Earlier this week, (ISC)² announced the opening of registration for a limited number of online examinations as part of a pilot test for online proctoring. Prior to this pilot test, (ISC)² exams have only been available at Pearson VUE test centers, but during the past year, the COVID-19 pandemic forced test centers to close. While most test centers are now open, and health and safety measures are in place for test-takers, we have taken the first step in exploring the possibility of future online exams for CISSP and other (ISC)² certifications. During select dates in February, we will be running... Continue reading

How has the COVID-19 pandemic affected enterprise IT security organizations around the world? And how are they rethinking their priorities and investments as a result? Find answers and insights inside CyberEdge Group’s Impact of COVID-19 on Enterprise IT Security Teams Report, sponsored by (ISC)². This comprehensive survey of 600 cybersecurity professionals representing 7 countries and 19 industries reveals an in-depth study of how COVID-19 has altered enterprises and how they are responding. The research shows: A 114% increase in remote workers during the pandemic 67% of responding organizations are experiencing IT security staffing challenges 75% claim COVID-19 has increased their... Continue reading

The cybersecurity workforce gap of 3.1 million cannot be filled overnight; however, working with schools and encouraging younger generations to join the field will help in improving this number. (ISC)² is proud to support efforts that encourage the growth of the industry, including the U.S. Department of Energy’s CyberForce CompetitionTM. Students participating in 2019 CyberForce Competition. The CyberForce Competition is a realistic cyber defense competition providing a hands-on approach to understanding threats, vulnerabilities and consequences. Participants use interactive, scenario-based events where they solve problems using methods, practices, strategies, policies and ethics. Through the CyberForce Competition, the DOE has worked to... Continue reading

(ISC)² announced today that it will offer an online proctoring pilot test for its entire portfolio of cybersecurity certifications, including the renowned CISSP. Administered exclusively through Pearson VUE, this pilot program will assess the viability and future availability of online proctoring for (ISC)² certification examinations. According to Dr. Casey Marks, chief product officer and vice president: “In the wake of COVID-19, (ISC)² has spent considerable time and effort to ensure the integrity of our exam process while taking into consideration that many candidates are facing extraordinary uncertainty and restrictions due to the pandemic. Our pilot test program will enable us... Continue reading

With 2020 being a year unlike anyone expected, setting your resolutions and goals for 2021 can be a bit of a daunting task. Usually, we resolve to travel more, or spend more time with friends and family in the new year, but as we continue to navigate this global pandemic, it can be a bit difficult to know what we can achieve during our “now normal” (not a typo!). As a cybersecurity professional, though, one thing is certain for 2021 – you will need to dedicate time beyond your working hours to the field. Not just for CPE requirements as... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we met Jerome Leach and discovered his experience with the CISSP certification. This installment features Angus Macrae. He is Head of Cyber Security at King’s... Continue reading

This year presented us all with challenges we never could have expected. Our vacations were cancelled, our parties were virtual, and most of us started living at work. Isn’t that what working from home feels like sometimes? Beginning in March, conferences started to get postponed, cancelled or eventually pivoted to a virtual format. Our own (ISC)² Security Congress happened last month online and while we were excited to welcome our largest group of attendees yet, we know that many cybersecurity professionals weren’t able to find the time, or budget, for a conference, even a virtual one. As cybersecurity professionals, you... Continue reading

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP, John Martin, CISSP-ISSAP, and Richard Nealon, CISSP-ISSMP, CISSP, SSCP, SCF, CISM, CISA 2020 was a year of change. It changed the way that folks work and how they interact with each other. Wondering what 2021 might look like for information security professionals? This is the first in a series of posts where we will discuss what we believe 2021 may have in store for information security professionals. Some of the issues faced by security professionals in 2021/2022 will include (but are not limited to) the evolving landscape of privacy, and the ongoing necessity... Continue reading

As 2020 draws to a close, (ISC)² CEO Clar Rosso shares her thoughts on the year that was, expresses her gratitude and relays heartfelt holiday wishes! Continue reading

The gig economy has grown rapidly in recent years and now includes more than one third of U.S. workers who describe themselves as consultants, freelancers or self-employed. It isn’t surprising then that 31% of organizations say that consultants and contractors are the top source they tap into for cybersecurity talent, according to the (ISC)² 2020 Cybersecurity Workforce Study. In fact, this group is the second-most popular talent source overall, just after new university graduates. The largest number of consultants (40%) work with small and mid-sized businesses (SMB), which could include small sole-proprietary businesses (think a self-employed CISSP starting his or... Continue reading

The Many Advisory Roles of a CISSP A Long and Prosperous Career Throughout your cybersecurity career, you will spend a lot of time in the world of identify, protect, detect, respond, and recover. Sometimes, the skills required for the job can range from the mundane, such as running a phishing campaign, to some nail-biting, all-nighters of remediation (after someone ignored your carefully crafted phishing campaign and clicked on a malicious link). Your skills were not easily acquired. Perhaps you derived these skills from tinkering with machinery, dumpster-diving, and everything in between. Information security research has transitioned to more sophisticated tools... Continue reading

By Allan Caton, CISSP, CISM, CCSP, CISMP Most companies are migrating from an environment of legacy, on-premise systems to the cloud which will result in a hybrid environment. Market forces are driving the push toward usable, mobile technology and the always-on, always-available, ubiquity of web-based applications. This shift will include both customers and all types of enterprise users – including employees, contractors, vendors, partners, etc. This shift to a decentralized, identity-centric operating model brings with it the absolute requirement to consider the security of the user identities, devices and data which comprise the enterprise estate. The future of identity management,... Continue reading

Have you ever baked something, only to see it fail due to the lack of a key ingredient? For instance, a cake will not rise if you add baking powder after you realize it was forgotten in the original ingredient list. The same is true for many failed endeavors. The addition of a critical component after the project is completed does little to improve the original plan. In many cases, it introduces unintended complexity that sets off a cascading series of problems. As a security professional, you probably can name a list of software that was released too early, requiring... Continue reading

In a year that presented so many challenges – a global pandemic, social unrest and an economic downturn – one success is worth noting: When cybersecurity professionals were called upon to secure remote environments in a hurry, they stepped up. As many companies were forced to shift to a work-from-home model because of COVID-19 for most or all employees, cybersecurity teams went to work on securing both these newly created remote environments and existing corporate networks. Data from (ISC)²’s 2020 Cybersecurity Workforce Study shows respondents believe those efforts were largely successful. Even though 30% of cybersecurity professionals had a deadline... Continue reading

The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used as if they are interchangeable, this is not the case. Most are confused because applying patches is one of the many ways available in our arsenal to mitigate cyber risks. What is Patch Management? Patch management is a strategy for managing patches or upgrades for software applications and technologies and involves the acquisition, testing, and installation of multiple patches to... Continue reading

Rebel, Yell! In late 2019, the phrase “OK, Boomer” started being used by millennials toward the elders who preceded them mockingly. This behavioral pattern isn’t new. Younger generations have always rebelled against their elders. Even in cultures where the elderly population is highly respected, the younger generations have developed their own language, music, art, literature and customs. The difference now is that this is the first time that the elderly out-number the younger members of society. This trend is projected to continue for the next 40 years. While some may see this as a troubling number, for those who work... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. In our first interview, we met Javvad Malik and heard about his experiences. This installment features Jerome Leach. He works as Cyber Officer in the Coast Guard... Continue reading

by John Martin, CISSP, Senior Security Architect, IBM New Zealand Are you ready for the New Zealand Privacy Act 2020 to come into effect on 1st December 2020? There’s a lot to consider as the clock ticks down and your organisation’s ability to comply is critical if you want to avoid some of the hefty fines involved. As you align your security strategy with your business, here are some key areas to consider as you prepare: Reporting privacy breaches immediately It will be mandatory for businesses to immediately report serious privacy breaches, particularly where a data breach poses a risk... Continue reading

As published in the September/October 2020 edition of InfoSecurity Professional Magazine By Anita J. Bateman, CISSP We are all plagued by technical debt in the form of legacy systems that can no longer be patched but must be kept up and running. Critical business processes, legacy data retention, lack of system knowledge or “pet” projects might keep us from retiring these difficult-to-maintain systems. From the very first operating system updates on the original IBM 360 to the latest Windows 10 updates today, we still struggle with this common challenge to fully patch and maintain our technical systems. Might there be... Continue reading

While skills shortages remain a major challenge in cybersecurity, those who work in the field have ample opportunities to boost their salaries. And one sure way to get better pay is by earning certifications, according to a new study by training services provider Global Knowledge. “Learning a new skill or earning a certification can result in a raise upwards of $12,000 a year,” according to the Global Knowledge 2020 IT Skills and Salary Report. The figure applies to IT professionals as a whole but is especially relevant to cybersecurity professionals considering that the report says, “cloud computing and cybersecurity certifications... Continue reading

During her (ISC)2 Security Congress 2020 keynote speech, Juliette Kayyem used three words that tidily sum up the can-do spirit of the cybersecurity community: “We got this.” Kayyem, a former assistant secretary at the Department of Homeland Security, was speaking within the context of society’s ability to adapt, learn and build resilience during the COVID-19 crisis. Still, her remarks reflect the general ethos of the cybersecurity profession. Cybersecurity professionals recognize that if they can’t say, “we got this,” the alternative is too alarming to fathom. Cybersecurity workers have to adapt – all the time. Just like what society at large... Continue reading

Are you pursing a degree (or another) in cyber or information security? Know someone who is? The Center for Cyber Safety and Education can help! The high demand for skilled cybersecurity experts and lack of qualified candidates equals a world of opportunity for students and those looking to change careers. The Center for Cyber Safety and Education is excited to kick off our biggest scholarship year in our 10-year history! Thanks to partners like (ISC)², SAIC, Raytheon and KnowBe4, we will be awarding in 2021 a record $235,000 in financial aid to some 70 students from around the world. Who... Continue reading

If there is one thing adversity can teach you, it’s how to avoid bad situations in the future. Or so you would think. But when it comes to incident response, most organizations fail to conduct a post-incident review (PIR) or when they do, it tends to be ineffective, according to Faranak Firozan, who works in Incident Response for NVIDIA. As part of the (ISC)2 Security Congress 2020, Faranak delivered a presentation on PIR components and goals. She stressed the importance of PIRs in determining the causes of a security incident, its effects and the lessons an organization can learn to... Continue reading

For anyone hoping the COVD-19 crisis will come to a quick end, former Homeland Security Assistant Secretary Juliette Kayyem offered some sobering words today: The virus will be with us for the foreseeable future. “I have to be blunt and tell you this period is going to exist until further notice. We are going to have to learn to live with the virus. Once you get your head around that, then the solution becomes clear,” Kayyem said. She delivered her remarks virtually as the third and final keynote speaker at (ISC)2 Security Congress 2020. Kayyem focused her talk on what... Continue reading