News

4/26/2017
10:19 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows
50%
50%

6 Steps to Find Your Next Dozen Cloud Security Experts

There's stiff competition for cloud security experts, but finding yours may actually be easier than you think.
Previous
1 of 7
Next

Image Source: Robert Half 2016

Image Source: Robert Half 2016

With roughly 1 million-plus IT security jobs out there in the market, approximately 5% of them are cloud security positions, estimates Eddie Borrero, chief information security officer and enterprise information security and head of global customer support for recruiting firm Robert Half International.

And hiring for these cloud security positions is tough, especially when you consider the steep shortage of cybersecurity workers overall, Borrero notes. For example, cybersecurity training organization ISC2 forecasts a global shortfall of 1.8 million cybersecurity professionals by 2022.

"Traditional security needs to do an uptick in skills, as companies move their data and technologies to the cloud," he says.

In a 2016 Robert Half survey of UK CIOs, 51% of respondents listed cloud security as the No. 1 technical security skill that is in the most demand, yet 32% of survey respondents noted it was the most challenging to fill.

But as CISOs and hiring managers feel the pressure to find what they believe to be a need for a team of cloud security experts, Borrero offers a different perspective to address the problem and potentially create an easier workaround. Here are six actions he recommends.

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JeffM108
100%
0%
JeffM108,
User Rank: Apprentice
4/27/2017 | 10:07:44 AM
Editorial complaint
Does everything here really need to require six or more clicks to read? I've come to several posts here lately that require me to click to the next page, only to find two or three short paragraphs on each one. At some point, the benefit from the extra ad impressions you get are going to fall off. I'm already becoming reluctant to bite at a good headline from your site because I know I'll be needlessly clicking through to read the whole article. Some content lends itself to a multi-page format. But the deciding factor should be readability for users, not...whatever you're doing here.
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.