This is (ISC)² Management's Typepad Profile.
Join Typepad and start following (ISC)² Management's activity
Join Now!
Already a member? Sign In
(ISC)² Management
A compilation of thoughts from members of the (ISC)2 leadership team.
Recent Activity
Name: Hatem Ahmed El Sahhar Title: Team Lead, Security Engineering Employer: Orange Business Services Location: Cairo, Egypt Years in IT: 12 years Years in cybersecurity: 9 Years Cybersecurity certifications: CISSP, CCSP, CEH, Security+, Symantec Knight, Blue Coat Certified Cloud Service Troubleshooting, Blue Coat Certified Proxy Administrator, Blue Coat Certified Proxy Professional, Zscaler Certified Cloud Administrator, Cisco Certified ASA Specialist, CCNA Security, RSA SecurID Administration, Certified Clearswift Engineer (CCE) SECURE Email Gateway, JNCIA How did you decide upon a career in cybersecurity? My vision was clear since my early days and after acquiring my bachelor degree in computer engineering I was... Continue reading
Posted 3 days ago at (ISC)2 Blog
Name: Paul McAleer (ISC)² Exams Passed: CAP and CISSP Title: Information Assurance Specialist Site Lead Employer: AlphaSix Corporation (Government Contrator) Location: Washington, DC Education: MS in Cybersecurity Years in information security: 2 years Certifications: Security+, ITIL V3, CCSK What did you want to be when you were a child? Most of my family is musical, so I wanted to be professional guitar player. I started playing electric guitar at age 11. I played in bands and for my church. Playing guitar and writing music are still hobbies for me. If you were given three more hours per day, what would... Continue reading
Posted 7 days ago at (ISC)2 Blog
From the continuing NotPetya attack to the most hackable countries in the world, here’s what made the top security headlines for the week of July 3, 2017: The Ukraine is scrambling to contain a new cyber threat after the ‘NotPetya’ attack, according to Reuters. Investigators are saying that the hack may be far more nefarious than previously thought. Looking to protect against a cyberattack? Here are some simple steps from Freight Waves. Threats on the rise – Linux IoT devices. Which countries are the most hackable in the world? Rapid 7’s National Exposure Index ranks the top 10 most hackable... Continue reading
Posted Jul 7, 2017 at (ISC)2 Blog
Recently, the (ISC)² ThinkTank tackled the cloud. The webinar, “Security Practices for a More Secure Cloud,” featured panelists Kurt Hagerman, CISO of Armor, Raj Goel, CTO of Brainlink, and Keith Young, Info Security Officer of Montgomery County. Thank you to our panelists for sharing their expertise - let’s continue the conversation, shall we? Since cloud is becoming a hot commodity these days, how can a cloud provider assure would be customers that data is 100% secured day-in-and-day-out? I guess there can never be a guarantee. In line with this, how can a cloud provider show that all measures are done... Continue reading
Posted Jul 6, 2017 at (ISC)2 Blog
Name: Lucy Chaplin (ISC)² Exams Passed: CISSP Title: Manager Employer: Wavestone UK Location: London, UK Education: Bachelor of Science, Economics and Politics Years in information security: 4.5 Certifications: PRINCE2 Registered Practitioner, ITIL V3 What did you want to be when you were a child? A pop star, of course! And I also thought it would be fun to practice law — be a barrister, wear a big white wig and argue in front of a judge. If you were given three more hours per day, what would you do with it? The boring answer is get more sleep. But I... Continue reading
Posted Jul 5, 2017 at (ISC)2 Blog
If no news is good news, we’ve got trouble. Here are the top security headlines for the week of June 26, 2017: Is your security team down with IoT? Yeah, you know that 48% of U.S. companies aren’t. Just when you thought ransomware was out of the news, Petya pulls you back in. A two-step guide to dealing with ransomware: 1. Back up your data. 2. Never pay. The source code is out there. Windows 10 code was released, causing even more security concerns for the operating system. Snapchat maps? Time to activate Ghost Mode. Heard a cybersecurity story we... Continue reading
Posted Jul 3, 2017 at (ISC)2 Blog
By Yves Le Roux, CISSP, CISM, Co-Chair, Europe, Middle East and Africa Advisory Council (EAC) Recently our GDPR Task Force has found that despite efforts to prepare for the incoming regulation, many practitioners are finding that there is actually a lot more to do than originally anticipated, and are still in “discovery mode” about what data they hold. Data being fragmented and contained within individual business units means that knowing where data sets reside and mapping their flow is proving challenging. Businesses have just realised the mammoth task ahead of them Many businesses are still stuck in the initial stages... Continue reading
Posted Jun 29, 2017 at (ISC)2 Blog
This month marked the opening of nominations for the first-ever (ISC)² EMEA ISLA, allowing you to nominate fellow information security and management professionals throughout the private and public sectors across Europe, the Middle East and Africa. The nomination categories are: Senior Information Security Professional, Information Security Practitioner, Up-and-Coming Information Security and Woman Information Security Professional. Nominations must be put forward by a colleague, so we hope that many of you will feel inspired to put forward your professional peers. We do appreciate that nominating someone may seem like a daunting task, or you may be unsure whether who you have... Continue reading
Posted Jun 26, 2017 at (ISC)2 Blog
Name: Jae H. Moon Title: Sr. Systems (Linux/IA) Engineer Employer: Cray, Inc. Location: Salt Lake City, Utah, U.S.A. Degree: Master’s degree in Information Systems (emphasis on information security) Years in IT: 16+ Years in information security: 10+ Cybersecurity certifications: CompTIA Security +, SSCP How did you decide upon a career in cybersecurity? I had the opportunity to work as a summer intern at Scott Air Force Base in Illinois for the Department of Defense. I also worked as a Unix System Administrator for AT&T (after graduating from college) which focused heavily on implementing various information security principles and practices to... Continue reading
Posted Jun 22, 2017 at (ISC)2 Blog
Two of the most pressing cybersecurity tasks of our time are the need to dramatically grow the size of the workforce, and to create one that is agile enough to keep up with the shifting sands of today’s business landscape. Infosec Europe’s keynote panel session “Building an Agile Security Team for the Future,” chaired by (ISC)²s EMEA managing director Adrian Davis, saw leading frontline professionals from travel search giants Skyscanner, to transport operator Network Rail and the UK government, discuss how these challenges might be addressed. The first key insight was that an agile cybersecurity team cannot have fixed, traditional... Continue reading
Posted Jun 21, 2017 at (ISC)2 Blog
While the projected 1.8 million cybersecurity workforce gap is a staggering number, the Global Information Security Workforce Study did reveal which sectors are most aggressively looking to address this talent shortfall. Healthcare, retail and manufacturing top the list of industries looking to increase their cybersecurity workforce by more than 20% over the next year. Healthcare, in particular, is aiming for a 39% increase. It’s not surprising that they’re leading the charge to staff up, as Privacy Rights Clearninghouse reports that there were 223 known breaches to healthcare organizations in the United States in 2016 - and another 46 disclosed so... Continue reading
Posted Jun 20, 2017 at (ISC)2 Blog
Nominations are open for the first-ever (ISC)² EMEA Information Security leadership Awards (ISLA) to recognize the achievements of your fellow cyber, information, software and infrastructure security professionals across Europe, the Middle East and Africa. This is a great opportunity to showcase the outstanding work and remarkable contributions the profession is making despite the challenges and widening skills gap we face. The 2017 Global Information Security Workforce Study confirms more than two thirds of the region’s hiring managers are looking to expand their teams in the next 12 months, and about half are struggling to find qualified talent for their roles.... Continue reading
Posted Jun 19, 2017 at (ISC)2 Blog
From malware built to disrupt our critical infrastructure to front-line cyber soldiers, here are some of the top security headlines from the week of June 12: The malware cometh. The “nightmare” malware has been attacking power plants in Europe, causing blackouts and Daily Beast reports that U.S. companies have been warned. “I’m a Mac.” “You still might be in trouble.” That’s what security researchers are saying to Bleeping Computer after two new strains of Mac malware have been offered through the Dark Web over the last few weeks. Is the cloud really safer? Help Net Security found that most IT... Continue reading
Posted Jun 17, 2017 at (ISC)2 Blog
If you’ve attended any of our (ISC)² ThinkTank Webinars (and we hope you have!) you know that moderator Brandon Dunlap shares your questions with panelists to answer during the session. While we can’t get to all questions, we’d like to address a few more here on our blog. Last week’s webinar was “The Human Target – The Tip of the Spear is Aimed at You”, with panelists Ira Winkler, president of Secret Mentem, Sylvester Gray, security product specialist at Sophos and Johnny Deutsch, senior manager, advanced security center at Ernst & Young, LLP. Thank you to our panelists for sharing... Continue reading
Posted Jun 16, 2017 at (ISC)2 Blog
Name: Haruhiko Kurita Title: Senior Security Consultant Employer: NetOne Systems Location: Tokyo, Japan Degree: Master of Science, Physics Years in IT: 24 Years in cybersecurity: 21 Cybersecurity certifications: CISSP, CCSP, CISA, PCI DSS QSA How did you decide upon a career in cybersecurity? My career in cybersecurity started around 1995, when the internet was becoming popular here in Japan. My first product was HSM (Hardware Security Module) and I was interested in cryptography, as technology was very attractive to me. After three mergers, the company (Tandem) became bigger and I covered various parts of security, like F/W, antivirus, identity management,... Continue reading
Posted Jun 11, 2017 at (ISC)2 Blog
Infosecurity Europe took over London this week with “everyone and everything you need to know about information security.” Here are the headlines from the event that caught our eye this week: Are you ready for GDPR? With just under a year to go until implementation, SC Magazine UK asked the question “Can you purchase your way to GDPR compliance?” Short answer: No. No you can’t. No surprise here. In a room full of security pros, the U.K. government’s approach to encryption was a point of discussion following the recent terror attacks in the country. As expected, there were strong opinions... Continue reading
Posted Jun 9, 2017 at (ISC)2 Blog
What is the GISWS? Since its first release in 2004, the biennial (ISC)²® Global Information Security Workforce Study (GISWS) has been gauging the opinions of information security professionals; and in turn, providing detailed insights into the important trends and opportunities within this increasingly crucial profession. This year, the study conducted its largest-ever global survey of cybersecurity professionals, with over 19,000 individuals taking part (3,694 of which hailing from Europe), further allowing it to ascertain an even clearer and progressively more complete profile of the information security workforce; with stronger understandings of areas and issues such as pay scales, skills gaps,... Continue reading
Posted Jun 7, 2017 at (ISC)2 Blog
Name: Aoba Mari Title: Security Analyst Employer: LAC / JSOC (Japan Security Operation Center) Location: Tokyo, Japan Degree: Bachelor’s Degree in International Policy Years in IT: 5 years Years in information security: 5 years Cybersecurity certifications: SSCP How did you decide upon a career in cybersecurity? Among the various fields in the IT industry, information security is the fastest growing and at the same time, I think there is a high demand for rare technical skills. For me, more than anything, that’s the biggest reason why I think it’s a very interesting field. I was involved in forensic analysis, and... Continue reading
Posted Jun 4, 2017 at (ISC)2 Blog
A holiday week in the U.S. and U.K. means five days worth of headlines in four business days. Here’s what we saw this week… Wanna move on from WannaCry? Not so fast, my friend. BitSight looks at the global impact of the ransomware that spread two weeks ago and found that the ransom collected is only around $100,000. Dark Reading reports on cyber criminals attacking each other on the dark web. Can’t we all just get along? No, apparently not. The price of a breach is high. Bitdefender looks at the Ponemon Institute’s study of the impact on stock prices.... Continue reading
Posted Jun 2, 2017 at (ISC)2 Blog
Since 2013, (ISC)² has been a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to our members. Bugcrowd is a leading provider of crowdsourced security and bug bounty programs, connecting organizations with more than 50,000 independent security researchers to identify vulnerabilities. As an (ISC)² member, you can participate in Bugcrowd’s bug bounty programs in exchange for CPE credits. We encourage you to participate in this program to continue honing your security skills, and to apply those skills to help inspire a safe and secure cyber world. To participate, Sign up as a Bugcrowd researcher at... Continue reading
Posted Jun 1, 2017 at (ISC)2 Blog
Name: Samana Haider Title: Manager, Forcepoint Security Labs Employer: Forcepoint Location: Dublin, Ireland Education: MSc Computer Science Years in IT: 15 Years in cybersecurity: 7 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? I started my career in IT in the education sector where I was a lecturer at a university back home in Pakistan. I started working in HP managing SAP administration. I got the opportunity to work with one of the leading Irish banks where I was responsible for implementing security controls for SAP administration and ensuring SOX compliance. The security aspect of that... Continue reading
Posted May 29, 2017 at (ISC)2 Blog
What are the EMEA ISLAs? After eleven consecutive years of success in the Americas and Asia-Pacific, the Information Security Leadership Awards (ISLA) program is finally coming to EMEA! The (ISC)² EMEA ISLAs are a unique opportunity for you to nominate fellow information security and management professionals who go the extra mile to enhance security throughout the private and public sectors across Europe, the Middle East and Africa. There are four nomination categories: Senior Information Security Professional, Information Security Practitioner, Up-and-Coming Information Security and Woman Information Security Professional. It’s not long now until the nominations will be open (between the 12th... Continue reading
Posted May 25, 2017 at (ISC)2 Blog
Name: Frederico Hakamine Title: Principal Curriculum Developer Employer: Okta Inc. Location: San Francisco, CA, U.S.A. Degree: Bachelor in System Analysis Years in IT: 10 years Years in cybersecurity: 9 years Cybersecurity certifications: CISSP, CCSP, ISFS, ITIL, CobIT, Oracle Certified Architecture Specialist, Okta Certified Professional How did you decide upon a career in cybersecurity? I started working for Oracle as consultant 10 years ago, with a challenge: develop a portal with independent web applications, that should require a single login and display restricted information depending on where you were located (intranet or internet). Developing the application was a straightforward task. The... Continue reading
Posted May 24, 2017 at (ISC)2 Blog
Not surprisingly, WannaCry remained top of mind last week. We’re sure you’re doing everything you can to patch your environment and prevent similar ransomware attacks in the future. Here are some WannaCry headlines (and other security news) that caught our eye last week. WannaCry Rolls On According to the Dark Reading article WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool, researchers early last week were looking into the “kill switch” and consensus seemed to be building that it was a poorly constructed VM analysis/sandbox evasion technique. WIRED went a bit deeper with their assessment The WannaCry Ransomware Hackers Made... Continue reading
Posted May 22, 2017 at (ISC)2 Blog
Name: George McPherson Title: Information Security Analyst Employer: Duke Energy Location: Charlotte, North Carolina Degree: Currently working towards Associates Degree in "Cyber Security" Years in IT: 4 Years Years in information security: 3 Years Cybersecurity certifications: SSCP, Security+, MTA Security How did you decide upon a career in cybersecurity? When I first entered IT and started sitting for IT certifications I noticed that when I received my score report, I would always score the highest on security-related questions. When reflecting on this revelation, I realized that I also got excited about security and investigating security-related issues. Why did you get... Continue reading
Posted May 18, 2017 at (ISC)2 Blog