CSO:CYBER

Even in today's tough job market, demand for security pros remains high. We look at the hottest industries and markets for cyber security jobs — and what it will take to land a one of these top jobs. “These top security professionals are highly sought after and compensated, with rich benefits packages that can include competitive salary, bonuses, stock/stock options (if a public employer), deferred pension and golden parachute incentives,” Lenzner says. In terms of specific IT security salaries, SecurityDegreeHub.com cites the following as the average national salaries for top-paying jobs, as of July 2020: Chief information security officer - $249,000 Security architect - $124,600 Risk manager - $101,404 Security, network and/or web penetration tester - $83,137 Network security engineer - $82,760 Network security administrator - $76,500 Cybercrime investigator - $75,000 Information security analyst - $71,309 Security analyst - $67,419 Security manager - $55,000 Read more: https://w...

Criminals have pounced on the fear, uncertainty and disruption caused by the pandemic to take advantage of consumers and businesses, launching hundreds of scams and doubling down on proven tactics such as phishing for credentials. The way consumers pay for goods may never be the same. The pandemic has shifted consumer behavior toward rapid adoption of online ordering, in-app payments and other digital payments that limit physical interactions. But rethinking e-commerce strategies to bring more digital consumers in goes hand in hand with security solutions that help keep a new wave of bad actors out Read more: https://www.fiserv.com/en/about-fiserv/the-point/addressing-risk-amid-digital-acceleration.html?utm_source=linkedin&utm_medium=social&utm_campaign=blog Tags 🏷 #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datas...

How to Tell If Your CISO Sucks At Their Job This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Lee Parrish, CISO, Hertz. All three of us discussed: How to handle a CISO who is more self-interested in their industry status than securing the company. We have talked about our distaste of the security industry lauding praise on industry rock stars. One listener feared their CISO may be spending more time focusing on the 'visionary' prize rather than what needs to be done, the boring security basics. If your CISO is doing this, maybe steer them to the CIS Top 20 and, if you can, show them one or two new innovative ways to tackle these old problems. Security can understand the business by inviting themselves into the business.This means do your best to understand the most minor details and all positions at a company. If you see how all roles are interacting with technology, you'll better understand how security can fit in...

Como um programa suíço ensina privacidade online para crianças Para as autoridades suíças de proteção de dados, crianças a partir dos quatro anos de idade devem ser ensinadas sobre segurança e privacidade de dados, antes mesmo de começarem a usar a internet. Em uma iniciativa que pode ser uma novidade mundial, o cantão de Zurique lançou recentemente um conjunto de materiais didáticos sobre segurança e privacidade de dados para jardins de infância e para alunos iniciando a escola primária. O projeto quer ensinar às crianças a distinguir entre os segredos que elas podem compartilhar e os que devem guardar para si. O objetivo é permití-las compreender melhor o direito que têm à privacidade. Os criadores do programa de ensino disseram que uma iniciativa sobre privacidade com as crianças já era necessária há muito tempo e que deveria ir muito além do que já se fez. Para eles, este é um primeiro passo na defesa da democracia contra as ameaças do monitoramento invasivo e da desinformação Lei...

Cybersecurity Fails without Strategy Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses. Read more: https://www.peerlyst.com/posts/cybersecurity-fails-without-strategy-matthew-rosenquist?utm_source=peerly...

Idoso de 71 anos era hacker de quadrilha de cursos piratas A estimativa é que o grupo causou um prejuízo de 65 milhões de reais aos cursos oficiais e chegou a faturar cerca de 15 milhões Esqueça todas as ideias pré-concebidas que você pode ter de um hacker . Se, na sua cabeça, ele se parece com o personagem Elliot da série americana Mr. Robot, disponível no streaming Amazon Prime Video, prepare-se para o choque. Um idoso de 71 anos, que morava em Minas Gerais, era o responsável por hackear apostilas e ajudar um esquema de cursos piratas. O esquema funcionava da seguinte forma: o idoso era a “cabeça” por trás da estratégia e, por possuir conhecimentos avançados em tecnologia da informação, quebrava a criptografia das plataformas de streaming de educação e transferia os arquivos para um servidor particular. Dessa forma, tudo ficava disponível em um site criado pela quadrilha, que foi presa na manhã desta terça-feira (21). A estimativa é que o grupo causou um prejuízo de 65 milhões de rea...

This week's episode of Defense in Depth InfoSec Fatigue On this episode of Defense in Depth:Co-host Allan Alford and Helen Patton, CISO, The Ohio State University, discussed: Are we sliding in our effort to get ahead of security issues? There's a sense the tools and our ability isn't keeping up with the onslaught. Are we able to prove risk reduction to show that our efforts are successful? Those people who don't burn out are the ones who thrive on the technical and political challenges of cybersecurity. Disagreement on how you lead a discussion. Should it be story-based or data-based? Classic complaint about cybersecurity is success is measured by the absence of activity. Preventative security is not easily quantifiable as reactive security. CISOs have to step up and show evidence of security's success in the most understandable and digestible format. Suggested measures and metrics: likelihood and impact, business impact analysis, security program maturity curve, f...

Why is a diverse workforce so important in cybersecurity? The IT security industry is still failing to attract workers beyond a highly limited demographic, the Chartered Institute of Information Security (CIISec) has warned. Unless it can embrace greater diversity – in gender, age, ethnicity, disabilities and experience – it will face a stagnating workforce and be unable to keep up with a rapidly expanding skills gap. According to the Enterprise Strategy Group, the number of organisations reporting a problematic shortage of cybersecurity skills has increased every year since 2015. Read more: https://www.intelligentciso.com/2019/11/19/why-is-a-diverse-workforce-so-important-in-cybersecurity-and-how-can-organisations-address-challenges-around-this / Tags 🏷 #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity #ethicalhac...

Neste artigo o CISO especialista Gary Haylip compartilha seu ponto de vista sobre o impacto pós pandemia quanto a segura no acesso remoto...Confira abaixo o contexto e clique no link para ler a matéria completa. I recently published on LinkedIn an article about the foundational elements of the CISO role that will not change as it rises to meet the challenges of COVID-19 on businesses today. Currently, many CISOs are working remotely and leading security programs as they assist IT teams who are caring for employees that have transitioned from an office environment to one at their home kitchen table. Couple that work with videoconference meetings, chat discussions, and full email boxes, and CISOs can see their careers evolving before their eyes as they talk with peers about an uncertain future. Link:  https://www.linkedin.com/pulse/changes-set-impact-cisos-post-pandemic-world-gary-hayslip-cissp- / Tags 🏷 #cybersecurity #cso #ciso #infosec #cissp #itriskmanagement #ciberseguranca #...

CEO, CISO Panel on Innovation, Risk and Lessons Learned From Crisis Management What are the biggest leadership lessons from the COVID-19 pandemic? And what will CEOs and CISOs look back on and say, "Why did we ever do things that way?" Those questions were posed to a panel of cybersecurity leaders, and here are their candid answers. Tune in to watch a few of our advisory board CISOs and some dynamic industry CEOs discuss lessons learned from the COVID-19 pandemic. And the big question of what will CEOs and CISOs look back on and say, "Why did we ever do things that way?" Chuck Brooks, president, of Brooks Consulting, Gal Helemski, co-founder and chief innovation and product officer of PlainID, Dave Merkel, the CEO of Expel join CISOs Stephen Fridakis, currently the technical program manager, security - mergers and acquisitions for Google, Anahi Santiago, CISO at ChristianaCare Health Systems and Stephenie Southard, the CISO at BCU Credit Union. Topics range from Tel...

Um dos principais objetivos que movem o CTF-BR desde sua criação, é a vontade de fortalecer os times brasileiros e fomentar a criação de novas equipes que consigam ser competitivas no cenário internacional. Tendo isso em mente, e em parceria com o ELT , vamos fazer uma Batalha entre os times filiados em um formato parecido com o UHC (Ultimate Hacker Championship), que vem sendo feito todos os domingos pelo rinconhacking . Essa competição acontecerá dia 09 de agosto, iniciando às 14h, e vai durar até alguém resolver completamente o desafio, ou atingirmos 5 horas de combate. Leia mais:  https://ctf-br.org/2020/07/ctf-br-battle-royale-2020/ Tags 🏷 #cybersecurity #cso #ciso #infosec #hacker #security#ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cybersecurity #datasecurity #ethicalhacking #hacking #cloud #informationsecurity #securitymanagement #infosec #ransomware #datasecurity #battlerouale...

O CISO da Tenable Adam Palmer apresenta nesse artigo ideias sobre como esta lidar com os desafios de seguranca em tempos de pandemia . Uma abordagem bem interessante!!! Risk management and monitoring across the extended and remote enterprise may prove to be beneficial, as Adam Palmer, Chief Cybersecurity Strategist from Tenable, lists five best practices that CISOs can follow. The pandemic has changed the world, perhaps forever. Employees are working at home using personal, and often unsecured, devices and networks. For a Chief Information Security Officer (CISO), used to believing that for the corporate network perimeter “inside is safe, outside is unsafe,” now nearly everything is outside and there is no perimeter. New risks and vulnerabilities seem to be arising everywhere on many new types of devices. The threat landscape has expanded — a worrying position for any security leader. Despite these risks, organizations expect business continuity and a way forward. CISOs must attempt...

O novo normal da segurança da informação e proteção de dados exige a contratação de seguro cibernético. No capítulo 6 do livro de Josué está descrita uma das mais significativas conquistas militares do povo hebreu: a tomada da cidade de Jericó. Trata-se da conquista de uma cidade forte onde muralhas – sim, muralhas! Eram duas! – foram derrubadas de maneira surpreendente, para pavor dos que lá habitavam em 1400 A.C. Cabe ressaltar que a cidade dos Cananeus contava com forte aparato bélico e organização militar, como a existência de serviço secreto a disposição do monarca [1]. O que isso tem a ver com os nossos dias? A cidade forte, que após invadida foi queimada, empresta o nome para uma iniciativa surgida nos idos de 2003 que fomentou a discussão sobre a queda do perímetro de segurança nas organizações [2]. Para isso, o Jericho Forum ou em bom português: Fórum Jericó teve a missão de discutir o De-perimeterisation [3] que traduzido para português torna-se algo como: des-perímetro (será...

This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Helen Patton, CISO, The Ohio State University. All three of us discussed: Aggressive vendor behavior has caused CISOs to ignore all cold calls. Salespeople may have stats that show the success of their cold calls, but the behavior of cold calling has created a culture where CISOs are in avoidance mode. From a CISO's perspective, the solution is not a discussion around more effective cold calling, but rather security vendors using other forms of marketing so they're able to learn about solutions organically. Create threat scenarios based on the most common user mistakes. While we universally agreed calling end users "dumb" is not an effective security or relationship strategy, it would be a good idea to understand how your security program can withstand the most common user mistakes, such as clicking a phishing email. If you build out such a program, not only ar...

Assista a palestra realizada no Security Leaders Rio de Janeiro para entender como a antiga fábula indiana dos 7 camundongos cegos explica processos de tomada de decisão falhos e que produzem exposição inconsciente a níveis de risco intoleráveis de segurança. Entenda também como essa síndrome da miopia pode ser endereçada compreendendo o comportamento humano, os vetores de influência e, principalmente como as pessoas acabam no centro da segurança corporativa. Por Marcos Sêmola Leia mais = https://www.youtube.com/watch?v=avqszkZjOuI&utm_medium=social&utm_source=linkedin&utm_campaign=postfity&utm_content=postfity95574 Tags 🏷 #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity #ethicalhacking #hacking #cloud #informationsecurity #securit ymanagement #infosec #ransomware #datasecurity @securityleaders @m...

Neste artigo publicado no portal csoonline.com apresenta métricas importantes para um líde de infosec. Confira abaixo um pouco da matéria e clique no link parar ler o artigo completo. The increasingly high stakes of getting security right and growing board interest means metrics are more important than ever. But there are some metrics that are more useful than others. 6 conventional metrics that remain valuable: 1.Results of simulated phishing attacks 2.Mean time to recover 3.Mean time to detect 4.Penetration testing 5.Vulnerability management 6.Enterprise security audits 4 metrics to abandon: 1.Number of attacks 2.Patches completed 3.Vulnerabilities identified 4.Viruses blocked Read more: https://www.csoonline.com/article/3530230/6-security-metrics-that-matter-and-4-that-don-t.html Tags 🏷 #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity...

“Cyber security is a shared responsibility. Working together, we can secure America’s cyberspace.” The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security which was created in September 2003. The main purpose of creating the US-Cert is to protect the Nation’s Internet infrastructure. US-CERT is a branch of Cyber Security and Infrastructure Security Agency (CISA), to defend against threats and provide more security to the nation. Read more: https://lifars.com/2020/07/what-is-us-cert-and-how-to-benefit-from-it/ Tags 🏷 #cybersecurity #cso #ciso #infosec #cissp #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #cism #securityleaders #cciso #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity #ethicalhacking #hacking #cloud #informationsecurity #securitymanagement #infosec #ransomware #datasecurity #lifars #csocyber

We analyzed 6 million investigative leads and 15,000 threats to inform our latest report. This report provides an in-depth look at the most prevalent ATT&CK® techniques facing your business. Produced after analyzing 6 million investigative leads and 15,000 threats to uncover the top trending ATT&CK techniques See the Top 10 techniques impacting your industry by total threat volume Understand how to detect and mitigate specific techniques, with ideas and recommendations from our detection engineers Learn how to test your defenses against techniques using Atomic Red Team—an open source testing framework of small, highly portable detection tests Read more: https://redcanary.com/red-canary-threat-detection-report/?_bt=433114880568&_bk=%2Bthreat%20%2Bdetection&_bm=&_bn=d&gclid=Cj0KCQjwgJv4BRCrARIsAB17JI5vGuMSMIDed4eHn3bfAPuoOEUv6CWc5QSgFjgQQv4ZswjiVs9e-zIaAhNUEALw_wcB Tags 🏷 #cybersecurity #cso #ciso #infosec #cissp #itriskmanagement #ciberseguranca #cyberattac...

A nova edição da Intelligent CISO foi publicada nesta semana e conta com alguns tópicos bem interessantes: .A Perfect FIT .Countering the new generation of attacks driven by COVID-19 .Experts discuss adapting security budgets to manage operations effectively .SOC transformation - Key trends for transforming a Security Operations Centre .A10 Networks reveals the DDoS weapons and attack vendors which business face .Lastet updates from across the globe, APAC and Africa .How have business leaders adapted their security budget to manage their operations moving forward?

Por conta da pandemia, empresas de todo o mundo se viram obrigadas a adotar o modelo remoto de trabalho para os seus colaboradores e novas preocupações em relação à segurança de dados vieram à tona. Diante desse cenário de mudanças e transformações, o profissional de cibersegurança tem um papel muito importante no processo de adaptações e atuações, características destacadas por Rangel Rodrigues em seu artigo sobre o assunto A história relata que naqueles dias de Roma os soldados se preparavam para a batalha como um sentinela, pois cada parte da armadura deveria ser usada com eficácia e eficiência no dia da batalha. Assim como o capacete, espada, escudo, couraça, sandália eram fundamentais, o cinto por sua vez mantinha a espada pendurada e firme na cintura, e ainda tinha a questão do peso destes metais como a espada e o escudo. O soldado tinha que ser forte para manipular e estender o escudo com força para se defender contra o ataque adversário. Nesta mesma leitura, o profission...