Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
14 Hot Cybersecurity Certifications Right Now
Newest First  |  Oldest First  |  Threaded View
gif-washco
100%
0%
gif-washco,
User Rank: Strategist
10/16/2019 | 11:49:44 AM
Does not address companies unreasonably seeking "experienced" and "certified" entry-levels
I have heard and read articles that graduates and inexperienced job candidates cannot get into the cybersecurity field because companies expect certifications for entry-level positions. Someone with CISSP or GIAC certs would not apply for entry-level positions, but yet HR and managers in these companies continue to post entry-level job descriptions with unrealistic prerequisites. They need to get their head out of their a$$ and be real to deal with the backlog of unfilled cybersecurity positions.

I am about to have a big challenge internally where my organization needs a security analysis for log analysis and basic threat hunting. I am recommending someone with social science, social service, or related field of study with the passion to learn cybersecurity. However, HR has their templates and they tend not to be flexible. My idea is for selected candidates to self-study for CompTIA Security+ online course material 30-days prior to the interview, and the interview would cover questions in cybersecurity in relation to the job description. A candidate who can not only articulate cybersecurity basics but also correlate with their field of study or experience (plus show passion) would be someone I wish to hire, because she/he wants to learn and apply their skills. Don't forget that fundamentally, cybersecurity is in response to a human attacking another human in cyberspace. I would rather have someone who understands the human and can relate to cybersecurity topics, rather than someone who is just pure technical. That to me is worth more than someone with just a cert.

 
DonD95004
100%
0%
DonD95004,
User Rank: Apprentice
10/16/2019 | 8:50:48 AM
Pentesting Specific Certs
Here's a great video review of certs specifically geared towards penetration testing from an experienced reviewer: https://www.youtube.com/watch?v=sSXhF0C0QlI&feature=youtu.be


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.