Experts Say to Expect More Job Attrition in 2022
By Deborah Johnson
The confluence of a long-standing global shortage of cybersecurity professionals and ongoing impact of the current pandemic will continue to present cybersecurity hiring challenges in the coming year. Some of these challenges (which could also be seen as “opportunities”) are highlighted in the November/December 2021 issue of InfoSecurity Professional
magazine. They include the continuation of the remote workforce, the potential of salary creep and the need for upskilling current staff. Read More
It’s not the drivers. It’s the road.
A plea for secure-by-default infrastructure software
By Richard Paul Hudson, CISSP
If a combination of road markings were consistently shown to confuse drivers, leading to avoidable accidents, the appropriate response would be to change them and repaint the road, rather than try to teach people to compensate for the poor markings. Yet in the world of application security, where the insecure default behavior of infrastructure software repeatedly causes developers to build vulnerabilities into their applications, the focus remains on education and increasing developer awareness rather than on fixing the road markings — in this case the broken tools. Read More
Demystifying CMMC: How It Can Help Counter Current Cyberattacks
By Adam Kohnke, CISSP
The publicly available Cybersecurity Maturity Model Certification (CMMC) is getting a lot of attention these days, both within and outside the public sector. Developed by the U.S. Department of Defense in response to escalating cyberattacks aimed at the defense industrial base and DoD supply chain, CMMC has broader appeal for any organization determining the maturity of its IT security controls. But what, exactly, does it do to improve an organization’s cybersecurity posture? Read More
7 Ways to Enhance Your Business Reputation Through Security
By Duncan Greaves
Your business reputation is key to building communities, establishing partnerships, and why others choose your solutions. That reputation, whether you operate as a “solopreneur” or employee, is an external evaluation based on such criteria as direct experience, communications, branding, and/or established thought leadership. Information security professionals too often leave business reputations up to other departments or employees. However, they play no small role in how that organization’s reputation is shaped and evolves. Read More
Can There Be Trustworthy Software Supply Chains?
By Matt Gillespie
Supply chain security depends on its weakest link, a problematic reality for software because so many links are hidden from view.
When the software vendor acts as the root of trust for its customers, verifying product authenticity is more or less equated to verifying safety. But that system of belief breaks down if the vendor itself is compromised, as when SolarWinds’ trusted components proved untrustworthy after a cyberattack in early 2020. Read More
Panel: Understanding the Extensive Ransomware Threat
By Paul South
Spencer Wilcox remembers the first time he heard a respected security expert talk of “it’s not if, it’s when” in terms of ransomware attacks.
“I remember thinking at the time, ‘Well, that seems defeatist,’” Wilcox, chief security officer and executive director of technology at PNIM Resources, said. “Of course, like everybody else in the industry, I matured to finally get to a point where I can accept disaster. This [though] is a level of disaster I don’t think any of us are prepared to accept. So, as a result, we’ve got to figure out better ways to prevent ransomware. And more importantly, we have to have great ways to recover.” Read More