This is (ISC)² Management's Typepad Profile.
Join Typepad and start following (ISC)² Management's activity
Join Now!
Already a member? Sign In
(ISC)² Management
A compilation of thoughts from members of the (ISC)2 leadership team.
Recent Activity
Not surprisingly, WannaCry remained top of mind last week. We’re sure you’re doing everything you can to patch your environment and prevent similar ransomware attacks in the future. Here are some WannaCry headlines (and other security news) that caught our eye last week. WannaCry Rolls On According to the Dark Reading article WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool, researchers early last week were looking into the “kill switch” and consensus seemed to be building that it was a poorly constructed VM analysis/sandbox evasion technique. WIRED went a bit deeper with their assessment The WannaCry Ransomware Hackers Made... Continue reading
Posted yesterday at (ISC)2 Blog
Name: George McPherson Title: Information Security Analyst Employer: Duke Energy Location: Charlotte, North Carolina Degree: Currently working towards Associates Degree in "Cyber Security" Years in IT: 4 Years Years in information security: 3 Years Cybersecurity certifications: SSCP, Security+, MTA Security How did you decide upon a career in cybersecurity? When I first entered IT and started sitting for IT certifications I noticed that when I received my score report, I would always score the highest on security-related questions. When reflecting on this revelation, I realized that I also got excited about security and investigating security-related issues. Why did you get... Continue reading
Posted 5 days ago at (ISC)2 Blog
Top security news from the week of May 8, 2017 ... Kazuar, Windows Defender and Worst-Case Scenarios The WannaCry Ransomware attack continues to dominate the news cycle, and we’re sure you’re closely watching developments and taking appropriate US-CERT precautions. But from Microsoft issuing an emergency patch for Windows Defender to the NSA director sharing his cyber fears to Gizmodo phishing for Trump administration officials, last week didn’t disappoint in delivering a rich trove of other security news. In case you missed it, here are some other stories that got our attention. Meet Kazuar From the pages of “Oh great, they’re... Continue reading
Posted 7 days ago at (ISC)2 Blog
(ISC)² has had the honor of celebrating leaders in cyber, information, software and infrastructure security since 2004. The 2017 Americas Information Security Leadership Awards (AM-ISLA®) are now open for nominations. We can’t wait to hear about your latest achievements, so please tell us about a cybersecurity leader whose work deserves recognition by the industry and by their peers. The categories for nomination are: Information Security Practitioner Senior Information Security Professional Up-and-Coming Information Security Professional Community Awareness The deadline to submit is June 7, 2017 at 11:59pm EST. Nominations and awards are open to (ISC)² members and non-members alike. Winners will... Continue reading
Posted May 15, 2017 at (ISC)2 Blog
(ISC)² is proud to present the 2017 F. Lynn McNulty Tribute Award to Brigadier general (ret.) Gregory Touhill, CISSP, former Federal Chief Information Security Officer. Serving active duty for the Air Force from 1983 to 2013, retired Brig. Gen. Touhill’s distinguished military career culminated as the Chief Information Officer and Director of Command, Control, Communications and Cyber Systems at U.S. Transportation Command – one of the nation’s 10 combatant commands. As the Senior Cyberspace Operations Officer, he led the command’s cyberspace defense mission and oversaw a $500 million information technology portfolio. Greg transitioned to civilian service at the Department of... Continue reading
Posted May 10, 2017 at (ISC)2 Blog
Other than a college degree, how can you validate your knowledge and skills? Certifications represent a way for professionals to validate their knowledge and expertise, as well as a path for continued education and professional development. But what about value? Why are cybersecurity certifications essential today? What is the value of a cybersecurity certification? Proves Your Worth According to the 2017 (ISC)² Global Information Security Workforce Study (GISWS), when respondents were asked for the reasons why their organization requires staff to have information security certifications, employee competence was the most common answer. You can spend years working to prove your... Continue reading
Posted May 9, 2017 at (ISC)2 Blog
According to the latest research from the Center for Cyber Safety and Education™ and the Executive Women’s Forum on Information Security, Risk Management & Privacy (EWF), conducted by Frost & Sullivan, women continue to comprise only 11 percent of the information security workforce. That number, despite women making up approximately half of the global population, has remained stagnant since 2013. This information is detailed in the latest infographic created using data from the 2017 Women in Cybersecurity report, which was part of the Global Information Security Workforce Study (GISWS), sponsored by Booz Allen Hamilton. The study found that women in... Continue reading
Posted May 8, 2017 at (ISC)2 Blog
With less than 150 days until Security Congress, the full agenda has been released. Keynote speakers include Ben Makuch, national security reporter for VICE News, Donald W. Freese, deputy assistant director at the FBI, and Juliette Kayyem, founder of Kayyem Solutions. The seventh annual conference will be hosted at the JW Marriott Austin, September 25-27, 2017. There will be 11 tracks at this year’s event, including: Cloud Security Cyber Crime Critical Infrastructure Incident Response & Forensics Governance, Regulation & Compliance Identity Access Management People & Security Professional Development Software Assurance/Application Security Swiss Army Knife Threats We listened to the feedback... Continue reading
Posted May 4, 2017 at (ISC)2 Blog
Name: Ajet Ibraimoski Title: System/Network Administrator Employer: PBS Systems Inc. Location: Calgary, Alberta, Canada Degree: MSc. in Computer Networks and e-Technologies; B.Sc. in Informatics and computer engineering Years in IT: 9 Years in information security: 5 Cybersecurity certifications: SSCP, CEH, Security+, Cybersecurity: Technology, Application and Policy – MIT, Information Security Foundation based on ISO/IEC 27002 How did you decide upon a career in cybersecurity? Security has always been my passion. Information security blogs and magazines kept me awake at night during my university years. After graduation, I had the chance to work in various positions and industries that presented unique... Continue reading
Posted May 2, 2017 at (ISC)2 Blog
By Yves Le Roux, Co-Chair (ISC)² EMEA Advisory Council (EAC) and Chair of its GDPR Task Force. Download the 12 Areas of Activity and their key supporting tasks The (ISC)² EMEA Advisory Council is turning to its professional membership to measure the readiness of organizations and security departments for the General Data Protection Regulation (GDPR) and highlight the challenges they are facing in the effort to become compliant by May 2018. We are doing this by bringing people who are actively working on implementation projects together either on monthly international calls and, as of this month, in face-to-face workshops hosted... Continue reading
Posted Apr 26, 2017 at (ISC)2 Blog
Name: Guy Bertrand Kamga Title: Senior Security Analyst Employer: Nokia Location: Paris, France Degree: Master in Computer Science Engineering Years in IT: 14 Years in cybersecurity: 7 Cybersecurity certifications: CISSP, CCSK, CCSP How did you decide upon a career in cybersecurity? I decided to focus in cybersecurity when I realized that due to the rapid development of new technologies (e.g. social networks, cloud) and the proliferation of mobile devices, it will be more and more challenging to efficiently protect personal data and other sensitive information. Why did you get your CCSP®? I decided to take the CCSP exam to challenge... Continue reading
Posted Apr 21, 2017 at (ISC)2 Blog
In a recent blog post, I encouraged our U.S. government members to think short-term and be cautious to draw conclusions within the first 90 days of the Trump Administration. I also mentioned that one of (ISC)²’s immediate goals was to deliver a set of recommendations to the presidential team. In advance of the new administration’s 100th day in office next week, the following list of recommendations was delivered to White House Chief of Staff Reince Priebus and others on the Trump team as well as to the Subcommittee on Information Technology during a congressional hearing on April 4. With this... Continue reading
Posted Apr 18, 2017 at (ISC)2 Blog
Name: Yong Shi Title: Lecturer Employer: Shanghai JiaoTong University Location: Shanghai, China Education: Master Years in IT: 13 years Years in cybersecurity: 13 years Cybersecurity certifications: CISSP, CISA, ISO27001LA, Cobit Foundation, ITIL V3 Foundation How did you decide upon a career in cybersecurity? I studied information security during my undergraduate degree at Shanghai JiaoTong University. After graduating, I stayed to teach cybersecurity. The field of cybersecurity is enigmatic and it is a knowledge difficult to be fathomed, so I believe that is why some young people are interested in it. When I was still pursuing my studies, I volunteered as... Continue reading
Posted Apr 13, 2017 at (ISC)2 Blog
Name: Adam Gorecki Title: System Administrator/Information Security Analyst Employer: Mountain View County Location: Didsbury, Alberta, Canada Years in IT: Over 10 years Years in information security: 1 Cybersecurity certifications: SSCP How did you decide upon a career in cybersecurity? Information security has been something that has always interested me. It has been at the forefront of my mind during my career as a network analyst and a system administrator. When the opportunity arose for me to take on an information security analyst role, I jumped at it. Why did you get your SSCP®? I wanted to get a designation that... Continue reading
Posted Apr 10, 2017 at (ISC)2 Blog
Thank you! Corrected!
Earlier this week, (ISC)² Managing Director for North America, Dan Waddell provided expert testimony to the Subcommittee on Information Technology during a hearing Reviewing Federal IT Workforce Challenges and Possible Solutions. The hearing aimed to examine the development, recruitment, and retention of the United States federal government’s IT and cybersecurity workforce and to discuss the potential for forming an industry-government rotational workforce. During his testimony, Mr. Waddell provided the Subcommittee members and others in attendance a short list of recommendations that the (ISC)² executive management team has gathered since the election. A complete list of recommendations will be released via... Continue reading
Posted Apr 6, 2017 at (ISC)2 Blog
A data breach can cause a loss of revenue, destroy shareholder value, erode consumer trust and even open you up to legal consequences, whereas better security can add value to a company by preventing attacks, detecting breaches faster and mitigating the damage caused by cyber threats. The Ponemon Institute's 2016 Cost of Data Breach Study estimates that the average consolidated total cost of a data breach is $4 million; so why do we still view cybersecurity simply as an operating cost? Unfortunately, cybersecurity is often viewed as the organization that always says no versus the organization that makes the business... Continue reading
Posted Apr 5, 2017 at (ISC)2 Blog
Name: Shashana Campbell Title: Manager, Cyber Risk Advisory Employer: Grant Thornton LLP Location: Philadelphia, Pennsylvania, U.S.A. Education: Master of Science in Information Systems from Drexel University and Bachelor of Science in Management Information Systems from Pennsylvania State University Years in IT: 7 Years in information security: 7 Cybersecurity certifications: CISSP, CISA How did you decide upon a career in cybersecurity? I began my career in risk consulting, providing IT Auditing and Advisory service. I think once you build a foundation in understanding, assessing and implementing IT security controls, the next step is learning how to further strengthen those controls and... Continue reading
Posted Apr 4, 2017 at (ISC)2 Blog
Name: Chris Sellards Title: Senior Security Architect Employer: Harland Clarke Holdings Location: San Antonio, Texas Degree: Master of Science, Information Security. Currently pursuing a Doctor of Science in Cybersecurity at Capitol Technology University Years in IT: 21 Years in cybersecurity: 17 Cybersecurity certifications: CISSP-ISSAP, CCSP, CAP, CCSK, CEH, CHFI, GCWN, NSA IAM, NSA IEM, Tripwire Enterprise Administration How did you decide upon a career in cybersecurity? Even before officially being employed in the IT field, I was fascinated with security. I ran my first blog in the mid-1990s where I covered various security topics. I worked as an engineer for... Continue reading
Posted Mar 30, 2017 at (ISC)2 Blog
We are excited to announce the final speaker agenda for our 5th annual CyberSecureGov training event being held May 9-11, 2017, at the Marriott Wardman Park in Washington, D.C. This year, we are offering a 3-day event, which means more great sessions and more CPEs! “If you work for the U.S. government – either as a contractor or direct hire – cybersecurity is now your job,” said Dan Waddell, CISSP, CAP, PMP, managing director, North America Region, and director of U.S. government affairs, (ISC)². “More and more, government agencies are requiring good cyber hygiene practices in contracts, job descriptions, performance... Continue reading
Posted Mar 23, 2017 at (ISC)2 Blog
Name: Wendy Larsen Title: Security Consultant Employer: Weidenhammer Location: Reading, Pennsylvania, U.S.A. Years in IT: 27 Years in information security: 5 Cybersecurity certifications: SSCP, Security+, ITIL, VCP, MCSE How did you decide upon a career in cybersecurity? I have been working for an information technology consulting organization for 27 years. They gave me many opportunities to expand my technical knowledge as a systems engineer. Over the past several years, I have been very interested in growing my skill set in cybersecurity. I came to discover that I have a passion for security – therefore, I took the bull by the... Continue reading
Posted Mar 23, 2017 at (ISC)2 Blog
Name: Tim Weil Title: Network Project Manager Employer: Alcohol Monitoring Systems Location: Denver, Colorado, U.S.A. Degree: BA in Sociology/Latin American Studies from Immaculate Heart College, MS in Computer Science from Johns Hopkins University Years in IT: 30+ Years in cybersecurity: 15+ Cybersecurity certifications: CCSP, CISSP, CISA, CRISC How did you decide upon a career in cybersecurity? Working in the telecommunications industry through the dot-com era, my core networking skills became less valuable when I obtained the CISSP in 2003. In the federal sector, I worked as a contractor for more than 10 years for more than 10 agencies, specializing in... Continue reading
Posted Mar 21, 2017 at (ISC)2 Blog
The 2017 Global Information Security Workforce Study (GISWS) Women in Cybersecurity report, co-authored by the Center for Cyber Safety and Education and the Executive Women's Forum on Information Security, Risk Management & Privacy, and presented by PricewaterhouseCoopers, LLC focuses on the unique attributes, as well as the challenges facing women in this industry. A few of the highlights from this year's Women in Cybersecurity report include: Women comprise only 11 percent of the information security workforce. Women reported higher levels of education than men. Women in cybersecurity earn less than men. A special thank you to the co-authors of this... Continue reading
Posted Mar 17, 2017 at (ISC)2 Blog
Dr. Heejo Lee 2016 Asia-Pacific ISLA Showcased Honoree (Information Security Educator) and Community Service Star Awardee with David Shearer (ISC)² CEO “It is a great honor to be the first showcased honoree of an ISLA award for educators and get the very prestigious recognition as the community service star at 2016. After receiving this award, our IoTcube project is getting a lot more attention and we will continue to develop internationally collaborative programs for better and safer IoT world.” Over the past 25 years, Dr. Heejo Lee has consistently contributed to the advancement of security technologies for academia, private industries,... Continue reading
Posted Mar 14, 2017 at (ISC)2 Blog
Name: Albert Torres Title: Cyber Security Project Manager Employer: Sempra Energy Utilities – contractor Location: San Diego, California, U.S.A. Education: M.S. in Information Security and Assurance from Western Governors University, B.A. in Management Information Systems (Summa Cum Laude) from Washington State University Years in IT: 26 Years in cybersecurity: 16 Cybersecurity certifications: CISSP, PMP, CEH, CHFI, ITIL v3 Foundation IT Management Certification How did you decide upon a career in cybersecurity? I had been in the IT industry for over 10 years and our company was creating its first software as a service (SaaS) software offering. The previous software we... Continue reading
Posted Mar 13, 2017 at (ISC)2 Blog