Over the last two years, ransomware has been, without a doubt, the hottest topic in cybersecurity discussions in both the cybersecurity community and the general population. Major attacks like the one on SolarWinds and against Colonial Pipeline have dominated headlines — and for good reasons.

It’s tempting to file the term “security research” with the likes of “jumbo shrimp” and “somewhat unique” under the heading of oxymorons. Compared to such business disciplines as law, economics, marketing, engineering, data science — and, now, even cybersecurity — business and corporate security lag behind.

Interviews have long been sources of angst for job seekers. Adding even more stress to an already stressful situation, the pandemic caused many organizations to move almost exclusively into virtually screening candidates. Candidates now need to prepare for their 15 minutes of (on screen) fame in addition to a possible in-person interview.

Security professionals seeking to advance their careers often ask me whether certifications are worth it, and, if so, which ones they should pursue. The answer, of course, depends on the person and his or her goals. Plenty of people excel without a credential.

Steven Seiden, president of Acquired Data Solutions (ADS), has been involved in “digital divide issues” for more than 20 years, and he believes broadening inclusion and diversity in the STEM literacy field is one of his purposes. An engineer by trade, Seiden has experienced a shift in the tech world over the years, watching the convergence of technology, IT and IOT and noting the ever-expanding engineering lifecycle that now includes security.

Here’s an embarrassing admission: I’m a lifelong Jets fan. If you need proof that the organization is considered a laughingstock, a 2019 article in Inc. magazine is titled, “Want to Be a Great Leader? Look to the New York Jets—and Then Do the Opposite.”

Security search firms are frequently contacted by job seekers who reach out to request the recruitment company assist them in finding a new job. Inquiries come from professionals and executives in various stages of their public or private sector careers.

Today, open-source code is everywhere. In fact, 99% of all codebases contain open-source code, and anywhere from 85% to 97% of enterprise codebases come from open-source. What does that mean, exactly? It means that the vast majority of our applications consist of code we did not write.

We have previously talked about many aspects of how to advance your security career. This includes having a thorough understanding of both soft and operational skills sought after by organizations. The ability to execute on these attributes is valued when companies look for top talent for senior level security roles.

Last month this column looked at how humor can enhance leadership. Inspired by the book "Plato and a Platypus Walk Into a Bar: Understanding Philosophy Through Jokes," this month’s column explains security leadership through jokes.