Information security certifications, training and jobs
The information security careers, training and certification resource center provides the latest news, expert advice and learning tools to help you make informed career choices, learn about CISSP, SANS and CISA certification, and the training required for information security jobs.
Top Stories
-
Tip
27 Oct 2021
5 IT security policy best practices
As businesses and technologies grow and evolve, it's important IT security policies do, too. Follow these five best practices to ensure policies are fresh and relevant. Continue Reading
By- Diana Kelley, SecurityCurve
-
News
25 Aug 2021
HackerOne launches AWS certification paths, pen testing service
A select group of penetration testers in HackerOne's community will be able to obtain three AWS certifications, including the Security - Specialty certification. Continue Reading
By- Arielle Waldman, News Writer
- 26 Jan 2018
-
Tip
12 Dec 2017
Prevent attacks with these security testing techniques
Software bugs are more than a nuisance. Errors can expose vulnerabilities. Here’s the good news: These security testing tools and techniques can help you avoid them. Continue Reading
By -
Security School
11 Dec 2017
CISSP Domain 5: Cloud identity management and access control
From cloud identity and access management to physical access control, this study guide will help you review key concepts from Domain 5 of the CISSP exam. Continue Reading
-
Quiz
08 Dec 2017
CISSP Domain 5 quiz: Types of access control systems
Get ready for the CISSP exam with this 10-question practice quiz covering key concepts in Domain 5, including access control, identity, authentication and more. Continue Reading
By -
Feature
01 Dec 2017
John Germain lands the new CISO position at Duck Creek
Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats. Continue Reading
-
Opinion
01 Dec 2017
What's with cybersecurity education? We ask Blaine Burnham
When he left the NSA, Burnham helped build the security education and research programs at the Georgia Institute of Technology and other universities. What did he learn? Continue Reading
- 29 Nov 2017
- 28 Nov 2017
-
Tip
20 Nov 2017
How to prevent password attacks and other exploits
Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses. Continue Reading
By -
Opinion
01 Nov 2017
From the White House to IBM Watson technology with Phyllis Schneck
The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science. Continue Reading
-
Feature
01 Nov 2017
Transitioning to the role of CISO: Dr. Alissa Johnson
Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem." Continue Reading
- 30 Oct 2017
- 30 Oct 2017
-
Answer
26 Oct 2017
What's the best career path to get CISSP certified?
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified. Continue Reading
By- Mike Rothman, Securosis
-
Security School
09 Oct 2017
CISSP Domain 4: Communications and network security
Brush up on network security fundamentals like segmentation and secure routing in this CISSP exam study guide for Domain 4, Communication and Network Security. Continue Reading
-
Feature
04 Oct 2017
The CISO job seems to be finally getting the credit it's due
The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities. Continue Reading
By- David J. Sherry, Princeton University
-
E-Zine
04 Oct 2017
What does a CISO do now? It's a changing, increasingly vital role
What does a CISO do in this day and age? The responsibilities of a chief information security officer, the senior executive responsible for an organization's information security program, are growing dramatically. Once relegated to the IT department -- if there was a designated corporate role at all -- the CISO is now often a member of the C-suite team, working alongside the CIO and others, formulating information security strategy and policy with an eye on both security and the business bottom line.
As the volume and sophistication of cyberattacks expand and corporate liability grows -- threatening profits and displeasing shareholders -- CISOs are now tasked with making tough decisions on how tools, systems and training are best used to manage risk. This quarterly supplement to Information Security magazine looks at the state of the CISO role -- how it's changed, where it's heading and what it takes to become an effective CISO in terms of cybersecurity skills, staff support and education.
Continue Reading - 04 Oct 2017
- 03 Oct 2017
-
Feature
02 Oct 2017
Agnes Kirk on the role of CISO, Washington's state of mind
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security. Continue Reading
- 28 Sep 2017
-
Quiz
12 Sep 2017
CISSP Domain 3 quiz: Security engineering
In preparing for Domain 3, Security Engineering, CISSP candidates should review a wide range of concepts, from security models to cryptography systems. Continue Reading
By -
Security School
12 Sep 2017
CISSP Domain 3: Security systems engineering
Planning to take the CISSP exam? Brush up on essential concepts and vocabulary in security systems engineering, covered in Domain 3, in this Security School. Continue Reading
-
Opinion
01 Sep 2017
From security product marketing to CEO: Jennifer Steffens
The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider. Continue Reading
-
Quiz
17 Aug 2017
CISSP Domain 2 quiz: Data security control, asset protection
Domain 2 of the CISSP exam, known as asset security, covers data security control, classification, ownership and more. Test your knowledge with this 10-question practice quiz. Continue Reading
By -
Security School
17 Aug 2017
CISSP Domain 2: Asset security
This Security School will help prepare you for Domain 2 of the CISSP exam, providing overviews of data encryption methods, data ownership concepts and asset protection. Continue Reading
-
Opinion
01 Aug 2017
Interfacing with an information technology entrepreneur
E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works. Continue Reading
-
Security School
26 Jul 2017
CISSP Domain 1: Cybersecurity and risk management
Partner with business leaders and apply information security management principles to best address enterprise governance, risk management and compliance needs. Continue Reading
- 26 Jul 2017
-
Quiz
20 Jul 2017
CISSP Domain 1 quiz: Security and risk management
Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz. Continue Reading
By -
News
12 Jul 2017
IT diversity and the cyberskills gap Q&A with Jules Okafor
Jules Okafor discusses the skills gap in the cybersecurity industry, how better IT diversity could help, and what is needed to bring in more women and minorities. Continue Reading
By- Michael Heller, TechTarget
-
News
07 Jul 2017
Cybersecurity skills gap fixes must support minorities
A new survey shows a majority of organizations are facing a cybersecurity skills gap and experts say more focus on women and minorities could be key to finding talent. Continue Reading
By- Michael Heller, TechTarget
-
Tip
28 Jun 2017
IT security governance fosters a culture of shared responsibility
Effective information security governance programs require a partnership between executive leadership and IT. All parties work toward a common goal of protecting the enterprise. Continue Reading
By -
Opinion
01 Jun 2017
Wendy Nather: 'We're on a trajectory for profound change'
This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more. Continue Reading
-
Report
01 Jun 2017
Report: Threat hunting is more SOC than intel
Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements. Continue Reading
-
Feature
01 Jun 2017
Experian's Tom King tackles role of CISO from the ground up
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says. Continue Reading
- 26 May 2017
- 26 May 2017
- 26 May 2017
-
E-Zine
01 May 2017
Cybersecurity careers soar with security leadership skills
Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex environments. Whether they report into the CIO or outside of the IT organization, CISOs handle growing levels of responsibilities as evolving threats and infrastructures mean higher risk and no room for staff shortages. In this Information Security issue on cybersecurity careers, we look at the path to CISO. What are the measures of success or failure in this positon? Is it worth it?
As more Fortune 5000 companies seek CISOs to handle cybersecurity concerns, larger organizations in financial services and defense industries have piqued everyone's interest with their continued investment in the human factor -- the je ne sais quoi that results in successful threat hunting. While many definitions of hunting can be found, threat hunters essentially search for the traces attackers leave behind in an IT environment, usually before any alerts of their activities are generated by security devices.
"I used to think that only the best security operations center people could be threat hunters, but that's not always true," said Anton Chuvakin, a Gartner research vice president. "The best SOC analyst may be good at responding to alerts, but they don't always have the creativity that's needed."
As automation and machine learning gain hold, technology is still no substitute for security leadership abilities and cybersecurity talent. In this issue of Information Security magazine, we look at cybersecurity careers and the best ways to build top-notch security organizations.
Continue Reading -
Feature
01 May 2017
Is threat hunting the next step for modern SOCs?
The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats. Continue Reading
By- Steve Zurier, ZFeatures
-
Feature
01 May 2017
Polycom CISO focused on ISO 27001 certification, data privacy
Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company. Continue Reading
-
Feature
01 May 2017
Challenging role of CISO presents many opportunities for change
With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited. Continue Reading
-
Opinion
01 May 2017
CISO job requires proven track record in business and security
In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater. Continue Reading
-
Tip
01 May 2017
Improving the cybersecurity workforce with full spectrum development
Eric Patterson, executive director of the SANS Technology Institute, explains why it's time to rethink educational development to strengthen the cybersecurity workforce. Continue Reading
By- Eric Patterson
- 26 Apr 2017
- 26 Apr 2017
- 26 Apr 2017
- 26 Apr 2017
-
Opinion
03 Apr 2017
Chenxi Wang discusses DEF CON hacking conference, 'Equal Respect'
Grassroots efforts to shift cultural thinking in information security have had a positive effect, the former professor of computer engineering says. Continue Reading
-
Feature
03 Apr 2017
In her new role of CISO, Annalea Ilg is curious, driven and paranoid
The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure. Continue Reading
- 30 Mar 2017
- 30 Mar 2017
-
Opinion
01 Mar 2017
Q&A: IBM's Diana Kelley got an early start in IT, security came later
How did an editor become a security architect? A fascination with computers sparked a lifelong journey for IBM's executive security advisor. Continue Reading
-
Feature
01 Mar 2017
MIAX Options CSO on security's role in business continuity
Faced with the demands of derivatives trading, CSO John Masserini understands the value of aligning controls with business risk. We ask him how he does it. Continue Reading
- 24 Feb 2017
- 24 Feb 2017
-
Feature
01 Feb 2017
Role of CISO: FICO enlists CISO in security product management
As head of FICO's information security program, Vickie Miller's role is wide-ranging. Continue Reading
-
Opinion
01 Feb 2017
Uncharted path to IT and compliance with Digital River's Dyann Bradbury
Bradbury chats with Marcus J. Ranum about her early interest in computers and her unexpected career path to head of global compliance for an e-commerce provider. Continue Reading
- 30 Jan 2017
- 30 Jan 2017
-
Tip
28 Jul 2016
How infosec professionals can improve their careers through writing
Writing can be one of the best ways to establish your reputation as an infosec professional. Expert Joshua Wright of the SANS Institute explains the best ways to do it. Continue Reading
-
Answer
01 Oct 2015
Should security funds be dedicated to hiring or tools?
Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools? Continue Reading
By- Mike O. Villegas, K3DES LLC
-
Answer
06 May 2015
How should we hire for specialized information security roles?
A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals. Continue Reading
By- Mike O. Villegas, K3DES LLC