Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Diversity: It's About Inclusion
Newest First  |  Oldest First  |  Threaded View
REISEN1955
REISEN1955,
User Rank: Ninja
4/26/2018 | 1:13:51 PM
Re: Best job candidate description EVER
Quite correct --- I am all for gender diversity and in many areas women are far better analysts than men will ever be (have us beat on a whole bunch of fronts).  BUT what we really have is an INTELLIGENCE DIVERSITY issue which is entirely different.  (I say nothing about Bangalore - enough said there).   That is different from KNOWLEDGE DIVERSITY which is a very good thing.  INTELLIGENCE div goes up through the ranks to so that, as at IBM, you have management strata lines of people who know nothing but got there because they knew something earlier in their life and lower down on management ladder.  Remember FUMU?   
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
4/26/2018 | 5:22:58 AM
Re: Best job candidate description EVER
@REISEN: I remember seeing Andy Ellis, CSO of Akamai, speak once on the subject of how these types of purple-squirrel hiring tactics actually diminish gender diversity in the workplace.

Ellis: "If you have a [gender] diversity problem, this is why... [Men] are totally willing to lie and say, 'Yeah, I've got 12 years' experience in Windows 8.'"

Incidentally, here's my writeup for one of Dark Reading's sister sites on this subject, in which Ellis is quoted: networkcomputing.com/careers/tech-talent-shortage-myth/1360165050
notthereatall
notthereatall,
User Rank: Apprentice
4/25/2018 | 12:31:11 PM
A parallel discussion: "inclusion" is an empty buzzword - from a side event
During RSA conference Peerlyst held a side event. The outcome of one of the sessions was a vivid discussion:  ""inclusion" is an empty buzzword".

Here are some interesting and relevant quotes:

By Kim Krawley:

"Employers need to stop having rigid hiring criteria. All of that "culture fit" stuff also excludes people who are demographically different from the people who already work at the company. I work for several different cybersecurity vendors. You know what they looked at? The blog content I've written for other companies and my Twitter following. That's it.

By Andrew Commons:

"We are all different, very different. We have developed a culture that highlights differences and provides the technology for the collective persecution of those considered different. It has become a sport, 'shaming' is the new black.

We have legislation that requires "affirmative action". In some jurisdictions it's been around for 60 years. In large corporations we see (very) senior positions being created specifically to address 'Diversity'. As we see in the case of James Damore (and let's ignore his views for now) and Google, such environments actually do not tolerate diversity they are intent in promoting uniformity and will highlight and shame those who dare differ.

It's this bigger global cultural issue that needs to be addressed before any change can be expected in corporate culture."

By Molly Payne:

"Companies hopefully are seeing that diversity drives creative thought and problem solving. As a community in a company we can create social enclaves for ourselves as a place to recharge and brainstorm solutions for problems we observe. In hiring opportunities reaching back can be a method for those of us outside the majority to change the stats; if you have a say in hiring reach out to those people in your community who you know are qualified and get their resume seen. Volunteer and share your skills. I feel a lot of analyst work and security work can be taught much like a trade you just have to have the passion. I've often thought of organizing a club at a local high school or middle school to build excitement about this field. I think about this quite a lot, and love these discussions thanks for bringing it up!"

 
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
4/25/2018 | 9:46:06 AM
Re: Best job candidate description EVER
=) 
REISEN1955
REISEN1955,
User Rank: Ninja
4/25/2018 | 9:25:29 AM
Best job candidate description EVER
Needed - YOUNG enthusiastic Millenial (age 22) with 32 years of experience. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42003
PUBLISHED: 2022-10-02
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVE-2022-42004
PUBLISHED: 2022-10-02
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CVE-2022-42002
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
CVE-2022-39268
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
CVE-2022-34428
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.