As published in the July/August edition of InfoSecurity Professional Magazine By Crystal Bedell As a former cyber analyst for the government, Masha Sedova has seen firsthand what a Russian state-sponsored attacker is capable of. So, when she was charged with building a security culture at Salesforce in 2012, she knew an employee newsletter and animated videos wouldn’t prepare end users in the event of a targeted corporate attack. “I thought, ‘There’s no way this will work. It’s a waste of time,’” says Sedova, co-founder of Elevate Security in Berkeley, Calif. “In order for an organization to withstand an attack like that, people have to want to do security instead of have to. If it’s just a check-the-box task, people will

Earlier this week, S4 Inc. announced that it has been added to (ISC)²’s roster of Official Training Providers. Based in Colorado Springs, S4 is celebrating its 20th anniversary and has supported US Government, DoD and DHS agencies since 1999. S4 is now offering its first official (ISC)² Training Seminar for the CISSP certification beginning on September 30th, 2019. Other instructor-led training seminars will also be available later this year for the CCSP, CSSLP and CAP certifications. If you’re in the local area, you can register here. S4 will also host an open house this Friday, September 20, at its 8800 square foot Center for Excellence from 12:00pm to 4:00pm. The Center offers meeting and training services and features more than

The cybersecurity skills gap means companies are scrambling to fill security positions, and that presents an opportunity for you to find security work – even without direct experience. Faced with a critical shortage of qualified candidates, organizations are increasingly taking chances on nontraditional applicants and training them for security roles. One way to bridge a cybersecurity experience gap and get started? Make the case for your transferable skills. Success in security requires a mix of technical and soft skills. These can potentially come from ANY previous job. Analytical skills, enthusiasm for exploring technical questions and issues, and diagnostic experience will all serve you well in the security field. Business acumen and a background in project management also prove valuable in

In the digital age, security can no longer be an afterthought. As organizations modernize their IT environments through digital transformation initiatives, it’s become more critical than ever to bake security into new applications from the start. Virtualization giant VMware recognizes this new reality, which explains why it has decided to acquire two companies that give the company a stronger foothold in digital transformation and cybersecurity. One of the companies, Pivotal Software, brings to VMware a platform for developing applications in the cloud. The other, Carbon Black, has a cloud-native endpoint protection platform that ensures this is done securely. Together, the acquisitions send a strong signal by VMware and its parent company, Dell EMC, that it is serious about the role

Recruiting cybersecurity professionals is a major challenge because of the scarcity of qualified candidates, but at least employers don’t have to worry about them wanting to change professions. Most cybersecurity workers (64%) plan to finish out their careers in cybersecurity, according to (ISC)² research. Of course, this creates a new challenge for employers – how to retain their cybersecurity staff. With a worldwide shortage of nearly 3 million, there’s always a chance workers will leave for better pay or more attractive working conditions. To prevent this, employers must put serious effort into retention with measures such as robust training, professional development and open communication. The research shows that cybersecurity professionals want their opinions to be taken seriously when asked for