Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
10 Ways Security Gurus Give Thanks
Newest First  |  Oldest First  |  Threaded View
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
12/1/2014 | 10:12:32 AM
Re: employment
@andregironda   Good point. Unfortunately the people beneath the C-suite never seem to get the salary increases and bonuses that their work deserves. I think that's true of all companies and all roles, though, not just security.

That said, research shows that infosec staff on average make quite a bit more than other IT staff, and that the salary has been trending upwards.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
12/1/2014 | 10:04:35 AM
Re: Board-level attention
@Marilyn  True!  On the other hand, there's this:  ""Many CISOs are getting a pat on the back or thank you from the CEO saying, great job this year, keep it up," Clark says. "We didn't get hacked this year!""  Ten years ago I don't think anyone in information seecurity expected that to EVER happen. 
andregironda
50%
50%
andregironda,
User Rank: Strategist
11/26/2014 | 10:41:59 AM
Re: employment
I'm not super thankful of this. It means long hours and less time to focus on family in the short term. In the long term, you think that infosec professional salaries would double every two years like those do of CISO salaries. Yet they are flat. I wonder why that is? Not a lot to be thankful for there!
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
11/26/2014 | 9:24:20 AM
Board-level attention
That is, until their network and data are the target of a major breach and the blame game begins.
Thomas Claburn
100%
0%
Thomas Claburn,
User Rank: Ninja
11/25/2014 | 5:32:43 PM
employment
They should be thankful for perpetual demand. Computer systems will never be secure so they will always have a job, somewhere.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4088
PUBLISHED: 2022-01-24
SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL into the DLP part of the ePO database. This could lead to remote code execution on the ePO server ...
CVE-2021-40909
PUBLISHED: 2022-01-24
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.
CVE-2021-41471
PUBLISHED: 2022-01-24
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.
CVE-2021-41472
PUBLISHED: 2022-01-24
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.
CVE-2021-40596
PUBLISHED: 2022-01-24
SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.