News & Commentary

The exploits for local privilege escalation vulnerabilities in Windows could be integrated into malware before Microsoft gets a chance to fix the issues.

Proving the Value of Security Awareness with Metrics that 'Deserve More'

Commentary | 5/22/2019 |

Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.

To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape

Commentary | 5/21/2019 |

Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.

Killer SecOps Skills: Soft Is the New Hard

Commentary | 5/20/2019 |

The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.

Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists

News | 5/20/2019 |

Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why it’s so important for tech experts to be actively involved in setting public policy.

The Data Problem in Security

Commentary | 5/16/2019 |

CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.

Cyber Workforce Exec Order: Right Question, Wrong Answer

Commentary | 5/16/2019 |

Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.

Resolution Requires Cybersecurity Training for Members of Congress

Quick Hits | 5/14/2019 |

A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.

Missing in Action: Cybersecurity Professionals

Commentary | 5/14/2019 |

Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.

Why AI Will Create Far More Jobs Than It Replaces

Commentary | 5/14/2019 |

Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.

How the Skills Gap Strains – and Constrains – Security Pros

News | 5/9/2019 |

New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.

New Initiative Aims to Fast-Track Women into Cybersecurity Careers

Quick Hits | 5/9/2019 |

8 comments

'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.

How to Close the Critical Cybersecurity Talent Gap

Commentary | 5/9/2019 |

If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.

The Fine Line of Feedback: 6 Tips for Talking to Security Pros

Commentary | 5/8/2019 |

Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.

Trust the Stack, Not the People

Commentary | 5/6/2019 |

A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.

New Executive Order Aims to Grow Federal Cybersecurity Staff

Quick Hits | 5/3/2019 |

The EO outlines a 'rotational assignment program' intended to help security practitioners develop their skills.

How Storytelling Can Help Keep Your Company Safe

Commentary | 5/3/2019 |

Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.

World Password Day or Groundhog Day?

Commentary | 5/2/2019 |

3 comments

Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.

8 Personality Traits for Cybersecurity

Quick Hits | 5/1/2019 |

Personality assessment firm Hogan Assessments lists top characteristics for a 'successful' cybersecurity hire.

Staffing the Software Security Team: Who You Gonna Call?

Commentary | 5/1/2019 |

Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.

How to Help Your Board Navigate Cybersecurity's Legal Risks

Commentary | 4/30/2019 |

What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what’s at stake and what CISOs can do to mitigate the damage.

A Rear-View Look at GDPR: Compliance Has No Brakes

Commentary | 4/29/2019 |

With a year of Europe's General Data Protection Regulation under our belt, what have we learned?

Ramblings of a Recovering Academic on the So-Called Lack of Security Talent

Commentary | 4/25/2019 |

Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" — and a lack of talent may not be the sole reason.

Attackers Aren't Invincible & We Must Use That to Our Advantage

Commentary | 4/24/2019 |

The bad guys only seem infallible. Use their weaknesses to beat them.

Will the US Adopt a National Privacy Law?

Commentary | 4/23/2019 |

Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.

4 Tips to Protect Your Business Against Social Media Mistakes

Commentary | 4/22/2019 |

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.

The Cybersecurity Automation Paradox

News | 4/18/2019 |

Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.

GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage

Commentary | 4/18/2019 |

Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.

7 Tips for an Effective Employee Security Awareness Program

Slideshows | 4/17/2019 |

Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.

The Single Cybersecurity Question Every CISO Should Ask

Commentary | 4/15/2019 |

The answer can lead to a scalable enterprise security solution for years to come.

Julian Assange Arrested in London

Quick Hits | 4/11/2019 |

The WikiLeaks founder, who was taken from the Ecuadorian Embassy by British police, has been convicted of skipping bail in 2012.

Stop Mocking & Start Enabling Emerging Technologies

Commentary | 4/9/2019 |

Mocking new technology isn't productive and can lead to career disadvantage.

British Hacker Jailed for Role in Russian Crime Group

Quick Hits | 4/9/2019 |

According to authorities, Zain Qaiser would pose as a legitimate ad broker to buy online advertising unit from pornographic websites.

Advanced Persistent Threat: Dark Reading Caption Contest Winners

Commentary | 4/5/2019 |

From sushi and phishing to robots, passwords and ninjas -- and the winners are ...

3 Lessons Security Leaders Can Learn from Theranos

Commentary | 4/4/2019 |

Theranos flamed out in spectacular fashion, but you can still learn from the company's "worst practices."

In Security, Programmers Aren't Perfect

Commentary | 4/3/2019 |

Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning.

6 Essential Skills Cybersecurity Pros Need to Develop in 2019

Slideshows | 4/3/2019 |

In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent — even in the face of a skills shortage.

Women Now Hold One-Quarter of Cybersecurity Jobs

News | 4/2/2019 |

4 comments

New data from ISC(2) shows younger women are making more money than in previous generations in the field – but overall gender pay disparity persists.

NDSU Offers Nation's First Ph.D. in Cybersecurity Education

Quick Hits | 3/29/2019 |

5 comments

The new program focuses on training university-level educators in cybersecurity.

The 'Twitterverse' Is Not the Security Community

Commentary | 3/27/2019 |

The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.

Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?

Commentary | 3/26/2019 |

Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.

A Glass Ceiling? Not in Privacy

Commentary | 3/25/2019 |

According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.

Security Lessons from My Game Closet

Commentary | 3/22/2019 |

In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.

The Insider Threat: It's More Common Than You Think

Commentary | 3/20/2019 |

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

Crowdsourced vs. Traditional Pen Testing

Commentary | 3/19/2019 |

10 comments

A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.

Could Beto O'Rourke Become the First Hacker President?

Quick Hits | 3/15/2019 |

New report details the Democratic candidate's time as a member of Cult of the Dead Cow.

Autism, Cybercrime, and Security's Skill Struggle

News | 3/13/2019 |

People on the autism spectrum often possess traits that could help them succeed in cybersecurity – providing they don't fall into cybercrime first.

The Case for Transparency in End-User License Agreements

Commentary | 3/13/2019 |