Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why Fostering Flexibility Is a Win for Women & Cybersecurity
Newest First  |  Oldest First  |  Threaded View
RyanSepe
RyanSepe,
User Rank: Ninja
5/31/2019 | 3:21:24 PM
Flexibility through Automation
Flexibility is definitely a win especially in the current professional climate. The typical 9-5 butt in seat mentality is being overwritten thanks to technology. As a InfoSec Engineer, I have made it my credo to automate as much as I can to ensure that I am focusing on the most important facets of my job. I think due to this it has afforded me the ability to be remote because I am continuing to perform at a high level. 

I find that with this benefit, I am more motivated to give it my all whether in or out of the office because you don't feel trapped within a dead end job.
REISEN1955
REISEN1955,
User Rank: Ninja
5/29/2019 | 12:21:34 PM
Re: Flexibility lowest in infosec
Everyone thinks IT is just programming or web page design.  There is so much more to it and beyond server support ... which leads us to Info security.  Management though has an outsource opinion of most IT functions so a career option for an entry level position is dangerous.  I have been outsourced out of a great job to be replaced by kids who delivered pizza.  True.  So new talent coming in is rare and again often think it is programming, code support and such.  InfoSec is the career solid choice right now and it is not being - for the time being - outsourced the way nominal It functions are.  Pay is better too.  And this is not a sex-specific issue.  We need GOOD TALENT whether male or female.   Right now. 
dirtyjoe78
dirtyjoe78,
User Rank: Apprentice
5/29/2019 | 11:26:17 AM
Flexibility lowest in infosec
Felxibility in operational security is low in the vast majority of companies.  They will let cloud operations, Networking even HR have work from home days or flexible schedules.  Infosec has very rigid schedules with no flexibility.  Disaster recovery plan is to work from a remote location but that will never get tested for infosec and don't even think about asking.  It would be beneficial to everyone including enticing new talent into infosec if there was more flexibility.  Issues like this are not gender specific and have benefits for everyone in infosec.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-20099
PUBLISHED: 2022-06-27
A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.
CVE-2022-2221
PUBLISHED: 2022-06-27
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
CVE-2022-28622
PUBLISHED: 2022-06-27
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.
CVE-2022-31034
PUBLISHED: 2022-06-27
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in paramete...
CVE-2022-31035
PUBLISHED: 2022-06-27
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with th...