Strategic vs. tactical thinking, is a common misconception in security. Many security professionals believe that by completing tactical functions they are ultimately achieving strategic goals. The idea introduced in part one of this series is that thinking strategically is about aligning the business objectives to the activities that security is providing for the business.
Every month, SecureState CEO Ken Stasiak addresses the hottest topics in information security, providing his unique spin on all the issues..
Recently, I sat down with my attack and penetration team (the guys that break into stuff), and I was reminiscing about the old days of penetration testing. It got me to start thinking that, as the industry evolves and shifts toward technology to provide for the commoditized tasks, the industry needs to shift away from the monotonous work of running tools to more strategic thinking.
The security industry is booming! The Bureau of Labor Statistics predicts 53% growth through 2018, but many young people aren’t interested in the field, or are simply unaware that cybersecurity can be a viable career path. Those who are interested may find it difficult to hone their skills, legally.
Many companies today are faced with growing networks, added complexity and advanced threats. Because of this, an increasing number of organizations are opting for an alternate approach to intrusion detection by contracting Managed Security Service Providers (MSSPs).
It is no secret that in recent years, web applications have been a huge target for attack, and one of the most likely ways for an organization to be breached. In spite of this, most organizations still have difficulty developing and deploying secure applications. Why? What can you do to avoid being the next victim of a web application breach?
In the 2012-13 fiscal year, twice as many banks were hacked for commercial secrets than in the year before. This year, high profile hacks of the White House, American Express, Facebook and the LA Times have caused headlines. The Atlantic has referred to 2013 as “the year of the hack.” So what can American Express do to stay safe? And what happens to my bank account information if they are hacked?
SecureState was recently called in to help a client who experienced a data breach. When we arrived on site, everyone at the company was in disbelief that anything could have happened, since they hired a Managed Security Service Provider (MSSP) to keep their network and systems secure. They had never gotten issue reports from their MSSP and all of their vulnerability scans always passed, so they never guessed that something was wrong.
Every month, SecureState CEO Ken Stasiak addresses the hottest topics in information security, providing his unique spin on all the issues.
SecureState is a great place to work, we offer a fun and challenging environment, and we’re often asked what we look for in potential employees.