This is (ISC)² Management's Typepad Profile.
Join Typepad and start following (ISC)² Management's activity
Join Now!
Already a member? Sign In
(ISC)² Management
A compilation of thoughts from members of the (ISC)2 leadership team.
Recent Activity
Image
You might want to sit down for this one: The shortage of cybersecurity professionals around the globe has never been more acute. New research by (ISC)2 places the estimate at just under 3 million – 2.93 million to be exact – with roughly 500,000 of those positions located in North America. According to (ISC)2’s Cybersecurity Workforce Study, the gap is having a serious real-world impact around the globe. Asia-Pacific, with its growing economies and new privacy regulations, is experiencing the biggest shortage – 2.14 million positions. The massive worldwide shortage not only places organizations affected by the shortage at higher... Continue reading
Posted 3 days ago at (ISC)² Blog
Image
The future of cybersecurity was the subject of lively discussion during a session on blockchain’s potential to revolutionize how data is protected. The session was part of the 2018 (ISC)2 Security Congress, taking place this week in New Orleans. The Blockchain session’s presenters, Nitin Uttreja and Ashish Dwivedi, who are both cybersecurity engineers for CA Technologies, argued that blockchain provides effective, reliable ways to secure cloud storage and the Internet of Things (IoT), and to manage identities and passwords. But not everyone in attendance was buying it. Questions arose as to whether networks still have to be secured in conjunction... Continue reading
Posted Oct 11, 2018 at (ISC)² Blog
Image
About three thirds (76%) of companies currently have cyber insurance, but less than a third of them (32%) get policies that cover all risks, according to two representatives from insurer RLI Corp. who spoke during this week’s (ISC)2 Security Congress 2018 in New Orleans. While having a cyber policy is always a good idea, there is a fair amount of complexity that makes it difficult to determine how much coverage you need. Often third parties such as cloud providers are involved, creating coverage nuances that companies must be aware of when taking out a policy. Beyond that, companies often don’t... Continue reading
Posted Oct 10, 2018 at (ISC)² Blog
Image
It was standing room only at security consultant Ron Woerner’s presentation on tools, tips and techniques for cybersecurity professionals this week at the 2018 (ISC)2 Security Congress in New Orleans. Woerner, president and chief cybersecurity consultant at RWX Security Solutions, focused primarily on easily available, free resources that anyone can find with a simple internet search or by typing in a URL. The resources are useful in cybersecurity assessments, investigations, awareness and administration. That Congress attendees lined up patiently to get into the session indicates how much hunger there is for resources that can help them in their jobs. Perhaps... Continue reading
Posted Oct 10, 2018 at (ISC)² Blog
Image
Stop saying humans are the weakest link in security. That was the main message delivered by former White House CIO Theresa Payton during her keynote at (ISC)2’s Congress 2018, taking place this week in New Orleans. “The technology is the weakest link. The human is at risk. We have to change how we think about this in our industry,” said Payton, who is now president and CEO of Fortalice Solutions, and stars in the CBS show “Hunted.” Even though cybersecurity teams implement various measures, follow rules and frameworks, and complete compliance checklists, breaches still occur, she said. That’s because technology... Continue reading
Posted Oct 9, 2018 at (ISC)² Blog
Image
Privacy is one of the greatest challenges of the digital age. Who has the right to access an individual’s personal data and when? That’s the question at the heart of a series of court cases regarding search and seizure of mobile phones at U.S. border crossings. Currently border agents are allowed to access and search metadata, including the origin, time and date of phone calls, without a search warrant. However, true data typically requires a warrant, according to Scott M. Giordano, vice president of data protection at Spirion, a data management software provider. He addressed the topic to a packed... Continue reading
Posted Oct 9, 2018 at (ISC)² Blog
Image
Securing critical industrial infrastructure systems in manufacturing, distribution and product-handling environments is a major challenge. The main reason we haven’t seen a spectacular attack on one these systems is because it’s hard to pull off. But organizations in oil and gas, chemicals, utilities and a whole host of other industries need to take steps to protect their critical infrastructure, lest they fall victim to an attack by a nation-state, hacktivists or even insiders, according to a panel of security experts who spoke during the (ISC)2 Congress 2018, taking place this week in New Orleans. The panel was moderated by James... Continue reading
Posted Oct 9, 2018 at (ISC)² Blog
Image
Since humans are the number one target for cyber attacks, organizations need to implement strategies that teach users how to identify and avoid risks. Security awareness may well be the most important role of cybersecurity teams. That was the message delivered by Theresa Frommel, acting deputy CISO for the State of Missouri, at a breakout session of the (ISC)2’s Congress 2018, taking place this week in New Orleans. Repeating a suggestion from an attendee at her session, Frommel said it makes sense that users need to be “patched,” much like software systems have to be patched regularly to remove security... Continue reading
Posted Oct 8, 2018 at (ISC)² Blog
Image
The cybersecurity workforce skills gap is hampering the nation’s ability to combat cyber threats that target our way of life, economy and national security interests, according to U.S. Rep. Cedric Richmond (D-LA), who serves on the House Committee on Homeland Security. Delivering the first keynote at the 2018 (ISC)2 Security Congress, taking place this week in New Orleans, the Congressman said more work is needed at the federal, state and local levels, as well as in the private sector, to address the problem of cybersecurity and the skills gap. “We need a robust cybersecurity workforce,” Richmond said, citing a government... Continue reading
Posted Oct 8, 2018 at (ISC)² Blog
Image
(ISC)²’s two-day UK Secure Summit brings multi-subject sessions from hands-on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities. Serving the entire (ISC)² EMEA professional community, the Summit offers a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions: (ISC)² 2018 Secure Summit UK saw Richard Hudson, Principal IT Consultant at msg systems, reveal how dramatic advances in Artificial... Continue reading
Posted Oct 5, 2018 at (ISC)² Blog
Image
(ISC)²’s two-day UK Secure Summit brings multi-subject sessions from hands-on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities. Serving the entire (ISC)² EMEA professional community, the Summit offers a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions: (ISC)² 2018 Secure Summit UK saw Joseph Carson, CSS at Thycotic, reveal the fascinating story behind Estonia’s journey towards becoming... Continue reading
Posted Oct 5, 2018 at (ISC)² Blog
Image
Preparing a cybersecurity team for the never-ending onslaught of cyber threats takes a lot of work. Organizations that get it right make the appropriate technology investments, recruit qualified candidates, and clearly define their roles once they are onboarded. (ISC)2’s Building a Resilient Cybersecurity Culture study provides valuable insights about building and retaining an effective cybersecurity team. It all starts with a commitment from the top. When the CEO and board of directors are serious about protecting the organization and its people from cyber-attacks, the team is emboldened to do its job. Companies with a strong cybersecurity culture invest in both... Continue reading
Posted Oct 4, 2018 at (ISC)² Blog
Image
The chief information security officer role hasn’t always gotten the respect it deserves. Research over the years has shown companies often treat their CISO primarily as a scapegoat for security incidents. But that may be changing – at least it is in organizations with a strong cybersecurity culture. New research by (ISC)2 shows the overwhelming majority of companies that properly staff their cybersecurity teams employ a CISO. The Building a Resilient Cybersecurity Culture study revealed that 86% of organizations that consider themselves adequately staffed with cybersecurity talent have a CISO. This is a substantially higher percentage than the 49% of... Continue reading
Posted Oct 2, 2018 at (ISC)² Blog
Image
Name: Ana Ferreira Title: Doctor Employer: Center for Health Technology and Services Research (CINTESIS), Faculty of Medicine, University of Porto Location: Porto, Portugal Education: BSc in Computer Science, MSc in Information Security, PhD in Computer Science Years in IT: 20 Years in cybersecurity and/or privacy: 16 Cybersecurity certifications: CISSP, HCISPP How did you decide upon a career in healthcare security and/or privacy? After I graduated in 1998, I went to work for a healthcare education institution as a researcher and IT specialist. After a few years, I realized that security and privacy, especially in the domain of healthcare, were crucial... Continue reading
Posted Oct 1, 2018 at (ISC)² Blog
Image
Name: Shinji Abe Title: Director Employer: NTT Security (Japan) KK Degree: Bachelor of Science, Master of Science in Quantum Physics Years in IT: 11 Years in cybersecurity: 7 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? I started my career as a system engineer. I became involved in information security after some systems managed that I was managing received vulnerability assessments. That was when I realized the importance of cybersecurity. I moved to the security analysis team to focus on security works in 2011. Why did you get your CISSP®? In the beginning of my cybersecurity... Continue reading
Posted Sep 26, 2018 at (ISC)² Blog
Image
(ISC)² is committed to enriching our professional development course offerings to members. That’s why we’re excited to announce a free course is now available – GDPR for Security Professionals: A Framework for Success. The course is online and self-paced to work with your busy schedule. We know the GDPR deadline has come and gone, but that doesn’t mean that the work is over. Many companies are not yet compliant, and maintaining compliancy is challenging to say the least. This GDPR course is designed to help you contribute to the strategy, direction and implementation of the EU’s General Data Protection Regulation... Continue reading
Posted Sep 26, 2018 at (ISC)² Blog
Image
One of the main questions (ISC)2 sought to answer with a new study, Building a Resilient Cybersecurity Culture, was what makes a good cybersecurity team, especially in an industry that suffers from a shortage in its current workforce. How do organizations go about building and strengthening the team? It’s clear from the study’s findings that management’s attitude toward the team – and toward cybersecurity as a whole – is related to the team’s success, confidence and ability to do their job without worrying about lack of budget or support from the top. Going in, we already knew the respondents in... Continue reading
Posted Sep 25, 2018 at (ISC)² Blog
Image
Name: Shelly Epps, MS, HCISPP Title: Information Security Analyst and Program Lead, Security Outreach & Education Employer: Duke University Health System Location: Durham, NC Education: BS in Biology from Kansas State University, Master’s in Genetic Counseling from University of Pittsburgh Years in IT: 6 Years in cybersecurity: 6 Cybersecurity certifications: HCISPP How did you wind up in a career in cybersecurity? I stumbled into it! I had been working in healthcare, research, data and employee management and administration for about 20 years when I chose to take a step off of that pathway without a solid backup plan. I was... Continue reading
Posted Sep 24, 2018 at (ISC)² Blog
Image
It may seem obvious: A strong commitment to cybersecurity from an organization’s top management equals better protection. The cybersecurity staff have more confidence and focus on the right things – fighting threats as opposed to worrying about who will leave next for greener pastures. These were among the findings of (ISC)2’s latest study, Building a Resilient Cybersecurity Culture. The study of cybersecurity professionals set out to pinpoint what companies with a good cybersecurity track record do better than others. As you might suspect, a strong cybersecurity culture is key. And it manifests itself in multiple ways: Top management understands the... Continue reading
Posted Sep 20, 2018 at (ISC)² Blog
Image
To effectively deliver value as cybersecurity professionals, (ISC)² Singapore Chapter is focusing on working closely with other Singapore cybersecurity-focused organizations. This collaboration is a clear path forward to managing and mitigating risks connected with electronic secrets, according to the Singapore Chapter’s president, Matthias Yeo. “That is what we believe cybersecurity of the 21st century needs: ecosystem partnership,” he said. Formalization of relationships with global organizations such as ISACA and ITSMF, and local organizations such as the Association for Information Security Professionals (AISP), engages cybersecurity professionals across multiple disciplines. The opportunity to network with other practitioners and an increased variety of... Continue reading
Posted Sep 20, 2018 at (ISC)² Blog
Image
Name: Hayato Kiriyama Title: Senior Security Solutions Architect Employer: Amazon Web Services Japan K.K. Degree: MBA, Master’s of Science Years in IT: 14 Years in cybersecurity: 8 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? Around 2010, I was involved in developing an application for Data Loss Protection at IBM. Such a data-oriented approach looked quite different to me because it was connected with the value of data in the business. It was this kind of business-oriented security which I wanted to research and develop further. Why did you get your CISSP? When I was working... Continue reading
Posted Sep 18, 2018 at (ISC)² Blog
Image
Name: Patrick Wai Keun Liu Title: Deputy Chief Information Security Officer Employer: DBS Bank (Hong Kong) Limited Degree: Computer Engineering Years in IT: 20 Years in cybersecurity: 15+ Cybersecurity certifications: CISSP-ISSAP, CRISC, CGEIT, CIA, CISA, ABCP How did you decide upon a career in cybersecurity? I started my cybersecurity career as a customized professional service for a high-end customer. I was working in an ISP and the company provided network connectivity services. My team focused on new initiatives and we believed security had potential. I have dedicated myself to this area ever since. Why did you get your CISSP-ISSAP? As... Continue reading
Posted Sep 11, 2018 at (ISC)² Blog
Image
By James Packer (ISC)² London Chapter President I’m very much looking forward to moderating the diversity panel at the Secure Summit in September. The topic of skills and diversity in the industry is a deep passion of mine as I feel we need to continue to be a forward looking industry, carefully considering the demands of the current age of technology and the trends of technology consumption amongst the next generation. As President of the (ISC)2 London Chapter, this is an area of focus for us as a Chapter; we are currently developing our Education Framework, which is a strategy... Continue reading
Posted Sep 11, 2018 at (ISC)² Blog
Image
By Steve Mair Senior Cyber Security Consultant, PGI On 18th June 2018, the Department for Culture, Media and Sport (DCMS) made an announcement to the effect that PGI are going to run a 10 to 12 week training programme for women with little or no cyber security background. Candidates will be employed from the outset of training, moving straight into a guaranteed job on completion with a leading employer within the sector. This programme is called Women in Cyber and currently PGI have had over 160 expressions of interest from women around the UK. At the forthcoming (ISC)² Secure Summit,... Continue reading
Posted Sep 10, 2018 at (ISC)² Blog
Image
It has been one year since the Equifax breach was first disclosed to the public. It has been one year and six weeks since Equifax first became aware of the breach. The delay in the public announcement of the breach after executives became aware may have proven just as damaging as the delay in installing a patch for the known vulnerability that led to the breach itself. The repercussions of the failure to communicate the breach is just part of our cover story in the latest issue of (ISC)²’s member magazine, InfoSecurity Professional. The article, “One Year Later” is a... Continue reading
Posted Sep 7, 2018 at (ISC)² Blog