An interesting take-away from the (ISC)2 Cybersecurity Career Pursuers Study is what cybersecurity professionals told us were the most important technical skills for those looking for their first cybersecurity job. When current jobholders were asked to rate the most important technical skills for aspiring cybersecurity professionals, there was little differentiation among the 20 technical concepts they were asked to rate. Cyber Security Technical Sill or Concept Rating (1 – 5) Cloud Security 4.46 Malware Analysis 4.44 Data Analysis 4.42 Threat Assessment 4.42 Intrusion Detection 4.42 Risk Assessment/Management 4.37 Encryption 4.37 Secure Software Development 4.37 Networking 4.34 Database 4.32 Penetration Testing... Continue reading

The Power of Positive Thinking Remember the early days of software programming? There were stories about the solitary programmer, toiling late into the night, (and into the next days and nights), working until the creation was complete. These images were corroborated by people such as Shawn Fanning, the creator of Napster, and Mark Zuckerberg, the creator of Facebook. They had more than a mission; they had a vision, and unceasing motivation. Software development has come a long way from those “lone wolf” days. The alumni of those early days have gone on to greater tasks. While the motivation to create... Continue reading

(ISC)² Webinars are an opportunity to take part in active, educational and engaging sessions delivering up-to-date knowledge from cybersecurity experts. Experienced and vetted professionals lead discussions on industry-relevant topics with four to five live global webcasts per week in addition to recorded content. All webinar subjects are designed with your continuing education in mind, ensuring that sessions are informative and relevant. Each session delivers a discussion of topical items that practitioners face in the field, free of marketing pitches or product-centric discussion. With 13 years of developing content, the (ISC)² team can assure that attendees will receive vendor-neutral content and... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this diversity, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we heard from Mari Aoba and her experiences with CISSP. This installment features Jason Lau, CISO for Crypto.com and an official member and contributor... Continue reading

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for HCISPP is up next for review! In preparation for that upcoming review, we would like to hear from YOU, our HCISPP members. We want to hear from you on the... Continue reading

How Much Access is Too Much? Many security practitioners grapple with the problem of their colleagues demanding too much access to network resources. Sometimes, it is not just people who request excessive access, it could be an application that needs more access than necessary to function, or it could be a process that is demanding too much access. In some cases, an entire system or network can be the access challenge. Whatever the case may be, there are many methods at the fingertips of the security practitioner to control access in a way that enables a business to function without... Continue reading

Organizations looking to build cybersecurity teams by attempting to recruit “all stars” need to reevaluate their strategy and adjust expectations. With the current cybersecurity workforce gap estimated at 3.1 million worldwide, it is too daunting – or for many, nearly impossible – to find candidates with all the skills and experience that organizations often seek. The (ISC)2 Cybersecurity Career Pursuers Study delivers guidance on how to find strong candidates despite the scarcity of available talent. The report suggests organizations take a pragmatic approach to recruitment by zeroing in on qualities such as analytical thinking, problem solving and creativity, which foreshadow... Continue reading

With data breach rates rising and criminal attack methods becoming more sophisticated each day, it is essential for every organization to take security seriously. That means cybersecurity training and education so that key stakeholders understand the risks that businesses are facing, and which strategies are most effective for protection. Who should receive cybersecurity training in your organization? While your immediate reaction might be to think training should stay with the cybersecurity team, there are actually many roles that would benefit from security knowledge and education. Cybersecurity is a shared responsibility and since many companies do not have a formal security... Continue reading

With cyber attacks against financial and banking institutions now a daily occurrence, cyber threats have become the biggest risk to the global financial system, according to Federal Reserve Chairman Jerome Powell. During an interview on CBS News’ 60 Minutes, Powell said cyber risks surpass even the types of lending and liquidity risks that led to the Great Recession in 2008. The chances of a financial collapse akin to 2008 are “very low,” he said. “But the world changes, the world evolves, and the risks change as well. The risk we keep our eyes on the most is cyber risk.” If... Continue reading

A Fun Science Fact Are you familiar with the often misquoted study about how every cell in the human body is replaced around every seven years? While a complete body makeover doesn’t actually happen, there is truth that many cells are regenerated over time. In some parts of the body this happens faster than others. It would be fascinating if humans could truly change their identity every few years. As an information security professional, you are aware that identity management is a very important part of the security landscape. Like many cells in the human body, identity access management (IAM)... Continue reading

Why Does This Have to Be So Hard? As a security practitioner, how often have you heard the refrain from your colleagues that one of the security protocols that were so carefully thought-out and expertly implemented are just too difficult to deal with? Perhaps you have sighed when you had to adhere to your own security protocol? As a security evangelist, you understand the necessity of adhering to a set of security requirements, but as a normal staff member, you can understand the frustration of your non-security coworkers. Is there ever such a thing as being a “normal” staff member... Continue reading

In 2020, ransomware was the most widely-used method of delivering cyber attacks, accounting for 23% of security events handled by the IBM Security X-Force. One attack alone scored profits of more than $123 million for the perpetrators, according to an IBM report. A distant second to ransomware, the report says, was data theft (13%), followed by server access (10%). All three types of attack increased in comparison to 2019 numbers: +3% for ransomware, +8% for data theft, and +7% for server access. Meanwhile, scan-and-exploit attacks emerged as the top initial attack vector, and were used in 35% of attacks, up... Continue reading

Last year taught us a valuable lesson: Always be prepared for the unknown. In a cybersecurity context, fostering resilience requires thinking of all possible scenarios – even if they seem implausible – and seeking solutions that can really work. But resilience in a cloudy world doesn’t happen overnight. It must be supported by a well-woven culture of security that evolves with the shifting global environment. Organizations that create a culture for the future are destined to excel; those that resist change will be left behind. READ THE FULL ARTICLE Continue reading

Earlier this year, we announced an upcoming update to the Certified Authorization Professional (CAP) certification. This (ISC)² certification exam will be updating on August 15, 2021. During the last Job Task Analysis (JTA), the decision was made to expand the CAP to reflect the more diverse day to day work of professionals who were earning the certification. What started built primarily for U.S. government professionals using the Risk Management Framework (RMF) has now expanded to professionals working in the private sector and or organizations around the world. We spoke with the Content Development Manager here at (ISC)², Toni Hahn, about... Continue reading

The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the software development lifecycle. Vulnerable Apps Increase Cyber Threats Despite that the 2020 Verizon Data Breach Investigations Report indicates that most data breaches happen through vulnerable web applications, many developers are still hesitant to adopt a security mindset. Even though the news headlines are filled with the names of companies being compromised every day,... Continue reading

Haven’t had a chance to nominate a colleague, peer or mentor yet for the Global Achievement Awards? Great news, the deadline has been extended to April 23! There are a few updates to the awards this year. With so many awards to choose from, let’s take a look at a few of them. These awards are similar in that they recognize individuals who have made a significant impact on the security industry during the past year. (ISC)² Government Professional Award This award recognizes regional government information security leaders who have made significant security developments at the federal, state or local... Continue reading

Is There Ever Too Much Data? As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details are stored about the clients of a particular business. Over time, it became clear that this data, if obtained by criminals, could be damaging to an... Continue reading

Clar Rosso, (ISC)² CEO and Casey Marks, Chief Product Officer and VP, (ISC)² recently hosted the latest in our new Inside (ISC)² webinar series, a quarterly series designed to give members a glimpse of the latest developments from inside the association, as well as an opportunity to ask questions. The March 23 session included milestones from the first quarter, as well as a deep dive into (ISC)²'s process for developing exams and certifications. Q1 Recap Rosso kicked off the discussion with a recap of the association’s response to the pandemic, and its transition to online learning. Recognizing that 2021 still... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)2 has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we spoke to Chris Clinton. This installment features Mari Aoba, a security analyst at Japan Security Operation Center. What job do you do today? I... Continue reading

So Many Awards, So Little Time Left to Nominate. Complete Your Global Achievement Award Nomination Today! Do you have a colleague or perhaps a mentor who has accomplished something exceptional and worthy of recognition? Nominate them for the Global Achievement Awards before the deadline of April 9! Winners of these awards receive recognition throughout the (ISC)² Security Congress event and recognition during the exclusive VIP awards reception and the attendee networking night, as well as in the InfoSecurity Professional magazine. Each award winner and their nominator will receive a complimentary pass to attend Security Congress. A few reminders as you... Continue reading

Since the first seed was sown back in 2016, work has been underway to create an independent body to support growth and professionalism within the U.K.’s cybersecurity education, training and skills activities. Now, that body has come into being in the form of the U.K. Cyber Security Council. (ISC)² staff and members have been involved in this project since 2018 and have been diligently working alongside volunteers from other organizations on the Council Formation Project, which concludes today following more than 18 months of work. What does this mean for members, associates or those yet to begin their cybersecurity career... Continue reading