This is (ISC)² Management's Typepad Profile.
Join Typepad and start following (ISC)² Management's activity
Join Now!
Already a member? Sign In
(ISC)² Management
A compilation of thoughts from members of the (ISC)2 leadership team.
Recent Activity
Pseudo-ransomware and struggling security budgets. Here are the top security headlines for the week of August 14, 2017: Who would have thought we would long for the days when ransomware was ransomware. Now it’s all too complicated. Bitcoin is going mainstream, but does that mean it’s a bad investment? In a case of the cobbler’s children have no shoes, data brokers seem to be lacking basic security. Raise the roof! It looks like cybersecurity might be hitting a ceiling when it comes to spending. No spoilers, but HBO has been hacked again and OurMine is taking over their social accounts.... Continue reading
Posted 3 days ago at (ISC)2 Blog
By Adrian Davis, CISSP, Managing Director EMEA, (ISC)² The National Crime Agency recently revealed a fascinating intelligence assessment, uncovering the ‘pathways into cyber crime’. The key finding was that most young hackers are motivated, not by financial reward, but by idealism. The NCA added that many of those involved in cyber-crime had “highly marketable” skill sets, and evidence showed that positive role models could help steer ex-offenders towards productive technology careers. Many people feel that re-training young cyber offenders as cyber security professionals offers a chance to kill two birds with one stone; reducing cyber-crime and simultaneously helping to reduce... Continue reading
Posted 5 days ago at (ISC)2 Blog
(ISC)² is proud to announce that our membership has surpassed 125,000 certified cybersecurity professionals globally. As demand for skilled security professionals continues to grow exponentially, (ISC)² certification and continuing education programs enable cybersecurity and IT security practitioners to prove their expertise, advance their careers and contribute to a more secure society. Here’s what some members are saying about the milestone: "125,000 members is a very large number for a community of dedicated people continuously raising the bar by learning, researching, teaching and sharing their knowledge and skills to make our cyber world safer,” said Emmanuel Nicaise, CISSP, president, (ISC)² Belux... Continue reading
Posted 6 days ago at (ISC)2 Blog
WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds... Continue reading
Posted Aug 11, 2017 at (ISC)2 Blog
Building an effective SIEM requires ingesting log messages and parsing them into useful information. While it might be easy to stream, push and pull logs from every system, device and application in your environment, that doesn’t necessarily improve your security detection capabilities. What you do with your logs – correlation, alerting and automated response – are the strength of a SIEM. Real-time security starts with understanding, parsing and developing actionable information and events from your log messages. With the launch of a new site, (ISC)² was presented an opportunity to refine our security monitoring services. Linked below is an example... Continue reading
Posted Aug 9, 2017 at (ISC)2 Blog
ATMs, HBO, democracy … what can’t be hacked? Here are the top security headlines for the week of July 31, 2017: IOActive hacked at ATM at Black Hat. I guess drinks are on them? Espionage was just a red herring. Apparently hackers in North Korea are looking for cash, not secrets. DefCon attendees shredded voting machines – some still being used in U.S. elections. Don’t worry, it’s for research. “If all your friends were downloading torrents, then would you too?” It seems like everyone is doing it, but even downloading just the BitTorrent clients (the software needed to run them)... Continue reading
Posted Aug 4, 2017 at (ISC)2 Blog
We can’t all make it to Vegas for Black Hat, but we can get the scoop on what news came out of the annual infosec conference that took over the Mandalay Bay, and security headlines, for the week. So let’s dive into the top headlines from the week of July 24, 2017: Recruiting is flush in Vegas. With more industries than ever – AKA all of them – needing cybersecurity as a function, parties at BH are a way for recruiters to fill jobs. Facebook is putting their money where their mouth is and investing $1M in funding for defensive... Continue reading
Posted Jul 28, 2017 at (ISC)2 Blog
Insights from the 2017 Global Information Security Workforce Study show that the IT players in your organization may be the key to filling the looming cybersecurity workforce gap. The survey was taken by 10,584 cyber and information security professionals in North America, and showed a projected 265,000 industry jobs will be left unfilled in 2022. Practitioners back up that data, with 68 percent indicating their organizations had too few security professionals. Filling a gap of that size with qualified professionals is daunting, but the help may already be in your organization in the information technology department. In North America, 87... Continue reading
Posted Jul 25, 2017 at (ISC)2 Blog
Name: Paul-Arnaud Wernert Title: Senior Manager, Cyber Risk & Security Employer: Beijaflore Location: Paris, France Years in IT: 13 Years in cybersecurity: 13 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? I started to be interested in cybersecurity during my engineering studies. I led a team of students to perform an organizational and technical security audit of the network of a French public company. This was the first experience for me to understand one context, identify its threats and assess associated risks, then explain to the management these risks and the way to mitigate them. After... Continue reading
Posted Jul 24, 2017 at (ISC)2 Blog
Name: Hatem Ahmed El Sahhar Title: Team Lead, Security Engineering Employer: Orange Business Services Location: Cairo, Egypt Years in IT: 12 years Years in cybersecurity: 9 Years Cybersecurity certifications: CISSP, CCSP, CEH, Security+, Symantec Knight, Blue Coat Certified Cloud Service Troubleshooting, Blue Coat Certified Proxy Administrator, Blue Coat Certified Proxy Professional, Zscaler Certified Cloud Administrator, Cisco Certified ASA Specialist, CCNA Security, RSA SecurID Administration, Certified Clearswift Engineer (CCE) SECURE Email Gateway, JNCIA How did you decide upon a career in cybersecurity? My vision was clear since my early days and after acquiring my bachelor degree in computer engineering I was... Continue reading
Posted Jul 17, 2017 at (ISC)2 Blog
Name: Paul McAleer (ISC)² Exams Passed: CAP and CISSP Title: Information Assurance Specialist Site Lead Employer: AlphaSix Corporation (Government Contrator) Location: Washington, DC Education: MS in Cybersecurity Years in information security: 2 years Certifications: Security+, ITIL V3, CCSK What did you want to be when you were a child? Most of my family is musical, so I wanted to be professional guitar player. I started playing electric guitar at age 11. I played in bands and for my church. Playing guitar and writing music are still hobbies for me. If you were given three more hours per day, what would... Continue reading
Posted Jul 13, 2017 at (ISC)2 Blog
From the continuing NotPetya attack to the most hackable countries in the world, here’s what made the top security headlines for the week of July 3, 2017: The Ukraine is scrambling to contain a new cyber threat after the ‘NotPetya’ attack, according to Reuters. Investigators are saying that the hack may be far more nefarious than previously thought. Looking to protect against a cyberattack? Here are some simple steps from Freight Waves. Threats on the rise – Linux IoT devices. Which countries are the most hackable in the world? Rapid 7’s National Exposure Index ranks the top 10 most hackable... Continue reading
Posted Jul 7, 2017 at (ISC)2 Blog
Recently, the (ISC)² ThinkTank tackled the cloud. The webinar, “Security Practices for a More Secure Cloud,” featured panelists Kurt Hagerman, CISO of Armor, Raj Goel, CTO of Brainlink, and Keith Young, Info Security Officer of Montgomery County. Thank you to our panelists for sharing their expertise - let’s continue the conversation, shall we? Since cloud is becoming a hot commodity these days, how can a cloud provider assure would be customers that data is 100% secured day-in-and-day-out? I guess there can never be a guarantee. In line with this, how can a cloud provider show that all measures are done... Continue reading
Posted Jul 6, 2017 at (ISC)2 Blog
Name: Lucy Chaplin (ISC)² Exams Passed: CISSP Title: Manager Employer: Wavestone UK Location: London, UK Education: Bachelor of Science, Economics and Politics Years in information security: 4.5 Certifications: PRINCE2 Registered Practitioner, ITIL V3 What did you want to be when you were a child? A pop star, of course! And I also thought it would be fun to practice law — be a barrister, wear a big white wig and argue in front of a judge. If you were given three more hours per day, what would you do with it? The boring answer is get more sleep. But I... Continue reading
Posted Jul 5, 2017 at (ISC)2 Blog
If no news is good news, we’ve got trouble. Here are the top security headlines for the week of June 26, 2017: Is your security team down with IoT? Yeah, you know that 48% of U.S. companies aren’t. Just when you thought ransomware was out of the news, Petya pulls you back in. A two-step guide to dealing with ransomware: 1. Back up your data. 2. Never pay. The source code is out there. Windows 10 code was released, causing even more security concerns for the operating system. Snapchat maps? Time to activate Ghost Mode. Heard a cybersecurity story we... Continue reading
Posted Jul 3, 2017 at (ISC)2 Blog
By Yves Le Roux, CISSP, CISM, Co-Chair, Europe, Middle East and Africa Advisory Council (EAC) Recently our GDPR Task Force has found that despite efforts to prepare for the incoming regulation, many practitioners are finding that there is actually a lot more to do than originally anticipated, and are still in “discovery mode” about what data they hold. Data being fragmented and contained within individual business units means that knowing where data sets reside and mapping their flow is proving challenging. Businesses have just realised the mammoth task ahead of them Many businesses are still stuck in the initial stages... Continue reading
Posted Jun 29, 2017 at (ISC)2 Blog
This month marked the opening of nominations for the first-ever (ISC)² EMEA ISLA, allowing you to nominate fellow information security and management professionals throughout the private and public sectors across Europe, the Middle East and Africa. The nomination categories are: Senior Information Security Professional, Information Security Practitioner, Up-and-Coming Information Security and Woman Information Security Professional. Nominations must be put forward by a colleague, so we hope that many of you will feel inspired to put forward your professional peers. We do appreciate that nominating someone may seem like a daunting task, or you may be unsure whether who you have... Continue reading
Posted Jun 26, 2017 at (ISC)2 Blog
Name: Jae H. Moon Title: Sr. Systems (Linux/IA) Engineer Employer: Cray, Inc. Location: Salt Lake City, Utah, U.S.A. Degree: Master’s degree in Information Systems (emphasis on information security) Years in IT: 16+ Years in information security: 10+ Cybersecurity certifications: CompTIA Security +, SSCP How did you decide upon a career in cybersecurity? I had the opportunity to work as a summer intern at Scott Air Force Base in Illinois for the Department of Defense. I also worked as a Unix System Administrator for AT&T (after graduating from college) which focused heavily on implementing various information security principles and practices to... Continue reading
Posted Jun 22, 2017 at (ISC)2 Blog
Two of the most pressing cybersecurity tasks of our time are the need to dramatically grow the size of the workforce, and to create one that is agile enough to keep up with the shifting sands of today’s business landscape. Infosec Europe’s keynote panel session “Building an Agile Security Team for the Future,” chaired by (ISC)²s EMEA managing director Adrian Davis, saw leading frontline professionals from travel search giants Skyscanner, to transport operator Network Rail and the UK government, discuss how these challenges might be addressed. The first key insight was that an agile cybersecurity team cannot have fixed, traditional... Continue reading
Posted Jun 21, 2017 at (ISC)2 Blog
While the projected 1.8 million cybersecurity workforce gap is a staggering number, the Global Information Security Workforce Study did reveal which sectors are most aggressively looking to address this talent shortfall. Healthcare, retail and manufacturing top the list of industries looking to increase their cybersecurity workforce by more than 20% over the next year. Healthcare, in particular, is aiming for a 39% increase. It’s not surprising that they’re leading the charge to staff up, as Privacy Rights Clearninghouse reports that there were 223 known breaches to healthcare organizations in the United States in 2016 - and another 46 disclosed so... Continue reading
Posted Jun 20, 2017 at (ISC)2 Blog
Nominations are open for the first-ever (ISC)² EMEA Information Security leadership Awards (ISLA) to recognize the achievements of your fellow cyber, information, software and infrastructure security professionals across Europe, the Middle East and Africa. This is a great opportunity to showcase the outstanding work and remarkable contributions the profession is making despite the challenges and widening skills gap we face. The 2017 Global Information Security Workforce Study confirms more than two thirds of the region’s hiring managers are looking to expand their teams in the next 12 months, and about half are struggling to find qualified talent for their roles.... Continue reading
Posted Jun 19, 2017 at (ISC)2 Blog
From malware built to disrupt our critical infrastructure to front-line cyber soldiers, here are some of the top security headlines from the week of June 12: The malware cometh. The “nightmare” malware has been attacking power plants in Europe, causing blackouts and Daily Beast reports that U.S. companies have been warned. “I’m a Mac.” “You still might be in trouble.” That’s what security researchers are saying to Bleeping Computer after two new strains of Mac malware have been offered through the Dark Web over the last few weeks. Is the cloud really safer? Help Net Security found that most IT... Continue reading
Posted Jun 17, 2017 at (ISC)2 Blog
If you’ve attended any of our (ISC)² ThinkTank Webinars (and we hope you have!) you know that moderator Brandon Dunlap shares your questions with panelists to answer during the session. While we can’t get to all questions, we’d like to address a few more here on our blog. Last week’s webinar was “The Human Target – The Tip of the Spear is Aimed at You”, with panelists Ira Winkler, president of Secret Mentem, Sylvester Gray, security product specialist at Sophos and Johnny Deutsch, senior manager, advanced security center at Ernst & Young, LLP. Thank you to our panelists for sharing... Continue reading
Posted Jun 16, 2017 at (ISC)2 Blog
Name: Haruhiko Kurita Title: Senior Security Consultant Employer: NetOne Systems Location: Tokyo, Japan Degree: Master of Science, Physics Years in IT: 24 Years in cybersecurity: 21 Cybersecurity certifications: CISSP, CCSP, CISA, PCI DSS QSA How did you decide upon a career in cybersecurity? My career in cybersecurity started around 1995, when the internet was becoming popular here in Japan. My first product was HSM (Hardware Security Module) and I was interested in cryptography, as technology was very attractive to me. After three mergers, the company (Tandem) became bigger and I covered various parts of security, like F/W, antivirus, identity management,... Continue reading
Posted Jun 11, 2017 at (ISC)2 Blog
Infosecurity Europe took over London this week with “everyone and everything you need to know about information security.” Here are the headlines from the event that caught our eye this week: Are you ready for GDPR? With just under a year to go until implementation, SC Magazine UK asked the question “Can you purchase your way to GDPR compliance?” Short answer: No. No you can’t. No surprise here. In a room full of security pros, the U.K. government’s approach to encryption was a point of discussion following the recent terror attacks in the country. As expected, there were strong opinions... Continue reading
Posted Jun 9, 2017 at (ISC)2 Blog