This is (ISC)² Management's Typepad Profile.
Join Typepad and start following (ISC)² Management's activity
Join Now!
Already a member? Sign In
(ISC)² Management
A compilation of thoughts from members of the (ISC)2 leadership team.
Recent Activity
Image
This year marks the first ever (ISC)² EMEA Information Security Leadership Awards (ISLA), a chance for our community to recognise fellow information security and management professionals going the extra mile to enhance security across Europe, the Middle East and Africa. Overall, we received a staggering number of impressive submissions, over 200, and these were shortlisted down to our finalists by our judges, members of the Europe, Middle East and Africa Advisory Council (EAC). Winners will be announced at our Secure Summit UK on 12 December 2017. In the meantime, we will be sharing their stories on the blog. Here is... Continue reading
Posted yesterday at (ISC)² Blog
It’s rare to have a day go by without some security news making headlines. This week saw #KRACK trending on social media, which raised lots of questions about the security of cybersecurity. Here’s a look at what went on this week in passwords, automation, and more. The big flaw. Undoubtedly, the most notable news in security this week was the Krack attack, which impacted millions of Wi-Fi users. Around the world, businesses and homes were vulnerable because of flaws in Wi-Fi networks that use the (WPA)2 protocol. The good news, according to Anthony Lim, member of the (ISC)2 Asian Advisory... Continue reading
Posted 2 days ago at (ISC)² Blog
Image
Name: Tony Harris Title: Consultant, Cyber Security Employer: KPMG LLP Location: Vancouver, Canada Education: MSc, Cyber Security (in progress) from the University of Liverpool, and Bachelor of Arts in American Studies & International Relations from the University of British Columbia Years in IT: 8 Years in cybersecurity: 7 Cybersecurity certifications: CISSP, CISM How did you decide upon a career in cybersecurity? I began my career in general IT processes eight years ago as your typical jack-of-all-trades IT. I wanted to narrow my focus into a specialty that I'd be interested in and cybersecurity ultimately was that choice. The reason was... Continue reading
Posted 4 days ago at (ISC)² Blog
Image
John McCumber is the newest member of the (ISC)² family. He joined the team last month and will be our first ever director of cybersecurity advocacy. John is based out of our North America Region office in Alexandria, Virginia and will be supporting the (ISC)² membership by advocating for them and the profession across the U.S. and Canada. John got his start in infosec in late 1986, when – in the middle of the night – he received a call that the DEC VAX 11/780 he was responsible for was under attack. Someone had figured out the vulnerability for the... Continue reading
Posted 5 days ago at (ISC)² Blog
Image
With news of the WPA2 KRACK (Key Reinstallation Attack) vulnerability ­– a security protocol flaw impacting nearly every Wi-Fi device– spreading quickly across the internet today, security professionals and novices alike are looking for clear guidance on what to do. With headlines like Serious flaw in WPA2 protocol lets attackers intercept passwords and much more and WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping, it’s easy to understand why so many security pros woke up to another huge headache today. We asked our new Director of Cybersecurity Advocacy John McCumber to break down this news... Continue reading
Posted 6 days ago at (ISC)² Blog
Image
From hacking U.S. intelligence, to blood test results, to your Facebook account. Here are the security headlines for the week of October 9, 2017: A recent study shows that privacy and security is only a concern for 15% of consumers when “performing work-related activities” (as opposed to 75% when visiting a doctor). So many that’s why so many companies are getting hacked? Spy vs Spy: Israeli officers watched in real time as agents in Russia searched for American intelligence information. Are iPhones conditioning us to fall for a phish? One researcher says so. It’s almost Halloween, so let’s call this... Continue reading
Posted Oct 13, 2017 at (ISC)² Blog
Image
This year marks the first ever (ISC)² EMEA Information Security Leadership Awards (ISLA), a chance for our community to recognise fellow information security and management professionals going the extra mile to enhance security across Europe, the Middle East and Africa. Overall, we received a staggering number of impressive submissions, over 200, and these were shortlisted down to our finalists by our judges, members of the Europe, Middle East and Africa Advisory Council (EAC). Winners will be announced at our Secure Summit UK on 12 December 2017. In the meantime, we will be sharing their stories on the blog. Here is... Continue reading
Posted Oct 12, 2017 at (ISC)² Blog
Image
(ISC)² is excited to announce the launch of our new online Community. Created for cyber experts and IT security professionals – both (ISC)² certified members and non-members alike – this Community is a place for you to share your cybersecurity knowledge and experience with other professionals. The Community has several categories with discussion boards where you can post conversation topics, or message directly with other users. We hope that you’ll find this to be a place to connect with other professionals, collaborate on industry issues, share your career experiences and develop relationships with others in the field. So come on... Continue reading
Posted Oct 11, 2017 at (ISC)² Blog
Image
By Yves Le Roux, (ISC)² EMEA Advisory Council Co-Chair & Privacy Workgroup Lead Yves will be hosting the half-day workshop GDPR: Charting Experience on the March to May 2018 at (ISC)² Secure Summit MENA, in Dubai on the 21st and 22nd November 2017. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The regulation was adopted in April last year. It becomes enforceable from 25th May 2018... Continue reading
Posted Oct 10, 2017 at (ISC)² Blog
I see what you're saying, Thomas, it's not exactly "breaking news" that these problems exist and persist in the industry. We hope that by putting numbers to the story, we can validate the issues our members,and all infosec professionals, are facing day to day. We can't solve a problem until we have clear evidence and recognition that it exists.
Just what we need…another NFL controversy. Only this time, NFL players’ personal data was leaked. 1,200 Football Players' Personal Data Exposed In NFL Leak -- Colin Kaepernick Included The breach heard round the world – The Inside Story of Equifax’s Massive Data Breach Take a look inside the massive Equifax data breach. Fake news is everywhere. Even following a mass tragedy like the one in Las Vegas. Bad Info Follows Every Tragedy. Don't Fall For It Be sure to verify your news sources, especially before sharing them. Really? There’s more? Yahoo Triples Estimate of Breached Accounts to 3 Billion A... Continue reading
Posted Oct 6, 2017 at (ISC)² Blog
Image
Organizational culture typically takes shape as a result of decisions and actions by top management, who are responsible for setting vision, values and practices. When leadership doesn’t understand something, it shows in how the organization handles that particular area. When it comes to IT security, research by (ISC)2 reveals a tepid commitment to investing in a strong security stance, both in the areas of technology and human resources. Too often, cybersecurity teams are short-staffed, lack the resources they need to handle a cyberattack, or aren’t given the responsibility to fill a more proactive role in protecting company data and networks.... Continue reading
Posted Oct 5, 2017 at (ISC)² Blog
Image
Whether it’s Congress, a two-day Secure Summit, or a one-hour webinar, the experience is a product of the (ISC)² Community By Tisun Rustem, Senior Events Manager in EMEA, (ISC)² With so many industry events and online educational opportunities vying for your attention, particularly in information or cybersecurity, one can be forgiven for wondering whether an (ISC)² event could have something unique to offer. (ISC)² serves its membership with a range of on-line and conference-based educational opportunities, including one-hour webinars and half-day symposia, your annual regional Congress; and new to this year, the two-day Secure Summits - five of which are... Continue reading
Posted Oct 3, 2017 at (ISC)² Blog
Image
Fresh from Austin, here are the top headlines from (ISC)2's 2017 Security Congress: Let's talk about risk, baby. That's the language c-level executives and board members want to hear from the security team. Keynote speaker and Deputy Assistant Director of the FBI, Donald Freese, spoke about a non-emotional approach to security. CSO Online quotes Dylan Thomas, who was probably talking about cybersecurity practitioners when he said "Do not go gently into that good night." Garfield loves lasagna and hates cyberbullying. Infosecurity Magazine was with us in Austin and spoke to the CISO of the state of Missouri, Michael Roling, CIO... Continue reading
Posted Sep 29, 2017 at (ISC)² Blog
Image
Name: Mr. Toh Tai Ann Title: Principal Trainer and Consultant Employer: Solution of Solutions LLP Location: Singapore Degree: Bachelor of Electrical Engineering (Hons) University of Western Australia Years in IT: 31 years Years in cybersecurity: 10 years Cybersecurity certifications: Certified Information System Security Professional (CISSP) Certified Cloud Security Professional (CCSP) The Open Group Architecture Framework (TOGAF) How did you decide upon a career in cybersecurity? I have been an Information Technology professional for more than 25 years and in the Information Technology sector for 30+ years. In these 30+ years I have seen the transformation of IT from a mainframe/minicomputer... Continue reading
Posted Sep 27, 2017 at (ISC)² Blog
Name: Jasmin Landry Title: IT Security Analyst Employer: SecureOps Location: Montreal, Canada Years in IT: 4 Years in information security: 3 Cybersecurity certifications: SSCP, OSCP, CEH, eJPT, CCNA: Security, MCSA How did you decide upon a career in cybersecurity? It all started when I was a teenager. I enjoyed video games and I was curious about how they were created, so I decided to pursue education in programming. I quickly switched path though, after my first networking class. The teacher introduced us to Wireshark and I was just so amazed at what it could do, and what I was able... Continue reading
Posted Sep 25, 2017 at (ISC)² Blog
Image
It’s 2:00 pm. Do you know where your data records are? Here are the security headlines from the week of September 18, 2017. Say it ain’t so, SEC. Say it ain’t so! It looks like the U.S. Securities and Exchange Commission (SEC) suffered a cyber attack in 2016. Hackers have been trading using non-public information. In more cybercrime news, Help Net Security has a list of most wanted malware and mobile malware. We’re all hoping the risk of wearable devices is worth the health benefit – or is that just what I tell myself about my FitBit? But what if... Continue reading
Posted Sep 22, 2017 at (ISC)² Blog
Image
By David Shearer, CISSP, CEO (ISC)² I was recently reading an article by my colleague, ISACA CEO Matt Loeb, that got me thinking. In his piece, Creating cyberculture, Matt creatively reworks the “cybersecurity is everyone’s responsibility” mantra with his seatbelt analogy. While I certainly applaud any effort to create an inclusive cybersecurity culture – and Matt has some great suggestions on how to do so – I believe most organizations simply are not ready. To build on Matt’s seatbelt analogy, we’re buckling ourselves into a car seat that’s not yet bolted to the frame. Let me explain. We still have... Continue reading
Posted Sep 21, 2017 at (ISC)² Blog
Image
Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security... Continue reading
Posted Sep 21, 2017 at (ISC)² Blog
Image
By David Shearer, CISSP, CEO (ISC)² Let's face it, there's still a fair amount of fear when it comes to the cloud, and I know firsthand people in Texas and Florida recently experienced some devastating weather that tests individuals' and organizations' resiliency. Natural disasters like Hurricane Harvey, Irma and others around the world can serve as a reminder that cybersecurity, IT/ICT and OT for that matter, need to work in complementary ways to ensure not only cybersecurity resiliency but business and mission fulfillment resiliency (i.e. Continuity of Operations). I break these areas out, because I frequently hear them discussed in... Continue reading
Posted Sep 19, 2017 at (ISC)² Blog
Image
By Tunde Ogunkoya, Consulting Partner, Africa, at DeltaGRiC Consulting (Pty) ltd. Tunde will be hosting the session Open Source; Pathway to Being or Not Being the VulN Victim at (ISC)² SecureJohannesburg 2017 on 5th October, 2017. The use of Open Source Software (OSS) has come a long way from when developers and organisations tried to avoid it. Today Open Source has become a go-to saving grace within most DevOps teams under pressure to roll out new functionality and features ahead of competition. Unfortunately, levels of vulnerability have grown with the trend as DevOps remain largely unaware of the risks or... Continue reading
Posted Sep 19, 2017 at (ISC)² Blog
Image
Pardon our absence on the blog this past week. Hurricane Irma had plans of her own, but we’re back in business and ready to break down the top security headlines for the week of September 11, 2017: The fear of foreign hacking is not just related to elections or national security. England is worried about World Cup information. The silver lining of Equifax is that cybersecurity stocks are up. So I guess that’s a win? Password123 is still not a good idea, but could relaxing password policy increase security? The Hill has questions about the Equifax hack. Still waiting on... Continue reading
Posted Sep 15, 2017 at (ISC)² Blog
For years, many in the United States have viewed the traditional four year degree as the only path to a successful career. In late July, a new bill was introduced on the Hill that recognizes the need to change that mindset -- the New Collar Jobs Act. What exactly is a “new collar” job? According to IBM, the original advocate for building new collar career skills, new collar jobs are “roles in some of the technology industry’s fastest growing fields — from cybersecurity to digital design — that require technical training or some postsecondary education but not necessarily a four-year... Continue reading
Posted Sep 14, 2017 at (ISC)² Blog
Name: Tom Musgrave Title: Security Engineer Employer: Warner Bros. Location: Burbank, California, U.S.A. Degree: BA Hons Years in IT: 17 Years in cybersecurity: 16 Cybersecurity certifications: CISSP, CCSP, GCIH, CCNA, CCNP Security How did you decide upon a career in cybersecurity? After leaving university, and a false start selling parrots for Harrods in Knightsbridge, I needed a change in direction. I joined a web design company as a junior IT engineer and reveled in the role. I then joined the new Cisco TAC support center in Milton Keynes. I was fortuitously recruited to the security team and thoroughly enjoyed troubleshooting... Continue reading
Posted Sep 12, 2017 at (ISC)² Blog
Image
Spying, stealing, defacing. It’s been a busy week. These are the top security headlines for the week of August 28, 2017: The U.S. Navy says there’s no evidence of a cyber attack in the crash of the USS John S. McCain – but hypothetically, this is how it would work. Reuters reports cyber spies are using malware to target India and Pakistan – including decoy clickbait with Reuters reports. Yes, you read that right. Hurricane Harvey is a once in a 1,000 years disaster, but be careful before you donate. Scammers are registering domains to collect “donations” for bogus organizations.... Continue reading
Posted Sep 1, 2017 at (ISC)² Blog