The 2018 Cybersecurity Workforce Study, recently released by (ISC)2, reveals that 63% of organizations currently don’t have enough cybersecurity staff. The number is hardly surprising considering the worldwide cybersecurity workforce shortage is nearly 3 million. Employers have an acute need to build their cyber teams with the requisite skills and experience. Their priorities in looking for candidates include: relevant work experience – 49% understanding of advanced cybersecurity concepts – 47% cybersecurity certifications – 43% extensive cybersecurity work experience – 40% strong non-technical/soft skills – 39% If you’re seeking employment in a cybersecurity role, keep these priorities in mind. They provide... Continue reading

Each year, (ISC)² and the Center for Cyber Safety and Education partner together to offer scholarships to students around the world. There are three categories of scholarships in this program: Graduate, Undergraduate and Women’s. All are open to students pursuing cybersecurity degrees in any country in the world, whether they are full-time or part-time students, online or attending a campus. The Graduate Scholarship period is open until January 15. Applicants must be pursuing, or plan to pursue, a master’s degree program, or a doctoral study, with a focus on cybersecurity or information assurance. The Undergraduate Scholarship application period will open... Continue reading

Download the report or infographic Continue reading

If you’re looking to break into the field of cybersecurity – and workforce research shows, we need you to join us – (ISC)²’s SSCP certification may be the way to go. Certification Magazine recently wrote about the SSCP certification as a solid point of entry for aspiring security professionals. The certification is ideal for those in “boots on the ground” positions within security operations. The SSCP exam is highly technical and focused on hands-on knowledge skills. The certification is ideal for security analysts, systems engineers, database administrators and others responsible for the day-to-day operations of securing their organizations critical assets.... Continue reading

(ISC)² recently honored two additions to the distinguished group of Fellows of (ISC)². This recognition is designated upon elite cybersecurity professionals who have made outstanding contributions over the course of their careers to the profession and industry at large. John McCumber, director of cybersecurity advocacy in North America for (ISC)², is a past Fellow and presented the honor to two outstanding and deserving individuals this year at Security Congress in New Orleans during the Information Security Leadership Awards ceremony. The first Fellow honored was Dr. Ronald Ross. His area of focus has been systems security engineering and risk management. He... Continue reading

Despite a shortage of 3 million cybersecurity professionals across the globe, a comfortable majority of those currently employed (68%) are happy in their jobs, according to (ISC)2’s newly published Cybersecurity Workforce Study. Their job satisfaction is related to the level of investment employers make in cybersecurity skills, technology and practices – all of which determines how cybersecurity professionals spend their time. The study is instructive to employers who are hampered by the skills shortage, but nevertheless need to improve their cybersecurity posture and culture. “By providing the right security resources, whether that means additional personnel, training or specialized cybersecurity solutions,... Continue reading

New Orleans jazz band welcomes attendees to the city and declares (ISC)2 Security Congress 2018 open By David Shearer, CISSP, (ISC)² CEO When I made the decision two years ago to transform the annual (ISC)2 Security Congress into an independent event, I knew it would be a huge undertaking for our team, but I also understood the passion of our member base and that we had enough interest to support this evolution. After returning from the 2018 Congress held in New Orleans just a few weeks ago (from October 8-10) I am reaffirmed that it was the right move. Our... Continue reading

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. A JTA Study Workshop for CSSLP has tentatively been scheduled toward the end of January 2019. In preparation for the upcoming study, we would like to hear from our CSSLP members. Please comment on the... Continue reading

This year’s (ISC)² Security Congress event took place at the New Orleans Marriott in Louisiana October 8-10, 2018, with nearly 2,000 cybersecurity professionals in attendance to share best practices, learn new skills and explore solutions to top challenges facing the profession. With keynote addresses from Congressman Cedric Richmond, Jane McGonigal, Theresa Payton and Dr. Jessica Barker, Security Congress featured more than 100 educational breakout sessions on a dozen security tracks, including cloud security; critical infrastructure; cybercrime; governance, regulation and compliance; incident response and forensics; identity access management; privacy; professional development; research; software assurance and application security; and cyber threats. Top... Continue reading

2,930,000 That is the size of the global cybersecurity workforce gap. The breakdown is around 498,000 in North America, 136,000 in Latin America, 142,000 in Europe, the Middle East and Africa, with the largest deficit coming in Asia Pacific at 2.14 million. But what does this big, scary number even mean? Where did it come from? First, this new Cybersecurity Workforce Study from (ISC)² has evolved from past studies to become a more accurate representation of the broader workforce. We surveyed nearly 1,500 professionals around the world who spend at least 25% of their time on cybersecurity activities, which includes... Continue reading

You might want to sit down for this one: The shortage of cybersecurity professionals around the globe has never been more acute. New research by (ISC)2 places the estimate at just under 3 million – 2.93 million to be exact – with roughly 500,000 of those positions located in North America. According to (ISC)2’s Cybersecurity Workforce Study, the gap is having a serious real-world impact around the globe. Asia-Pacific, with its growing economies and new privacy regulations, is experiencing the biggest shortage – 2.14 million positions. The massive worldwide shortage not only places organizations affected by the shortage at higher... Continue reading

The future of cybersecurity was the subject of lively discussion during a session on blockchain’s potential to revolutionize how data is protected. The session was part of the 2018 (ISC)2 Security Congress, taking place this week in New Orleans. The Blockchain session’s presenters, Nitin Uttreja and Ashish Dwivedi, who are both cybersecurity engineers for CA Technologies, argued that blockchain provides effective, reliable ways to secure cloud storage and the Internet of Things (IoT), and to manage identities and passwords. But not everyone in attendance was buying it. Questions arose as to whether networks still have to be secured in conjunction... Continue reading

About three thirds (76%) of companies currently have cyber insurance, but less than a third of them (32%) get policies that cover all risks, according to two representatives from insurer RLI Corp. who spoke during this week’s (ISC)2 Security Congress 2018 in New Orleans. While having a cyber policy is always a good idea, there is a fair amount of complexity that makes it difficult to determine how much coverage you need. Often third parties such as cloud providers are involved, creating coverage nuances that companies must be aware of when taking out a policy. Beyond that, companies often don’t... Continue reading

It was standing room only at security consultant Ron Woerner’s presentation on tools, tips and techniques for cybersecurity professionals this week at the 2018 (ISC)2 Security Congress in New Orleans. Woerner, president and chief cybersecurity consultant at RWX Security Solutions, focused primarily on easily available, free resources that anyone can find with a simple internet search or by typing in a URL. The resources are useful in cybersecurity assessments, investigations, awareness and administration. That Congress attendees lined up patiently to get into the session indicates how much hunger there is for resources that can help them in their jobs. Perhaps... Continue reading

Stop saying humans are the weakest link in security. That was the main message delivered by former White House CIO Theresa Payton during her keynote at (ISC)2’s Congress 2018, taking place this week in New Orleans. “The technology is the weakest link. The human is at risk. We have to change how we think about this in our industry,” said Payton, who is now president and CEO of Fortalice Solutions, and stars in the CBS show “Hunted.” Even though cybersecurity teams implement various measures, follow rules and frameworks, and complete compliance checklists, breaches still occur, she said. That’s because technology... Continue reading

Privacy is one of the greatest challenges of the digital age. Who has the right to access an individual’s personal data and when? That’s the question at the heart of a series of court cases regarding search and seizure of mobile phones at U.S. border crossings. Currently border agents are allowed to access and search metadata, including the origin, time and date of phone calls, without a search warrant. However, true data typically requires a warrant, according to Scott M. Giordano, vice president of data protection at Spirion, a data management software provider. He addressed the topic to a packed... Continue reading

Securing critical industrial infrastructure systems in manufacturing, distribution and product-handling environments is a major challenge. The main reason we haven’t seen a spectacular attack on one these systems is because it’s hard to pull off. But organizations in oil and gas, chemicals, utilities and a whole host of other industries need to take steps to protect their critical infrastructure, lest they fall victim to an attack by a nation-state, hacktivists or even insiders, according to a panel of security experts who spoke during the (ISC)2 Congress 2018, taking place this week in New Orleans. The panel was moderated by James... Continue reading

Since humans are the number one target for cyber attacks, organizations need to implement strategies that teach users how to identify and avoid risks. Security awareness may well be the most important role of cybersecurity teams. That was the message delivered by Theresa Frommel, acting deputy CISO for the State of Missouri, at a breakout session of the (ISC)2’s Congress 2018, taking place this week in New Orleans. Repeating a suggestion from an attendee at her session, Frommel said it makes sense that users need to be “patched,” much like software systems have to be patched regularly to remove security... Continue reading

The cybersecurity workforce skills gap is hampering the nation’s ability to combat cyber threats that target our way of life, economy and national security interests, according to U.S. Rep. Cedric Richmond (D-LA), who serves on the House Committee on Homeland Security. Delivering the first keynote at the 2018 (ISC)2 Security Congress, taking place this week in New Orleans, the Congressman said more work is needed at the federal, state and local levels, as well as in the private sector, to address the problem of cybersecurity and the skills gap. “We need a robust cybersecurity workforce,” Richmond said, citing a government... Continue reading

(ISC)²’s two-day UK Secure Summit brings multi-subject sessions from hands-on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities. Serving the entire (ISC)² EMEA professional community, the Summit offers a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions: (ISC)² 2018 Secure Summit UK saw Richard Hudson, Principal IT Consultant at msg systems, reveal how dramatic advances in Artificial... Continue reading

(ISC)²’s two-day UK Secure Summit brings multi-subject sessions from hands-on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities. Serving the entire (ISC)² EMEA professional community, the Summit offers a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions: (ISC)² 2018 Secure Summit UK saw Joseph Carson, CSS at Thycotic, reveal the fascinating story behind Estonia’s journey towards becoming... Continue reading

Preparing a cybersecurity team for the never-ending onslaught of cyber threats takes a lot of work. Organizations that get it right make the appropriate technology investments, recruit qualified candidates, and clearly define their roles once they are onboarded. (ISC)2’s Building a Resilient Cybersecurity Culture study provides valuable insights about building and retaining an effective cybersecurity team. It all starts with a commitment from the top. When the CEO and board of directors are serious about protecting the organization and its people from cyber-attacks, the team is emboldened to do its job. Companies with a strong cybersecurity culture invest in both... Continue reading

The chief information security officer role hasn’t always gotten the respect it deserves. Research over the years has shown companies often treat their CISO primarily as a scapegoat for security incidents. But that may be changing – at least it is in organizations with a strong cybersecurity culture. New research by (ISC)2 shows the overwhelming majority of companies that properly staff their cybersecurity teams employ a CISO. The Building a Resilient Cybersecurity Culture study revealed that 86% of organizations that consider themselves adequately staffed with cybersecurity talent have a CISO. This is a substantially higher percentage than the 49% of... Continue reading

Name: Ana Ferreira Title: Doctor Employer: Center for Health Technology and Services Research (CINTESIS), Faculty of Medicine, University of Porto Location: Porto, Portugal Education: BSc in Computer Science, MSc in Information Security, PhD in Computer Science Years in IT: 20 Years in cybersecurity and/or privacy: 16 Cybersecurity certifications: CISSP, HCISPP How did you decide upon a career in healthcare security and/or privacy? After I graduated in 1998, I went to work for a healthcare education institution as a researcher and IT specialist. After a few years, I realized that security and privacy, especially in the domain of healthcare, were crucial... Continue reading

Name: Shinji Abe Title: Director Employer: NTT Security (Japan) KK Degree: Bachelor of Science, Master of Science in Quantum Physics Years in IT: 11 Years in cybersecurity: 7 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? I started my career as a system engineer. I became involved in information security after some systems managed that I was managing received vulnerability assessments. That was when I realized the importance of cybersecurity. I moved to the security analysis team to focus on security works in 2011. Why did you get your CISSP®? In the beginning of my cybersecurity... Continue reading