Careers & People

News & Commentary
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrustCommentary
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
By John De Santis CEO, HyTrust, 5/16/2018
Comment6 comments  |  Read  |  Post a Comment
Taming the Chaos of Application Security: 'We Built an App for That'
Caleb Sima, Founder, Badkode VenturesCommentary
Want to improve the state of secure software coding? Hide the complexity from developers.
By Caleb Sima Founder, Badkode Ventures, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
The New Security Playbook: Get the Whole Team Involved
John Commentary
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
By John "Lex" Robinson Cybersecurity Strategist at Cofense, 5/11/2018
Comment0 comments  |  Read  |  Post a Comment
20 Signs You Are Heading for a Retention Problem
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 5/9/2018
Comment3 comments  |  Read  |  Post a Comment
Millennials, Women May Bridge Cyber Talent Gap
Dark Reading Staff, Quick Hits
Younger generations, particularly women, could be the answer to a cybersecurity skill shortage expected to reach 1.8 million unfilled roles by 2020.
By Dark Reading Staff , 5/9/2018
Comment1 Comment  |  Read  |  Post a Comment
We're Doing Security Wrong!
Gary Freas, Cybersecurity and Risk Management SMECommentary
When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.
By Gary Freas Cybersecurity and Risk Management SME, 5/4/2018
Comment0 comments  |  Read  |  Post a Comment
Automation Exacerbates Cybersecurity Skills Gap
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Three out of four security pros say the more automated AI products they bring in, the harder it is to find trained staff to run the tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/2/2018
Comment1 Comment  |  Read  |  Post a Comment
'Zero Login:' The Rise of Invisible Identity
Sarah Squire, Senior Technical Architect at Ping IdentityCommentary
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
By Sarah Squire Senior Technical Architect at Ping Identity, 4/27/2018
Comment1 Comment  |  Read  |  Post a Comment
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Unrealistic entry-level job requirements, black-hoodie hacker image problems are among the 'uncomfortable conversations' needed to remedy cybersecurity's diversity gap.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/25/2018
Comment5 comments  |  Read  |  Post a Comment
Latest News from RSAC 2018
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that dominated RSA Conference 2018 in San Francisco.
By Dark Reading Staff , 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
By Sara Peters Senior Editor at Dark Reading, 4/19/2018
Comment2 comments  |  Read  |  Post a Comment
2018 RSA Conference: Execs Push Cooperation, Culture & Civilian Safety
Sara Peters, Senior Editor at Dark ReadingNews
On the keynote stage, execs from Microsoft and McAfee introduced a new Cybersecurity Tech Accord.
By Sara Peters Senior Editor at Dark Reading, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career
Jai Vijayan, Freelance writerNews
Not so fast, say women.
By Jai Vijayan Freelance writer, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
Stripping the Attacker Naked
Martin Dion, VP EMEA Services, Kudelski SecurityCommentary
How cyber threat intelligence can help you gain a better understanding of the enemy and why that gives security teams the upper hand.
By Martin Dion VP EMEA Services, Kudelski Security, 4/6/2018
Comment5 comments  |  Read  |  Post a Comment
How Security Can Bridge the Chasm with Development
Caleb Sima, Founder, Badkode VenturesCommentary
Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together.
By Caleb Sima Founder, Badkode Ventures, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
How Gamers Could Save the Cybersecurity Skills Gap
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
McAfee shares its firsthand experience on training in-house cybersecurity pros and publishes new data on how other organizations deal with filling security jobs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/4/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Women in Security You May Not Know But Should
Kelly Sheridan, Staff Editor, Dark Reading
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.
By Kelly Sheridan Staff Editor, Dark Reading, 3/30/2018
Comment7 comments  |  Read  |  Post a Comment
How Measuring Security for Risk & ROI Can Empower CISOs
Vikram Phatak, Chief Executive Officer of NSS LabsCommentary
For the vast majority of business decisions, organizations seek metrics-driven proof. Why is cybersecurity the exception?
By Vikram Phatak Chief Executive Officer of NSS Labs, 3/28/2018
Comment1 Comment  |  Read  |  Post a Comment
Automating Ethics for Cybersecurity
John De Santis, CEO, HyTrustCommentary
Having a code of ethics and enforcing it are two different things.
By John De Santis CEO, HyTrust, 3/28/2018
Comment0 comments  |  Read  |  Post a Comment
UVA Defeats UMBC, in Stunning Upset
Sara Peters, Senior Editor at Dark ReadingCommentary
In first trip to Mid-Atlantic Collegiate Cyber Defense Competition, University of Virginia's Cyber Defense Team defeats reigning national champs from University of Maryland, Baltimore County.
By Sara Peters Senior Editor at Dark Reading, 3/27/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lazyjones
Current Conversations "Security through obscurity"
In reply to: Caption
Post Your Own Reply
More Conversations
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...