Careers Information Security Podcast

The word 'security' takes on a whole new level of importance when you take a job in federal law enforcement. Joshua Belk, CSO of the FBI's San Francisco division, offers career insights for security pros.

Making senior management aware of the risks involved in failing to invest in security technology is essential to getting buy-in, says Phil Curran, CISO at Cooper University Health Care.

The folks at PricewaterhouseCoopers, after surveying 500 U.S. business, law enforcement and government executives, conclude that the vast majority of cybersecurity programs fall very short of the federal government's cybersecurity framework goals.

Healthcare organizations are becoming a bigger target for cybercriminals because so much more clinical and financial information is now stored in potentially vulnerable information systems, says security expert Mac McMillan.

What does "IT security as a business enabler" mean? For a definition, Gartner's Paul Proctor looks to the way IT managers at a European car maker translate security problems into a language a CEO can understand.

A multi-layered approach known as "context-aware security" is the most effective strategy for fighting both insider and external cyberthreats, says Gartner analyst Avivah Litan, who explains how this strategy works.

The National Institute of Standards and Technology is developing new cybersecurity standards based on the same principles engineers use to build bridges and jetliners.

Embedding some information security practitioners within business units could help improve IT security awareness in many enterprises, reducing security risk, says Steve Durbin, global vice president of the Information Security Forum.

Timely analysis of data residing in an organization's information systems is a critical element of IT security, say Haiyan Song and Joe Goldberg of the security firm Splunk.

Today's cybercriminals are perfecting the use of advanced-persistent-threat attacks to pilfer valuable information from precisely targeted victims, says Greg Day of security provider FireEye.

What does it take to build a successful legal career in information security and breach response? Attorney Ronald Raether discusses his career path and the necessary skills for those entering the field today.

Too many organizations have a device-centric BYOD policy that fails to look at big picture issues, including building a comprehensive strategy for protecting corporate information no matter how it's accessed, says Ian Evans of AirWatch.

As members of the workforce increasingly rely on mobile devices to access corporate data, secure sharing of files becomes more challenging, says Accellion's Vidhya Ranganathan, who describes an effective strategy.

On the day Target's CEO resigned in the aftermath of a massive data breach, the Ponemon Institute issued its 2014 Cost of Data Breach Study, which Chairman Larry Ponemon says helps explain why CEOs should be more involved in breach preparedness and response.

A behavioral analysis approach to fighting malware can be more effective than a signature-based approach in the current threat environment, contends Webroot's Patrick Kennedy.

Voltage Security's Mark Bower contends data-centric security can help break down barriers to the widespread use of encryption and help protect sensitive information, including credit card numbers.

Network "situational awareness" can help organizations in all business sectors improve regulatory compliance by identifying networks and devices that need protection, says Lumeta's Reggie Best.

Cris Ewell, CISO of Seattle Children's Hospital, offers a detailed explanation of how to build an effective incident response plan - an essential component of HIPAA Omnibus Rule compliance.

Hurt the criminals and cyberthreats will decrease. That's how organizations in all sectors, working with law enforcement, should approach cybersecurity, says Juniper Networks' Kevin Kennedy.

Individuals resort to lying about themselves to protect their identities when accessing systems in today's imperfect cyber world, says Peter Tapling, president of Authentify, an out-of-band authentication service.