Threat Intelligence

4/12/2016
07:15 AM
Marilyn Cohodas
Marilyn Cohodas
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Dark Reading Radio: Advancing Your Security Career

INCYMI! Join us for a fascinating discussion on key trends and opportunities in the rapidly evolving world of cybersecurity.

Whether you're an experienced security professional in today's skills-starved market or a newbie looking for your first job, you have many options for improving your prospects -- from increasing your salary by improving your credentials, to finding a new position at another company, or becoming an independent bug bounty hunter who searches for  security vulnerabilities and responsibly discloses them to a company's security team. 

In our next Dark Reading Radio show, Wednesday, April 13 at 1:00 p.m. EDT/10:00 a.m. PDT, we’ll take a look at the range of opportunities in today’s hot cybersecurity market and discuss the variety of career options to consider based on your individual interests, skills, experience, and industry-specific talents:

Our guests include:

Kymberlee Price, senior director of researcher operations, Bugcrowd, where she pioneered the first security researcher outreach program in the software industry. Prior to that, Kymberlee analyzed APTs at Microsoft, and spent four years investigating product vulnerabilities in BlackBerry's Security Response Team.

Levi Gundert, vice president, threat intelligence, Recorded Future. Before joining the startup Recorded Future, Levi was VP of cyber threat intelligence at Fidelity Investments and technical leader for Cisco's Threat, Research, Analysis and Communications (TRAC) team.

Owanate Bestman, a technical security recruiter in the cyber and information security division of Barclay Simpson, an international corporate governance recruitment firm.

In a broad-based discussion, our panel will share their own career stories, then discuss evolving trends in information security careers, including traditional roles in enterprise security to new titles and concentrations like cyber threat analyst, security software and infrastructure developers, cloud security specialists, and cybersecurity/IT Auditors.  

Other topics we’ll explore:

  • What are the most in-demand skills? What are the hottest markets?
  • Startup versus established company? Specialist or generalist?
  • How do you choose the best career path for your skills?
  • On the job training, certifications, or college degree?
  • What is the standard career path today, or is there one? How do you develop a road map?
  • What soft skills and management experience will you need to advance in an organization?
  • What impact will new technologies like machine learning and big data impact have on the security job market?

I hope you'll join our show and bring your insights and opinions to the conversation. You can post your comments and questions below or take them with you to the Dark Reading Radio studio on Wednesday, where you can participate directly through online chat. Please note, you’ll need to register for the broadcast to participate.

I look forward to seeing you there. But if you can't make it, please check out the broadcast and live chat from our Dark Reading Radio archives. 

Related Content:

 

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AndreGironda1
100%
0%
AndreGironda1,
User Rank: Strategist
4/17/2016 | 4:08:37 PM
Start or Advance?
If you want to start a career in infosec, you need to immediately get a Security+ and find a mentor who will stick with you through multiple jobs in multiple places (perhaps even around the world) that will track you towards a CISSP. These two certifications are proven to get you a job. By maintaining CISSP, you can get your next job.

After you attain these two certs, in order to further advance your career you will need to select one of three paths, a) the Big Enterprise brown-noser, b) the DFIR specialist (defensive security), or, c) the Red Teaming specialist (offensive security).

If you choose Path A, then SANS is a great place to get training and GIAC a wonderful place to start additional certifications, such as GCFA, then GREM, and (ideally) GSE. For this one path, your mentor is someone above your boss but not directly in the chain above your boss. You should stay at that company for 5-15 years. You can go to local meetings or conferences (e.g., ISACA, ISC2, ISSA) but mostly you need to save your time and money for SANS, or writing papers for SANS.

For Path B, get your CCE certification and find multiple mentors (mostly outside of your current job) in this space. You will need to track thousands of blogs and read hundreds of books to be successful enough to change jobs (while constatnly increasing your salary) every 2-2.5 years. What matters most here is on-the-job experience, especially coordinated with law enforcement. Go to every local Infragard meeting and some in nearby locales. Both Raytheon and MWR InfoSec offer great courses on Cyber Defense Detection and Response.

Path C is the most-difficult, best-accomplished through OSCP and OSCE or better certifications, often Corelan or SilentBreakSec training (for the fast-track approach, but these do not guarantee success in this field). You will need to mentor others and be mentored by others week-by-week for at least 5-10 years before even breaking in (pun) to this space. You will need to go to every conference you possibly can, worldwide, and start speaking about your custom current-running exploits a few times per year -- so research is heavily-valued. Try to attend local OWASP chapter events, but connect with likeminded individuals in your locales and build a lab or hackerspace where you can come together at least once or twice a month. I, personally followed this path, and found it best to work for a very-small security boutique or start your own company, such as a partnered LLC/LLP -- but be sure to surround yourself with cyber defenders in addition to offensive security professionals.
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/19/2018
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda Networks,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.