Careers & People

News & Commentary
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabsCommentary
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
By Oliver Rochford Vice President of Security Evangelism at DFLabs, 11/20/2017
Comment2 comments  |  Read  |  Post a Comment
Death of the Tier 1 SOC Analyst
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/16/2017
Comment1 Comment  |  Read  |  Post a Comment
Fred Kwong: The Psychology of Being a CISO
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current role.
By Kelly Sheridan Associate Editor, Dark Reading, 11/15/2017
Comment0 comments  |  Read  |  Post a Comment
What the NFL Teaches Us about Fostering a Champion Security Team
Richard Henderson, Global Security Strategist, AbsoluteCommentary
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
By Richard Henderson Global Security Strategist, Absolute, 11/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Burnout, Culture Drive Security Talent Out the Door
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security's efforts to bridge the talent gap mean little when workers don't want to stay in the industry.
By Kelly Sheridan Associate Editor, Dark Reading, 11/7/2017
Comment2 comments  |  Read  |  Post a Comment
Hiring Outside the Box in Cybersecurity
Roselle Safran, President, Rosint LabsCommentary
Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.
By Roselle Safran President, Rosint Labs, 11/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Virtual Reality Could Serve as a Cybersecurity Recruiting Tool
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A recent study finds 74% of millennials and post-millennials agree VR use in cybersecurity tools may entice them into an IT security career.
By Dawn Kawamoto Associate Editor, Dark Reading, 11/6/2017
Comment0 comments  |  Read  |  Post a Comment
Russian Election-Tampering & Enterprise Security Plans
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Take our new flash poll and tells us if the current political climate is making you rethink disaster recovery and business continuity planning.
By Marilyn Cohodas Community Editor, Dark Reading, 11/3/2017
Comment0 comments  |  Read  |  Post a Comment
4 Ways the Next Generation of Security Is Changing
Tony Gauda, Founder & CEO, ThinAirCommentary
The CISO's job will get easier because of trends in the industry. Here's how.
By Tony Gauda Founder & CEO, ThinAir, 11/3/2017
Comment0 comments  |  Read  |  Post a Comment
Mischel Kwon Unplugged
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Kwon talks about her tenure at DOJ and US-CERT, winning a WiFi antenna contest at DEF CON, voice lessons - and her brief stint as an industry 'float princess.'
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/2/2017
Comment1 Comment  |  Read  |  Post a Comment
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Lysa Myers, Security Researcher, ESETCommentary
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
By Lysa Myers Security Researcher, ESET, 10/31/2017
Comment0 comments  |  Read  |  Post a Comment
Security Gets Social: 10 of Dark Reading's Most Shared Stories
Kelly Sheridan, Associate Editor, Dark Reading
We scared up our most popular stories on Facebook, Twitter, and LinkedIn.
By Kelly Sheridan Associate Editor, Dark Reading, 10/30/2017
Comment0 comments  |  Read  |  Post a Comment
Preventing Credential Theft: A Security Checklist for Boards
Rinki Sethi, Senior Director of Security Operations and Strategy of  Palo Alto NetworksCommentary
Board members pose a unique risk for business, but proper planning helps.
By Rinki Sethi Senior Director of Security Operations and Strategy of Palo Alto Networks, 10/30/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Patching Software Is Hard: Organizational Challenges
Teri Radichel, Director of Security Strategy and Research  at WatchGuard TechnologiesCommentary
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
By Teri Radichel Director of Security Strategy and Research at WatchGuard Technologies, 10/25/2017
Comment0 comments  |  Read  |  Post a Comment
Security Training & Awareness: 3 Big Myths
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
By Eyal Benishti CEO & Founder of IRONSCALES, 10/23/2017
Comment6 comments  |  Read  |  Post a Comment
How to Talk to the C-Suite about Malware Trends
Raj Rajamani, VP, Product Management, SentinelOneCommentary
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
By Raj Rajamani VP, Product Management, SentinelOne, 10/20/2017
Comment0 comments  |  Read  |  Post a Comment
Game Change: Meet the Mach37 Fall Startups
Ericka Chickowski, Contributing Writer, Dark Reading
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/18/2017
Comment2 comments  |  Read  |  Post a Comment
InfoSec Pros Among Worst Offenders of Employer Snooping
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLinkCommentary
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
By Bill Bradley SVP, Cyber Engineering and Technical Services, CenturyLink, 10/17/2017
Comment2 comments  |  Read  |  Post a Comment
GDPR Compliance: 5 Early Steps to Get Laggards Going
Sara Peters, Senior Editor at Dark Reading
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
By Sara Peters Senior Editor at Dark Reading, 10/16/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by allhealthpost
Current Conversations great post to read
In reply to: reply
Post Your Own Reply
More Conversations
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabs,  11/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.