Risk Management & Compliance News, Analysis, Discussion, & Community

Advertise With Us

About Us

Digital Subscription

Risk

News & Commentary

How The Skills Shortage Is Killing Defense in Depth

David Holmes, World-Wide Security Evangelist, F5

Commentary

It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”

By David Holmes World-Wide Security Evangelist, F5, 1/30/2015

7 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, Alas, in companies with bad culture, outside consultants are paid for one of...

WiIl Millennials Be The Death Of Data Security?

Commentary

Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?

By Chris Rouland Founder & CEO, Bastille, 1/27/2015

32 comments | Read | Post a Comment

Latest Comment: Pragmatic_Security, Kelly, Although do agree (I noticed I've been typing a superflous 'do' in...

Building A Cybersecurity Program: 3 Tips

Jason Sachowski, Senior Forensic Investigator, Scotiabank

Commentary

Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.

By Jason Sachowski Senior Forensic Investigator, Scotiabank, 1/26/2015

6 comments | Read | Post a Comment

Latest Comment: JGarner721, The most valuable asset to an organization is the informational assets. If...

Why Russia Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave

Commentary

Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

16 comments | Read | Post a Comment

Latest Comment: lynnbr2, Russia & China both have a long history of hacking for over fifty years....

What Government Can (And Can’t) Do About Cybersecurity

Jeff Williams, CTO, Aspect Security & Contrast Security

Commentary

In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.

By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015

18 comments | Read | Post a Comment

Latest Comment: BrianY331, I think that the assumption that the government knows anything more about solving...

President's Plan To Crack Down On Hacking Could Hurt Good Hackers

Ericka Chickowski, Contributing Writer, Dark Reading

News

Security experts critical of President Obama's new proposed cybersecurity legislation.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/21/2015

9 comments | Read | Post a Comment

Latest Comment: Wolf6305, Thanks for the voice of agreement. I think that a small group of people...

Facebook Messenger: Classically Bad AppSec

Commentary

Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.

By Daniel Riedel CEO, New Context, 1/21/2015

2 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I find it particulary disturbing that Facebook exhibits such flagrant disregard...

Ransomware Leads Surge In 2014 Mobile Malware Onslaught

News

Mobile malware increases 75 percent in U.S.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/20/2015

3 comments | Read | Post a Comment

Latest Comment: impactnow, Do you think the current software is adequate to protect our phones or do you...

The Truth About Malvertising

Commentary

Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.

By Peter Zavlaris Analyst, RiskIQ, 1/16/2015

7 comments | Read | Post a Comment

Latest Comment: RiskIQBlogger, The reason ISPs won't get involved is because its a slippery slope for them....

Why North Korea Hacks

Commentary

The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015

10 comments | Read | Post a Comment

Latest Comment: Technocrati, Sony hack could be a blueprint for terrorism in the cyber domain. @Mike ...

Insider Threats in the Cloud: 6 Harrowing Tales

Kaushik Narayan, Co-Founder and CTO at Skyhigh Networks

Commentary

The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.

By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/13/2015

5 comments | Read | Post a Comment

Latest Comment: RyanSepe, Yes, cloud services offer a new type of attack vertical. Especially when depending...

Obama Calls For 30-Day Breach Notification Policy For Hacked Companies

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

But chances of this becoming a mandatory national breach notification law are no sure thing, even in the wake of the past year's high-profile hacks, experts say.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/12/2015

12 comments | Read | Post a Comment

Latest Comment: GonzSTL, " Larry Clinton, president and CEO of the Internet Security Alliance, says...

Cloud Services Adoption: Rates, Reasons & Security Fears

Commentary

Concern over data breaches and privacy are two reasons enterprises in the European Union didn’t increase their use of cloud services in 2014, according to the EU’s recent Eurostat report.

By Dave Kearns Analyst, Kuppinger-Cole, 1/12/2015

3 comments | Read | Post a Comment

Latest Comment: kbannan100, Was there any indication if the EU is using things like DaaS or VDI?...

Chick-fil-A Breach: Avoiding 5 Common Security Mistakes

Commentary

On the surface these suggestions may seem simplistic. But almost every major retail breach in the last 12 months failed to incorporate at least one of them.

By Kevin Watson CEO, VendorSafe, 1/9/2015

3 comments | Read | Post a Comment

Latest Comment: vnewman2, Banks have been allowed to proceed with their class action lawsuit against...

Nation-State Cyberthreats: Why They Hack

Commentary

All nations are not created equal and, like individual hackers, each has a different motivation and capability.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015

10 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Good points,@andregironda. If you haven't already, I hope you will take a few...

It’s Time to Treat Your Cyber Strategy Like a Business

Jason Polancich, Founder & Chief Architect, SurfWatchLabs

Commentary

How do we win against cybercrime? Take a cue from renowned former GE chief exec Jack Welch and start with a clearly-defined mission.

By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 1/7/2015

6 comments | Read | Post a Comment

Latest Comment: JasonPolancich, So, a friend of mine has a business providing mobile medical portal applications...

Deconstructing The Sony Hack: What I Know From Inside The Military

Commentary

Don't get caught up in the guessing game on attribution. The critical task is to understand the threat data and threat actor tactics to ensure you are not vulnerable to the same attack.

By Jeff Schilling CSO, Firehost, 1/6/2015

15 comments | Read | Post a Comment

Latest Comment: Jeff.schilling, @Ryan, I probably did sound contradictary in the comments you highlighted....

Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015

Commentary

Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.

By Sergio Galindo GM, GFI Software, 12/31/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Totally agree @Eric Kruse. It will be a combination of people, process and...

20 Startups To Watch In 2015

Check our list of security startups sure to start (or continue) making waves in the coming year.

By Ericka Chickowski Contributing Writer, Dark Reading, 12/29/2014

6 comments | Read | Post a Comment

Latest Comment: SophieBOU, The vast majority of startups don't "make it" within 3 years. Uber has been...

A 2014 Lookback: Predictions vs. Reality

Commentary

It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.

By TK Keanini CTO, Lancope, 12/29/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Adding the live link to the Hitoshi Kokumai page on LI. Some interesting...

More Stories

Current Conversations

Posted by Joe Stanganelli

Alas, in companies with bad culture, outside consultants are paid for one of two purposes, generally -- to agree with and endorse everything the company is doing, and/or to be a scapegoat for everything that goes wrong.

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by JonH457

"The IT skills shortage has become epidemic." This is not reflected in the wages paid. Wages have stagnated in the IT industry for over 10 years. Keep rasing wages and when they are sufficient, you will attract...

In reply to: Wages do not indicate a shortage of workers.
Post Your Own Reply

Posted by RyanSepe

I couldn't agree with you more on this. I have seen the poor description practices proliferate throughout organizations to the point where job function is ambiguous and the employee accepts a postion under false pretenses. Not...

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by Joe Stanganelli

It's the HR department. Look at any company that's faced a zillion reorgs in the past couple of decades. Look at the survivors: All HR.Bad recruiting practices. Bad job description practices. Bad...

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by Joe Stanganelli

The problem is NOT a skills shortage.The problem is a glut of HR staff.www.networkcomputing.com/careers-and-certifications/the-tech-talent-shortage-myth/d/d-id/1317892

In reply to: Bah.
Post Your Own Reply

Posted by dholmesf5

You make an interesting point Thomas. Security personnel don't typically fall within a profit center (sometimes, but not usually) which makes valuation even more difficult. But in my experience, it is quite difficult to...

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by Thomas Claburn

Companies gladly shellout millions for executive suite personnel who often aren't paid for performance. Maybe computer security professionals are just wildly underpaid compared to the actual value they bring to a company...

In reply to: shortage or cheapness?
Post Your Own Reply

Posted by Pragmatic_Security

Kelly, Although do agree (I noticed I've been typing a superflous 'do' in front of everything... I'm becoming a flight attendant) "I'll just get a new debit card" is probably the pervasive attitude for user consumers, I...

In reply to: Re: Ok Millennials, defend yourselves!
Post Your Own Reply

Posted by Marilyn Cohodas

Thanks for reposting @Pragmatic_Security. My fingers had a "proglem" with the keyboard and I accidently deleted your post, instead of approving it!

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Pragmatic_Security

Thanks, Marilyn. Original text (edit of my 'proglems' typo rejected) As information security professionals, it's onus is on us to secure what people DO, not what WE WANT THEM TO DO. Individuals...

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Marilyn Cohodas

That's often where the best innovation comes from! Thanks @Pragmatic_Security!

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Pragmatic_Security

In my typographical errors I've invented a new, awesome word.. "Proglems". 'Proglems = Progressive Problems' Sometimes when you fail, something awesome happens.

In reply to: Re: More connected or less concerned?
Post Your Own Reply

More Conversations

Products & Releases

ZeroFOX Acquires Vulnr

Ed Survey Results: Insider Threats

Verizon Announces Security Enhancement for IoT Deployments

New GHOST Vuln Affecting Linux

RiskIQ Finds More Than 11 Percent of Android Banking and Finance- Related Apps are Suspicious

Waverley Labs and the Energy Production Infrastructure Center at UNC Charlotte Successfully Quantify Digital Risks for Power Grids

WatchGuard Uncovers Guest Network Security Lapses

Esentire Releases Cybersecurity Documentation Framework Featuring Infosec Policy, Incident Response Guidance

More Products & Releases

PR Newswire

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

Embracing the Bring-Your-Own-App Phenomenon

Interop Las Vegas Full & Half-Day Workshops

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Cloud Paves Way for Big Changes

Guide: Hybrid Cloud for Government Agencies

Authentication Best Practices: Putting Control Where It Belongs

Sleeping Through the Alarm: What breaches can tell us & why alarms are missed

More White Papers

Cartoon

Latest Comment: I want to know where to get a tablet with that large a screen!(Maybe they're the old "convertibles.")

Cartoon Archive

Current Issue

Dark Reading Tech Digest, Dec. 19, 2014

Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Flash Poll

All Polls

Video