This is Moderator's Typepad Profile.
Join Typepad and start following Moderator's activity
Join Now!
Already a member? Sign In
Inspiring a Safe and Secure Cyber World
Recent Activity
You asked – we listened! We are excited to announce new Online Self-Paced Training for the CISSP-ISSAP and CISSP-ISSEP concentrations. These courses are available in the recently updated (ISC)² Learning Management System. Both self-paced courses include online access for 134 days, as well as flash cards, a post-course assessment, case studies, quizzes, videos and other learning activities. The ISSAP concentration is ideal for a CISSP who specializes in designing security solutions and providing management with risk-based guidance to meet organizational goals. The Official (ISC)² ISSAP Self-Paced Training covers the six domains of the CISSP-ISSAP CBK®: Identity and Access Management Architecture... Continue reading
Posted Sep 6, 2018 at (ISC)² Blog
With so much data being stored on cloud servers, Cloud Service Providers (CSPs) must be extra-vigilant and proactive to ensure their clients’ vital digital property is never compromised, infected, or held for ransom. The potential for damage extends well beyond simple data loss; companies can face litigation, fines, and destruction of their reputation and brand if their cloud platform is breached. This is a job that requires more than the already great talents that a CSP employs. The need for constantly updated risk awareness and mitigation demands that CSPs also reach out to Certified Cloud Security Professionals (CCSPs), who specialize... Continue reading
Posted Oct 24, 2017 at (ISC)² Blog
We’re always looking to improve our examinations and educational materials. It would be very helpful if we could connect you with our education and exam teams to learn more about your experience, especially since you’re a veteran in the field. Please send us an email at if you’re willing to share more insight. It’s greatly appreciated.
Yes, absolutely!
From IoT to GoT, budget issues to interview busts, here are the top security headlines for the week of July 17, 2017: Who is a target for ransomware? Short answer: everyone. But education, government and healthcare organizations top the list. In math that doesn’t seem to add up, UK businesses estimate they would spend £1.1m to recover from a breach, but only 14.4% of their organisation’s operation budget is spent on infosec. We’ve mentioned the cybersecurity workforce gap a time or two, but what are entry-level job seekers doing that keeps them from getting the gig? Verizon has been breached... Continue reading
Posted Jul 21, 2017 at (ISC)² Blog
Information security is one of the most important and fastest growing professions in the world, possessing a near-zero unemployment rate, but also a worker shortfall that grows larger every year. Most organisations admit that bridging the industry’s skills gap, while attracting women into cybersecurity is crucial; yet female participation has remained static since I began working with our Global Information Security Workforce Study programme in 2004. When we first began benchmarking the development of the cybersecurity workforce, analysts projected a double-digit growth that has since been realised. Today we forecast a skills gap projected to reach a shortage of 1.8... Continue reading
Posted Apr 28, 2017 at (ISC)² Blog
Based on the findings of the 2017 Global Information Security Workforce Study, the world will face a deficit of 1.8 million information security professionals by 2022. With headlines dominated by breaches and cyber threats, we at (ISC)² need to be a strong voice and advocate for the global cybersecurity workforce. It is for this reason that I sent a letter to White House Chief of Staff, Reince Priebus, on behalf of the (ISC)² organization and our members across the globe, to provide feedback on President Trump’s Executive Order, which directed the Department of Homeland Security to review how it issues... Continue reading
Posted Apr 27, 2017 at (ISC)² Blog
Cybersecurity professionals are in high demand and it’s projected to stay that way for the foreseeable future. Part of the mission of the Center for Cyber Safety and Education, (formerly the (ISC)² Foundation), is to provide scholarships to undergraduate and graduate students who are pursuing careers in the field of information security. In 2016, the Center awarded scholarships to 44 students worldwide. The undergraduate recipients were invited to apply for the Harold F. Tipton Memorial Scholarship, which is awarded to an aspiring information security student, to help provide a pathway to the profession. The prestigious scholarship was named after the... Continue reading
Posted Jan 20, 2017 at (ISC)² Blog
(ISC)² is excited to announce the results of the election for its 2017 Board of Directors. The board is composed of 13 members who provide strategy, governance and oversight to our organization, grant certifications to qualifying candidates, and enforces adherence to the (ISC)² Code of Ethics. The following individuals will begin their voluntary service on the (ISC)² Board of Directors, effective January 1, 2017: Arthur Friedman, CISSP (U.S.A.) Sai Honig, CISSP, CCSP (New Zealand) Jennifer Minella, CISSP (U.S.A.) Greg Thompson, CISSP (Canada) Zachary Tudor, CISSP (U.S.A.) Directors are elected by the members to serve three-year terms, which are staggered so... Continue reading
Posted Dec 6, 2016 at (ISC)² Blog
This special program, "From the Nation's Capital: Addressing the critical demand for cyber pros," presented by (ISC)² focuses on the many challenges facing the cyber community. Francis Rose explores these issues with Dan Waddell, the managing director for North America for (ISC)². Continue reading
Posted Nov 4, 2016 at (ISC)² Blog
Rabei Hassan, CISSP-ISSAP, CCSP, shares his tips that can help you prepare for the (ISC)² exams, particularly the CISSP. Hassan is a senior cybersecurity consultant at EY, based in Sydney, Australia. With more than 18 years of experience in various IT fields, he has managed end-to-end implementations for ISMS based on ISO 27001. Hassan has developed information security risk management frameworks for various entities, and has extensive experience with project and program management. 1. Don’t jump to conclusions. Read each question carefully. Think about it, analyse it, and finally, answer it. Even, if it seems to be a simple or... Continue reading
Posted Nov 3, 2016 at (ISC)² Blog
A view from the Conference Chair, Dr. Adrian Davis, CISSP, Managing Director (EMEA) (ISC)² From an examination of how augmented humans will live, work and play, to policy commitments from the Irish government, (ISC)²’s Third Annual Congress EMEA delegates gained a comprehensive view of the changing world to be faced by cybersecurity professionals. The international community of 250 members and information security professionals started to gather the evening before the event for our member reception and Town Hall Q&A. These events presented a well appreciated opportunity to hear from four serving members of our Board of Directors from outside the... Continue reading
Posted Oct 24, 2016 at (ISC)² Blog
A recent DDoS attack on a well-known industry journalist heralds a new age in cyber warfare, mainly because the bots involved originated not from other computers, but from devices attached to the Internet of Things (IoT). This has security experts concerned, and some of our own CCSPs weigh in with their thoughts here. Continue reading
Posted Oct 18, 2016 at (ISC)² Blog
The action-packed 2016 (ISC)² Security Congress ended with a paradigm changing keynote from Stan Dolberg and Phil Gardner of IANS on the model for security leadership. In keeping with the conference theme of “Advancing Security Leaders,” Stan and Phil unveiled a research-backed model that shows how high-performing security teams consistently demonstrate competence in both technical excellence and proactive organizational engagement areas. They call their model “CISO Impact™” and the room, filled with security professionals, eagerly took notes as the elements of the model were revealed. Gardner explained that as security professionals, we have made a promise. That promise is to... Continue reading
Posted Oct 10, 2016 at (ISC)² Blog
The fifth annual (ISC)² Security Congress, proudly co-located with the 61st annual ASIS International Annual Seminar and Exhibits, is scheduled for September 28 through October 1 in Anaheim, California, U.S.A. We expect more than 19,000 information security and operational security professionals to join us, making this one of the largest and most unique conferences you will experience. In honor of the fifth annual (ISC)² Security Congress, here are five reasons this year's Security Congress is the (ISC)² member event of the year. Largest CPE Opportunity of the Year With so much to see and do at (ISC)² Security Congress, there... Continue reading
Posted Jul 13, 2015 at (ISC)² Blog
I spent 25 years in the Washington, DC area, and during that time I became a National Public Radio junkie. I guess I still am. I recently listened to a report on a comprehensive study about how people in the workplace react to the news about a coworker that’s been diagnosed with breast cancer.[i] The results of the study shocked me. The worse the diagnoses and the closer employees physically worked to the diagnosed coworker, the less likely those working in close proximity were to seek cancer screening. Similarly, as the conversation about the complexities, costs, and potential breaches is... Continue reading
Posted Sep 10, 2014 at (ISC)² Blog
By W. Hord Tipton, CISSP, Executive Director, (ISC)² and Michael Stack, Chief Executive Officer, ASIS International The mass migration of everyday objects becoming interconnected, or the “Internet of Things (IoT)” as the industry has coined it, exemplifies the merger between traditional and logical security. With the IoT, we must ask ourselves where traditional security begins and logical security ends. From security cameras to cars to medical devices and now even home appliances like refrigerators, what, if anything, can be identified as only traditional or logical security anymore? “When a device accesses the Internet, it’s given a unique IP address,” said... Continue reading
Posted Sep 2, 2014 at (ISC)² Blog
Continuous monitoring is the key to thwarting these types of breaches. With cyberattacks becoming commonplace in every sector, companies must continuously protect their most valuable information. Cyber guns fire at us all the time, but the notion of catching and stopping every cybercriminal simply isn’t realistic in today’s burgeoning threat environment. I liken it to aspiring to completely eliminate common street crime. It’s just not realistic. Flaws will always exist, even within the most ideal protective structures. Every company should assume they’ll be breached, and focus efforts on minimizing damage once cybercriminals get in. The need for qualified cybersecurity professionals... Continue reading
Posted Aug 28, 2014 at (ISC)² Blog
One of the latest breaches to hit the news took place at Community Health Systems (CHS), affecting an estimated 4.5 million patients. According to principal security consultant and founder of TrustedSec, David Kennedy, the initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability that led to the compromise of the information. What is especially noteworthy about this particular attack is its impact on the healthcare community. Major data breaches such as the one at Target last year put the spotlight on how retailers need to do a better job at guarding our sensitive financial information from cyber criminals. However,... Continue reading
Posted Aug 22, 2014 at (ISC)² Blog
Moderator has shared their blog (ISC)² Blog
Jun 3, 2014
This year will be my 7th Infosecurity Europe as an (ISC)2 staff member. For those who are not familiar, Infosecurity Europe (we call it “infosec”) is the largest tradeshow for security professionals where 13,000 people meet over 3 days. What is so special about Infosec and why would an (ISC)2 member care? Infosec attracts the largest number of (ISC)2 members from Europe - more than 600 over 3 days. This is a good opportunity for each member to learn something new: whether it is CPEs related, (ISC)2 programmes, at the free extensive education sessions, products showcased in the exhibition hall…... Continue reading
Posted Apr 24, 2014 at (ISC)² Blog
As (ISC)2 celebrates its 25th anniversary, we continue to branch out to offer new ways to help meet the demand for more skilled cybersecurity professionals through community support programs. To help provide cybersecurity resources and support to the global academic community, I am proud to announce the launch of the (ISC)2 Global Academic Program (GAP)! My name is Dr. Jo Portillo and I am in charge of managing the development and implementation of this program. As an educator and advocate for academic-industry collaboration, I am thrilled to introduce this initiative, which has been part of the (ISC)2 vision for nearly... Continue reading
Posted Apr 17, 2014 at (ISC)² Blog
I have been intrigued by the recent dialogue surrounding how to keep security professionals up to date with the latest information. More specifically, identifying the skills that are critical for individuals to have as defined by their leadership to protect the business from future disaster. Everything from in-depth security best practices to software development skills to industry specific protocol and regional variations has been noted as important. My question to leadership is this: How have you assessed your security professionals’ decision-making abilities are based on these skills? How have you assessed that decisions will be made in line with security... Continue reading
Posted Mar 28, 2014 at (ISC)² Blog
One of our core processes for maintaining (ISC)2’s reputation for gold standard information security certifications involves frequent, rigorous evaluation of current certification exam questions and subsequent updates. As a result of the last evaluation of the Certified Information Systems Security Professional (CISSP®) exam, the format of the questions has been enhanced to include innovative item formats, including interactive drag & drop and hotspot questions. These question types can measure a broader base of knowledge, skills, and higher cognitive levels to represent the real-world environment using pictures instead of words. The drag & drop feature requires exam takers to drag one... Continue reading
Posted Feb 6, 2014 at (ISC)² Blog
After many major breaches this year, it’s time to rethink 2014’s cyber defense with an eye on people, not products By W. Hord Tipton, CISSP, Executive Director (ISC)2 As security professionals, we look back at 2013 with a sense of frustration that we are still losing ground to the bad guys. But while there were plenty of battles lost this year on the technical side, there is good reason to hope that the war can still be won in the long term – with promising developments on the human side. There were many frustrations for the defense in 2013. Adobe... Continue reading
Posted Dec 20, 2013 at (ISC)² Blog