5 Tips to Streamline Your Security Team

If you’ve ever hired security pros, then you know the current talent shortage is no joke. A recent Computerworld survey found that compensation for security specialists is growing faster than for any other role in IT (up 6.4% year-over-year in average total compensation), and the competition for talent is fierce. Finding the right talent can be a lengthy process, leaving your security hopes and dreams in limbo.

So, what’s an organization to do? Many companies are working hard to streamline security operations and answer the talent shortage with changing tactics to match the changing role of security. Organizations need to maximize the value of their security hires now more than ever. Below, we’ll cover five tips that can help you get the most out of your security team’s time and talents. Read more “5 Tips to Streamline Your Security Team”

Where to Find Security Talent & How to Keep Them Happy

It’s no secret that there’s a huge talent shortage in the security space today. With a low supply and high demand, salaries have surged, increasing 6.4% from 2015 to 2016. (That’s an even higher salary growth than software engineers are seeing.) And there is no end in sight. For companies that recognize how important it is to keep information and systems secure in today’s business climate, it’s important to find workable strategies for hiring and retaining security talent in spite of this shortage.

While most organizations would benefit by developing a full-fledged, multi-faceted recruiting and retention strategy, we want to share a few more tactical ways to help bridge the talent gap in the shorter term.

Read more “Where to Find Security Talent & How to Keep Them Happy”

The Point Security Solution Implosion: 4 Things Companies Need to Know

Not even a decade ago, security was much simpler. Companies were defined by the perimeter of their corporate network and protected by a firewall and antivirus tool that could withstand just about any security attack. Then came the cloud, mobile devices, and the Internet of Things (IoT), and the attack surface overflowed far beyond the network, making security not-so-simple.

Read more “The Point Security Solution Implosion: 4 Things Companies Need to Know”

Turn the Cyber Kill Chain against your attacker

Cyber-Kill-Chain3.png

As businesses move to the cloud, the rapid adoption of Infrastructure as a Service (IaaS) is no surprise. Unfortunately, securing the cloud and the data within it is no easy task. The speed and complexity of cloud computing requires a new, software-defined approach that differs from the strategies employed in a traditional, on-premise data center, leaving many wondering where to start.

For all the benefits that the cloud has to offer, some of the biggest causes for concern are questions around security. How do you know if you were breached if the server no longer exists? How do you protect yourself from insider threats, external attacks, and data loss in this new elastic, ever changing infrastructure? How can you have confidence that your cloud service providers security capabilities are up to snuff, when you don’t have visibility into who is accessing your data?

Look no further than the headlines to know that efforts to protect the cloud from attacks often fail. After attackers compromised the company’s Amazon Web Services (AWS) account, Code Spaces, a cloud-based hosting platform that enabled development and collaboration for software teams, was forced out of business. Within 12 hours the company’s Apache Subversion repositories and Elastic Block Store volumes and nearly all of its virtual machines were destroyed. By the time the company reclaimed its dashboard, the attackers had created alternative AWS logins, questioning the overall security of the system further. The company chose at that point to shut down and help its customers migrate any recoverable data to other services.

Read more “Turn the Cyber Kill Chain against your attacker”

Observations as Cyber Security Awareness Month Comes to a Close

As National Cyber Security Awareness month comes to a close, it seems appropriate to reflect on the state of cyber security today. The ugly truth is that the cyber threat environment has never been more volatile. Breaches are commonplace, headlines on data loss and sophisticated hacks bombard us daily and technology continues to progress and move forward, in spite of security concerns and compromise. A huge portion of the general population’s personal data is exposed and, while seemingly everyone is aware there’s a problem, few are willing to take the preventative measures necessary to stop it.

Read more “Observations as Cyber Security Awareness Month Comes to a Close”