Thinking of a Cybersecurity Career? Read This

Krebs on Security

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Virtually every week KrebsOnSecurity receives at least one email from someone seeking advice on how to break into cybersecurity as a career. How did the cybersecurity practitioners surveyed grade their pool of potential job candidates on these critical and very important skills?

AI and Cybersecurity

Schneier on Security

Ben Buchanan has written " A National Security Research Agenda for Cybersecurity and Artificial Intelligence." artificialintelligence attribution cybersecurity nationalsecuritypolicy reportsIt's really good -- well worth reading.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity Plan for 2020 US Election Unveiled

Data Breach Today

CISA Describes Its Role as Security Facilitator The U.S.

US House Passes IoT Cybersecurity Improvement Act

Security Affairs

House of Representatives passed the IoT Cybersecurity Improvement Act, a bill that aims at improving the security of IoT devices. House of Representatives last week passed the IoT Cybersecurity Improvement Act, a bill designed to improve the security of IoT devices.

IoT 90

Cybersecurity During COVID-19

Schneier on Security

They are more vulnerable to attack simply because they are less secure. Employees working from home are going to save data on their own computers, where they aren't protected by the organization's security systems. That's a big problem because the security issues are not going away.

Vietnam's 'Cybersecurity' Law Says Little on Security

Data Breach Today

Law Focuses More on Fighting Anti-Government Speech On Wednesday, just days after a new "cybersecurity" law took effect, Vietnam alleged that Facebook has violated the law by allowing users to post anti-government comments on the platform. The so-called cybersecurity law actually speaks little about IT security measures

Cybersecurity's Automation Imperative

Data Breach Today

Censornet's Richard Walters on the Role of Autonomous Security With cybersecurity becoming ever more difficult to monitor and manage, and product and data overload triggering cyber fatigue among cybersecurity professionals, organizations must embrace more autonomous approaches, says Censornet's Richard Walters

The Cybersecurity Follies: Zoom Edition

Data Breach Today

And for many use cases - hint: not national security - it is a perfectly fine option

Congress Approves New DHS Cybersecurity Agency

Data Breach Today

Bill Creating Cybersecurity and Infrastructure Security Agency Awaits President's Signature The United States will soon officially have a single agency that takes the lead role for cybersecurity.

NASA Still Struggling With Agency-Wide Cybersecurity Program

Data Breach Today

IG Report Finds Agency's Infrastructure Remains Tempting Target for Hackers A recent Inspector General's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3 billion on IT, networking and security technology in 2019.

Cybersecurity Leaders: Planning (and Budgeting) for 2021

Data Breach Today

A CEO/CISO panel discusses how security leaders prioritize budget allocations for these concerns

Interior Dept. Grounds Drones Over Cybersecurity Concerns

Data Breach Today

Department of the Interior this week announced that it has temporarily grounded all drone operations, except for emergencies, citing concerns over national security and cybersecurity. Department Says Several Concerns Must Be Addressed The U.S.

Cybersecurity for the Midmarket

Data Breach Today

Global Cyber Alliance's Phil Reitinger Describes Efforts to Bolster SMB, Election Security In 2019, the Global Cyber Alliance debuted its toolkit to help small and midsized organizations bolster cybersecurity. How has the toolkit been received and refined? Phil Reitinger, who heads the alliance, discusses progress

Analysis: 2020 Cybersecurity Issues

Data Breach Today

The latest edition of the ISMG Security Report discusses 2020 cybersecurity trends, including fixing "fake everything," dealing with the issue of weaponized social media and securing the U.S. presidential election

Analysis: Coronavirus Cybersecurity and Privacy Issues

Data Breach Today

The latest edition of the ISMG Security Report offers an analysis of cybersecurity and privacy issues raised by COVID-19 research efforts. Also featured: the latest ransomware trends and an investor's take on hot cybersecurity sectors

The Unintended Harms of Cybersecurity

Schneier on Security

Interesting research: " Identifying Unintended Harms of Cybersecurity Countermeasures ": Abstract: Well-meaning cybersecurity risk owners will deploy countermeasures (technologies or procedures) to manage risks to their services or systems. Security is always a trade-off. academicpapers cyberattack cybercrime cybersecurity riskassessment risks

Building a Corporate Culture That Values Cybersecurity

Data Breach Today

Insights on Gauging an Organization's Security Maturity Level Corporate culture can have a big impact on an organization's ability to achieve cybersecurity objectives, says Jessica Barker, chair of ClubCISO, a private members forum for European information security leaders, who provides insights on gauging an organization's security maturity

BOOK REVIEW: ‘Security Yearbook’ preserves cybersecurity history — highlights tectonic shift

The Last Watchdog

Along with Richard Stiennon , I belong to a small circle of journalists and tech industry analysts who’ve been paying close attention to cybersecurity since Bill Gates curtailed commercial work on Windows to rivet Microsoft’s attention on defending its software code. Related: The role of PKI is securing digital transformation That was in 2002. Cybersecurity, which started with antivirus suites, spam filters and firewalls, has mushroomed into a $103 billion industry.

Virtual Summit Dives Into Healthcare Cybersecurity Issues

Data Breach Today

CISOs, Other Experts to Tackle Hot Topics, Including Challenges During COVID-19 Crisis How have the cybersecurity challenges facing healthcare organizations changed during the COVID-19 pandemic? Information Security Media Group's Healthcare Cybersecurity Virtual Summit, to be held on June 9 and replayed June 10 and 11, will provide insights

Cybersecurity Leadership: The 2020 Vision

Data Breach Today

Cyber Leader Christopher Hetner on the Capacities, Skills Needed for Next Decade's Security Leaders What are the key experiences, capacities and skills needed by the next generation of cybersecurity leaders, as they prepare to address enterprise business risk in the next decade?

Why Should Physical Security Professionals Learn Cybersecurity Skills?

Dark Reading

In the first of a series of columns set to be hosted exclusively on IFSEC Global, Sarb Sembhi, CISM, CTO & CISO, Virtually Informed outlines why physical security professionals should be investing in their cyber security skillset

Government Agencies Field More Cybersecurity Maturity Models

Data Breach Today

Pentagon and DOE Pitch Security Frameworks - But Should They Defer to NIST? The Pentagon and the Department of Energy are pitching new or revised cybersecurity capability maturity models to help their sectors prioritize cybersecurity investments and refine processes and controls. But should they defer to the NIST Cybersecurity Framework instead

Uncertain Markets May Drive Cybersecurity Consolidation

Data Breach Today

Experts: This Week's 'Black Monday' Likely to Accelerate Security M&A Activity With U.S. Experts predict this will drive fresh waves of consolidation and M&A in the cybersecurity market, as well as growth in hot areas stock markets suffering their worst day since 1987 on Monday, most technology firms took a hit as Wall Street continues to be rattled by the COVID-19 crisis.

Top cybersecurity Predictions for 2020

Security Affairs

The 2020 Cybersecurity Landscape – Below Pierluigi Paganini’s cybersecurity predictions for the next twelve months. Here we are again for the annual prediction of the events that I believe will impact the cybersecurity landscape in the next year.

Cybersecurity Firm Imperva Discloses Breach

Krebs on Security

based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of Web-based software applications. 20 about a security incident that exposed sensitive information for some users of Incapsula , the company’s cloud-based Web Application Firewall (WAF) product.

Bridging the Cybersecurity Skills Gap

Data Breach Today

The latest edition of the ISMG Security Report features Greg Touhill, the United States' first federal CISO, discussing how "reskilling" can help fill cybersecurity job vacancies. Plus, California considers tougher breach notification requirements; curtailing the use of vulnerable mobile networks

Emotet Malware Alert Sounded by US Cybersecurity Agency

Data Breach Today

Cybersecurity and Infrastructure Security Agency says it's been "tracking a spike" in targeted Emotet attacks, and urges all organizations immediately put in place defenses to not just avoid infection, but also detect lateral movement in their networks by hackers

A COVID-19 Cybersecurity Poll: Securing a Remote Workforce

Threatpost

Weigh in on how your organization is securing its remote footprint with our short Threatpost poll. Cloud Security Critical Infrastructure Government Malware Mobile Security Vulnerabilities Web Security best practices Businesses coronavirus COVID-19 Cybersecurity ransomware remote working schools telecommuting work from homeCOVID-19 is changing how we work.

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Insurers writing cyber insurance focus more on organisational procedures than technical controls, rarely include basic security procedures in contracts, and offer discounts that only offer a marginal incentive to invest in security.

9 Cybersecurity Takeaways as COVID-19 Outbreak Grows

Data Breach Today

Attackers Already Targeting Remote Workers With Phishing Campaigns As a result of the COVID-19 outbreak, cybercriminals increasingly are targeting organizations that now have more remote workers and fewer IT and security staff at the ready to mitigate hacker attacks and intrusions, security experts say

Companies Struggle for Effective Cybersecurity

Dark Reading

The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows

NSA Launches New Cybersecurity Directorate

Security Affairs

NSA is redefining its cybersecurity mission and with the Cybersecurity Directorate it will enhance its partnerships with unclassified collaboration and information sharing. Under the new Cybersecurity Directorate — a major organization that unifies NSA’s foreign intelligence and cyberdefense missions. The NSA announced the new Cybersecurity Directorate — which will help defend domestic organizations from foreign cyberattacks. ” The State of Cybersecurity.

Medical Device Cybersecurity: The Top Challenges

Data Breach Today

Access and identity management continues to be a top medical device cybersecurity challenge, says security expert Mark Sexton of the consultancy Clearwater, who offers a variety a risk mitigation tips

Bill Would Create State Cybersecurity Leader Positions

Data Breach Today

senators has introduced legislation that would require the Department of Homeland Security to appoint cybersecurity leaders in each state to help combat growing cyberthreats against units of local government DHS Would Fund Coordinators for Every State A bipartisan group of U.S.

Kubernetes Security

Schneier on Security

A good first step towards understand the security of this suddenly popular and very complex container orchestration system. cybersecurity opensource securityengineeringAttack matrix for Kubernetes, using the MITRE ATT&CK framework.

Detecting Network Security Incidents

Data Breach Today

ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents

Government Shutdown Hampers Cybersecurity

Adam Levin

Government has impacted federal cybersecurity according to several reports. The roughly 800,000 federal workers currently on furlough include: 45% of staff from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency , which is tasked with defending critical infrastructure from cyber and physical threats. A] lot of real heavy lifting to secure the critical infrastructure is done by my DHS colleagues.

How to Write a Cybersecurity Playbook During a Pandemic

Threatpost

Cloud Security InfoSec Insider Malware Mobile Security Vulnerabilities Web Security brian foster COVID-19 cybersecurity playbook mobileiron Pandemic tips work from home workforce shift

Cybersecurity Home School: Garfield Teaches Security

Dark Reading

The famous cartoon cat can help kids ages 6 to 11 learn to be more secure when they're online

Cybersecurity Training Agency Breached After Phishing Attack

Adam Levin

The SANS Institute, a company that provides cybersecurity training and certification, announced that a data breach compromised the personally identifiable data of roughly 28,000 records. Describing itself as “the most trusted and by far the largest source for information security training in the world,” SANS stated in their announcement of the breach on August 6 that they “identified a suspicious forwarding rule” in their email configuration.