The theme for the final week of Cybersecurity Awareness Month is “Cybersecurity First,” which could be the motto of many corporate security executives. Cybersecurity should be a high priority for anything technology related, but in truth it’s often an afterthought or even neglected entirely. Many business leaders and users still view security as a hindrance—rather than something that can coexist with productivity and innovation.

The security skills gap continues to be a serious issue for organizations and there are no signs that things will get better soon. A June 2021 report by security professionals organization Information Systems Security Association (ISSA) and technology research firm Enterprise Strategy Group (ESG) finds the cybersecurity skills crisis continues on a downward, multi-year trend of bad to worse, and has impacted more than half of the 489 organizations surveyed.

October is Cybersecurity Awareness Month, the U.S. government’s annual reminder that information security is something everyone needs to consider. Each week of the month has a specific theme, and this week’s topic should be of interest to every CISO: Fight the Phish! There are many layers of defense that organizations can put in place to mitigate phishing, and DevSecOps can be part of that effort. But more on that later. First, let’s look at the current phishing landscape.

October is CyberSecurity Awareness Month, an ideal time for organizations to take stock of their security programs and look for ways to make improvements. The effort was launched in 2004 by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cyber Security Alliance (NCSA), as a collaborative initiative between government and private industry to ensure that all Americans have the resources needed to stay safer and more secure online.