oct 2018
Kurt Huhn discusses the role of CISO in the Ocean State
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO. Continue Reading
- 02 Oct 2018
-
Tip
22 Aug 2018
Find network security vulnerabilities by assessing risk
IT staff needs to regularly review network security vulnerabilities and security gaps to battle rising cybersecurity breaches and keep costs under control through risk assessments. Continue Reading
-
Feature
17 Aug 2018
Facebook cybersecurity: How the company is building a diverse team
Facebook director of security Aanchal Gupta sounds off on the need for diverse security teams and gives an overview of how the social media giant is working to make it happen. Continue Reading
-
News
14 Aug 2018
Amanda Rousseau on becoming a cybersecurity researcher
Cybersecurity researcher Amanda Rousseau discusses the relationship between the infosec community and law enforcement and how to create the next generation of white hat hackers. Continue Reading
-
News
02 Aug 2018
Black Hat 2018 survey: Cybersecurity staffing, budgets still lacking
According to a survey of Black Hat 2018 attendees, organizations are still struggling with insufficient cybersecurity staff and budgets to meet the current and emerging threats. Continue Reading
-
Opinion
01 Aug 2018
Fannie Mae CISO calls for more data on security incidents
Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender. Continue Reading
-
Survey
01 Aug 2018
Not enough information security analysts, despite higher wages
Survey data on global skills shortages does not show significant changes, even as companies turn to strategies such as security automation to make security teams more efficient. Continue Reading
- 27 Jul 2018
- 27 Jul 2018
-
Feature
24 Jul 2018
McAfee CISO: The importance of a strong cybersecurity culture
For McAfee CISO Grant Bourzikas, building a strong cyberdefense culture is essential because employees are the first line of defense to avoid rapidly evolving cybersecurity risks. Continue Reading
-
Podcast
19 Jul 2018
Risk & Repeat: Closing the gender gap at cybersecurity conferences
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the under-representation of women at cybersecurity conferences and how it affects the infosec industry. Continue Reading
-
Feature
19 Jul 2018
Endgame's Devon Kerr on what it takes to be a threat hunter
Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading
-
Opinion
01 Jun 2018
Walmart's Jerry Geisler on the CISO position, retail challenges
A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation. Continue Reading
-
News
31 May 2018
New Walmart CISO discusses protecting the world's largest retailer
Walmart CISO Jerry Geisler talks about the retail giant's evolving cloud strategy, vulnerability management and risks the company is focused on across its environments. Continue Reading
-
Feature
30 May 2018
McAfee CISO explains why diversity in cybersecurity matters
Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas. Continue Reading
- 29 May 2018
-
News
24 May 2018
Federal HR wants to modernize cybersecurity recruiting, pay
The U.S. Dept. of Homeland Security wants to modernize recruitment and management of its cybersecurity workforce. It is asking vendors to explain how DHS can achieve its goals. Continue Reading
-
Tip
17 May 2018
How security operations centers work to benefit enterprises
One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading
-
News
23 Apr 2018
Women in cybersecurity discuss hiring, advice and being mentors
A panel of women cybersecurity professionals at the RSA Conference discussed ways to find the best job candidates, the best advice they've received and how to be better mentors. Continue Reading
-
News
17 Apr 2018
ISACA: Cybersecurity skills gap still hurting enterprises
ISACA's State of Cybersecurity 2018 report offered good news and bad news about the cybersecurity skills gap and also shed light on gender disparity in the infosec profession. Continue Reading
-
Opinion
03 Apr 2018
Healthcare CISO: 'Hygiene and patching take you a long way'
Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details. Continue Reading
-
Report
03 Apr 2018
CISO survey paints a grim picture: Weak staff, breach fears
Roughly 60% of CISOs expect phishing scams, malware disruptions and cyberattacks that cause 'significant downtime' to affect their company in 2018. Continue Reading
- 30 Mar 2018
- 30 Mar 2018
-
Answer
30 Mar 2018
Do CISOs need computer science degrees?
Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have. Continue Reading
-
Feature
29 Mar 2018
CPE for CISSP: Top 10 ways to master continuing education
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements. Continue Reading
-
News
23 Mar 2018
CSO Stamos leaving Facebook, according to reports
News roundup: Is Alex Stamos leaving Facebook? The CSO hasn't confirmed, but reports say yes. Plus, an Orbitz breach exposed the payment card data of 880,000 people, and more. Continue Reading
-
Tip
22 Mar 2018
Becoming a cybersecurity professional: What are the options?
A cybersecurity professional has several options for their career path. Expert Ernie Hayden reviews the cybersecurity career track options and what skills are required for each one. Continue Reading
-
Tip
13 Mar 2018
Software security training: Perspectives on best practices
Software development training with an emphasis on secure coding can improve enterprise security postures. Steve Lipner of SafeCode discusses different ways to get the job done. Continue Reading
-
News
09 Mar 2018
OURSA takes on RSA Conference to highlight diversity
News roundup: Our Security Advocates emerges amid criticism of RSA Conference's lack of female keynote speakers. Plus, a kill switch is discovered for the Memcrashed DDoS exploit, and more. Continue Reading
-
Quiz
21 Feb 2018
Domain 8: Security in software development lifecycle quiz
Understanding the ins and outs of the software development lifecycle is pivotal to passing Domain 8 of the CISSP exam. Are you ready? Find out with this practice quiz. Continue Reading
-
Tip
19 Feb 2018
Use software forensics to uncover the identity of attackers
By analyzing the proverbial fingerprints of malicious software -- its program code -- infosec pros can gain meaningful insights into an attacker's intent and identity. Continue Reading
-
Security School
13 Feb 2018
CISSP Domain 7: Security operations
Learn about important cybersecurity techniques and technologies that serve as the foundation of both day-to-day security operations and incident response. Continue Reading
-
Quiz
13 Feb 2018
Get ready for CISSP Domain 7: Cyberattack prevention quiz
Do you know what it takes to stop bad guys in their tracks? Find out with this practice quiz on cybersecurity methods and tools used to thwart or recover from an attack. Continue Reading
-
Tip
07 Feb 2018
Dynamic application security testing, honeypots hunt malware
Stealth is an attacker's best friend, especially when it comes to sneaking malware past the firewall. Learn about some trusty tools that can stop malware in its tracks. Continue Reading
-
Answer
06 Feb 2018
What are the root causes of the cybersecurity skills shortage?
SearchSecurity talks with David Shearer, CEO of (ISC)2, about what is -- and isn't -- contributing to the cybersecurity skills shortage in the U.S., as well as how to fix the problem. Continue Reading
-
Tip
05 Feb 2018
Fight a targeted cyberattack with network segmentation, monitoring
It takes a variety of tactics, including network segmenting and monitoring, to safeguard the network. Learn the latest defenses to keep your network safe. Continue Reading
-
Opinion
01 Feb 2018
Fred Cohen on strategic security: 'Start with the assumptions'
Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance. Continue Reading
-
Feature
01 Feb 2018
David Neuman: The CISO position and keeping the cloud safe
The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector. Continue Reading
- 31 Jan 2018
- 26 Jan 2018
-
Tip
12 Dec 2017
Prevent attacks with these security testing techniques
Software bugs are more than a nuisance. Errors can expose vulnerabilities. Here’s the good news: These security testing tools and techniques can help you avoid them. Continue Reading
-
Security School
11 Dec 2017
CISSP Domain 5: Cloud identity management and access control
From cloud identity and access management to physical access control, this study guide will help you review key concepts from Domain 5 of the CISSP exam. Continue Reading
-
Quiz
08 Dec 2017
CISSP Domain 5 quiz: Types of access control systems
Get ready for the CISSP exam with this 10-question practice quiz covering key concepts in Domain 5, including access control, identity, authentication and more. Continue Reading
-
Feature
01 Dec 2017
John Germain lands the new CISO position at Duck Creek
Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats. Continue Reading
-
Opinion
01 Dec 2017
What's with cybersecurity education? We ask Blaine Burnham
When he left the NSA, Burnham helped build the security education and research programs at the Georgia Institute of Technology and other universities. What did he learn? Continue Reading
- 29 Nov 2017
- 28 Nov 2017
-
Tip
20 Nov 2017
How to prevent password attacks and other exploits
Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses. Continue Reading
-
Opinion
01 Nov 2017
From the White House to IBM Watson technology with Phyllis Schneck
The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science. Continue Reading
-
Feature
01 Nov 2017
Transitioning to the role of CISO: Dr. Alissa Johnson
Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem." Continue Reading
- 30 Oct 2017
- 30 Oct 2017
-
Answer
26 Oct 2017
What's the best career path to get CISSP certified?
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified. Continue Reading
-
Security School
09 Oct 2017
CISSP Domain 4: Communications and network security
Brush up on network security fundamentals like segmentation and secure routing in this CISSP exam study guide for Domain 4, Communication and Network Security. Continue Reading
-
Feature
04 Oct 2017
The CISO job seems to be finally getting the credit it's due
The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities. Continue Reading
-
E-Zine
04 Oct 2017
What does a CISO do now? It's a changing, increasingly vital role
What does a CISO do in this day and age? The responsibilities of a chief information security officer, the senior executive responsible for an organization's information security program, are growing dramatically. Once relegated to the IT department -- if there was a designated corporate role at all -- the CISO is now often a member of the C-suite team, working alongside the CIO and others, formulating information security strategy and policy with an eye on both security and the business bottom line.
As the volume and sophistication of cyberattacks expand and corporate liability grows -- threatening profits and displeasing shareholders -- CISOs are now tasked with making tough decisions on how tools, systems and training are best used to manage risk. This quarterly supplement to Information Security magazine looks at the state of the CISO role -- how it's changed, where it's heading and what it takes to become an effective CISO in terms of cybersecurity skills, staff support and education.
Continue Reading - 04 Oct 2017
- 03 Oct 2017
-
Feature
02 Oct 2017
Agnes Kirk on the role of CISO, Washington's state of mind
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security. Continue Reading
- 28 Sep 2017
-
Quiz
12 Sep 2017
CISSP Domain 3 quiz: Security engineering
In preparing for Domain 3, Security Engineering, CISSP candidates should review a wide range of concepts, from security models to cryptography systems. Continue Reading
-
Security School
12 Sep 2017
CISSP Domain 3: Security systems engineering
Planning to take the CISSP exam? Brush up on essential concepts and vocabulary in security systems engineering, covered in Domain 3, in this Security School. Continue Reading
-
Opinion
01 Sep 2017
From security product marketing to CEO: Jennifer Steffens
The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider. Continue Reading
-
Feature
29 Aug 2017
Top cybersecurity conferences for when Black Hat and RSA aren't right
The big cybersecurity conferences can make attendees weary, but there are many alternatives to the big name shows that may be easier to get to and easier to handle. Continue Reading
-
Tip
24 Aug 2017
Cryptography attacks: The ABCs of ciphertext exploits
Encryption is used to protect data from peeping eyes, making cryptographic systems an attractive target for attackers. Here are 18 types of cryptography attacks to watch out for. Continue Reading
-
Quiz
17 Aug 2017
CISSP Domain 2 quiz: Data security control, asset protection
Domain 2 of the CISSP exam, known as asset security, covers data security control, classification, ownership and more. Test your knowledge with this 10-question practice quiz. Continue Reading
-
Security School
17 Aug 2017
CISSP Domain 2: Asset security
This Security School will help prepare you for Domain 2 of the CISSP exam, providing overviews of data encryption methods, data ownership concepts and asset protection. Continue Reading
-
Opinion
01 Aug 2017
Interfacing with an information technology entrepreneur
E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works. Continue Reading
-
Security School
26 Jul 2017
CISSP Domain 1: Cybersecurity and risk management
Partner with business leaders and apply information security management principles to best address enterprise governance, risk management and compliance needs. Continue Reading
- 26 Jul 2017
-
Quiz
20 Jul 2017
CISSP Domain 1 quiz: Security and risk management
Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz. Continue Reading
-
News
12 Jul 2017
IT diversity and the cyberskills gap Q&A with Jules Okafor
Jules Okafor discusses the skills gap in the cybersecurity industry, how better IT diversity could help, and what is needed to bring in more women and minorities. Continue Reading
-
News
07 Jul 2017
Cybersecurity skills gap fixes must support minorities
A new survey shows a majority of organizations are facing a cybersecurity skills gap and experts say more focus on women and minorities could be key to finding talent. Continue Reading
-
Tip
28 Jun 2017
IT security governance fosters a culture of shared responsibility
Effective information security governance programs require a partnership between executive leadership and IT. All parties work toward a common goal of protecting the enterprise. Continue Reading
-
Tip
09 Jun 2017
Guide to vendor-specific IT security certifications
The abundance of vendor-specific information technology security certifications can overwhelm any infosec professional. Expert Ed Tittel helps navigate the crowded field. Continue Reading
-
Opinion
01 Jun 2017
Wendy Nather: 'We're on a trajectory for profound change'
This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more. Continue Reading
-
Report
01 Jun 2017
Report: Threat hunting is more SOC than intel
Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements. Continue Reading
-
Feature
01 Jun 2017
Experian's Tom King tackles role of CISO from the ground up
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says. Continue Reading
- 26 May 2017
- 26 May 2017
- 26 May 2017
-
E-Zine
01 May 2017
Cybersecurity careers soar with security leadership skills
Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex environments. Whether they report into the CIO or outside of the IT organization, CISOs handle growing levels of responsibilities as evolving threats and infrastructures mean higher risk and no room for staff shortages. In this Information Security issue on cybersecurity careers, we look at the path to CISO. What are the measures of success or failure in this positon? Is it worth it?
As more Fortune 5000 companies seek CISOs to handle cybersecurity concerns, larger organizations in financial services and defense industries have piqued everyone's interest with their continued investment in the human factor -- the je ne sais quoi that results in successful threat hunting. While many definitions of hunting can be found, threat hunters essentially search for the traces attackers leave behind in an IT environment, usually before any alerts of their activities are generated by security devices.
"I used to think that only the best security operations center people could be threat hunters, but that's not always true," said Anton Chuvakin, a Gartner research vice president. "The best SOC analyst may be good at responding to alerts, but they don't always have the creativity that's needed."
As automation and machine learning gain hold, technology is still no substitute for security leadership abilities and cybersecurity talent. In this issue of Information Security magazine, we look at cybersecurity careers and the best ways to build top-notch security organizations.
Continue Reading -
Feature
01 May 2017
Is threat hunting the next step for modern SOCs?
The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats. Continue Reading
-
Feature
01 May 2017
Polycom CISO focused on ISO 27001 certification, data privacy
Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company. Continue Reading
-
Feature
01 May 2017
Challenging role of CISO presents many opportunities for change
With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited. Continue Reading
-
Opinion
01 May 2017
CISO job requires proven track record in business and security
In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater. Continue Reading
-
Tip
01 May 2017
Improving the cybersecurity workforce with full spectrum development
Eric Patterson, executive director of the SANS Technology Institute, explains why it's time to rethink educational development to strengthen the cybersecurity workforce. Continue Reading
- 26 Apr 2017
- 26 Apr 2017