Careers & People

News & Commentary
Kudos to the Unsung Rock Stars of Security
Ira Winkler, CISSP, President, Secure MentemCommentary
It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
By Ira Winkler CISSP, President, Secure Mentem, 1/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Election Security Isn't as Bad as People Think
Suzanne Spaulding, Former DHS Under Secretary and Nozomi Networks AdviserCommentary
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
By Suzanne Spaulding Former DHS Under Secretary and Nozomi Networks Adviser, 1/10/2019
Comment1 Comment  |  Read  |  Post a Comment
6 Best Practices for Managing an Online Educational Infrastructure
Jamie Smith & Larry Schwarberg, Chief Information Officer; Chief Information Security Officer for University of PhoenixCommentary
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
By Jamie Smith & Larry Schwarberg Chief Information Officer; Chief Information Security Officer for University of Phoenix, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Toxic Data: How 'Deepfakes' Threaten Cybersecurity
Dirk Kanngiesser, Co-founder & CEO, CryptowerkCommentary
The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.
By Dirk Kanngiesser Co-founder & CEO, Cryptowerk, 12/27/2018
Comment0 comments  |  Read  |  Post a Comment
3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap
Renee Tarun, Vice President of Information Security at Fortinet Inc.Commentary
By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.
By Renee Tarun Vice President of Information Security at Fortinet Inc., 12/26/2018
Comment0 comments  |  Read  |  Post a Comment
7 Business Metrics Security Pros Need to Know
Curtis Franklin Jr., Senior Editor at Dark Reading
These days, security has to speak the language of business. These KPIs will get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/21/2018
Comment5 comments  |  Read  |  Post a Comment
3 Reasons to Train Security Pros to Code
Ericka Chickowski, Contributing Writer, Dark ReadingNews
United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/20/2018
Comment8 comments  |  Read  |  Post a Comment
Security 101: How Businesses and Schools Bridge the Talent Gap
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
By Kelly Sheridan Staff Editor, Dark Reading, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Forget Shifting Security Left; It's Time to Race Left
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment5 comments  |  Read  |  Post a Comment
Insider Threats & Insider Objections
Richard Ford, Chief Scientist, ForcepointCommentary
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
By Richard Ford Chief Scientist, Forcepoint, 12/7/2018
Comment4 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Boosting SOC IQ Levels with Knowledge Transfer
Mike Fowler, Vice President of Professional Services at DFLabsCommentary
Despite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.
By Mike Fowler Vice President of Professional Services at DFLabs, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure MentemCommentary
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
By Ira Winkler CISSP, President, Secure Mentem, 12/5/2018
Comment2 comments  |  Read  |  Post a Comment
Filling the Cybersecurity Jobs Gap Now and in the Future
John DeSimone & Russ Schrader, VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security AllianceCommentary
Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.
By John DeSimone & Russ Schrader VP, Cybersecurity & Special Missions, Raytheon; Executive Director, National Cyber Security Alliance, 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
The "Typical" Security Engineer: Hiring Myths & Stereotypes
Lysa Myers, Security Researcher, ESETCommentary
In an environment where talent is scarce, it's critical that hiring managers remove artificial barriers to those whose mental operating systems are different.
By Lysa Myers Security Researcher, ESET, 11/28/2018
Comment9 comments  |  Read  |  Post a Comment
How to Find a Privacy Job That You'll Love (& Why)
Louise Thorpe, Chief Privacy Officer, American ExpressCommentary
Advice from a millennial woman who has done it: Find your niche and master your craft. You will be amazed at how significant your work will be.
By Louise Thorpe Chief Privacy Officer, American Express, 11/27/2018
Comment2 comments  |  Read  |  Post a Comment
Transforming into a CISO Security Leader
Todd Fitzgerald, Managing Director/CISO at CISO Spotlight, LLCCommentary
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
By Todd Fitzgerald Managing Director/CISO at CISO Spotlight, LLC, 11/26/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.