Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
4/20/2018 | 10:37:27 AM
Re: Academy Corporations vs. Big Salary Temptation
Cybersecurity is a very high stress job due to the number of villains to be dealt with.  It is also the one IT field that has yet to be decimated by outsourcing to Bangalore - though that has happened in some firms to their regret.  Merck, if memory serves, outsourced IT and paid a heavy price for it.   Salary helps alot but solid education in the field (and there are a ton of really weird degrees available) is also a key.  And the C-Suite has to be aware of the importance of cybersecurity as a policy and not just another damn IT department full of geeks doing nothing.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
4/20/2018 | 8:32:55 AM
Academy Corporations vs. Big Salary Temptation
I find this to be commonplace. Unfortunately, facilitating the Big Salary model doesn't close the skill gap. Openly offering trainings that "academy corporations" allows for the employee to become trained in the skill sets required for the company to close the skill gap while allowing them to pursue their interest. One major pitfall to both models is even with salary progression and training alotment if internal advancement isn't offered you will have difficulty with employee retention.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15572
PUBLISHED: 2020-07-15
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
CVE-2020-8178
PUBLISHED: 2020-07-15
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
CVE-2020-8203
PUBLISHED: 2020-07-15
Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.
CVE-2020-13923
PUBLISHED: 2020-07-15
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
CVE-2020-15695
PUBLISHED: 2020-07-15
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.