Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why Fostering Flexibility Is a Win for Women & Cybersecurity
Newest First  |  Oldest First  |  Threaded View
RyanSepe
RyanSepe,
User Rank: Ninja
5/31/2019 | 3:21:24 PM
Flexibility through Automation
Flexibility is definitely a win especially in the current professional climate. The typical 9-5 butt in seat mentality is being overwritten thanks to technology. As a InfoSec Engineer, I have made it my credo to automate as much as I can to ensure that I am focusing on the most important facets of my job. I think due to this it has afforded me the ability to be remote because I am continuing to perform at a high level. 

I find that with this benefit, I am more motivated to give it my all whether in or out of the office because you don't feel trapped within a dead end job.
REISEN1955
REISEN1955,
User Rank: Ninja
5/29/2019 | 12:21:34 PM
Re: Flexibility lowest in infosec
Everyone thinks IT is just programming or web page design.  There is so much more to it and beyond server support ... which leads us to Info security.  Management though has an outsource opinion of most IT functions so a career option for an entry level position is dangerous.  I have been outsourced out of a great job to be replaced by kids who delivered pizza.  True.  So new talent coming in is rare and again often think it is programming, code support and such.  InfoSec is the career solid choice right now and it is not being - for the time being - outsourced the way nominal It functions are.  Pay is better too.  And this is not a sex-specific issue.  We need GOOD TALENT whether male or female.   Right now. 
dirtyjoe78
dirtyjoe78,
User Rank: Apprentice
5/29/2019 | 11:26:17 AM
Flexibility lowest in infosec
Felxibility in operational security is low in the vast majority of companies.  They will let cloud operations, Networking even HR have work from home days or flexible schedules.  Infosec has very rigid schedules with no flexibility.  Disaster recovery plan is to work from a remote location but that will never get tested for infosec and don't even think about asking.  It would be beneficial to everyone including enticing new talent into infosec if there was more flexibility.  Issues like this are not gender specific and have benefits for everyone in infosec.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-23485
PUBLISHED: 2022-12-10
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an...
CVE-2022-23510
PUBLISHED: 2022-12-09
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade to ...
CVE-2022-23497
PUBLISHED: 2022-12-09
FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords (brypt with cost 9, salted) of FreshRSS Web interface. If the API is used, the configuration might contain a hash...
CVE-2022-34297
PUBLISHED: 2022-12-09
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
CVE-2022-45292
PUBLISHED: 2022-12-09
User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.