Security Top Stories

RSS

Gary Johnson is much more than Director of Security for the Pojoaque Valley School District in New Mexico. He’s in charge of safety and security, transportation and more, but his most important role is supporter, with this role becoming even more prominent in the wake of the COVID-19 pandemic.

As a centralized place for intelligence and information, the NFL’s GSOC, led by Director of Intelligence Operations Robert Gummer, played a pivotal role in the League’s pandemic response, streamlining access and infection control, updating business continuity plans, and providing relevant data to enable all stakeholders to make informed decisions.

According to the U.S. Department of Justice’s Office of Victims of Crime, workplace homicides declined between 1995 and 2015. Yet workplace homicides are not the most common form of workplace violence — simple assault is. Simple assault is defined by the National Crime Victimization Survey (NCVS) as an attack without a weapon that results in no injuries or minor injuries (e.g., cuts, scratches, black eyes), or any injury requiring fewer than two days in the hospital.

Anyone with access to your organization — employee, contractor, former employee, etc. — poses a potential risk to the enterprise. So, what is insider threat; who should own an insider risk mitigation program within the enterprise; and most importantly, how can security leaders assess and mitigate the risk?

The first RSA Conference took place 30 years ago. It was conceived by the then-CEO Jim Bidzos, and consisted of roughly 50 people in a room discussing cryptography – the focus area of that first assembly. By the turn of the millennium, the conference expanded internationally, reaching audiences in Europe, China, Singapore and Abu Dhabi. Ten years later in 2011, the RSA Conference boasted an impressive 18,500 attendees in the United States alone.

Security professionals seeking to advance their careers often ask me whether certifications are worth it, and, if so, which ones they should pursue. The answer, of course, depends on the person and his or her goals. Plenty of people excel without a credential.

Job titles in the security profession are not always a good indicator of where you are in your career. We have conducted a wide variety of recruitment projects around the world for our clients. One consistency is that there is no consistency. At least insofar as security job titles are concerned.

The ethical issues that exist around the wake of discovered security vulnerabilities are vast and murky. Far too often, the conversation about how and when to disclose security weaknesses shifts from a dialogue to a one-way monologue. What's a security leader to do?