It’s a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.Indeed, such is the market, that - as we reported last year, even poor performing CISOs, dismissed from previous jobs, get handed new opportunities time and time again.To read this article in full or to leave a comment, please click here(Insider Story)
It’s a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.To read this article in full or to leave a comment, please click here(Insider Story)
Although it dates as far back as the 1950s, Artificial Intelligence (AI) is the hottest thing in technology today.An overarching term used to describe a set of technologies such as text-to-speech, natural language processing (NLP) and computer vision, AI essentially enables computers to do things normally done by people.Machine learning, the most prominent subset of AI, is about recognizing patterns in data and computer learning from them like a human. These algorithms draw inferences without being explicitly programmed to do so. The idea is the more data you collect, the smarter the machine becomes.To read this article in full or to leave a comment, please click here
Chief Information Security Officers are a relatively rare breed. Information security is, after all, a relatively recent addition or subset to IT, and while most large organizations now do profess to having a CISO, CSO or head of information security, many still don’t. Indeed, it’s often the case that a company appoints its first CISO in the aftermath of a data breach - like Target did in 2014 or Sony in 2011.To read this article in full or to leave a comment, please click here(Insider Story)
There are hundreds of security vendors across the security stack. You have providers for cloud, email, network and endpoint security, as well as threat, malware and DDoS protection, among phishing and whaling protection, insider threat detection and a whole lot more.The trouble is, a huge number of these solutions don’t ‘play’ well with one another, with this often making life difficult for security teams adopting these technologies. At the same time, these same teams are expected to keep up with an ever-changing landscape and criminals who innovate faster than most Fortune 500 companies.Magnum Consulting analyst Frank J. Ohlhorst captured this collaboration issue perfectly in an opinion piece last year.To read this article in full or to leave a comment, please click here
There are hundreds of security vendors across the security stack. You have providers for cloud, email, network and endpoint security, as well as threat, malware and DDoS protection, among phishing and whaling protection, insider threat detection and a whole lot more.The trouble is, a huge number of these solutions don’t ‘play’ well with one another, with this often making life difficult for security teams adopting these technologies. At the same time, these same teams are expected to keep up with an ever-changing landscape and criminals who innovate faster than most Fortune 500 companies.Magnum Consulting analyst Frank J. Ohlhorst captured this collaboration issue perfectly in an opinion piece last year.To read this article in full or to leave a comment, please click here
Infosec budgets. They are small, they largely come from IT, and CISOs/CSOs often complain they are not nearly big enough.It’s a constant subject of debate and rightly so; a security budget will indirectly influence how well a CISO protects their business and its assets - and frankly, how well they do their job (which, in turn, will determine how long they stay in it).This isn’t meant to be all doom and gloom however; clever CISOs/CSOs and CIOs understand they have to resource more carefully in today’s economically challenging times. For CISOs, that involves using money effectively, and making do with solutions they already have, in order to protect the assets they truly care about. It can also involve upskilling staff, and rolling out cost effective security awareness campaigns.To read this article in full or to leave a comment, please click here(Insider Story)
Infosec budgets. They are small, they largely come from IT, and CISOs/CSOs often complain they are not nearly big enough.To read this article in full or to leave a comment, please click here(Insider Story)
The InfoSec market is predicted to grow from $75 billion in 2015 to $170 billion by 2020, but – like any child star – it finds itself struggling with growing pains.An evolving threat landscape, cyber-crime-as-a-service and cyber espionage are the biggest problems for CISOs and law enforcers today, not to mention the record number of data breaches, but there is a bigger, arguably more basic, problem that stunts the market.Information security has long been suffering from a well-advertised skills gap problem. It’s well cited that (ISC)² says that there will be a shortage of 2 million professionals by 2020, with Cisco putting the current global shortage at closer to 1 million. According to 2015 analysis from Bureau of Labor Statistics by Peninsula Press, more than 209,000 cybersecurity jobs in the U.S. are currently unfilled.To read this article in full or to leave a comment, please click here(Insider Story)
The InfoSec market is predicted to grow from $75 billion in 2015 to $170 billion by 2020, but – like any child star – it finds itself struggling with growing pains.To read this article in full or to leave a comment, please click here(Insider Story)
Historically, the head of security (CISO) reporting into the head of IT (CIO) has made a lot of sense.Both departments are – at their core – technical disciplines, and as such there is a need for the two to be in regular contact. They need to overlap on network infrastructure, information security, and IT compliance, not to mention overseeing the release of safe, bug-free code and the delivery of secure products.Yet this relationship is often lambasted by those working in the InfoSec community. Some describe it as ‘adversarial’ – with two very different people trying to achieve different objectives.CIOs will look to bring new business applications online, to maintain service-level agreements, and ensure that IT services are available for all users. Indeed, a CIO’s bonuses are often tied to KPIs around these very principles.To read this article in full or to leave a comment, please click here
As a journalist, you know the drill at media briefings. Hosted and paid-for by a vendor, and with speakers from the company - as well as (usually) an end-user or an academic, the idea is to bring journalists together with the experts to discuss the prominent matters in the industry. And if those issues and industry challenges can be resolved with one of the vendor’s solutions then everyone’s a winner.The vendor gets the business, the press coverage and the thought leadership, while the journalist gets the story, the contacts and the free lunch. The speakers get some media air-time. It’s no surprise then, that these are usually enjoyable, if tame, affairs.To read this article in full or to leave a comment, please click here
The CISO is a precarious job. Research studies indicate that CISOs typically survive just 18 months to two years in a job which is increasingly complex and multi-skilled.After all, information security is no longer solely about managing firewalls and patch management, but rather a varied role encompassing business and technical skills. Add into that continual issues around funding, reporting lines, governance and a lack of support from the board and you can see why the role is not to be taken lightly.Indeed, Deloitte says that the CISO today must have four ‘faces’; the strategist, the adviser, the guardian (protecting business assets by understanding the threat landscape and maintaining security programs) and the technologist.To read this article in full or to leave a comment, please click here
Today’s Chief Information Security Officer (CISO) leads an increasingly precarious life.Since the emergence of the job title in the late 1990s, the CISO job has become more complex - and demanding - by the day.Whereas once this was a technical job focused largely on fixing firewalls and patching vulnerabilities, today’s security chiefs are expected to do this and a whole lot more. They’re charged with juggling the day-to-day operations of their security team with meeting board expectations while also staying abreast of an ever-evolving threat landscape and regular regulatory changes.As a result, it could be argued that the CISO job is a poisoned chalice: the job is well-paid, respected and increasingly available to people of all backgrounds (thanks to the well-publicized InfoSec skills shortage), and yet the average job can last 18 months or less. A CISO could be dismissed for any number of things, from a breach or missed vulnerability to failing to align security operations with the board’s business goals.To read this article in full or to leave a comment, please click here
In many ways, security awareness training exemplifies the way information security is seen and tackled by senior management.A once-a-year, classroom-based approach may be traditional, with security updates and warnings posted on walls and the Intranet, but it is also a sign of a tick-box, compliance-driven approach to security. It is often done to appease industry regulators, PCI and data protection authorities, and the training can offer relatively basic – arguably condescending- advice.But times are changing. The threat landscape is growing with the arrival of millions of mobiles and wearables, each with their own IP address, while organized crime and nation-state APT groups are looking at new ways of compromising victims. From exploit kits and Trojans to ransomware, phishing and social engineering scams – the criminal game has moved on.To read this article in full or to leave a comment, please click here
The long-held view is that breached companies are cast aside by consumers, investors and shareholders. A breach isn’t just a temporary glitch – it’s a mistake, a faux pas, which you can’t just shake off.This warning that has been used by information security professionals over the course of the last five years and for good reason; nothing gets a CEO or CFO’s attention on security matters more than "this is losing us money".However, on closer inspection, it could be argued that this reputation argument is a falsehood.Over the course of the last 18 months, we’ve seen some of the biggest, most widespread, data breaches in the history of the Internet.To read this article in full or to leave a comment, please click here
The information security skills gap may have become a huge issue for Chief Security Offices (CSOs) and Chief Information Security Officers (CISOs), but there are a number of ways InfoSec teams can work around the shortage so to protect their networks and stay ahead of the attackers.
Outsourcing staff
When people think of outsourcing, they often think of outsourcing services. A company may, for example, choose to outsource its accounting, customer management, or recruitment.
However, it’s worth noting that you can also outsource talent and this is a poignant note for an understaffed and under-skilled security industry.To read this article in full or to leave a comment, please click here
Doug Drinkwater