December INSIGHTS
7 Tips for Coping with Imposter Syndrome
By Infosecurity Professional Staff
Larry Whiteside Jr. is a veteran CISO, CSO, CTO, former U.S. Air Force officer and a cybersecurity thought leader. He's offered advice to Fortune 500 companies and runs a nonprofit association to increase the number of minorities and women in the cybersecurity career field.
Despite such accomplishments, Whiteside suffered from Imposter Syndrome until developing techniques to overcome the self-doubt that can self-sabotage a career and impact how others interact with us.
"We've all felt this, but the important thing is to acknowledge it and have a dialogue," Whiteside told an audience at (ISC)² Security Congress. Read More
October INSIGHTS
5 Things Cybersecurity Leaders Should Heed in the Age of Millennials
By Anthony Lim, CSSLP
Millennials and older members of Gen Z will by 2025 make up the majority of the global workforce. They are challenging traditional processes and deploying new technologies for work, home, play, communications, transactions and social activities. As such, it’s essential to understand the millennials’ impact on every industry, and in particular, ours.
Millennials’ immersion in the latest technologies is the force behind accelerating digital transformations (DX) of economic and social relationships. DX-driven businesses such as Amazon, Netflix and PayPal have not just been successful; they have rendered many non-digital legacy competitors obsolete. Read More
August INSIGHTS
Resilience Engineering: What It Is and Why You Need It
By David Geer
In his famous 2011 Wall Street Journal article, Marc Andreessen, co-creator of the first web browser, Mosaic, wrote, “Software is eating the world.” Digital transformation has since fueled software’s appetite, converting manual processes to automation, counting on code to do the heavy lifting rather than hardware alone.
Criminal actors excel at orchestrating failure conditions in software, driving systems to a state of insecurity, breaking applications and exfiltrating precious data such as intellectual property and customer databases.
Resilience engineering welcomes the insights and experiences of cybersecurity professionals to fortify software against the hammering of modern cyberattacks. Read More
June INSIGHTS
The Cybersecurity End Game Isn’t Just About Protection. It’s About Profits
By Sandip Dholakia, CISSP, CCSP
Though staying secure is a cybersecurity professional’s priority, it isn’t the only one. Staying in business is just as important, no matter your title.
To be the best cybersecurity practitioner, you must embrace both the IT and business sides of an organization. More than your career depends on it. Read More
April INSIGHTS
Lessons Learned from Implementing PCI DSS
By Kumar Setty, CISSP, HCISPP
Most experienced security professionals encounter or are required to assess PCI DSS (Payment Card Industry Data Security Standard) compliance based on 12-point criteria.
Any business that transmits, stores, handles or accepts credit card data — regardless of size or processing volume — must comply with PCI DSS. That includes hospitals, restaurants, retail outlets, and any other organization using e-commerce and accepting or handing credit and debit card information for payment.
The ultimate penalty for noncompliance: Payment card brands terminate the merchant relationship with the organization, cutting off what for many is now their consumers’ primary payment method. Other penalties include fines until the deficiencies are remediated.
Yet issues remain. I know because I’ve experienced them, and now wish to share what I’ve learned so others avoid them. Read More
February INSIGHTS
Multi-Factor Authentication: Who’s to Blame if It Doesn’t Work as Intended?
By Ian Rifkin, CISSP
While multi-factor authentication (MFA) usage has increased during the pandemic, its adoption could be higher, given its benefits. So why aren’t more users incorporating this stronger method of authentication? And who is really to blame when they don’t?
Multi-factor authentication requires multiple factors as part of the authentication process. Authentication without MFA (e.g., password-based authentication) only uses one factor, while MFA uses two or more: something you know (e.g., password), something you have (e.g., a phone or security key), and/or something you are (e.g., biometrics). Security professionals agree that MFA significantly increases account security. Failure to adopt MFA makes it easier for hackers to compromise accounts. Read More