CSO:CYBER

Even in today's tough job market, demand for security pros remains high. We look at the hottest industries and markets for cyber security jobs — and what it will take to land a one of these top jobs. “These top security professionals are highly sought after and compensated, with rich benefits packages that can include competitive salary, bonuses, stock/stock options (if a public employer), deferred pension and golden parachute incentives,” Lenzner says. In terms of specific IT security salaries, SecurityDegreeHub.com cites the following as the average national salaries for top-paying jobs, as of July 2020: Chief information security officer - $249,000 Security architect - $124,600 Risk manager - $101,404 Security, network and/or web penetration tester - $83,137 Network security engineer - $82,760 Network security administrator - $76,500 Cybercrime investigator - $75,000 Information security analyst - $71,309 Security analyst - $67,419 Security manager - $55,000 Read more: https://w...

Criminals have pounced on the fear, uncertainty and disruption caused by the pandemic to take advantage of consumers and businesses, launching hundreds of scams and doubling down on proven tactics such as phishing for credentials. The way consumers pay for goods may never be the same. The pandemic has shifted consumer behavior toward rapid adoption of online ordering, in-app payments and other digital payments that limit physical interactions. But rethinking e-commerce strategies to bring more digital consumers in goes hand in hand with security solutions that help keep a new wave of bad actors out Read more: https://www.fiserv.com/en/about-fiserv/the-point/addressing-risk-amid-digital-acceleration.html?utm_source=linkedin&utm_medium=social&utm_campaign=blog Tags 🏷 #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datas...

How to Tell If Your CISO Sucks At Their Job This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Lee Parrish, CISO, Hertz. All three of us discussed: How to handle a CISO who is more self-interested in their industry status than securing the company. We have talked about our distaste of the security industry lauding praise on industry rock stars. One listener feared their CISO may be spending more time focusing on the 'visionary' prize rather than what needs to be done, the boring security basics. If your CISO is doing this, maybe steer them to the CIS Top 20 and, if you can, show them one or two new innovative ways to tackle these old problems. Security can understand the business by inviting themselves into the business.This means do your best to understand the most minor details and all positions at a company. If you see how all roles are interacting with technology, you'll better understand how security can fit in...

Como um programa suíço ensina privacidade online para crianças Para as autoridades suíças de proteção de dados, crianças a partir dos quatro anos de idade devem ser ensinadas sobre segurança e privacidade de dados, antes mesmo de começarem a usar a internet. Em uma iniciativa que pode ser uma novidade mundial, o cantão de Zurique lançou recentemente um conjunto de materiais didáticos sobre segurança e privacidade de dados para jardins de infância e para alunos iniciando a escola primária. O projeto quer ensinar às crianças a distinguir entre os segredos que elas podem compartilhar e os que devem guardar para si. O objetivo é permití-las compreender melhor o direito que têm à privacidade. Os criadores do programa de ensino disseram que uma iniciativa sobre privacidade com as crianças já era necessária há muito tempo e que deveria ir muito além do que já se fez. Para eles, este é um primeiro passo na defesa da democracia contra as ameaças do monitoramento invasivo e da desinformação Lei...

Cybersecurity Fails without Strategy Building and running a cybersecurity organization is a daunting task and most aren’t doing very well. The brutal reality is that the industry is struggling. Even as gains are made in the professional community, losses are skyrocketing in the face of security spending that is increasing to astronomical levels. Some estimates place losses to cybercrime alone at $6 trillion by 2021, doubling from $3 trillion in 2015, while security spending will top $1 trillion with expected double digit annual growth. These losses exceed the global illegal drug market and the security investment burden increases at an unsustainable rate. Even with massive investments over the years, the world continues to hemorrhage losses due to cyber-attacks. These damages are derived from individual organizations that have failed to erect and maintain viable defenses. Read more: https://www.peerlyst.com/posts/cybersecurity-fails-without-strategy-matthew-rosenquist?utm_source=peerly...

Idoso de 71 anos era hacker de quadrilha de cursos piratas A estimativa é que o grupo causou um prejuízo de 65 milhões de reais aos cursos oficiais e chegou a faturar cerca de 15 milhões Esqueça todas as ideias pré-concebidas que você pode ter de um hacker . Se, na sua cabeça, ele se parece com o personagem Elliot da série americana Mr. Robot, disponível no streaming Amazon Prime Video, prepare-se para o choque. Um idoso de 71 anos, que morava em Minas Gerais, era o responsável por hackear apostilas e ajudar um esquema de cursos piratas. O esquema funcionava da seguinte forma: o idoso era a “cabeça” por trás da estratégia e, por possuir conhecimentos avançados em tecnologia da informação, quebrava a criptografia das plataformas de streaming de educação e transferia os arquivos para um servidor particular. Dessa forma, tudo ficava disponível em um site criado pela quadrilha, que foi presa na manhã desta terça-feira (21). A estimativa é que o grupo causou um prejuízo de 65 milhões de rea...

This week's episode of Defense in Depth InfoSec Fatigue On this episode of Defense in Depth:Co-host Allan Alford and Helen Patton, CISO, The Ohio State University, discussed: Are we sliding in our effort to get ahead of security issues? There's a sense the tools and our ability isn't keeping up with the onslaught. Are we able to prove risk reduction to show that our efforts are successful? Those people who don't burn out are the ones who thrive on the technical and political challenges of cybersecurity. Disagreement on how you lead a discussion. Should it be story-based or data-based? Classic complaint about cybersecurity is success is measured by the absence of activity. Preventative security is not easily quantifiable as reactive security. CISOs have to step up and show evidence of security's success in the most understandable and digestible format. Suggested measures and metrics: likelihood and impact, business impact analysis, security program maturity curve, f...