What are the top cybersecurity certifications that you look for among hiring candidates? Which ones are good-to-have and which do you consider a must-have, if any?

Training & Certification Talent Sourcing & Hiring Security & GRC

1.2k views3 Comments

Head of Information Security in Services (non-Government), 1,001 - 5,000 employees

It depends on the role. CISM is good for leadership roles, CISSP for engineers and CISA for GRC type roles. CySA+ is a good SOC/entry level cert.

CISO in Government, 10,001+ employees

For junior analysts and engineers, we look for CySA+ and Security+ or equivalent. For senior analyst, SSCP and CEH are very desirable. And for management roles, CISM, CISA and CISSP.

CISO in Software, 10,001+ employees

I do not look for certifications, I look for experience and results. I love when I can see examples of their work and skills: GitHub, blogs, documentation, repos, etc.

Content you might like

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

Read More Comments

40.7k views131 Upvotes319 Comments

Are you planning to improve endpoint security in the next 12 months with any of these additional capabilities?

Security & GRC Threat & Vulnerability Management Identity & Access Management (IAM)+8 more

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy9%

183 PARTICIPANTS

352 views

What cyber threat are you most concerned about?

Security & GRC Data Protection & Encryption Strategy & Architecture

Insider threats – rogue admins19%

Encrypting my data50%

Deleting my backup copies11%

Resident malware8%

Data theft – data exfiltration11%

Other1%

141 PARTICIPANTS

1.6k views1 Comment

How do you go about convincing your leadership/board to increase investment in security specifically for web apps? What's been effective, in your experience, for communicating why web application security is important?

Security & GRC Security Strategy & Roadmap Threat & Vulnerability Management +1 more

Chief Technology Officer in Software, 51 - 200 employees

Our webapp is using for online booking so it's critical forums to secure it. We have implement d WAF but still we wanted to implement more measures. Got the devops team working on it and now all external exposed endpoints ...read more

Read More Comments

1.2k views2 Comments

There is a new cyber domain/niche that is trying to change how we do inline cyber security, called Enterprise Browser or Browser Isolation; there are many vendors in the space that are in the way compete with traditional SWG and ZTNA, and I am wondering what do you think on the space. What are some pros and cons, and is there a need for education on the topic?

CIO in Services (non-Government), 201 - 500 employees

I have always maintained that our Browsers are the number one way for end-users and their devices to get infected/infested with Malware, Spyware, Ransomware, etc, and that we need a completely different approach to browsing ...read more

Read More Comments

2.9k views1 Upvote6 Comments