Features

Features

Information security certifications, training and jobs

• Which type of CISO are you? Company fit matters

  Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you.  Continue Reading

• 10 tips for cybersecurity awareness programs in uncertain times

  Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you.  Continue Reading

• Minorities in cybersecurity face unique and lasting barriers

  IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them.  Continue Reading

• Why COVID-19 won't stop cybersecurity jobs and recruitment

  The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe.  Continue Reading

• Invest in new security talent with cybersecurity mentorships

  Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must.  Continue Reading

• Free online cybersecurity classes, with certificates

  Check out SearchSecurity's catalog of free online security courses led by information security experts on today's most popular security topics.  Continue Reading

• IT and security teams collide as companies work from home

  The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security.  Continue Reading

• CISO position burnout causes high churn rate

  The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work.  Continue Reading

• Skill building is key to furthering gender diversity in tech

  Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent.  Continue Reading

• CISA exam preparation requires learning ethics, standards, new vocab

  The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.  Continue Reading

• ITOps security requires attention to training

  Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security.  Continue Reading

• Cisco CISO says today's enterprise must take chances

  Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure.  Continue Reading

• 'Computer Security Fundamentals:' Quantum security to certifications

  New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.  Continue Reading

• The who, what, why -- and challenges -- of CISM certification

  Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.  Continue Reading

• Editor's picks: Most pressing cybersecurity stories in 2019

  As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months.  Continue Reading

• 4 innovative ways to remedy the cybersecurity skills gap

  Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage.  Continue Reading

• A cybersecurity skills gap demands thinking outside the box

  Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.  Continue Reading

• On a penetration tester career path, flexibility and curiosity are key

  Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path.  Continue Reading

• Netscout CSO speaks to third-party risk, security gender gap

  Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry.  Continue Reading

• DevSecOps model requires security get out of its comfort zone

  Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge.  Continue Reading

• Varied options to solving the cybersecurity skills shortage

  There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik.  Continue Reading

• Cybersecurity automation won't fix the skills gap alone

  Joan Pepin, CISO and vice president of operations at Auth0, says cybersecurity automation makes her job possible, but it can't replace the human talent her industry badly needs.  Continue Reading

• For board of directors, cybersecurity literacy is essential

  For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way.  Continue Reading

• Digital transformation redefines cybersecurity skills, careers

  The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think.  Continue Reading

• How to pass the CISSP exam on your first try: Tips to get a good score

  Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.  Continue Reading

• Portrait of a CISO: Roles and responsibilities

  Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate.  Continue Reading

• SANS security awareness credential paves new career path

  The SANS Security Awareness Professional credential gives enterprises a new method to recognize and promote cybersecurity awareness in the organization.  Continue Reading

• Women in cybersecurity work to grow voice in US lawmaking

  To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress.  Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.  Continue Reading

• Endgame's Devon Kerr on what it takes to be a threat hunter

  Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting.  Continue Reading

• McAfee CISO explains why diversity in cybersecurity matters

  Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas.  Continue Reading

• CPE for CISSP: Top 10 ways to master continuing education

  Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.  Continue Reading

• David Neuman: The CISO position and keeping the cloud safe

  The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector.  Continue Reading

• John Germain lands the new CISO position at Duck Creek

  Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats.  Continue Reading

• Transitioning to the role of CISO: Dr. Alissa Johnson

  Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem."  Continue Reading

• The CISO job seems to be finally getting the credit it's due

  The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities.  Continue Reading

• Agnes Kirk on the role of CISO, Washington's state of mind

  A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security.  Continue Reading

• Meet the new government CISO for the nation's capital

  With years of cybersecurity and military IT experience, the District of Columbia's first information security officer brings a well-developed toolkit to the job.  Continue Reading

• Top cybersecurity conferences for when Black Hat and RSA aren't right

  The big cybersecurity conferences can make attendees weary, but there are many alternatives to the big name shows that may be easier to get to and easier to handle.  Continue Reading

• Deborah Wheeler lands role of CISO at Delta Air Lines

  The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role.  Continue Reading

• Experian's Tom King tackles role of CISO from the ground up

  An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says.  Continue Reading

• Is threat hunting the next step for modern SOCs?

  The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats.  Continue Reading

• Polycom CISO focused on ISO 27001 certification, data privacy

  Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company.  Continue Reading

• Challenging role of CISO presents many opportunities for change

  With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited.  Continue Reading

• In her new role of CISO, Annalea Ilg is curious, driven and paranoid

  The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure.  Continue Reading

• MIAX Options CSO on security's role in business continuity

  Faced with the demands of derivatives trading, CSO John Masserini understands the value of aligning controls with business risk. We ask him how he does it.  Continue Reading

• Role of CISO: FICO enlists CISO in security product management

  As head of FICO's information security program, Vickie Miller's role is wide-ranging.  Continue Reading

• High-stakes role of CISO: Scott Howitt, MGM Resorts International

  Many organizations are making the CISO a peer to the CIO or taking the position out of IT altogether, says Howitt, who has held several technology and leadership positions.  Continue Reading

• Aflac CISO Tim Callahan on global security, risk management

  With today's cyberthreats, the CISO has to know more about intelligence, working with government and private industry, and how to tailor the security program to further the business.  Continue Reading

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.  Continue Reading

• CISSP online training: Telecommunications and Networking

  Spotlight article: Shon Harris explains the main concepts in the CISSP domain on telecommunications and networking, including network protocols, extension technologies and more.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading

• Cybersecurity professionals: Five ways to increase the talent pool

  The lack of cybersecurity skills in the industry is glaring, but there are ways for educators, vendors and enterprises to fix the problem. Sean Martin explains how.  Continue Reading

• The CISO role rises: How is it working out?

  An unusual game of musical chairs is unfolding as companies scramble to ensure information security and shore up their ranks to the tune of regulators.  Continue Reading

• Cybersecurity skills shortage demands new workforce strategies

  The race to find InfoSec professionals who can outpace advanced threats has companies worldwide facing hurdles.  Continue Reading

• Information security jobs unfilled as labor pains grow

  Why cybersecurity hiring is the real cyberwar.  Continue Reading

• CISSP training video: Security Architecture and Design

  In this CISSP Essentials Security School video presentation, Shon Harris details the first half of the Security Architecture and Design domain, including system components, system protection, CUP and memory management and more.  Continue Reading

• CISSP training video: Access control security models

  In this CISSP Essentials Security School presentation, Shon Harris discusses the topics of security models, assurance evaluation and certification/accreditation in the Security Architecture and Design domain.  Continue Reading

• CISSP Essentials training: Domain 4, Security Architecture and Design

  In our lesson on Domain 4, Security Architecture and Design, Shon Harris reveals key concepts in system architecture security, as well as the importance of access control and must-know access control models.  Continue Reading

• CISSP Essentials Security School

  SearchSecurity's CISSP Essentials Security School offers free training for CISSP certification, featuring videos, tutorials and sample exam questions.  Continue Reading

• CISSP online training: Security Architecture and Design

  Spotlight article: Shon Harris discusses the main topics in the CISSP domain on security architecture and design, highlighting formal architectures, system architectures, security models and system evaluation.  Continue Reading

• CISSP cryptography training: PKI, digital certificates

  In this CISSP Essentials Security School video presentation, Shon Harris discusses two core tenants of the cryptography domain: public key infrastructure and the use of digital certificates.  Continue Reading

• CISSP training video: Cryptography algorithms and encryption keys

  In this CISSP Essentials Security School presentation, Shon Harris explains the basics of the Cryptography domain, including definitions, cryptography algorithms, encryption keys and more.  Continue Reading

• CISSP cryptography training: Components, protocols and authentication

  Spotlight article: Shon Harris outlines the main topics in the CISSP domain on cryptography -- background information, cryptography components, digital authentication, protocols and more.  Continue Reading

• CISSP Essentials training: Domain 3, Cryptography

  This lesson in our free CISSP certification training guide covers the history of cryptography and how to apply technologies and concepts to protect enterprise data.  Continue Reading

• Has the CISO role changed under the spotlight?

  The career is only now defining itself.  Continue Reading

• CISSP training video: Authentication technologies, federated identities

  In this CISSP Essentials Security School presentation, Shon Harris discusses the main topics of the Access Control domain, including authentication technologies, identity management systems and federated identity.  Continue Reading

• CISSP online training: Inside the access control domain

  Spotlight article: Shon Harris discusses the main topics covered in the CISSP domain on access control, including authorization, authentication, identity management and more.  Continue Reading

• CISSP Essentials training: Domain 2, Access Control

  In this Essentials Security School lesson featuring a two-part video tutorial, learn about the CBK section covering access control.  Continue Reading

• CISSP training video: Access control models, administration, IPS/IDS

  In this CISSP Essentials Security School presentation, expert instructor Shon Harris explains different types of access control models, access control administration and IPS/IDS technologies.  Continue Reading

• CISSP online training: Information security governance, risk management

  Spotlight article: Shon Harris offers an in-depth look at the topics covered in the CISSP domain on infosec governance and risk management.  Continue Reading

• CISSP training video: The AIC triad, ISMS, ISO 27000 series

  In this CISSP Essentials Security School presentation, expert Shon Harris discusses three key components of the CISSP Information Security Governance and Risk Management domain: the AIC triad, ISMS and the ISO 27000 series.  Continue Reading

• CISSP training video: Security enterprise architecture

  In this CISSP Essentials Security School presentation, expert Shon Harris discusses security enterprise architectures and their importance to the CISSP Information Security Governance and Risk Management domain.  Continue Reading

• CISSP training video: Control objectives, risk management and analysis

  In this CISSP Essentials Security School presentation, Shon Harris outlines the importance of control objectives, metrics, and risk management and analysis in the CISSP Information Security Governance and Risk Management domain.  Continue Reading

• CISSP Essentials: Domain 1, Information Security Governance and Risk Management

  In this CISSP Essential Security School lesson, learn about security management practices for securing information and assets.  Continue Reading

• CISSP introduction: A video guide to the CISSP exam

  In this CISSP Essentials Security School presentation, expert instructor Shon Harris offers a CISSP introduction. Learn about the 10 domains of the Common Body of Knowledge, typical exam content and what to expect after you pass the test.  Continue Reading

• An introduction to the (ISC)2 CISSP security certification exam

  Spotlight article: Learn about the (ISC)2 CISSP security exam, the 10 CISSP domains and the exclusive CISSP prep materials offered by Shon Harris and SearchSecurity.  Continue Reading

• CISSP Essentials training: Domain 9, Physical (Environmental) Security

  Prepare for the CISSP exam with this special training series on Domain 9, Physical (Environmental) Security.  Continue Reading

• CISSP Essentials training: Domain 8, Legal, Regulations, Investigations and Compliance

  In this CISSP study guide, learn about business continuity disaster recovery planning and how to endure and survive an enterprise disaster event.  Continue Reading

• CISSP Essentials training: Domain 6, Software Development Security

  Prepare for CISSP exam Domain 6 covering software application system development processes, and security threats and countermeasures.  Continue Reading

• CISSP Essentials training: Domain 5, Telecommunications and Network Security

  Prepare for Domain 5 of the CISSP exam by learning about telecommunications and networking.  Continue Reading

• Bridging the IT security skills gap

  While poaching security talent may plug short-term gaps, outreach and education will solve the long-term shortfall in IT security professionals.  Continue Reading

• CISSP All-in-One Exam Guide, Sixth Edition

  This excerpt provides references for government employees and contractors subject to new requirements, and also new CISSP exam practice questions.  Continue Reading

• CISSP Essentials training: Domain 7, Business Continuity and Disaster Recovery Planning

  Study for the CISSP exam with a video about business continuity and disaster recovery.  Continue Reading

• CISSP Essentials training: Domain 10, Operations Security

  Discover everything you need to know to ace the CISSP® exam with our first series of SearchSecurity.com Security School webcasts focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of ...  Continue Reading

• Spotlight article: Domain 9, Physical Security

  Information security depends on the security and management of the physical space in which computer systems operate. Domain 9 of the Common Body of Knowledge addresses the challenges of securing the physical space, its systems and the people who ...  Continue Reading

• Spotlight article: Domain 6, Application and System Development

  This article has been depreciated and is no longer up to date. See our editor's note for more information.  Continue Reading

• Spotlight article: Domain 8, Laws, Investigations and Ethics

  Get a detailed introduction to the concepts of CISSP exam Domain 8, Laws, Investigations and Ethics.  Continue Reading

• Spotlight article: Domain 7, Business Continuity

  Detailed background on CISSP exam Domain 7, covering business continuity and disaster recovery.  Continue Reading

• Spotlight article: Domain 5, Telecommunications and Networking

  This article has been depreciated and is no longer up to date. See our editor's note for more information.  Continue Reading

• Spotlight article: Domain 4, Security Models and Architecture

  This article has been depreciated and is no longer up to date. See our editor's note for more information.  Continue Reading

• Spotlight article: Domain 3, Cryptography

  This article has been depreciated. See the editor's note below for more information.  Continue Reading

• Spotlight article: Domain 1, Security Management Practices

  Get introduced to the basic concepts of CISSP exam Domain 1: Security Management Practices, including the three core principles of confidentiality, integrity and availability.  Continue Reading

• Spotlight article: Domain 2, Access Control

  This article has been depreciated. See below for updated information.  Continue Reading

• Sample Chief Information Security Officer resume

   Continue Reading

• Career management 101 for information security pros

  Eight questions to help information security professionals determine if their career is on the right track.  Continue Reading

• Ability to see the big picture

   Continue Reading

• Demonstrated good judgement

   Continue Reading

• Personal qualifications of an information security manager

  Charles Cresson Wood outlines the personal qualifications every information security manager should possess in this excerpt from Information Security Roles and Responsibilities Made Easy.  Continue Reading

• Pre-CISSP: Options for the security newbie

  Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.  Continue Reading