This is (ISC)² Management's Typepad Profile.
Join Typepad and start following (ISC)² Management's activity
Join Now!
Already a member? Sign In
(ISC)² Management
A compilation of thoughts from members of the (ISC)2 leadership team.
Recent Activity
Image
It’s 2:00 pm. Do you know where your data records are? Here are the security headlines from the week of September 18, 2017. Say it ain’t so, SEC. Say it ain’t so! It looks like the U.S. Securities and Exchange Commission (SEC) suffered a cyber attack in 2016. Hackers have been trading using non-public information. In more cybercrime news, Help Net Security has a list of most wanted malware and mobile malware. We’re all hoping the risk of wearable devices is worth the health benefit – or is that just what I tell myself about my FitBit? But what if... Continue reading
Posted yesterday at (ISC)² Blog
Image
By David Shearer, CISSP, CEO (ISC)² I was recently reading an article by my colleague, ISACA CEO Matt Loeb, that got me thinking. In his piece, Creating cyberculture, Matt creatively reworks the “cybersecurity is everyone’s responsibility” mantra with his seatbelt analogy. While I certainly applaud any effort to create an inclusive cybersecurity culture – and Matt has some great suggestions on how to do so – I believe most organizations simply are not ready. To build on Matt’s seatbelt analogy, we’re buckling ourselves into a car seat that’s not yet bolted to the frame. Let me explain. We still have... Continue reading
Posted 2 days ago at (ISC)² Blog
Image
Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security... Continue reading
Posted 2 days ago at (ISC)² Blog
Image
By David Shearer, CISSP, CEO (ISC)² Let's face it, there's still a fair amount of fear when it comes to the cloud, and I know firsthand people in Texas and Florida recently experienced some devastating weather that tests individuals' and organizations' resiliency. Natural disasters like Hurricane Harvey, Irma and others around the world can serve as a reminder that cybersecurity, IT/ICT and OT for that matter, need to work in complementary ways to ensure not only cybersecurity resiliency but business and mission fulfillment resiliency (i.e. Continuity of Operations). I break these areas out, because I frequently hear them discussed in... Continue reading
Posted 4 days ago at (ISC)² Blog
Image
By Tunde Ogunkoya, Consulting Partner, Africa, at DeltaGRiC Consulting (Pty) ltd. Tunde will be hosting the session Open Source; Pathway to Being or Not Being the VulN Victim at (ISC)² SecureJohannesburg 2017 on 5th October, 2017. The use of Open Source Software (OSS) has come a long way from when developers and organisations tried to avoid it. Today Open Source has become a go-to saving grace within most DevOps teams under pressure to roll out new functionality and features ahead of competition. Unfortunately, levels of vulnerability have grown with the trend as DevOps remain largely unaware of the risks or... Continue reading
Posted 4 days ago at (ISC)² Blog
Image
Pardon our absence on the blog this past week. Hurricane Irma had plans of her own, but we’re back in business and ready to break down the top security headlines for the week of September 11, 2017: The fear of foreign hacking is not just related to elections or national security. England is worried about World Cup information. The silver lining of Equifax is that cybersecurity stocks are up. So I guess that’s a win? Password123 is still not a good idea, but could relaxing password policy increase security? The Hill has questions about the Equifax hack. Still waiting on... Continue reading
Posted Sep 15, 2017 at (ISC)² Blog
For years, many in the United States have viewed the traditional four year degree as the only path to a successful career. In late July, a new bill was introduced on the Hill that recognizes the need to change that mindset -- the New Collar Jobs Act. What exactly is a “new collar” job? According to IBM, the original advocate for building new collar career skills, new collar jobs are “roles in some of the technology industry’s fastest growing fields — from cybersecurity to digital design — that require technical training or some postsecondary education but not necessarily a four-year... Continue reading
Posted Sep 14, 2017 at (ISC)² Blog
Name: Tom Musgrave Title: Security Engineer Employer: Warner Bros. Location: Burbank, California, U.S.A. Degree: BA Hons Years in IT: 17 Years in cybersecurity: 16 Cybersecurity certifications: CISSP, CCSP, GCIH, CCNA, CCNP Security How did you decide upon a career in cybersecurity? After leaving university, and a false start selling parrots for Harrods in Knightsbridge, I needed a change in direction. I joined a web design company as a junior IT engineer and reveled in the role. I then joined the new Cisco TAC support center in Milton Keynes. I was fortuitously recruited to the security team and thoroughly enjoyed troubleshooting... Continue reading
Posted Sep 12, 2017 at (ISC)² Blog
Image
Spying, stealing, defacing. It’s been a busy week. These are the top security headlines for the week of August 28, 2017: The U.S. Navy says there’s no evidence of a cyber attack in the crash of the USS John S. McCain – but hypothetically, this is how it would work. Reuters reports cyber spies are using malware to target India and Pakistan – including decoy clickbait with Reuters reports. Yes, you read that right. Hurricane Harvey is a once in a 1,000 years disaster, but be careful before you donate. Scammers are registering domains to collect “donations” for bogus organizations.... Continue reading
Posted Sep 1, 2017 at (ISC)² Blog
Image
Name: Adam Boulton Title: Senior Vice President, Security Technology Employer: BlackBerry Location: United Kingdom Degree: Bachelor of Science (Honors) in Software Engineering Years in IT: 12 Years in cybersecurity: 12 Cybersecurity certifications: CCSP, CISSP, CSSLP, CSTM, QSTM, OCJA How did you decide upon a career in cybersecurity? I’ve been really interested in technology for as long as I can remember. I was fortunate enough to know that since my early teens I wanted my career to be in software engineering. I am sure my story is very similar to many others, technology really captured my imagination from early on. I... Continue reading
Posted Aug 29, 2017 at (ISC)² Blog
Image
Malware through Word, hacked robots and cloud disasters? No wonder we have anxiety. These are the top security headlines for the week of August 21, 2017: Clippy never warned us about this! Attackers are exploiting a Microsoft Word feature that auto-updates links to install malware. The financial impact of a breach is always being reported on, but what about the mental and emotional cost? What’s its mission? Collaborative and industrial robots are under the “hacker microscope” according to Dark Reading and could be vulnerable. Cloud causing more damage than a hurricane? It’s possible. Further proving the “it’s not if, but... Continue reading
Posted Aug 25, 2017 at (ISC)² Blog
(ISC)² is committed to delivering value to our members in many ways. While professional development, education and training are always going to be paramount, we hope these extra benefits can make your non-professional life a bit easier! We will be sharing some more news about professional benefits coming up at our Security Congress next month. We appreciate your feedback, so please feel free to share any input or ideas that you have for improving member value. You can reach us at communications@isc2.org any time.
Image
Attention (ISC)² members: We want to know, what’s your favorite member benefit? Here are some of the great benefits that we offer our members: Member pricing for (ISC)² local Secure Events and (ISC)² Security Congress taking place September 25-27, 2017 in Austin, TX Free subscription to our award-winning InfoSecurity Professional magazine Deep discounts on industry conferences The ability to join or start a local (ISC)² Chapter Volunteering opportunities such as the Center for Cyber Safety and Education’s Safe and Secure Online program to help keep kids cyber safe Professional recognition through (ISC)² awards programs Expert-led webinars on the latest security... Continue reading
Posted Aug 24, 2017 at (ISC)² Blog
Image
Name: Mark A. Singer Title: Principal Software Engineer Employer: DoD Sub-Contractor Location: Indianapolis, IN Education: Business Management Years in IT: 19 Years in cybersecurity: 12 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? Evolution. I stumbled into computers when I served in the U.S. Navy from 1985 to 1989 when PCs with 8086 processors were common. When I got out of the service, I was able to get a job working for Naval Avionics in Indianapolis and was placed in a role where I was doing local computer support on tempest computers (386, 486, & 486DX... Continue reading
Posted Aug 23, 2017 at (ISC)² Blog
Image
Gartner recently released its global information security spending forecast and concluded that security products and services investment will reach $83.4 billion by the end of 2017 (a 7% increase over 2016). The firm also is predicting spending to reach $93 billion in 2018, a 12% increase over this year’s record investment. According to Gartner: “Security services will continue to be the fastest growing segment, especially IT outsourcing, consulting and implementation services… hardware support services will see growth slowing, due to the adoption of virtual appliances, public cloud and software as a service (SaaS) editions of security solutions, which reduces the... Continue reading
Posted Aug 22, 2017 at (ISC)² Blog
Image
Pseudo-ransomware and struggling security budgets. Here are the top security headlines for the week of August 14, 2017: Who would have thought we would long for the days when ransomware was ransomware. Now it’s all too complicated. Bitcoin is going mainstream, but does that mean it’s a bad investment? In a case of the cobbler’s children have no shoes, data brokers seem to be lacking basic security. Raise the roof! It looks like cybersecurity might be hitting a ceiling when it comes to spending. No spoilers, but HBO has been hacked again and OurMine is taking over their social accounts.... Continue reading
Posted Aug 18, 2017 at (ISC)² Blog
Image
By Adrian Davis, CISSP, Managing Director EMEA, (ISC)² The National Crime Agency recently revealed a fascinating intelligence assessment, uncovering the ‘pathways into cyber crime’. The key finding was that most young hackers are motivated, not by financial reward, but by idealism. The NCA added that many of those involved in cyber-crime had “highly marketable” skill sets, and evidence showed that positive role models could help steer ex-offenders towards productive technology careers. Many people feel that re-training young cyber offenders as cyber security professionals offers a chance to kill two birds with one stone; reducing cyber-crime and simultaneously helping to reduce... Continue reading
Posted Aug 16, 2017 at (ISC)² Blog
Image
(ISC)² is proud to announce that our membership has surpassed 125,000 certified cybersecurity professionals globally. As demand for skilled security professionals continues to grow exponentially, (ISC)² certification and continuing education programs enable cybersecurity and IT security practitioners to prove their expertise, advance their careers and contribute to a more secure society. Here’s what some members are saying about the milestone: "125,000 members is a very large number for a community of dedicated people continuously raising the bar by learning, researching, teaching and sharing their knowledge and skills to make our cyber world safer,” said Emmanuel Nicaise, CISSP, president, (ISC)² Belux... Continue reading
Posted Aug 15, 2017 at (ISC)² Blog
Image
WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds... Continue reading
Posted Aug 11, 2017 at (ISC)² Blog
Image
Building an effective SIEM requires ingesting log messages and parsing them into useful information. While it might be easy to stream, push and pull logs from every system, device and application in your environment, that doesn’t necessarily improve your security detection capabilities. What you do with your logs – correlation, alerting and automated response – are the strength of a SIEM. Real-time security starts with understanding, parsing and developing actionable information and events from your log messages. With the launch of a new site, (ISC)² was presented an opportunity to refine our security monitoring services. Linked below is an example... Continue reading
Posted Aug 9, 2017 at (ISC)² Blog
Image
ATMs, HBO, democracy … what can’t be hacked? Here are the top security headlines for the week of July 31, 2017: IOActive hacked at ATM at Black Hat. I guess drinks are on them? Espionage was just a red herring. Apparently hackers in North Korea are looking for cash, not secrets. DefCon attendees shredded voting machines – some still being used in U.S. elections. Don’t worry, it’s for research. “If all your friends were downloading torrents, then would you too?” It seems like everyone is doing it, but even downloading just the BitTorrent clients (the software needed to run them)... Continue reading
Posted Aug 4, 2017 at (ISC)² Blog
Image
We can’t all make it to Vegas for Black Hat, but we can get the scoop on what news came out of the annual infosec conference that took over the Mandalay Bay, and security headlines, for the week. So let’s dive into the top headlines from the week of July 24, 2017: Recruiting is flush in Vegas. With more industries than ever – AKA all of them – needing cybersecurity as a function, parties at BH are a way for recruiters to fill jobs. Facebook is putting their money where their mouth is and investing $1M in funding for defensive... Continue reading
Posted Jul 28, 2017 at (ISC)² Blog
Image
Insights from the 2017 Global Information Security Workforce Study show that the IT players in your organization may be the key to filling the looming cybersecurity workforce gap. The survey was taken by 10,584 cyber and information security professionals in North America, and showed a projected 265,000 industry jobs will be left unfilled in 2022. Practitioners back up that data, with 68 percent indicating their organizations had too few security professionals. Filling a gap of that size with qualified professionals is daunting, but the help may already be in your organization in the information technology department. In North America, 87... Continue reading
Posted Jul 25, 2017 at (ISC)² Blog
Image
Name: Paul-Arnaud Wernert Title: Senior Manager, Cyber Risk & Security Employer: Beijaflore Location: Paris, France Years in IT: 13 Years in cybersecurity: 13 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? I started to be interested in cybersecurity during my engineering studies. I led a team of students to perform an organizational and technical security audit of the network of a French public company. This was the first experience for me to understand one context, identify its threats and assess associated risks, then explain to the management these risks and the way to mitigate them. After... Continue reading
Posted Jul 24, 2017 at (ISC)² Blog
Image
Name: Hatem Ahmed El Sahhar Title: Team Lead, Security Engineering Employer: Orange Business Services Location: Cairo, Egypt Years in IT: 12 years Years in cybersecurity: 9 Years Cybersecurity certifications: CISSP, CCSP, CEH, Security+, Symantec Knight, Blue Coat Certified Cloud Service Troubleshooting, Blue Coat Certified Proxy Administrator, Blue Coat Certified Proxy Professional, Zscaler Certified Cloud Administrator, Cisco Certified ASA Specialist, CCNA Security, RSA SecurID Administration, Certified Clearswift Engineer (CCE) SECURE Email Gateway, JNCIA How did you decide upon a career in cybersecurity? My vision was clear since my early days and after acquiring my bachelor degree in computer engineering I was... Continue reading
Posted Jul 17, 2017 at (ISC)² Blog